Restricting user login

Similar Messages

• Restrict user login

  Dear All,
  DB we use 9.2.0.1.0
  Can i restrict the user login once.
  What i mean is when user logs in unless and untill he logsout he cannot connect to DB again.
  e:g : User1 logs in and starts one report/form at the same time User1 again wants to login and run same or other report/form he should not be allowed to login and appropriate message to be shown to the user.
  Thanking You in anticipation
  Best Regards,
  Devendra

  Dear Miehoff;
  Following are the steps carried out by me
  SQL> connect posys/posys@dev
  Connected.
  SQL> CREATE PROFILE clerk LIMIT
  2 SESSIONS_PER_USER 1
  3 IDLE_TIME 30
  4 CONNECT_TIME 600
  5 /
  Profile created.
  SQL> alter user posys profile clerk;
  User altered.
  Simultaneously I loged in another oracle client
  SQL*Plus: Release 8.0.6.0.0 - Production on Wed Jul 16 15:52:21 2008
  (c) Copyright 1999 Oracle Corporation. All rights reserved.
  Connected to:
  Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
  With the Partitioning, OLAP and Oracle Data Mining options
  JServer Release 9.2.0.1.0 - Production
  SQL> show user
  USER is "POSYS"
  SQL>
  It allowed me to connect to posys user againg.
  What my question is if SESSIONS_PER_USER 1 then why it is allowing me 2 login second time i.e same user is connected having 2 differnet session.
  Best Regards,
  Devendra

• Restricting Max users login

  Hi experts,
  i want to restrict the max users login in sap gui. because sombody unknownly login in the production sytem with other user ids.
  cheers
  deepak

  Deepak,
  login/multi_login_users
  List of excepted users, that is, the users that are permitted to log on to the system more than once.
  Ex as follows:
  Valid Input, Formats, Areas:
  List the user IDs separated by commas ",".
  Blanks before/between user names are not allowed!
  Correct:  login/multi_login_users=ALPHA,BETA,GAMMA,DELTA
  Incorrect:   login/multi_login_users= ALPHA, BETA,GAMMA , DELTA
  Hope this helps.
  Cheers,
  Praveen

• 802.1X wirelss restriction on User Login policies

  Hi all,
  Seeking some technical idea on Wireless 802.1x setup.
  Business requirement is:
  "User login policy: to limit the number of concurrent login by a single user only apply to one device at any given time. "
  There is no problem on PEAP/MSCHAPv2 login, only thing is the same user credential able to be use and login on multiple device, in the same time.
  On the NAD part, we configure these on WLC but still cannot achieve our objective
  - advanced eap max-login-ignore-identity-response disable
  - netuser maxuserLogin 1
  Seeking technical solution on this case, please advice. Is there anything need to tweak on the directory server or ACS part?
  The components using as below:
  Supplicant 1: Window 7, authentication method using PEAP/MSCHAPv2
  Supplicant 2: iPhone iOS version 6.x
  Authenticator: Cisco Wireless Controller 5800 Series on code version 7.2
  Authentication server: Cisco secure server ACS 5.3.0.40
  Identity Source : Microsoft server 2008 R2 ADDS, single forest single domain.
  attached the network diagram: topo1.png

  http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112175-acs51-peap-deployment-00.html

• Generate User Login in "Create User" Request

  Hi Guys,
  I have more a problem. To create user, I am using a Request (Create User Template), I managed add the attributes that would necessary normally, but I use a Event Handler (Post-Process) to generate user login. So I marked the User Login in Attributes Restrictions, fixing an user login default for example: autogenerate.
  Then I created a new request to create user, I filled out all the fields that I marked to appear. I approved this request, and the user is created with the User Login generate by my Event Handler normally. The issue is, when I create 2 create user requests, as I use a Default value in the User Login attribute, if the first request still isn't approved, the second request isn't created because the "autogenerate" user login already being used.
  Exists some otherwise to I resolve this issue?
  Thanks

  Hi Bikash,
  Use a prepopulate adapter an attribute with timestamp is nice idea, but I use the "Create User" template CreateUserDataSet.xml and not exists a form in Design Console to associate the prepopulate adapter.
  I had thought in eventhundler because I use a method that check on Active Directory if the user login generated by other method, already is being used. And I use this eventhandler in HR GTC recon too.
  About XL.LDAPReservationPluginImpl, I opened the oracle.iam.identity.usermgmt.impl.plugins.reservation.ReservationInOID but I not understood as use this option. If I needs add in this class my method of generate user login. If I needs implement an new class similar to this class, using my methods and associate the name of class in XL.LDAPReservationPluginImpl.
  Thanks a lot

• What are the steps necessary to allow a single user login the ability to execute a single stored procedure and nothing else.

  Hello,
  I have a request to create a user login and restrict that user to only be able to execute a single stored procedure.
  Is this possible using only TSQL commands? 
  Am i on the right track here?
  USE MyDatabase
  GO
  CREATE LOGIN [mylogin] DEFAULT_DATABASE = [MyDatabase], CHECK_POLICY = OFF, CHECK_EXPIRATION = OFF
  GO
  CREATE ROLE exec_single_proc_role
  GO
  exec sp_addrolemember 'exec_single_proc_role', 'mylogin'
  GO
  CREATE SCHEMA [restricted] AUTHORIZATION mylogin
  GO
  GRANT EXECUTE ON SCHEMA::restricted TO exec_single_proc_role
  GO

  Thanks for the reply.
  This particular user should need to be able to Alter, Execute, and View the stored procedure as well.
  Here is what i ended up with:  Any improvement are appreciated.  Thanks
  USE MyDatabase
  GO
  --DROP SCHEMA
  IF EXISTS (SELECT * FROM sys.schemas WHERE name = N'restricted')
  DROP SCHEMA [restricted]
  GO
  --DROP SERVER WIDE LOGIN
  IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'MyUserLogin')
  DROP LOGIN [MyUserLogin]
  GO
  --CREATE SERVER WIDE LOGIN
  CREATE LOGIN [MyUserLogin] WITH PASSWORD = 0x0100F1CF6792E602EF40DFF55983FDE81A9 HASHED, SID = 0xC33B04EECE59DC4C95BE66ED9B15D13D, DEFAULT_DATABASE = [MyDatabase], CHECK_POLICY = OFF, CHECK_EXPIRATION = OFF
  GO
  --DROP ROLE
  DECLARE @RoleName sysname
  set @RoleName = N'exec_single_proc_role'
  IF EXISTS (SELECT * FROM sys.database_principals WHERE name = @RoleName AND type = 'R')
  Begin
  DECLARE @RoleMemberName sysname
  DECLARE Member_Cursor CURSOR FOR
  select [name]
  from sys.database_principals
  where principal_id in (
  select member_principal_id
  from sys.database_role_members
  where role_principal_id in (
  select principal_id
  FROM sys.database_principals where [name] = @RoleName AND type = 'R' ))
  OPEN Member_Cursor;
  FETCH NEXT FROM Member_Cursor
  into @RoleMemberName
  WHILE @@FETCH_STATUS = 0
  BEGIN
  exec sp_droprolemember @rolename=@RoleName, @membername= @RoleMemberName
  FETCH NEXT FROM Member_Cursor
  into @RoleMemberName
  END;
  CLOSE Member_Cursor;
  DEALLOCATE Member_Cursor;
  End
  IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'exec_single_proc_role' AND type = 'R')
  DROP ROLE [exec_single_proc_role]
  GO
  --DROP USER
  IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'MyUserLogin')
  DROP USER [MyUserLogin]
  GO
  --CREATE USER AND ASSIGN DEFAULT SCHEMA
  CREATE USER [MyUserLogin] FOR LOGIN [MyUserLogin] WITH DEFAULT_SCHEMA=[restricted]
  GO
  --CREATE SCHEMA
  CREATE SCHEMA [restricted] AUTHORIZATION [MyUserLogin]
  GO
  --CREATE ROLE
  CREATE ROLE [exec_single_proc_role] AUTHORIZATION [MyUserLogin]
  GO
  --ADD ROLE
  EXEC sp_addrolemember 'exec_single_proc_role', [MyUserLogin]
  GO
  GRANT EXECUTE ON SCHEMA::[restricted] TO [exec_single_proc_role]
  GO
  GRANT EXECUTE ON OBJECT::[dbo].[MyStoredProcedure] TO [MyUserLogin]
  GO

• User logins fail; admin login is okay

  I'm running 10.3.9 all the latest updates on a 1 Ghz DP G4 with 1Gig RAM.
  Admin login works fine; three user logins go nowhere... beachball just spins and I have to power off the comp to get out.
  If I log in as Admin user and switch to another login, password is accepted but the desktop remains blank.
  Running the comp in target mode, I can see the files of the various users.
  Disk Utility looses connection (as mentioned in another post), not certain if this is also an iTunes update issue.
  Any ideas?
  Thanks!
  1Ghz DP G4   Mac OS X (10.3.9)  

  After following the information to move iTunes to the desktop, I was able to run Disk Utilities and repaired persmssions.
  However, there was no change in the ability for users to login. These users are managed, not standard.
  I reinstalled OS 10.3 in archive mode, checked logins (which were fine) and installed the 10.3.9 update. Logins are broken again.
  I can change the users to standard and they can login with no problem, but the moment I restrict anything (such as cannot change the dock) the logins fail.
  Changing the users to standard allows logins; make them managed and they fail.
  Certainly seems like a permissions issue, but repairing permissions does no good.
  Any suggestions other than doing a clean install?
  1Ghz DP G4 1 gig memory   Mac OS X (10.3.9)  

• Limit user login in multiple RODC

  I have 2 RODC and a RWDC.i prepopulate some password on RODC1 And Some on RODC2 cache database. i already read this article http://www.frickelsoft.net/blog/?p=232
  I want to limit user login in multiple RODC.(for example user1 can not login to os in different RODC).
  So i want to know is there is a way to limit user to login just from its RODC cache database not RWDC active directory?(i want user in RODC1 cant not login to RODC2.How can i do this?)

  Hi,
  Do you want to restrict users from logging into a client computer that belongs to another site? Or do you want the users to get authenticated only to the RODC's where their credentials cached? 
  If you configured your sites and services properly the clients will choose the DC belongs to their own site and subnet. DC locator is the service name which is responsible for assigning a logon DC to the client.If the DC's are in different sites you
  can configure the sites and services to point the client to correct DC in a site. AD authentication always distributed based on the sites and services you configured.
  You can configure ldapsrv records to authenticate against specific DC.
  RODCs do not register Domain Name System (DNS) general records (records that are associated with the domain itself and not with a specific site), as read/write domain controllers (RWDCs) do. This is the default behavior of RODCs. Although you can tune an
  RODC to register DNS general records, we recommend that you not change the default behavior.
  The main impact of RODCs not registering DNS general records is that a client computer cannot find an RODC in its site without reaching an RWDC (that is, a domain controller that registers the general records) if the client computer does not have a record
  for the name of the site where the client computer is placed.
  Source: Placing Several RODCs in the Same Site
  http://technet.microsoft.com/en-us/library/ee522995(WS.10).aspx
  Domain Controller Locator : an overview
  http://blogs.technet.com/b/arnaud_jumelet/archive/2010/07/05/domain-controller-locator-an-overview.aspx
  LdapSrvWeight & LdapSrvPriority
  http://blogs.dirteam.com/blogs/carlos/archive/2006/05/10/How-to-lessen-your-PDC_1920_s-load.aspx 
  http://technet.microsoft.com/en-us/library/cc816793%28WS.10%29.aspx 
  Regards,
  Rafic
  If you found this post helpful, please give it a "Helpful" vote.
  If it answered your question, remember to mark it as an "Answer".
  This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

• Restricting user from ODBC, SQL PLus, Toad etc

  Hello,
  We would like to restrict user accessing database from anyODBC driver, s/w like Toad or sqlplus. They can only access dataabse through loggin to Application. Is there a way to do it.
  I have been looking into VPD but could not find any info there.
  Thanks
  Suhail

  Don't you need to be able to create a session before you can invoke a secure application role?
  What, exactly, are you trying to prevent. Are you trying to prevent well-meaning users from discovering that they can use Access to "fix" the data in the database when there are problems? Or are you trying to prevent a rogue employee from being able to access the database with anything other than your application?
  If it is the former, something simple like a login trigger that checks the program used to log in would probably work. If it is the latter, I fear you are out of luck. If your application can connect, a moderately competent hacker can access the database rather quickly, particularly if he has access to your application executable.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• Restrict User Connections Using Logon Trigger

  Hi all,
  Now I am restricting user connections from selected terminals, using following logon trigger.
  It allows users with DBA privileged user.
  How to restrict DBA Privileged users users ?
  Note:- As per my application needs DBA privilege.
  CREATE OR REPLACE TRIGGER on_logon
  AFTER LOGON
  ON DATABASE
  DECLARE
  VPROGRAM VARCHAR2(30);
  Vusername VARCHAR2(30);
  VTERMINAL VARCHAR2(30);
  CURSOR user_prog IS
  SELECT UPPER(program),UPPER(username),NVL(TERMINAL,'X') FROM v$session
  WHERE audsid=sys_context('USERENV','SESSIONID');
  BEGIN
  OPEN user_prog;
  FETCH user_prog INTO Vprogram,Vusername,VTERMINAL;
  IF VTERMINAL NOT IN ( 'APP1','APP2','APP3')+
  and Vusername='ABUL'+
  THEN
  RAISE_APPLICATION_ERROR(-20001, 'You are not allowed to login');
  END IF;
  CLOSE user_prog;
  END;
  Thanks i Advance
  Abk

  Your application needs the DBA role? That is a terrible design-- it violates every principle of secure coding.
  Login triggers don't fire for users with the DBA role, so you won't be able to use a login trigger here. You could ditch the login trigger and configure invited and excluded nodes in the listener's sqlnet.ora file, i.e.
  tcp.validnode_checking = yes
  tcp.excluded_nodes = (hostname1,hostname2,hostname3)You'll have to restart the listener after making that change.
  Justin

• Any parameters can restrict user ID to log-on application server

  Dear All,
  I had configured the login group (/nSMLG) as following:
  Logon Group  Instance
  TEST            app1
  TEST            app2
                      app3
                      app4
  However, app3 and app4 still have illegal user log-on.
  Did any profile parameters can restrict user ID to log-on application
  server?
  BR,
  Well

  Hello Well Well,
  I could clearly understand what you mean. From what you have stated I am able to understand that:
  1. You have 4 application servers.
  2. You have included 2 of them in Logon group TEST.
  3.  The remaining two are not part of logon group.
  4. You want users not to login into app3 and app4 but to TEST only.
  There is no profile paramter for this. At the max you can close the dispatcher port for these 2 servers but then no one would be able to login into  them.
  Best is to include all of them in to SMLG.
  Regards.
  Ruchit.

• Restricting Multiple logins through Web

  Hi,
  We had given BW access to the end users through WEB. Users access all BW reports by logging through IE Browser.
  We are trying to restrict Multiple Logins of the user when the login is through Web Browser.  How do we do this?
  We understand that we can restrict SAP GUI Mulitple logins through system parameters. But , when the login is through Web Browser, how do we control multiple logins of the same user?
  Please help us to resolve this issue.
  Thanks
  Ramesh Ganji

  Hi,
  We had given BW access to the end users through WEB. Users access all BW reports by logging through IE Browser.
  We are trying to restrict Multiple Logins of the user when the login is through Web Browser. How do we do this?
  We understand that we can restrict SAP GUI Mulitple logins through system parameters. But , when the login is through Web Browser, how do we control multiple logins of the same user?
  Please help us to resolve this issue.
  Thanks
  Sunil Tuppad

• Restricted Portal Login through internet

  Hi,
  Is it possible to restrict portal login through internet for certain group of users of portal. These users, who are LDAP users, need to login to the portal from intranet only
  regards,
  Sujesh

  Yes, you will have to develop a JAAS login module to develop this functionality of restricting portal access for specific groups.
  Let me know if you need more information.
  Vibhu

• Capturing User login Id

  I have an application and I can't figure out how to capture the users login name in order to restrict what information is returned to them. The database login is done through the Connection Manager. Any suggestions would be greatly appreciated.

  Sorry I'm using JSP but i've seen in the connection manager doc that there's a way to define a custom login box, from connectionmanager.chm in docs:
  Using the setDefaultPrompter method, users are able to customize not only the UI used by default to prompt for connection information, but also whether, by default, to prompt for information at all. The getConnection methods also allow for customization of prompting behavior. Examples of these can be found below
  null

• Restrict multi login in Portal

  Hi,
  I want to restrict multi login in Portal.
  I have java + abap dual stack.
  Please give me the solution.
  "award point waiting..for  solution......"

  I don't want to restrict multiple person.
  I want to provide single session for each user.
  More than single session will terminate , when the same user login for second session.
  I think, now u understand my issue.