Role based authorization in initiative
Hi,
We can assign default authorization for role types in Projects. For example a the role PM can be assigned Admin auth and the person assigned to PM role gets admin role.
We want the same functionality in initiatives but it is not working. Has anyone tried DFM or any other method to solve this?
Thanks and Regards,
Anuradha
Hi Anuradha,
Thanks for the information.
We are not able to access this note, it says 'Document is not released'. Are you able to view this note.
Is this customer specific note?
Regards,
Ravi
Similar Messages
-
Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing
In JHeadstart 11g TP1 the option Use Role-based Authorization is missing.
Will this option only be available in de production release of JHeadstart 11g? What is the reason why this is missing? Is it still possible to use CUSTOM authorization in JHeadstart 11g TP1?It is not missing.
If you turn on custom authorization, you can specify your own roles against groups to access them, and use role names in the insert allowed/update allowed and delete allowed expressions.
Steven Davelaar,
JHeadstart Team. -
How to set role based Authorization in JAAS
how to set role based Authorization in JAAS
i had user name , password and role in FileLogin
thanks
arun .v.http://dev2dev.bea.com/pub/a/2003/04/Kemp_Helton.html?page=last
-
Can't use role-based authorization
We can't use role-based authorization because the permissions
and their assignments change frequently. Is there any alternative
where we can still use WLS to handle security?Dave,
If you're using WLS6 the console supports dynamic user updates so you could
change each users configuration as needed.
Alex
Dave <[email protected]> wrote in message
news:3a672c81$[email protected]..
>
We can't use role-based authorization because the permissions
and their assignments change frequently. Is there any alternative
where we can still use WLS to handle security? -
XWS-Security, JAAS and role-based authorization
What is my best bet to try to authorize users to use certain web services? For example, let's say a user logs into a web application A, who connects to a web application B implementing Web Services and XWSS.
A passes along the userNameToken, and B authenticates it (let's say, using JAAS). Now it needs to authorize the user to use the actual web service. Can I do this with JAAS? What is the best way to define the policies? Does it mean I have to create PrivilegedActions for every webservice? What are my other alternatives besides JAAS?
Thanks in advance.Alternatively, is there a way to see which web service the client is requesting from the SecurityEnvironmentHandler (callbackHandler)?
-
BlazeDS role based authorization
Hi,
I'm half the way in developing a POC for using flex as the front end of our application and I'm having some security issues.
I'm using JBoss with JAAS and I figured that using BlazeDS just uses JAAS login module to perform authentication.
* Will it use JAAS for authorization too? Will EJB method level permission will still apply?
* How can I use the Subject/Principals/Policies in the client side flex application to inflect some UI restrictions on unauthorized operations?
Thanks,
EyalHey Jiby,
I already posted this question to the forum http://swforum.sun.com/jive/thread.jspa?threadID=44893&tstart=15 prior to opening this ticket with Sun
Regards
Matthew Key -
NxOS and Role Based Authorization
Guys,
Basic setup - using default default user admin I login and no problems - commands such as show mod and config changes, no problem: role =
network-admin
I create a user account with the same role as the admin user and I cannot issue the same commands - permission denied?
Stumped - any ideas what's missing here?
ThanksOut of desperation, I tried combinations of shorter usernames, similar to the admin username
The result - for whatever reason it seems (I cannot confirm as such) if you use usernames for authentication locally in excess of 8 characters you cannot get full network-admin role privilidges
even though when you do a show user-account, it displays your full username and the correct role.
It seems almost as if the authenticaion element works, but the the role categorisation seems to fail for whatever reason (what I would call authorisation).
Feels like a bug to me, anyway putting it on tacacs tomorrow hopefully with different results
I am running 4.2(1)SV1(4) on an nexus 1000v. I hope this saves you some time.
Apologies if this is a known issue or "feature" - but I was not aware of it. -
Open source role based framework
We have an application which is using :-
1) spring framework/j2ee code at the backend
2) while the front end is comprised of Adobe flex and action script. The app is web based.
A need of the application at the moment is for a role based authorization framework, based on which a decision can be made as to which widgets/tabs/screens should be visible to the user and which should be hidden from him.
Wanted to know
1) if somebody was willing to share some of his experiences on a similar project.
2) found and existing framework open source or otherwise helpful.
3) would recommend one architecture over the other
4) or anything else he would think might be beneficial to know.
ThanksMost app servers have some built in container managed security (for example Tomcat Realms) which may or may not meet your requirements.
-
Resource Based Authorization sample program and application
Recently i have studied about the types of authorization and i also did some samples for role based authorization. Now i am looking for Resource based authorization, the sad thing is that i could not able to understand the concept.
So i am looking for the sample application and C# program.
I just want to know the concept of resource based authorization and also the sample application file and c# coding file.
Please provide me the sample.
Thanks in Advance.Hi,
Technet forums are dedicated by technologies. Since you are more looking for concept, you should check for blogs on the Internet (try google...).
Otherwise please refer to TechNet forums homepage and look for your technology (C# for instance).
Hope this helps.
Guillaume Rouyre - MBA, MCP, MCTS -
I have a question about role based authorization. Guess we have 100 transactions and 100 users. I know we have to create a new role for a new combination of transaction list. Ex: 1,2,3,4,14,15 is RoleA and 1,4,25,34 for RoleB and so on. What will it be If we have a really mixed authorization combination. Guess 15 users use A Role and 20 B Role. But we have a three new user. They mustn't use only two transaction in A Role. Now we came subject of my question. I don't want to create a new role for these users. Is it possible to restrict authorization? As if in same role but restricted to use these transactions. (without abap coding) In a clear expression user based transaction authorization, not role based.
Hi,
in my opinion that isn't possible without coding.
Sorry ;-(
Regards
Bernd -
JHeadStart Security problem-error page cannot be found- role based security
JHeadStart Security problem-error page cannot be found- role based security
Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.Thand you very much for your reply! Unfortunately there is a specific restriction-convention in the project I work in. I am supposed to perform role based security with my own tables and no by the jheadstart’s ones. Could you find out what is my fault with the steps I follow trying to perform the process?
To remind you my steps I paste the following again:
JHeadStart Security problem-error page cannot be found- role based security
Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much. -
Help needed in Role Based authorisations in WEB UI for RESELLER Role
Hi All,
I am working on a requirement where i need to disable/hide/grey out EDIT button on Account Details and on all assignment blocks in WEBUI(CRM2007). This is needed for the accounts having the Role RESELLER only.
The same functionality is working fine in GUI. This is achieved by Role based authorizations.But the role based authorizations are not working in WEBUI.Any pointers on how to achieve Role Based authorizations in WEBUI.
Thanks in advance.
Regards,
Udaya
Edited by: Udaya Bhaskar Perecharla on Aug 20, 2008 12:31 PM
Edited by: Udaya Bhaskar Perecharla on Aug 20, 2008 12:33 PMHi Uday,
Could you let me know the process to disable the edit button for the following scenario -
Using Account Managment, you can display the Account and on double clicking the reponsible employee (hyperlink), WEB UI displays the employee master record with option edit. You can edit the employee details here, which I don't want. User should only be displayed with the employee details without option of editing the master record. How can I achieve this without changing any code..
Your kind assistance will be highly appreciated.....
Cheers,
Peter J. -
Error in Role Based security using weblogic 9
Hi All,
Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name>Success</web-resource-name>
<url-pattern>/form.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>INTEGRAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
So can any one provide me the solution for the above problem.
Thanks in advance.
By,
Sandip PradhanHere is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.
-
Role-Based CLI Views with AAA method
Hi,
I'm configuring Role-Based CLI Views on a router for limiting access to users.
My criteria:
- There should be a local user account on the router that has the view 'service' attached to it
- If the router is online and can reach the radius server, people in the correct group are assigned the view 'service'
My configuration:
aaa new-model
enable secret 1234
username service view service secret 1234
aaa group server radius my_radius
server-private 10.1.1.1 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 0 1234
server-private 10.1.1.2 auth-port 1645 acct-port 1646 timeout 2 retransmit 1 key 0 1234
aaa authorization console
aaa authentication login mgmt group my_radius local
aaa authorization exec mgmt group my_radius local
line con 0
authorization exec mgmt
logging synchronous
login authentication mgmt
line vty 0 4
authorization exec mgmt
logging synchronous
login authentication mgmt
transport input ssh
The ERROR
Now I want to go configure the cli view 'service'...
# enable view
Password: 1234
*Jun 1 08:00:02.991: AAA/AUTHEN/VIEW (0000000D): Pick method list 'mgmt'
*Jun 1 08:00:02.991: RADIUS/ENCODE(0000000D): ask "Password: "
*Jun 1 08:00:02.991: RADIUS/ENCODE(0000000D): send packet; GET_PASSWORD
*Jun 1 08:00:21.011: RADIUS: Received from id 1645/13 10.1.1.1:1645, Access-Reject, len 20
The Questions
Why does the 'enable view' try to pick a method list when you have to supply the enable secret to access the root view?
Can you change this behaviour to always use the enable secret?
The TEMP Solution
If you're logged on to the router via telnet or SSH, the solution or workaround to this issue is:
aaa authentication login VIEW_CONFG local
line vty 0 4
login authentication VIEW_CONFG
Do your configuration of the view and re-configure the line to use the correct (wanted) method of authentication.
Thanks so much for the suggestions
/JZNhi,
You have the following configured:
aaa authentication login mgmt group my_radius local
aaa authorization exec mgmt group my_radius local
line con 0
authorization exec mgmt
logging synchronous
login authentication mgmt
line vty 0 4
authorization exec mgmt
logging synchronous
login authentication mgmt
transport input ssh
Hence every time you try to login to the console or try the ssh the authentication will head to the radius server because of the following command "login authentication mgmt".
You cannot make it locally. Whatever defined on the method list mgmt first will be taking the precedence.
enable seceret will be locally defined. but you have the following configured:
aaa authorization exec mgmt group my_radius local
line con 0
authorization exec mgmt
line vty 0 4
authorization exec mgmt
Hence exec mode will also be done via radius server.
when you configure:
aaa authentication login VIEW_CONFG local
line vty 0 4
login authentication VIEW_CONFG
You are making the authentication local, hence it is working the way you want.
In short, whatever authentication is defined 1st on the method list will take precendence. the fallback will be checked only if the 1st aaa server is not reachable.
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts. -
Difference between ID and Role based Administration - Firefighter 5.3
In GRC AC 5.3 Firefighter, security guide, there are two sections for role design,
1. Firefighter Role based Administration
2. Firefighter ID based Administration
Can someone explain what is the difference between the two?
I have read the documentation, but it does not have a clear description of the
differences between the two.
Please help.
ThanksHI Prakash,
Though both of them eventually achieve the same function, that is giving access rights to the user for a certain period under monitring these differ based on the following:
1. Firefighter Role based Administration
You identlfy a particular role as a firefighter role and give it to the user.
2. Firefighter ID based Administration
You create a separate user altogether and give the normal dialog user, the access to this user's authorization.
For the implication that both of these have and the differences or comparisons between using 1 & 2, I would suggest you do a bit of Mock testing for both of these. Also, there are a lot of posts related to this on the forum already, which you can refer to, for getting a more detailed idea on this topic. Unlimately, it depends on organization to organization which methodology they folow as per what suits them, according to features which both have. But generally what is preferred is Number 2.
Regards,
Hersh.
Maybe you are looking for
-
Every morning when I "awaken" my MacBook Pro, I come to find that my Safari browser has been closed on it's own. How to fix this? I don't want to lose anything I have possibly typed in a site that I have left to finish working on for later. I checked
-
Error message while importing transport request using STMS_IMPORT
Hello SAP gurus I have created Transport Request files (K and R files_ and have placed Transport request files in trans and data directories of a target system. On target system I started transaction code STMS_IMPORT and then selected Extras -> Oth
-
Convertion of Smart form to pdf and sending mail to vendor for Invoice
Hi All... now I am getting the output form of Invoice by the T-code VF02 here Im using Zreport & Zform... my requirment is to convert smartform output to PDF and send as an e-mail attachment on my Existing report where I use the FM - CONVERT_OTF_2_
-
HT204347 if my macbook pro was stolen, is there any way i can find it ?
i bought my pro two years ago, but it was stolen yesterday, is there any way I can find it ? please help. it hais important documents and pounds of memeries.
-
in sequence container i have three task one task have to made transaction Remaining three task made not transaction