Restriction of Developers in BW7.0

Similar Messages

• Restriction BW developers in BW7.0

  Hello,
  We are working on the restriction of Developers in BW7.0
  Can anybody tell me which trx and authorization infoObjects are critical or where i can find a list .
  for example BW developers use RSA1 and with authorization Object S_RS_ADMWB it is possible to restrict the RSA1.
  but which others are imporatnt to be taken care of.
  Thanks in advance,
  With kind regards,
  Vincent Willems

  Hi Vincent,
  That depents on which type of users you use.
  Developers need more than users which only need to run queries.
  Generally you can use:
  S_RS_COMP1 - for qeuries;
  S_RS_HIER - hierarchies;
  S_RS_ICUBE - for InfoCubes;
  S_RS_MPRO - MultiProviders;
  S_TCODE - transaction codes;
  Regards,
  Jos.

• How to restrict the developers to do DDl Operations on the tables

  Dear All,
  Even i restricted the developers to do DDL operations by updating CHAR_VALUE=disabled in the table SQLPLUS_PRODUCT_PROFILE table in system/manager schema.
  So, now the users are unable to do DDL operations from PLSQL Developer, iSQLPLUS and command prompt.
  But they are doing their DDL Operations from the Java application, i don't know how they are doing this.
  But how can i restrict them
  Thanks
  Mahipal Reddy

  It does not make sense to attempt to restrict users by using security in a tool - like using SQLPLUS_PRODUCT_PROFILE for SQL*Plus. Whoever the person who designed this at Oracle was, needs to be introduced the wrong end of a lead pipe. It is nonsensical to approach security in that fashion.
  As for restricting DLL, there are numerous levels that this can be dealt with inside Oracle. From simply not granting a CREATE TABLE statement, to using schema/DDL triggers.
  But seeing that you have this problem, I'm betting that it's as a result of a flawed open door Oracle security policy.
  You should start at beginning. Determine what the security requirements and access levels are, and then implement these properly in Oracle. Using a DLL trigger for example, is often an exception when it comes to a proper security model implementation in Oracle.

• Restrict OBIEE developers to login into OBIEE admin tool withAdministrator

  I have developers with their own id's but with admin role assigned to them and If I remove the admin role from their id's they cannot login into OBIEE via admin tool in online mode to make any changes to the RPD.
  Q is) Developers make changes to the rpd file in online mode but at the same time I dont want them to have the admin privileges like making changes to the security/connection pool entries so on. But they can make changes to the presentation layer or business model. If I remove the administrator role from their id's they cannot even open the rpd in online mode i.e they can't even login. How do I give the developers the control they need and at the same time lock down the admin related stuff from changes?
  Also they cannot make the changes offline and they need to login and open the rpd online.

  Hi,
  I think you can resolve this issue, by setting up a different application role for all of your developers (yes, with BIAdministrator privileges too). However, in the .rpd you could restrict the access to this role to the physical layer. Briefly, the steps are below
  1. Set up a new application role.
  2. In the .rpd Manage Identity -> application roles -> New role -> Properties -> Permissions -> Object Permissions.
  3. Set 'No Access' to all of your physical layer objects.
  Hope this is what you are looking for.
  Thank you,
  Dhar

• BW Authorization Object to restrict Transporting Requests

  Hi...
  In our BW systems, all the developers are given the profile SAP_ALL. So, the developers have the access to transport their objects from BW Development(BWD) client to BW Quality(BWQ) Client and from BWQ to BW Production client (BWP).
  I want to restrict the developers to do the transports. What is the authorization object used to restrict the users to transport requests?
  Any documentation how to do that?
  Thanks,
  Sai.

  It can be done with the authorization objects S_TRANSPRT and S_CTS_ADMI.
  S_TRANSPRT creating transport request and S_CTS_ADMI for moving transport request.
  I would like to work on that project where I can get SAP_ALL access..:)
  Check the documentation.
  http://help.sap.com/saphelp_nw04/helpdata/en/8d/45ef39521e3314e10000000a11402f/content.htm
  Thanks.

• Authorizations for Projects (Restricting Read/Write to users )

  Hi
  I want to know how I can .
  1) Restrict one users from editing projects of each others in xMII Workbench.
  (for ex. User A shud not be able to modify the projects created by user B)
  Tell me the steps.
  Regards
  Tulip

  Just some info on MI 12.1 if you are thinking about upgrading...
  MI 12.1's Content Management could solve your issue. In this version of MI, you can restrict content developers to shared projects. Shared projects are versioned by the repository thereby allowing developers to track revisions to all MI objects (queries, display templates, HTML pages, etc.). So if developer 1 makes incorrect changes to developer 2's web page, developer 2 can create a new version based on his previous correct version. You should evaluate CM if you are upgrading to 12.1 and have curious developers deleting important content.  
  Regards,
  Kevin

• Error In After Logon Trigger

  Hi,
      I am using Release 11.2.0.3.0 of oracle.
  I have created a trigger for restricting specific users(logging from specific program and having specific OSUSER) from loging into the database.
  I created below trigger in SYS schema.
  CREATE OR REPLACE TRIGGER t1
  AFTER
  LOGON
  ON DATABASE
  DECLARE
  trg_program varchar2(4000);
  trg_user varchar2(4000);
  trg_osuser varchar2(4000);
  v_killsession  VARCHAR2(4000);
  v_sid   VARCHAR2(4000);
  v_serial   VARCHAR2(4000);
  BEGIN
  SELECT UPPER (program), UPPER (USERNAME), UPPER (OSUSER),SID,serial#
    INTO trg_program, trg_user, trg_osuser,v_sid,v_serial
    FROM v$session
  WHERE audsid = SYS_CONTEXT ('USERENV', 'SESSIONID') AND ROWNUM = 1;
  IF  trg_program IN ('SQLPLUS.EXE','SQLPLUSW.EXE','TOAD.EXE')
      AND  trg_user in ('USER1','USER2')--,'SYS','SYSTEM')
      --AND trg_osuser  not in ('O12345')
  THEN
         raise_application_error(-20001,'You are not authorized to connect to this schema directly!!');
  END IF;   
  END;
  when i am logging into USER1 through sqlplus/toad it works fine, i am getting required message which is mentioned as 'raise application error'
  but when i am compiling the trigger by uncommenting extra condition for OSUSER i.e trg_osuser  not in ('O12345') in the trigger code, so that it wont affect the highly provileged user(i.e OSUSER O12345).During logging in to user USER1 i am getting below error
  ERROR:
  ORA-04045: errors during recompilation/revalidation of
  XIGNCMN.RESTRICT_UNAUTH_ACCESS
  ORA-01031: insufficient privileges
  it should alow me to login because i am OSUSER 'O12345', so why its not working?

  Thanks John.
  Actually currently we are having database server installed in each of the developers machine so having DBA privilege and having business data, thats why i am planning to configure common database to which all will connect and i wont allow them to connect to the database directly through the functional schema(2 schemas). Now i am planning to restrict the developers access to only 'SELECT+DMLS' for the functional schema and i will do that by creating another user through which they will get connected to the actual functional schema with restricted privilege.
  But here the issue is that, for JAVA application, they are having local source code in each of their machine and will also need the connection string/password for the functional schema, so they will know the password for the functional schema, but i want to restrict their access through all the program except 'Jdbc thin client' so i thought of above trigger.
  kindly suggest if any other way out?

• Webservices in Adobe form fails even when it works fine in Portals.

  Hi All,
  I am new to web services in adobe form, can somebody help me to understand the reason of failing web service call in my adobe form.
  We are working on a simple adobe form with a simple webservice.  the web service is in SAP CRM 7.0 and we are designing the form in Livecycle designer stand alone not through SFP tcode.
  problem is when we execute the web service from adobe form nothing happens.
  There is no script in the adobeform to check if the web serive is called. the technical team claims there is no hit happening to the service. but when we execute the same web service with in a simple web dynpro app in portal it does work.
  earlier we had some similar forms with web service which used to work, now they are also not working from adobeform.
  Are we missing something, when importing/data connection  a webservice how do we make sure from the form that the connection and trigger are successful.
  Please let me know if you need any more information.
  Thanks & Regards
  Sai Krishna.

  Hi All,
  Just a small update on the query I posted.
  I searched tru and found couple of posts in Adobe fourm which says
  Adobe readers cannot execute web services, to do so we need to have Reader Extension on the Adobe reader.
  Is this the problem for my form, if i just dont understand why such restrictions for developers at the design time itself..?
  Regards,
  Sai Krishna.

• WorkSpace/Schema Developer Security

  hi, i have a schema with some tables. some of our developers do not have certain access to some of the tables. Example: developer A (another oracle schema) does not have update, delete on table X, Y and Z.
  i created a workspace and associated the schema with the workspace and created a user account (htmldb user) for developer A.
  what are the possible ways to easily map the oracle user security to htmldb user account.
  also, what happens when you associate a schema with a workspace. when we access the schema using sql workshop, isnt the db user htmldb_public_user ? what rights have been given to this htmldb_public_user on the schema being associated with a workspace ?
  more info and questions added:
  i have a schema called ft
  i have a workspace called ft linked to schema ft
  i have an application called ft which queries some tables in the ft schema
  i have a schema called orgchart
  i have a workspace called orgchart linked to schema orgchart
  i connect to the db using sqlplus as orgchart, i try to select from a table in ft, and i get an error.
  i create a dad, called wyd(whose your daddy !) without account info.
  i connect to htmldb using
  http://server:port/pls/wyd/f?p=ft (alias for ft)
  get challenged and use orgchart credentials
  i can query the records from ft.
  why is this happening ?
  - thanks
  neelesh

  Neelesh:
  See Re: Bug report: Accessible schemas
  First thing to realize that access to schema is given at the workspace level, not the individual HTML DB user account level. If the workspace has access to a schema, you cant restrict users/developers in that workspace from reading/writing against that schema. HTMLDB_PUBLIC_USER has nothing to do with all this.
  Thanks.

• Best replacement apps for calendar, tasks, contacts???

  I am migrating from a Palm handheld after 10 years of use and very eager to find a replacement for the built-in calendar, tasks, contacts apps. I'd like them to manage the data in a way that allows the databases to sync with mobileme appropriately. I use Entourage on my desktop and find the lack of integration between Apple's ical, contacts, tasks and notes to be a loss overall. Below would be some ideal features for each:
  Calendar - allows day, week, month, year views and list view. When alarms popup, an easy way to remind me later or edit them. Adjustable fonts to see more on the screen than built in app.
  Contacts - sort by different fields, adjustable fonts, preview of phone numbers with name so you don't have to open the item and pick a number from a secondary screen (I'm aware of favorites, but you can only add so many before it becomes unwieldy).
  Tasks - hierarchical viewing, easy to change category and priority, side-by-side view of tasks in different categories (ie; work and home) would be nice, adjustable fonts.
  I'm aware of a few basic calendar apps, smarttime and a program called lifebalance. Both of these seem interesting but not quite right. Any other suggestions?

  There are none currently. There are several for tasks and notes. There are contacts enhancement apps. But Apple will not allow developers to access the built in calendar.
  I still carry a Palm in addition to the iPhone because I won't give up Pimlico Software's DateBk6. It's now the ONLY app I use on the Palm, of the 60 that I formerly used; everything else is now functionally available on the iPhone. CE Stuert Dewar, author of DateBk6, is working on a new calendar app (Pimlical) that will run on any platform that supports Java, so Windows, full OS X, Linux, Android, Symbian, etc will all be supported. He is hesitant to develop for the iPhone because of the restrictions on developers. It would be good if Apple took notice, because CESD's former calendar products have sold over 3 million licensed copies.

• Where is the Android version of Lightroom mobile

  Why is it that android always plays second fiddle to IOS. I pay the same as anyone else, but because I choose to use the freer plaform, not controlled by meglomaniacs, who insist on producing the hardware as well as the software, I am penalised. Android has more users than IOS and it is time that it is put first.
  Regards
  MalCG

  I guess John's stats are the reason.  Whether to develop an app first on Android or ios is likely to depend on where your market is, and what kind of app you're developing.  Once you've tested the app with real live customers, and tuned the app functions and interface, you can port to (in practice: rewrite for) the other platform.  Probably less effort than trying to develop both at once.
  My experience of developing mobile apps is limited to Android.  I'm told that some apps are easier to develop on Android, as Android poses fewer restrictions on developers.  However, Android is a less homogeneous environment.  Every manufacturer makes their own "improvements" to Google's base code, and you wish to heck they didn't!  You are likely to need to test on more phones/tablets with Android (compared to ios) before launch. 

• Is ds designer able to run a job against a remote job server?

  I looked around for a quite while and couldn't find anywhere it's mentioned that the ds designer can run a job against a job server running on another machine. To me it seems that the designer and DS Server Manager can only pick up local job servers. There is no way for they to specify the hostname of the remote machine having the job server running.
  Could anybody here help me out with this problem? Our environment has restriction that developers have no local admin privilege so they can't start a local job server as a Windows service. The only solution for us is to use the remote job server running on the dedicated server. BTW, we don't use Unix/Linux at all.
  thanks in advance.

  yes, Designer can run job on job server that is installed on different machine, the job server machine can be Linux\Unix or Windows
  for the remote job server to be visible in Desginer, you will have Register the local repository with the Remote job server
  to Register a Local Repository with a Remote job Server, go to remote job server machine
  open the Server Manager
  In the server Manager, go to the job server window, select the job server click on edit in this window you can associate as many local repository as you want with this job server
  restart the Desginer, login to the local repo that you have added to job server
  click on Tools->Options
  expand Designer node, click on Environment
  in the Default job Server drop down list you will see the remote job server
  please refer the technical maual for Adding Job server using Server Manager and also how to add repository to job server

• Iphone os3 question

  hi all,
  i have a ipod touch 2ndgen 32gb with os3 installed. As I understand os3 for iphone, the A2DP profile is supported and i purchased high definition bt motorola headphones.
  The motorola s9-hd headset also has remote controls for music players. These controls comport to a standard known as AVRCP.
  Do Apple bluetooth devices like ipods and macminis (in itunes 8.2) support AVRCP? How do I enable this feature?
  is there existent apple literature available for me to explore this issue that does not require me to spend another 99 usd to join the iphone devekoper's consortium?
  thanks in advance and best regards,
  Marc

  i want to thank you for answering me. as you might surmise by the construction of my question, i am an adc member already because I use x-code (and i have the earlier os2.2 sdk kit for iphone which has been removed from the site recently.)
  it is an unfortunate fact however that the advice you have given me is incorrect. technical information about bluetooth appliance api-s seem to be restricted to developers who pay for the os3 sdk.
  a search of bluetooth on the iphone developers sigte yields the following:
  http://developer.apple.com/iphone/program/sdk/accessories.html
  <snip>
  To learn how to add support for iPhone apps in your dock connector or Bluetooth accessory, join the Made for iPod and Works with iPhone Licensing Program and the iPhone Developer Program.
  warmest regards,
  marc
  Message was edited by: mrglsmrc
  Message was edited by: mrglsmrc

• Epocrates drug app for the Z10

  I have the 9900 smartphone with the 7.1 OS. It allows me to use the epocrates app. I am now told on the epocrates website that it will not be available on the Z10.  And it isn't available for my playbook. This is a major app for anyone in the medical profession. We need it on us not only in the computer at the office. Why is Blackberry reducing the apps currently available and needed? If I cannot have the epocrates app on the z10, I will not buy it, much as I want to.

  Hi and Welcome to the Community!
  BlackBerry is not "at fault" here...the app developers choose what devices they will support and which they will not. BB10 is a revolutionary change from prior BB devices...and apps must be totally re-written to run on BB10. While I've heard that app development for BB10 is actually easier than prior BB models, it nevertheless is a complete re-write that they'd have to undertake.
  Each app developer makes their own choice as to what devices they will support. BlackBerry do not restrict app developers from writing their app for BB10...the developer makes that choice.
  So, it seems your complaint would be better raised with the epocrates folks...doesn't it? Unless I am misunderstanding?
  Good luck!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Is request from client's PC or my database server?

  Hi, guys:
  I am new to APEX. I would ask a question that may be silly. I need to develop a database project with APEX and Google map service. I notice there is limit for Google map service. I would assume if I write javascript code in APEX and send request to Google such as loading a map, the request is sent from client browser directly to Google map server, not from my database server to Google map server, so my application won't break the service limit. Is this assumption correct?
  Thanks a lot!
  Sam

  Hi,
  Thanks for your help. I am concerned because Google may stop service as folllows. If the request is sent from a client PC, database server won't break quota assigned. Otherwise, we have to find another solution.
  Sam
  Usage Limits
  Use of the Google Geocoding API is subject to a query limit of 2,500 geolocation requests per day. (User of Google Maps API for Business may perform up to 100,000 requests per day.) This limit is enforced to prevent abuse and/or repurposing of the Geocoding API, and this limit may be changed in the future without notice. Additionally, we enforce a request rate limit to prevent abuse of the service. If you exceed the 24-hour limit or otherwise abuse the service, the Geocoding API may stop working for you temporarily. If you continue to exceed this limit, your access to the Geocoding API may be blocked.
  Note: the Geocoding API may only be used in conjunction with a Google map; geocoding results without displaying them on a map is prohibited. For complete details on allowed usage, consult the Maps API Terms of Service License Restrictions.
  https://developers.google.com/maps/documentation/geocoding/