Revoking the access for a user based on the date specified by the certifier.

Hi,
Is it possible for the certifier to specify a date before he clicks on "Revoke" so that the user access is revoked on specified date in R2 PS2.
Regards,
Shiva

Hi User,
In the logical column write case when statement
case when valueof_nqsession(ROLE)= 'Manager' and Restricted_USER='Y' then null else table_name.column_name end
Use conditions(11g) for the same column and define if the report retrives results show the report wihotu having column if it has results show report with column
Guided Navigation/Conditions you should use !
http://total-bi.com/2011/01/obiee-hide-show-sections/
Thanks,
Saichand

Similar Messages

  • How to restrict the access of "InPlaceRecordsListSettings.aspx" and "InPlaceRecordsSettings.aspx" pages for some users and allow the access for some users?

    I have a requirement to restrict the access of "InPlaceRecordsListSettings.aspx" and "InPlaceRecordsSettings.aspx" pages for some of the users and allow the access for some of the users.
    I have applied the below code on the web.config file but this modification impacting only on the web application level not on the site collection and sub site level.  
    <location path="_layouts/15/InPlaceRecordsSettings.aspx">
        <system.web>
          <authorization>
            <deny users="*" />
          </authorization>
        </system.web>
      </location>
    <location path="_layouts/15/InPlaceRecordsListSettings.aspx">
        <system.web>
          <authorization>
            <deny users="*" />
          </authorization>
        </system.web>
      </location>
    When I tried the access on
    :<portno>/sites/<scname>/_layouts/15/InPlaceRecordsSettings.aspx">http://<servername>:<portno>/sites/<scname>/_layouts/15/InPlaceRecordsSettings.aspx page allowed the access for all users.           
    Please suggest the possible solution to restrict the access of "InPlaceRecordsListSettings.aspx" and "InPlaceRecordsSettings.aspx" pages on SharePoint2013.
    Thanks
    Ramasubbu

    You can't do it from OOTB. 
    _layout folder is accessible to the users if they have read access in any of the site even subsite.
    You can modify *.aspx file, add your custom control which will check user.
    [custom.development]

  • Denying unwanted access for a user to a database

    Hi,
    Is there a mechanism in Oracle using which we can deny access to a user based on invalid login attempts made ? For example, in case a user logs in for the first time with an incorrect password, does the same the second time also, so at his third attempt, can we block the user and prevent login for say 24 hours ?
    Thanks and Regards,
    Mohan.

    Although I have not addressed this issue myself, it seems that it would be possible to setup this functionality yourself.
    1) Make sure you have auditing turned on.
    2) Create a logon trigger that searches audit logs for user from the terminal you are interested in and raises an application error if there as been 3 or more failed "create session" attempts in the last 24 hours.
    Regards
    Tim Boles
    Well this was fun....I am not sure it is "full proof" but I had fun trying to figure it out...took a little bit of researching on google and through the Oracle documents but hey you can tailor it to your needs.
    Turn auditing on
    Update your initialization file to have audit_trail=true
    bounce the database
    As sysdba
    SQL>audit create session;
    SQL>
    create or replace trigger logon_time after logon on database
    declare numfailed number;
    begin
    select count(1)
    into numfailed
    from dba_audit_trail
    where ACTION_NAME='LOGON'
    and RETURNCODE=1017
    and USERHOST=(select sys_context('USERENV','HOST') FROM DUAL)
    AND USERNAME=(select sys_context('USERENV','SESSION_USER') FROM DUAL)
    and timestamp>trunc(sysdate);
    if numfailed > 2
    then
    RAISE_APPLICATION_ERROR(-20001,'Not Allowed to Logon Database failed 3 times within 24 hours');
    end if;
    end;
    SQL>connect scott/scotttest
    Connected.
    SQL>connect scott/asfasdf
    ERROR:
    ORA-01017: invalid username/password; logon denied
    Warning: You are no longer connected to ORACLE.
    SQL>connect scott/asfasdf
    ERROR:
    ORA-01017: invalid username/password; logon denied
    Warning: You are no longer connected to ORACLE.
    SQL>connect scott/asfasdf
    ERROR:
    ORA-01017: invalid username/password; logon denied
    Warning: You are no longer connected to ORACLE.
    SQL>connect scott/scotttest
    ERROR:
    ORA-00604: error occurred at recursive SQL level 1
    ORA-20001: Not Allowed to Logon Database failed 3 times within 24 hours
    ORA-06512: at line 13
    Edited by: Tim Boles on Apr 13, 2010 9:52 AM

  • HELP needed on Remote Management set to allow access for all users

    my mac mini snow leopard server runs in a data center and i use screen sharing to interact with it. i played with the sharing settings remotely yesterday and changed "allow access for" to all users. i was disconnected immediately and i couldn't logon again. i have no luck changing to other users. i don't want to make a special trip to the center to change it back to whatever it used to be. i can still use afp to connect but the screen sharing option is no longer available. what does "allow access for all users" mean anyway?
    thanks!

    As its name implies, allow access for all should allow any valid user account to access the server. I'm not sure why it's no longer working. It almost sounds like the ARDAgent crashed.
    Either way there's a command-line interface to the ARD preferences:
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/ki ckstart
    man kickstart discusses the options, including examples of how to enable access for specific users.

  • After installing Mountain Lion, why is there Yahoo access for one user but not another?--both are administrators.

    After installing Mountain Lion, why is there Yahoo access for one user but not another?--both are administrators.

    We've had several instances where we have had to run chkdsk on arrays with over 1m files. Average completion time is approximately 72 hours. The maximum downtime window they have available is the 64 hour weekend window. File sizes and number of files were
    much smaller then than they are now.
    The idea, in theory, was to use VHDs to compartmentalize the data into smaller volumes which could be more easily managed. It would also improve performance when transferring these compartments of data as they would use sequential read/write rather than
    fragmented/random. This idea was never fleshed out in entirety, they don't split data up into little containers, but simply into big ones per project. Hence the 11m files in one container that I am currently trying to diagnose.
    Some other important facts: The VHD in question is mounted in B:/project/ as this server also allows remote workers to log in, but they are restricted to see only data in E:. Disks A-D are hidden via group policy.
    Update: icacls is failing on a large number of files within this dataset. I counted the path characters to ensure it wasn't the 255 character limit I was encountering and verified that the paths being blocked are only about 150 characters long. Once it finishes,
    I'll have to try taking ownership and then re-running it. At this point I still have no idea how long to expect. I'm running out of time as the environment will be in use again at 9AM tomorrow morning.

  • Giving Access for an User On One Schema.

    Hi all,
    I want to give read,write and execute access for an user in one schema and only read access to another two users.
    How can I give..Please suggest.

    Hi,
    Well in that case you may have to give the select privilege to a particular user for all tables.
    Or
    You may like to create two roles, and give select privilege to a particular role for all tables. And give write i.e. insert/update privilege to the other role. Then assign this role to the user whom you like to give the access.
    Regards
    Anurag Tibrewal.

  • Restricting  Access for SQ01 User Group

    Hi ,
    Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
    Thank you
    Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

    Hi,
    Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
    If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

  • Expire OIM User based on End Date

    This is a query on expiring an OIM User based on end date.
    Does OIM need any configuration for it to expire the user based upon end date?
    The start date seems to work well as expected but the end date doesn't.
    Even after the end date has arrived the OIM User is not being expired.He is still able
    to login into OIM without any issues.
    Thank you

    Theres a scheduler task that has to be run to check the date and deactivate the users.

  • Database design for Role/User based access to the application..

    We want to implement Role/User based access to the application.
    Can anyone tell me whats the optimized way of storing the data {User, Role, Access_Type etc} in the database.. The Roles might get added in the future so i dont want to maintain a single table to map User-Access_Type..
    Access_Type -->
    AT_1 | AT_2 |AT_N |
    ------- |------- |------- -|------|
    User_1 | | | |
    ------- |------- |--------|------ |
    User_2 | | | |
    ------- |------ -|--------|------ |
    I want to maintain a table which will map user with the Access_Type, which should be mainatained in a different table..
    Any help would be highly appreciated..
    Thanks in Advacnce,
    Shridhar..

    You find your answer here:
    http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html

  • Restrict Access to certain users based on if a variable in the SQL database is set to 1

    Hey guys,
    I am quite new to PHP and MySQL and I have a question concerning access  restriction. For a website project I am experimenting with Dreamweaver's  login and restrict access behavior, which works fine. However, on the  website I would like to restrict access for users that only have a 1 set  in the corresponding MySQL database (which means that e.g. each page has a different variable in the database that can be set to 1, which would allow me to personify access beyond the level of the out-of-the box option, where each user can only have one access level). So it is quite similiar to the  out-of-the-box restrict access to page based on user group, but just  depending on another variable in the database.
    I guess it can be done with an if condition that checks in the database if the logged in user has a 1 in this variable, and if yes give her/him access if not redirect to another page. However, I could not figure out  how to implement that.
    Your help is highly appreciated!
    Thanks in advance!

    Hello guys,
    I spend quite some time on the internet reseaching my wish and redefined my need: I would basically like to have the possibility to assign a user multiple access levels. There would be e.g. 10 pages for each I create an access level. Then a user with e.g. access to pages 2 and 8 can only access these two pages. So my basic question is if and if yes how I can assign a user muliple access levels at a time and store these values in the MySQL database.
    Thanks a lot for your help!!

  • [OIM 9.1.0.2] RESOURCE NOT REVOKED BY ACCESS POLICY WHEN USER DISABLED

    Hi Experts,
    OIM Build Number: 1866.62 ( BP15 )
    IHAC that faced an unexpected behavior on User disabling.
    Some users were associated to groups that had access policies applied.
    When those users were disabled, they didnt lose their associated groups and also the resource and permission associated thru access policy applied to those groups.
    I saw that there was a bug reported to that issue. So I performed the action plan and set up the XL.EvaluateMembershipForInactiveUser System Property as TRUE. Now after disabling the users are properly removed from groups.
    Customer problem: For those users, almost 1000, I did a recon just to estimule the identity, so the membership rule was applied and the groups were removed, but OIM didn't evaluate the access policies and didn't revoke the resources.
    I ran the Evaluate User Policies task, and it seems to be stuck. Should the Evaluate User Policies schedule task work for that scenario? Should the resource after running that task be revoked?
    Any help would be very appreciated.

    Hi Nishith,
    I ran the task, but it seems really stuck. It displays the RUNNING status, but any effect is observed. I have to change task status to INACTIVE in the Design Console.
    This task has 2 attributes: Batch Size= 500 and Number of Threads=20.
    But I have noticed this task in another environment (w/ BP 18 applied), it has 3 attributes: Batch Size= 500 ; Number of Threads=20 and Time Limit in mins=1.
    Is it any enhancement for this task in order to improve its performance, or something like that?
    What else I can check?
    Thanks in advance.

  • How to limit file access for different users in 10.7.4 Server

    We had everything working perfectly with an earlier version of Lion Server. The update to 10.7.3, or 4, seems to have opened access to all files for all users. Much to our surprise, this wide-open access started without warning.
    - We have an external drive that contains all of the company's archives
    - We had set access for one employee to get to the files he needs, and different access for another employee. Neither saw sharepoints outside of their access settings.
    After an update, each employee can see and log in to all sharepoints. There doesn't seem to be a way to limit access for each employee now. I can set 'read' access for one employee, but it doesn't stop the other employee from accessing that sharepoint/folder.
    Is there some new way to go about this? Or is something simply broken with the current release?

    That is good to know. If the file share is seeing the drive and ignoring its permissions, that is why everyone can see everything. I have found, in Lion Server, that it is best to get the permissions set before turning on File Sharing. I don't know if you have the luxury of turning the file share off for a little while, but I would unshare the drive and see if the issue persists if you plug the external drive into another machine. The settings for permissions are set on the file or folder itself, so the issue should follow you to the other machine.
    Again, if you can, I would unshare the drive and reshare it with the permissions that you want and turn file sharing back on. However, if you can get the drive to respect permissions rather than ignoring them, I think it will save you a lot of work.

  • In Powerdesigner repository, can we limit access for any user to one particular model?

    Hi
    I have this requirement in Powerdesigner repository to setup a user and give him/her access to check in and check out only one model? In otherwords, when he logs into repostiory, he can't see any other folders except the folder that was assigned to him?
    Is there a way to do this in the Powerdesigner tool.?
    thank you
    Krishna

    Sure,
    I have this requirement in Powerdesigner repository to setup a user and when he logs into repostiory, he can't see any other folders except the folder that was assigned to him?
    Step #1
    a) Connect as ADMIN
    b) In Menu go to Repository=>Administration=>Users
    c) Add user MYUSER
    Step #2
    a) In the Repository define a folder, example MYFOLDER
    b) Right click on the folder MYFOLDER
    c) Select folder permission and add MYUSER to MYFOLDER and give permission WRITE access
    Step #3
    a) Log into the repository by using your new user MYUSER
    b) Check-in a model under MYFOLDER
    b) Go to Repository : As you can see you can access models under the folder MYFOLDER
    c) You can see others folders (Because by default all folders are displayed as "List" for all users (PUBLIC) but your user MYUSER can't see the objects contained into the others folders.
    Bye
    Do not forget to give your appreciation relative to my answer.

  • How do I modify keychain access for a user ?

    I want to get rid of that annoying keychain access prompt for a user on OSX 10.6...

    Thank You! I looked at the examples you suggested and think I can save some money and make things work without the TZO!!! Your website and the TZO are great references.

  • Setting Application Context Attributes for Enterprise Users Based on Roles

    Hello,
    We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
    I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
    -- For each record in my RoleSitePrivileges table, set
    --   an attribute named 'SITE_PRIVILEGE_<SiteID>'.
    --   If the current user has been assigned a role matching
    --   the value in the 'RoleName' field, set the corresponding
    --   attribute to 'Y'... otherwise, set it to 'N'.
    FOR iPrivRec IN (SELECT RoleName, SiteID
                       FROM RoleSitePrivileges
                       ORDER BY SiteID)
       LOOP
          SELECT COUNT(*)
            INTO roleExists
            FROM dba_role_privs
            WHERE granted_role = UPPER(iPrivRec.RoleName)
              AND grantee = USER;
          IF roleExists > 0 THEN
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'Y');
          ELSE
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'N');
          END IF;
       END LOOP;To finish things off, I created a security policy function for the table which returns the following:
    RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
                         FROM session_context
                         WHERE attribute LIKE ''SITE_PRIVILEGE_%''
                            AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
    I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
    I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
    So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
    Thank you!

    Hello,
    We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
    I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
    -- For each record in my RoleSitePrivileges table, set
    --   an attribute named 'SITE_PRIVILEGE_<SiteID>'.
    --   If the current user has been assigned a role matching
    --   the value in the 'RoleName' field, set the corresponding
    --   attribute to 'Y'... otherwise, set it to 'N'.
    FOR iPrivRec IN (SELECT RoleName, SiteID
                       FROM RoleSitePrivileges
                       ORDER BY SiteID)
       LOOP
          SELECT COUNT(*)
            INTO roleExists
            FROM dba_role_privs
            WHERE granted_role = UPPER(iPrivRec.RoleName)
              AND grantee = USER;
          IF roleExists > 0 THEN
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'Y');
          ELSE
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'N');
          END IF;
       END LOOP;To finish things off, I created a security policy function for the table which returns the following:
    RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
                         FROM session_context
                         WHERE attribute LIKE ''SITE_PRIVILEGE_%''
                            AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
    I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
    I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
    So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
    Thank you!

Maybe you are looking for

  • With hoding Tax type is not defined while running he TDS inconsistency

    Dear Experts While running the TDS inconsistency program (RFWT0010) for a vendor group ranging from 1 to zzzzzzzzzzz in company code , I am getting an error that "Withholding tax type is not defined". Can anybody please help me how to solve this issu

  • List all servers with OS and service pack

    Is there an easy way using any script or software to list all servers joined to your domain including operating system (i.e. server 2008) and service pack level, without having to check each manually?

  • Tab order of radio buttons skipping back

    I'm currently using Adobe Acrobat Pro XI (trial for now) to mess around with forms. I am having a problem right now with the tab order. I believe the culprits are a few pairs of radio buttons I have set up sequentially. Each pair is in it's own group

  • Best Way to Get Indexed in Google

    What is the best technique for indexing a new site in google? I have been using social bookmarking with good success, but I was wondering what everyone else is doing.

  • Identiying in which table a field belongs to

    we have requirement to bring value of field NBW- BOOK VALUE AT FISCIAL YEAR END, WHICH is defined in a structure. now how to know in which table the value of this field is stored. thanks