Restricting Users access to BW Query based on Criteria

Hello  ,
Haven't found much help with the security implementation documents , i have been given a objective to create Profiles/roles and which would be used only for reporting on 1 single Cube by users from multiple departments. 
Create profile/Roles and provide access to users for Query ZREP_C0_1 .
User belonging to comp_code1 & region4 & plant6 should be able to view only his data and none other  even if the user wishes to see Compcode2 & region3 & plant4. 
( Reporting with restrictions over the User authorizations  on Region/Compcode )
Creating the Role has been the easy as it was just to provide access to the infoarea , cubes, infobjects , query and authorization objects to execute query.   However i am stuck on how to proceed further on the above scenario  regarding restricting the users.
Your help is much appreciated .
Regards
Raja

Hi Pratheesh,
If you are going to use client authentication in SSL and if client authentication fails since not all users will have client cert provided by you, SSL handshake will not complete and hence no access. But this is a performance impacting option. Restricting access on FW would be a good option.
During the flow of a normal SSL handshake, the server sends its certificate to the client. The client verifies the identity of the server through the certificate. However, the client does not send any identification of its own to the server. When you enable the client authentication feature on the ACE, the ACE requires that the client sends a certificate to the server. The server then verifies the following information on the certificate:
The CA has not revoked the certificate.The certificate signature is valid. The valid period of the certificate is still in effect. A recognized CA issued the certificate.
You can specify the certificate authentication group that the ACE uses during the SSL handshake and enable client authentication on this SSL proxy service by using the  authgroup command in SSL proxy configuration mode. The ACE includes the certificates configured in the group with the certificate that you specified for the SSL proxy service
Regards,
Kanwal

Similar Messages

  • Time restricted user access

    Dear Experts,
    we are dealing with the following issue. Is it possible to set up time restricted user access in BPC 7.5? It means e.g. we want user to have access to BPC only in the first half of the year or (a bit trickier) in every first half of each month.
    And is it possible to temporarily prohibit access for an user without deleting him or his rights?
    Thanks for the reply,
    Jakub

    Hi Jakub,
    Can you explain why you want to set up your system this way? Depending on what you are trying to accomplish, there may be a good way to make it work in BPC (work status, security, data model design), but as Nilanjan said, there is not an easy way to totally lock out users based on date.
    Ethan

  • How to restrict user access in Oracle Application Server 10g (9.0.4)?

    Can anybody please let me know how to restrict user access in 10g AS? To be specific, how to allow http requests from specific IPs only?

    Hi,
    You have to edit httpd.conf and modify acces rights for each protected directory
    e.g.
    <Directory /var/www/sub/payroll/>
    Order allow,deny
    Allow from 192.168.1.0/24
    </Directory>
    then you have to restart Oracle HTTP Server
    jm--

  • No of users accessing a bex query

    HI Bw guys,
    we want know no of users accessing our Bex query.Is there any procedure to find out that.Please give the solution for us because we are hurry about this.
    Thanks and regards
    Sreenivas.

    Hi Srinivas,
    If your BI Admin Cockpit is Working Fine and getting loaded to 0TCT_MC01 this cube, then goto  RSRT and Run this Query
    0TCT_MC01/ZQUERY_FRONT_END_OLAP
    The Count shows the number of hit for those queries for that month.
    Similarly there are queries for day wise also.
    Rgds
    SVU

  • Restricting user access based on a site column value in a document library.

     
    We have a business requirement to show the contents of a document library based on a value (or values) in the site column (or multiple columns). For example, my document library has a custom site column called confidentiality. This
    will have values like restricted, internal and public. Now, based on the AD Group the user belongs to, I should be able to control the access to Restricted or Restricted and Internal files from the document library. We are using SharePoint Online 2010.
    Please suggest the best way to achieve this requirement?

    SharePoint's security model doesn't allow you to specify security based on metadata. You could however create a Sandboxed Solution containing a Feature that registers a custom event receiver on the Document Library. The logic inside this
    Event Receiver would fire after editing item properties (ItemUpdated) to apply item-level permissions based on the rules you need.
    Make sure to read the article below to determine if fine-grained permissions are suitable in your case:
    http://technet.microsoft.com/en-us/library/gg128955.aspx

  • Need to restrict USER in IR and ID based on SWC and CS

    Hello Experts,
    We need to restrict the USER access in IR and ID based on software Components and configuration scenario's.
    I have already created role in IR and ID and have assigned to the user, but still user is able to see the entire landscape. Can anyone share thier inputs and documents.
    Regards,
    Hiren A.

    Hello Mark,
    I have exactly followed the link which you have shared, but still not able to attain the desired results.
    Do let me know in case you have anyother suggestions
    Regards,
    Hiren

  • Restricted User Access

    Hi All!
    Is it possible to restrict the access of a user in that way that he can only edit a part of the columns, but he can see the whole table even the columns he isn't permitted to change! How can i solve this problem?

    Hi user552848,
    please provide your first name...
    I would see 2 possible solutions here:
    1) Create or own access roles
    a) create an application item where you store which "access role" the user has and
    b) use the "Read only" property of the page item, where you specify a condition of type "Value of Item in Expression 1 != Expression 2". Write the name of your application item into Expression 1 and eg UPDATE_ALLOWED (=>name of your access role) into Expression 2
    2) You use the APEX authorization.
    a) Create one at Shared Components\Authorization Schemes).
    b) Use the "Read only" property of the page item, where you specify a condition of type "PL/SQL Expression" with the following code in Expression 1
    NOT WWV_Flow.public_security_check('Name of the Authorization you created');Note 1: "Name of the Authorization you created" is case sensitive
    Note 2: WWV_Flow.public_security_check isn't a documented function, so use it at your own risk, Oracle may change it/remove in the next release.
    Hope that helps
    Patrick
    Check out my APEX-blog: http://inside-apex.blogspot.com

  • Restricting user access to delegated administration pages

    I have a question about delegated administration services.
    When a user is defined, regardless of its privileges, it has access to OIDDAS pages.
    And he or she can see the other users' information. (through Directory and Users tabs)
    Is there any way to restrict OIDDAS pages to selected userids?
    Regards
    Farbod

    If your version of the servlet container is compliant (I assume iPlanet is), then you can declaratively set your security in the web.xml. You can specify entire directories (HTML, JSP, graphics, etc) to be secured. This also prevents you from converting all your static content to JSP and inserting code into each one to validate the user. You may define your own custom login page as well. This is by far the best method of security if you're not trying to do anything fancy like data-level security. The J2EE security model is role-based.
    Hope this helps.
    Chris

  • Restrict User Access to Planning Books- Creation of Roles

    Hi All
    I want to restrict the users to access/see only limited number of planning books in SDP94
    menu
    For this, I tried creating a role and assigned authorization C_APO_PB with required planning book values
    However I am not sure how to create the role properly. In the change role screen, the "Menu" and the "Workflow" tabs are red, while authorization tab is green
    Do I need to do any activity in Menu and Workflow tabs
    Please guide
    Any help on this is highly appreciated
    Thanks
    Vijay

    Moderator message - Cross post locked
    Rob

  • Restrict search access of Service requests based on service team

    Hi,
    We have the below requirement in our client to restrict the search of the service requests based on the service team.
    Requirement
    A user can only search / display the service requests which are assigned to his queue.(Partner Function --> Service team)
    Can you please suggest if we have a standard authorization object by means of which we can achieve this.
    Can you please help us on priority on this. Reward points would be awarded for helpful answers
    Thanks,
    Vamsi.

    Hello Vamsi
    I redefined the  method  EH_ONSEARCH_BTN of component  BT116S_SRVO/ADVANCEDSP. Because i used this in service order.  you can same method of  Service request component.
    Use can call method insert_selection_param of class cl_crm_bol_dquery_service
    to set the SERVICE_ORG parameter with value of Employee's service org.
    Regards
    Naresh

  • FAGLB03 - Restrict user access to view only two GL accounts.

    We want certain users to access only two GL accounts using transaction FAGLB03. Any help will be highly appreciated.

    Hi
    I do not think we have any authorization object based on GL Account value for T Code FAGLB03. However, you could probably write an FI validation rule based on GL Account No and user id. You can maintain the user id in a set
    Prerequisite
    Company Code = XXXX and System T Code = FAGLB03 and GL Account = XXXXXX
    Check User ID = ABCD
    If the check fails, system should throw an error message
    Regards
    Sanil Bhandari

  • HT201304 Is there a way to restrict user access to find my ipad with out restricting the mail app?

    I am working on setting up multiple Ipad 2 tablets with iOS 5.1.1 and I need to restrict access to turn off find my ipad. The only way I see to do this is to turn on restrictions and dont allow changes on accounts. The issue I have then is it also restricts the Mail app setup. Is there a way to restrict one and not the other? We use microsoft exchange mail and I would be willing to use another mail app if anyone can suggest one that works as an alternative?
    Thank you.

    I don't know of any reliable tracking app, but perhaps someone else here can suggest one I'm not aware of. Any could be defeated by just restoring the iPad, though, so about all you could hope to do would be make things a bit more difficult to turn off. For a third-party app, you'd have to restrict the user's ability to uninstall apps, something which might be equally problematic for you.
    Regards.

  • Restrict user access to sales order

    Hi all...
    We have the following situation:
    A user xxxxx creates a sales order with va01 ... how can be limited the access to this sales order??..another user  yyyyyy is not allowed to modify this sales order but user yyyyyy can create orders/modiffy ordes with va01/va02.(something like limit access to o sales order created by another user).
    Regards,

    Hello Viadi,
    Your basis person can help you out in providing this restrictions.
    I would like to tell you that you can restrict a particular user from accessing a t-code entirely for eg: you can restrict a user to only VA01 & VA03 i.e., creation and display  and another user should be given access to VA02 i.e, change SO.
    This way you can maintain security measures for SAP usage.
    If you give authorization for creation and change there might not be sanctity of usage. But this again depends upon the client requirement.
    Hope this helps.
    SAP gurus any additions or corrections to this are welcome.
    Thanks
    Swami

  • Control/restrict user access

    Hi,
    we are currently on EP7.0,would like to find out if we are able
    to control/restrict number of users from accessing an ESS transactional
    page. Thanks.

    Hi Eric,
    access to portal content is managed with help of portal roles. Basically, you assign portal content (worksets, portal pages, iViews) to a portal role (see SAP Library  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/4f/bceaffeb8c114ebef8255b63079c7c/frameset.htm">Roles and Worksets</a>). To make the content available to a certain set of users you have to assign the portal role to the users (see SAP Library <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/ed/845890b89711d5993900508b6b8b11/frameset.htm">Assigning Roles to Users and Groups.</a>).
    If you would like to restrict access to a certain ESS portal page remove this page from the standard ESS role and create a new role. Assign the ESS portal page to this new role and assign the role to all users you would like to give access to the page.
    Make sure you set the right Merge-Ids and Sort-Ids in order to display the ESS portal page at the right point in your portal navigation structure (see SAP Library <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/53/89503ede925441e10000000a114084/frameset.htm">Merging Navigation Nodes and Defining the Sequence</a>)
    Best regards,
    Martin
    <i>Please reward points for helpful answers</i>

  • Is it possible to restrict user access to files that need read/write permissions?

    I am in the process of implementing electronic payments for a company's AP department.  Dynamics GP (Great Plains) needs to create an EFT file that will get sent to the bank.  After it is created, a script is run that sends the TXT file to the
    bank and then renames the file extension to SNT.  Users are logged on to the Great Plains server and have their own permission group.
    Because the file is sending payment instructions, it is essential that users cannot modify or create a file with fraudulent payment instructions to the bank (incorrect bank account info).
    With testing, I was able to save the file from GP to a folder where users cannot read it's contents, however the script cannot send the file to the bank without "read access" (it says not files available).
    Any ideas for solutions?  For instance, is it possible to make Great Plains and/or the script file "system" so that it can override the user profile's permissions? 
    I was also looking into the ability to hide the folder/files, but it appears users can choose to view hidden files and folders.

    I dont think so you can do it that way..

Maybe you are looking for

  • No contacs after firmware upgrade on N70

    Hi I did a firmware upgrade yesterday on my N70 using NSU. Of course I did a backup using the uptodate Nokia PC suite. After the firmware upgrade I saved the data back to the phone aagin using the Nokia PC suite. Everything looks good except that no

  • Rescued iBook. Need Advice.

    Hello to all, I am the new owner of a donated iBook. I currently have no experience with Mac's at all really. I am a multiple year IT Tech, but my realm of skills only extends through the Windows environment and some Linux. I was recently given an iB

  • How to recover old OS X installation on the ssd after installing a beta OS X on a usb thumb drive?

    I just installed the brand new OS X 10.10 Yosemite beta 2 on a USB thumb drive. It almost works. Now I want to boot my good old OS X 10.9 Mavericks from the SSD. But there is no option for that, if I reboot the macbook holding the opt key! I see only

  • Error "Maximum number of items in FI reached"

    Hi All, We are getting error "Maximum number of items in FI reached", if there are more than 999 items. We have found an SAP note "Note 36353 - AC interface: Summarizing FI documents". This note seems to do more with customizing & doesnt need any cod

  • Purchasing Pricing Procedure For PO

    Dear all; I have maintained the Packing condition type in procedure with out acc key ,ie it should be added up to the material cost .but at the time of MIGO it is not cominng only freight is coming .What may be the reason? Thanking you; Joydeep Mukhe