Restriction access to single pernr

Similar Messages

• How do I restrict access to USB Disk connected to Airport Extreme

  I have attached a USB HDD to my Airport Extreme Base Station. The drive is divided into 4 partitions, which I did with the HDD connected directly to a MBP before plugging into the AEBS. All the Macs on the network seem to be able to read and write into all 4 partitions. Is there anyway to restrict which Macs can access with partition? Or, if I went to a single partition, is there a way to restrict access on a folder by folder basis?
  I've tried searching, but the best answer I've found so far is that the AEBS will only support a single partition/volume.... which doesn't appear to be true anymore.
  Thanks in advance

  You can put a filter on your wifi or use something like the K9 browser.

• Restrict access to buttons, regions, etc. on a per user basis?

  My application restricts access to buttons, regions, etc. on a per user basis.
  Here is my application logic...
  1. A User can only edit items they own.
  2. A Super-User can edit all items
  So, when a user logs in, I use a post-authentication process to set the user ID to an application level item.
  Now, for example, to have an edit button display on a page, I need to check the item's owner ID against the application level user ID...and check to see if this user is on the Super User list via a query.(which could be set to another application level item upon login...I guess)
  Question...What is the best way to do this? Conditional display? Authorization scheme?
  Would something like the following work for a Conditional Display?
  Condition: SQL Expression
  &USER_ID.=&P6_ITEM_OWNER_ID. OR USER_ID in (select USER_ID from table where USER_ID=&USER_ID.)
  How would I do this with an Authorization Scheme? (I like the idea of updating the logic in single location...but I'm not sure if it is possible because I have to check PX_OWNER_ID would be different on each page.)

  Hi Denes,
  Thanks for your code which allows user to edit (if authorized) and view (if not).
  But some how - I do not get the image to show up - instead it show a small underline.
  From SQL point of view - here is what I get - when i run the sql
  '<img src="/i/ed-item.gif">',2,CR TEST,,,,dune2.cit.cornell.edu,CRDMTEST.CIT.CORNELL.EDU,PSPROD,,,CRDMTEST
  Here is my wrap_image function
  create or replace function wrap_image(p_user_name in varchar2,p_dm_name_id in number)
  return varchar2 IS
  v boolean := False;
  ret_val varchar2(1000);
  begin
  dbms_output.put_line('user='||p_user_name);
  dbms_output.put_line('dm_name='||p_dm_name_id);
  -- Check authorization if the user is super user - return true, else if he has edit priv on dm_name_id - return true - else false
  v:=ACL_DMTOOLS_DM_PRIV(p_user_name,p_dm_name_id);
  if v then
  ret_val := '<img src="/i/ed-item.gif">';
  ret_val := ''''||ret_val||'''';
  dbms_output.put_line('TRUE');
  else
  ret_val := '';
  dbms_output.put_line('FALSE');
  end if;
  return ret_val;
  end;
  Thanks for your great educational site.
  Regards
  atul

• Problems to restrict access to a page when the user belong to more than 1 group

  I have realized that Dreamweaver on a coldfusion document only works fine when the user only belongs to a single group, this is because the code supplied by dreamweave when you use the option "Restrict access to a page" at "Server behaviors" it assumes that the user only have one group as you can see on this line created automaticly by dreamweaver:
  <cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind("admin",MM_UserAuthorization) EQ 0>
  MM_UserAutorization has the value of the field assigned for the list of groups or levels, as you can see it could work if we reverse the parameters of the listfind function but the problem would be if we grant the access to more than one group because the sentence would be like this:
  <cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind("Admin,Manager",MM_UserAuthorization) EQ 0>
  so both paramethers are lists therefore no user will get access to the page.
  I am trying to make a work around to fix this problem but I don't know how to get the name of the page since the Application.cfc so I can validate the access to this page against tables on my database.
  Does someone have a work around or a tip how to fix this problem?
  Thanks in advance.
  AG

  Seems like you have a problem with your group names.ctxLdap.modifyAttributes(groupName,member);Ensure that the value of your variable groupName is a a valid distinguished name.
  Note that an OU (organizationalUnit) is not a group. You do not add users to OU's, you create users in OU's.

• Restrict access for Vendor Master Data

  Hi all.
  Our company structure is like below:
  Single instance, just one mandant.
  Company codes like 1001, 3001, 6002, 6006, etc... over the world.
  At some companies just the central administration can create vendor for the companies using the transaction XK01.
  Now we need to give access to users from one of our company from other country but we can´t give access to transaction XK01 because just the central administration can create the master data for the vendors.
  I already read about the object F_LFA1_AEN that is possible to create some field groups and give access just for the rigth groups. I also read that this authorization groups don´t have effect on the vendor master data like address.
  How can I restrict access for the vendor master data? I´m thinking to give access to transaction FK01 and MK01 and restrict access for create a new vendor, I only want that the users can create the data for a new company or new purchase organization.
  Thank you
  Darlei Friedel

  among many other authorization objects, you find following three:
  F_LFA1_GEN general data
  F_LFA1_BUK company code data
  M_LFM1_EKO purchasing org data.
  If the user does not have authorization for F_LFA1_GEN , then he cannot maintain general data.

• Lock Box setting does not restrict access

  I have a folder that is set to restrict access - write only mode for everyone - so when my nephews visit, they cannot access my personal files. This is a single user/logon computer. A couple of times now when I click on the "locked" folder in Finder, it opens for full access. The contents of the finder window wiggled back and forth several times and the folder opened. I could also access the folder contents from application. When I did a get info, the settings were still for write only. I backed out of the folder to the desk top and then back to the folder and it behaved properly. Program access was also once more restricted.
  One perhaps unrelated thing. Just before this happened, when I clicked on any application on the dock, I got the appropriate finder window instead of switching to or launching the application. It too now works normally.
  Any ideas?

  Permissions repairs apply only to items that leave receipt information, essentially only items installed by Apple's installer. As far as stated features working correctly, the permissions system is designed around the user account concept. If you are trying to use it otherwise, you will be disappointed. The computer can't possibly know who is using it, only what account is trying to access something.
  Admin users have more privileges than other user accounts. This is necessary to managing the computer. If you want reliable privacy, you must create a less privileged account for others to use; otherwise they will have the same privileges you do. This is no different from leaving your front door unlocked because you want it to function for your convenience.
  Regarding folders with system as owner, none should be in your home directory, nor should you be able to change the owner's permissions to write only, whatever the owner is. You can change the permissions of another user added to the list to write only, or those of a group or others, but the owner must always have read privileges. The Finder should not let you violate this rule.
  Likewise, you should not have any folders with just admin, wheel, & everyone entries in the list. Admin & wheel are both groups (indicated by the two-headed silhouette icon) -- groups cannot be the principle owner (indicated by the one-headed silhouette icon). Missing entries indicate no access privileges for that entity & should never apply to the principle owner.
  One potential source of confusion is that non-owner users added to the permissions list also appear with the single-headed silhouette (these permissions are controlled by ACL entries, not the main owner/group/others settings) & sometimes the list in Get Info is not in strict owner/group/others sequence. There are also some anomalies associated with accounts migrated from Tiger.
  Because of all this, it is best not to trust the Get Info permissions info to give you the full permissions picture. For that, the Terminal is a better tool. You can use the "ls" command with the "-l" option to show expanded preference info, or with the "-l@e" option to show still more, including extended attributes & the ACL. (Note that the "l" character is a lower case ell, not a capital eye or a one.) If necessary, see the Mac OS X Manual Page For ls(1) for more info about how to use the command.

• Having trouble restricting access to virtual multihosting entry

  Hi,
  I've created a new proxy instance with all default settings. I'm trying to use virtual multihosting with an ACL to restrict access to this virtual multihost. I'm having troubles and am not able to block it. I thought I could use a template to impose this, but perhaps I'm wrong. Here's how I've done it:
  I've created a single template called "testing-access", containing:
  http://testing\.mydomain\.com/.*
  I've then added a single Virtual Multihost entry as follows:
  Source Hostname (alias): testing
  Source Domain Name: mydomain.com
  Destination URL Prefix: http://testing2.mydomain.com
  Use This Template: testing-access
  At this stage, the virtual multihost works. I can access testing2.mydomain.com via testing.mydomain.com.
  Now I go to implement the ACL to, for testing purposes only, Deny all access to this virtual multihost. Remember this just testing to learn how to apply an ACL to a virtual multihost. Later, my intention is to block all http access (by way of Deny applied to http://.* resource ACL) via the proxy, except for the virtual multihosts. These virtual multihosts will also include access control based on different IP addresses. The thought is to have a different template for each virtual multihost then apply a set of ACE Allow conditions for the template's ACL.
  I go into Administer Access Control, select the "The template 'testing-access'" resource. I then click on Edit and add the ACL as follows:
  Action: Deny
  Users/Groups: anyone
  From Host: anyplace
  Rights: all
  Extra: N/A
  Continue: enabled
  I restart the server instance then attempt to access the virtual multihost, which I can. I cannot understand why this is not being blocked.
  I've tried changing Continue to be disabled but that hasn't helped either. It seems as though the ACL for http://.* (which incidentally by default has no ACL) is taking precedence. I've also tried adding to the template without success: http://testing2\.mydomain\.com/.*
  If I were to add an ACL to http://.* resource to Deny it blocks all http://.* requests. This is no good because effectively what I would like to do is block all http://.* access EXCEPT for those virtual multihosts I add. Each virtual multihost will need to have its own ACL to restrict based on IP. This is why I created a template for the one above. The objective would be to add several Allow ACEs depending on host, such that only those who are on this ACL can access the URL in the template (a virtual multihost, remember), anything else is blocked via the http://.*
  I only did the test at the top to learn how to successfully implement an ACL on a reverse multihost, by applying a Deny for everyone via the template ACL.
  Any ideas?

  In the case structure you can replace the 'success' button with the vi that you want to run. If you set the properties of the vi to 'show front panel when called' it will open and run when a log-in is successful.
  There are other ways to do this, this is one of the more simple ways.
  Ian

• HR data administration and reporting - restricting access

  Hello All
  We have a single role for HR data adminsitrators.  There is no distinction on PA, PSA u2013 no further breakdown u2013 everyone gets to see everything and they have access to change everything.  How may we restrict access?  Any help would be greatly appreciated.

  Hi,
  Please let me know if you are using Structural authorizations.
  For non-structural security, without any breakdown on PA, PSA, EE groups/subgroups, you may use Organizational key (VDSK1 field of Auth object P_ORIGIN) to restrict the data access.
  In the standard configuration, the field is filled with the values of Personnel Area and Cost Center.In Customizing activity, you can set up Organizational Key and define your own rules for the field.  Ex: Organizational Key with an employeeu2019s Organizational Unit and Cost Center. It can be configured to include any of the data from Infotype 0001 (Organizational Assignment) within HR.
  The Organizational Key essentially provides an additional user-defined field to be used for security restrictions.
  Hope it helps!
  Thanks,
  Sandipan

• Restricting access to a  cube while it is being maintained

  Hi,
  We are trying to restrict access via discoverer/excel add in to a CUBE while cube is being maintained. We were able to achieve this by revoking privileges to certain roles before the start of the cube build.
  I would like to know if there is any better way or built in functionality(out of box) that restricts access to a cube a while it is refreshing? Any help is appreciated.

  Ragnar is correct, the best way to do this is to attach the AW in exclusive mode. You can either do this manually yourself before starting your load job, or automatically by scheduling the job and using mutiple processes to load and solve the cube.
  The problem is removing users currently viewing data via Excel/Disco when the job starts. If you can ensure there will be no users accessing the AW when the job starts, then the exclusive attach mode will prevent any users from attaching the AW during the processing. If you cannot guarantee this, then there is a problem because the job will fail when it tries to attach the AW in exclusive mode. Obviously you could put this in a loop and wait until a user exits the front end application and releases the AW. Alternatively, you could write a SQL script to disconnect/kill all sessions accessing the AW - not very nice for the users though if they are building a report because they will lose all their unsaved changes.
  When the AW is attached in exclusive mode, bad news is that Discoverer/Excel will probably generate a nasty Java error message when a user tries to connect using Discoverer/Excel.
  Therefore, overall not an ideal situation. But I cannot think of a really good way to manage this at the moment. Sorry I can't be more helpful.
  Keith Laker
  Oracle EMEA Consulting
  OLAP Blog: http://oracleOLAP.blogspot.com/
  OLAP Wiki: http://wiki.oracle.com/page/Oracle+OLAP+Option
  DM Blog: http://oracledmt.blogspot.com/
  OWB Blog : http://blogs.oracle.com/warehousebuilder/
  OWB Wiki : http://wiki.oracle.com/page/Oracle+Warehouse+Builder
  DW on OTN : http://www.oracle.com/technology/products/bi/db/11g/index.html

• Restricted access to attachments in SRM 7.0 web applications

  Hi,
  We have a very specific problem regarding the handling of attachments with SRM 7.0 web applications. The system is configured to use ArchiveLink for storing documents on a remote content server, which is working fine.
  Now we have a requirement which should restrict access to certain documents to specific user groups. As an example you could say that a Purchase order has (besides others) two documents attached, e.g.
  - signed contract
  - meeting minutes
  The contract should only be visible to a limited number of people, whereas the Meeting Minutes are accessible to everybody.
  Our problem is that apparently only one Content Category ("BBPFILESYS") is used by the SRM web applications for an upload. When granting authorizations on this content category, we cannot distinguish between contracts and meeting minutes anymore.
  Comparing this with the config in ECC we can freely define document types which can be used in AUTH profiles. Is there any similar solution that can be used in SRM 7.0?
  Any help would be greatly appreciated.
  Cheers,
  Mark

  Hello,
  Have a look at note 1334202. It provides some inputs.
  Regards,
  Ricardo

• ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

  Hi All,
  I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
  The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
  There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
  The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
  I can only do an all or nothing scenario.
  It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
  Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
  Scenario 2 would be an ideal longer term solution.
  Any thoughts, ideas or assitance would be greatly appreciated.
  Cheers

  This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
  assert(function()
     if ( (type(aaa.ldap.distinguishedName) == "string") and
          (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
  then
         return true
     end
     return false
  end)()
  from the debug dap you can see what Users relates to;
  DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
  My admin account fails to get me in to the same profile:
  DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
  Thanks
  Andrew

• SSH login- how do I restrict access to a shared folder?

  I have created Shares in WGM for SMB and AFP access on my OS X 10.4.8 Server. However when I connect via SSH it's not restricting access to the folder based on the User Name I login with- I see the entire volume! How do I restrict access to a specific folder based on a user name setup in WGM? ACL's?

  Hey George,
  It sounds like you are trying to limit ssh/sftp users to a specific area, aka jails. The FTP server lets you 'chroot' users to a certain area making it appear as the root thus preventing them from navigating up the hierarchy, which is what I think you, and me and many others are trying to accomplish.
  The ssh compiled into OS X is missing this very needed feature. There have been a few documented workarounds, but they've either been too insecure or too clunky for me.
  I've dealt with the fact that my users can get to the root of the hard drive, and have just been very careful about my privileges (by using ACLs), thus preventing them from getting inside areas they shouldn't.
  There's a good write up here: http://www.schwie.com/brad/macosxsftpchroot/ and if you include the term 'chroot' in your searches, you should find a bit about it here too.
  And Roger, I think George meant the file sharing protocol used by ssh. man sftp.

• How can I restrict access to add. internal hard drive by account?

  Hello! Okay, so I am my computer's administrator, and I have a secondary 'guest' account that anyone else can use. So, I know that all my data on my main, OS hard drive is secure from the guest account accessing it, but what about the additional hard drive that I have installed?
  I have a good deal of sensitive data and files stored (and aliased) on my second internal drive that I do not care for 'guest' users to stumble upon. How can I restrict access to the secondary storage hard drive from my Guest login account, and/or just plain hide it from it? Surely, there is a need for this that has brought about a solution. Any tips/advice/solutions?
  Thanks!!!
  =)

  Click here and follow the instructions followed by placing the folders and files on the image; if the password is in the keychain, it will be supplied whenever you're logged in.
  (41018)

• HT201304 Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

  Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?

  you might be able to block it if the app uses Internet access
  and depending on your wireless you might be able to block a specific user
  accessing the backend host that the app uses
  some firewalls offer application filtering but I'm not aware of any that work with ios apps

• HT1178 How do I restrict access to my network to mac addresses?

  I am setting-up a new Time Capsule and wish to restrict access to my wireless network to only those mac addresses of my equipment.  I can't find instructions on how to do this.  Any help in pointing me to the correct resource would be appreciated.

  Suggest that you check the Help area in AirPort Utility for instructions.
  Open AirPort Utility
  Click the Help menu at the top of the screen
  Click AirPort Utility Help
  Wait for Help to load
  Click Setting up a Wi-FI network on the left side of the main page
  Click Control when a user can access your network
  Click Control access to your wireless network