Restricting user access to delegated administration pages

I have a question about delegated administration services.
When a user is defined, regardless of its privileges, it has access to OIDDAS pages.
And he or she can see the other users' information. (through Directory and Users tabs)
Is there any way to restrict OIDDAS pages to selected userids?
Regards
Farbod

If your version of the servlet container is compliant (I assume iPlanet is), then you can declaratively set your security in the web.xml. You can specify entire directories (HTML, JSP, graphics, etc) to be secured. This also prevents you from converting all your static content to JSP and inserting code into each one to validate the user. You may define your own custom login page as well. This is by far the best method of security if you're not trying to do anything fancy like data-level security. The J2EE security model is role-based.
Hope this helps.
Chris

Similar Messages

  • Can't login System Access Manager and Delegated Administrator page

    Hi.
    Suddenly I can't log in System Access Manager & Delegated Administrator page. Yesterday,I could.
    Do you help me?
    thanks.

    k-m-i wrote:
    Suddenly I can't log in System Access Manager & Delegated Administrator page. Yesterday,I could.Given that you have provided nothing in the way of usable information to isolate the problem I can only suggest restarting your directory server (assuming it hasn't crashed) then restarting the web-container hosting Access Manager and see if that fixes the problem.
    If not, you will have to look further into the web-server logs and the directory server logs to see why the problem is occurring.
    Regards,
    Shane.

  • How to restrict user access in Oracle Application Server 10g (9.0.4)?

    Can anybody please let me know how to restrict user access in 10g AS? To be specific, how to allow http requests from specific IPs only?

    Hi,
    You have to edit httpd.conf and modify acces rights for each protected directory
    e.g.
    <Directory /var/www/sub/payroll/>
    Order allow,deny
    Allow from 192.168.1.0/24
    </Directory>
    then you have to restart Oracle HTTP Server
    jm--

  • Can't Access the web administration page

    Hello,
    I have a new Linksys router that I installed a few months ago.  I am trying to connect my PS3 using wireless.  the PS3 sees the access point SSID, but keeps failing to connect.  I have double/triple check the WEP2 key and it is correct.  I am also having problems accessing the web administration page.  I keep getting page not found.  I don't think that I have access the web administration page since I set it up.  I can ping the router, so I know that its up, along with getting out to the Internet, I have used NMAP and scanned the router, but only 10080 is open (PS3) port.  I assume that the default URL for the web administration page is http://192.168.1.1.  There is no port needed to put in the URL is there?  Also, since NMAP showed no ports open does that mean that the web server in the router is not listen?  If so how do I connect without having to reset the router?
    I do have some Cisco Linksys app that shows a GUI of my network, but no adminisration help.
    Thanks,

    Who is your ISP..?
    Are you able to go online on the wired computer...?
    Make sure the computer is connected to the router on the Ethernet port and check the ip address first...Click Start >> All Programs >> Accessories >> Command Prompt...A black box will appear(Command Prompt)...In the Command Prompt window type ipconfig and press 'Enter'...Look for Ethernet Adapter Local Area Connection IP Address , Subnet Mask and Default Gateway...
    IP Address should be 192.168.1.x, Subnet Mask : 255.255.255.0, Default Gateway : 192.168.1.1 (assuming your router is 192.168.1.1)...
    If you get the above mentioned IP Address, Subnet and Gateway Address then you should ping the Gateway, type ping 192.168.1.1 and press Enter...If it gives you request timed out then disable any firewalls, security softwares on the computer...
    If you get 4 replies then,Adjust the browser settings....Open an IE, click Tools >> Internet Options, then delete all files, cookies, history, forms...Goto "Connections", make sure Never Dial a Connection is checked, click on LAN Settings and make sure all the options are unchecked...Once you are done click on O.k...Close the IE and re-open it...
    Now,try to open the setup page again...

  • Time restricted user access

    Dear Experts,
    we are dealing with the following issue. Is it possible to set up time restricted user access in BPC 7.5? It means e.g. we want user to have access to BPC only in the first half of the year or (a bit trickier) in every first half of each month.
    And is it possible to temporarily prohibit access for an user without deleting him or his rights?
    Thanks for the reply,
    Jakub

    Hi Jakub,
    Can you explain why you want to set up your system this way? Depending on what you are trying to accomplish, there may be a good way to make it work in BPC (work status, security, data model design), but as Nilanjan said, there is not an easy way to totally lock out users based on date.
    Ethan

  • Control/restrict user access

    Hi,
    we are currently on EP7.0,would like to find out if we are able
    to control/restrict number of users from accessing an ESS transactional
    page. Thanks.

    Hi Eric,
    access to portal content is managed with help of portal roles. Basically, you assign portal content (worksets, portal pages, iViews) to a portal role (see SAP Library  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/4f/bceaffeb8c114ebef8255b63079c7c/frameset.htm">Roles and Worksets</a>). To make the content available to a certain set of users you have to assign the portal role to the users (see SAP Library <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/ed/845890b89711d5993900508b6b8b11/frameset.htm">Assigning Roles to Users and Groups.</a>).
    If you would like to restrict access to a certain ESS portal page remove this page from the standard ESS role and create a new role. Assign the ESS portal page to this new role and assign the role to all users you would like to give access to the page.
    Make sure you set the right Merge-Ids and Sort-Ids in order to display the ESS portal page at the right point in your portal navigation structure (see SAP Library <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/53/89503ede925441e10000000a114084/frameset.htm">Merging Navigation Nodes and Defining the Sequence</a>)
    Best regards,
    Martin
    <i>Please reward points for helpful answers</i>

  • Restricted User Access

    Hi All!
    Is it possible to restrict the access of a user in that way that he can only edit a part of the columns, but he can see the whole table even the columns he isn't permitted to change! How can i solve this problem?

    Hi user552848,
    please provide your first name...
    I would see 2 possible solutions here:
    1) Create or own access roles
    a) create an application item where you store which "access role" the user has and
    b) use the "Read only" property of the page item, where you specify a condition of type "Value of Item in Expression 1 != Expression 2". Write the name of your application item into Expression 1 and eg UPDATE_ALLOWED (=>name of your access role) into Expression 2
    2) You use the APEX authorization.
    a) Create one at Shared Components\Authorization Schemes).
    b) Use the "Read only" property of the page item, where you specify a condition of type "PL/SQL Expression" with the following code in Expression 1
    NOT WWV_Flow.public_security_check('Name of the Authorization you created');Note 1: "Name of the Authorization you created" is case sensitive
    Note 2: WWV_Flow.public_security_check isn't a documented function, so use it at your own risk, Oracle may change it/remove in the next release.
    Hope that helps
    Patrick
    Check out my APEX-blog: http://inside-apex.blogspot.com

  • Add existing users LDAP in Delegated Administrator

    Hello, We have installed and configurated the Sun Comm-Suite 7 with Calendar server 6.3 and all its work fine.
    The problem is that in the LDAP datastore contains a users who do not appears in the DA. In this post explain how to make reverse engineer for create atributes (mail and calendar) for the existent users.
    http://forums.sun.com/thread.jspa?forumID=708&threadID=5248388
    But, how to show the existent users in the DA admin page?
    And, how to asigned a mailbox a existent user?

    isaaccasanovas wrote:
    shjorth wrote:
    "How were these LDAP users provisioned? Were they manually added using ldap commands (e.g. ldapmodify) or some kind of "sync" process?"
    I change the objectclass for the existing users with ldapmodify command and I can create calendar with ldapmodify in the corresponding attributes (now, I don't know how to created a mailbox). To change any attribute how name, email, etc I use the commadmin user modify and the changes applies ok.Once again, where did the "existing users" information come from?
    If I user commadmin admin add for append a existen users to administrators group, the command reply: user does not exist.As I have already stated, you need to compare the LDIF of a valid working DA user with the LDIF of the "existing user" which cannot be "seen" by DA to see what objectclasses/attributes are missing.
    Add these missing objectclasses/attributes one at a time until DA can "see" the user.
    Regards,
    Shane.

  • Restrict User Access to Planning Books- Creation of Roles

    Hi All
    I want to restrict the users to access/see only limited number of planning books in SDP94
    menu
    For this, I tried creating a role and assigned authorization C_APO_PB with required planning book values
    However I am not sure how to create the role properly. In the change role screen, the "Menu" and the "Workflow" tabs are red, while authorization tab is green
    Do I need to do any activity in Menu and Workflow tabs
    Please guide
    Any help on this is highly appreciated
    Thanks
    Vijay

    Moderator message - Cross post locked
    Rob

  • Restricting user access based on a site column value in a document library.

     
    We have a business requirement to show the contents of a document library based on a value (or values) in the site column (or multiple columns). For example, my document library has a custom site column called confidentiality. This
    will have values like restricted, internal and public. Now, based on the AD Group the user belongs to, I should be able to control the access to Restricted or Restricted and Internal files from the document library. We are using SharePoint Online 2010.
    Please suggest the best way to achieve this requirement?

    SharePoint's security model doesn't allow you to specify security based on metadata. You could however create a Sandboxed Solution containing a Feature that registers a custom event receiver on the Document Library. The logic inside this
    Event Receiver would fire after editing item properties (ItemUpdated) to apply item-level permissions based on the rules you need.
    Make sure to read the article below to determine if fine-grained permissions are suitable in your case:
    http://technet.microsoft.com/en-us/library/gg128955.aspx

  • Restricting Users access to BW Query based on Criteria

    Hello  ,
    Haven't found much help with the security implementation documents , i have been given a objective to create Profiles/roles and which would be used only for reporting on 1 single Cube by users from multiple departments. 
    Create profile/Roles and provide access to users for Query ZREP_C0_1 .
    User belonging to comp_code1 & region4 & plant6 should be able to view only his data and none other  even if the user wishes to see Compcode2 & region3 & plant4. 
    ( Reporting with restrictions over the User authorizations  on Region/Compcode )
    Creating the Role has been the easy as it was just to provide access to the infoarea , cubes, infobjects , query and authorization objects to execute query.   However i am stuck on how to proceed further on the above scenario  regarding restricting the users.
    Your help is much appreciated .
    Regards
    Raja

    Hi Pratheesh,
    If you are going to use client authentication in SSL and if client authentication fails since not all users will have client cert provided by you, SSL handshake will not complete and hence no access. But this is a performance impacting option. Restricting access on FW would be a good option.
    During the flow of a normal SSL handshake, the server sends its certificate to the client. The client verifies the identity of the server through the certificate. However, the client does not send any identification of its own to the server. When you enable the client authentication feature on the ACE, the ACE requires that the client sends a certificate to the server. The server then verifies the following information on the certificate:
    The CA has not revoked the certificate.The certificate signature is valid. The valid period of the certificate is still in effect. A recognized CA issued the certificate.
    You can specify the certificate authentication group that the ACE uses during the SSL handshake and enable client authentication on this SSL proxy service by using the  authgroup command in SSL proxy configuration mode. The ACE includes the certificates configured in the group with the certificate that you specified for the SSL proxy service
    Regards,
    Kanwal

  • HT201304 Is there a way to restrict user access to find my ipad with out restricting the mail app?

    I am working on setting up multiple Ipad 2 tablets with iOS 5.1.1 and I need to restrict access to turn off find my ipad. The only way I see to do this is to turn on restrictions and dont allow changes on accounts. The issue I have then is it also restricts the Mail app setup. Is there a way to restrict one and not the other? We use microsoft exchange mail and I would be willing to use another mail app if anyone can suggest one that works as an alternative?
    Thank you.

    I don't know of any reliable tracking app, but perhaps someone else here can suggest one I'm not aware of. Any could be defeated by just restoring the iPad, though, so about all you could hope to do would be make things a bit more difficult to turn off. For a third-party app, you'd have to restrict the user's ability to uninstall apps, something which might be equally problematic for you.
    Regards.

  • Restrict user access to sales order

    Hi all...
    We have the following situation:
    A user xxxxx creates a sales order with va01 ... how can be limited the access to this sales order??..another user  yyyyyy is not allowed to modify this sales order but user yyyyyy can create orders/modiffy ordes with va01/va02.(something like limit access to o sales order created by another user).
    Regards,

    Hello Viadi,
    Your basis person can help you out in providing this restrictions.
    I would like to tell you that you can restrict a particular user from accessing a t-code entirely for eg: you can restrict a user to only VA01 & VA03 i.e., creation and display  and another user should be given access to VA02 i.e, change SO.
    This way you can maintain security measures for SAP usage.
    If you give authorization for creation and change there might not be sanctity of usage. But this again depends upon the client requirement.
    Hope this helps.
    SAP gurus any additions or corrections to this are welcome.
    Thanks
    Swami

  • Is it possible to restrict user access to files that need read/write permissions?

    I am in the process of implementing electronic payments for a company's AP department.  Dynamics GP (Great Plains) needs to create an EFT file that will get sent to the bank.  After it is created, a script is run that sends the TXT file to the
    bank and then renames the file extension to SNT.  Users are logged on to the Great Plains server and have their own permission group.
    Because the file is sending payment instructions, it is essential that users cannot modify or create a file with fraudulent payment instructions to the bank (incorrect bank account info).
    With testing, I was able to save the file from GP to a folder where users cannot read it's contents, however the script cannot send the file to the bank without "read access" (it says not files available).
    Any ideas for solutions?  For instance, is it possible to make Great Plains and/or the script file "system" so that it can override the user profile's permissions? 
    I was also looking into the ability to hide the folder/files, but it appears users can choose to view hidden files and folders.

    I dont think so you can do it that way..

  • Generic Object Services restrict user access

    Hi
    I have the following scenario, could anyone offer any pointers as to how to achieve a solution.
    I have two groups of people, A and B, my requirement is to only allow group A to access/delete documents that have been created by users in group A, and for Group B to only have access to attachments created by users in group B.
    An in addition to Ideally have two content repositories one for A and one for B
    Thanks
    John

    Hi John,
                Please adjust role with S_OC_ROLE and S_GOS_ATT.
              1) If a user has a role with S_OC_ROLE with *, then he will be able to delete the attachements made by any othe user, then in this case S_GOS_ATT will not be checked.
               2) If a user has a role with S_OC_ROLE with " ", then he will be NOT able to delete the attachements made by any othe user, unless S_GOS_ATT is assigned.
    Thanks,
    CB

Maybe you are looking for

  • How to clear and prevent multiple identical apps on "Open With"?

    I understand why "Open With" includes both old and new versions of updated apps. Fine. But how do I CLEAR the list and prevent this from continuing? (I'd expect it to offer a "Clear List" option at the bottom. It doesn't.) Thank you.

  • HT203128 apps not showing in iTunes

    i have my iTunes open on my macbook air and my apps are not showing in  my app, iPhone apps, or iPad apps, anyone else having this problem???? Apps are on my iPad and phone, just not sowing ALL the apps I have downloaded in the past that are not on m

  • Error ORA-00932 updating data in worksheet

    OK, some of this may be extraneous, but here goes: Using SQLDeveloper 1.5.1 Build MAIN-5440 I needed to insert a couple of columns into the middle of a table, so I renamed, created, and copied. Both fields are FKs, but are initially null. So, I go in

  • Backup Software for Solaris 10

    Can anyone give me ideas on what software to use to back up Solaris 10 Servers ( V240, 490, & 890). We researched Veritas and they want $15,000. Is there any software with some of the same features as Netbackup? Thanks in Advance!!!

  • Getting error : This operation is not supported on a report server that runs in native mode

    Hi, I have installed SQLServer2008 Standard Edition in my system. Using SSRS 2008. I have added http://<serverName>/ReportServer/ReportService2006.asmx as web reference in my project. If i consume any method in ReportingService2006 am getting below e