Role based authorization in initiative

Similar Messages

• Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing

  In JHeadstart 11g TP1 the option Use Role-based Authorization is missing.
  Will this option only be available in de production release of JHeadstart 11g? What is the reason why this is missing? Is it still possible to use CUSTOM authorization in JHeadstart 11g TP1?

  It is not missing.
  If you turn on custom authorization, you can specify your own roles against groups to access them, and use role names in the insert allowed/update allowed and delete allowed expressions.
  Steven Davelaar,
  JHeadstart Team.

• How to set role based Authorization in JAAS

  how to set role based Authorization in JAAS
  i had user name , password and role in FileLogin
  thanks
  arun .v.

  http://dev2dev.bea.com/pub/a/2003/04/Kemp_Helton.html?page=last

• Can't use role-based authorization

  We can't use role-based authorization because the permissions
  and their assignments change frequently. Is there any alternative
  where we can still use WLS to handle security?

  Dave,
  If you're using WLS6 the console supports dynamic user updates so you could
  change each users configuration as needed.
  Alex
  Dave <[email protected]> wrote in message
  news:3a672c81$[email protected]..
  >
  We can't use role-based authorization because the permissions
  and their assignments change frequently. Is there any alternative
  where we can still use WLS to handle security?

• XWS-Security, JAAS and role-based authorization

  What is my best bet to try to authorize users to use certain web services? For example, let's say a user logs into a web application A, who connects to a web application B implementing Web Services and XWSS.
  A passes along the userNameToken, and B authenticates it (let's say, using JAAS). Now it needs to authorize the user to use the actual web service. Can I do this with JAAS? What is the best way to define the policies? Does it mean I have to create PrivilegedActions for every webservice? What are my other alternatives besides JAAS?
  Thanks in advance.

  Alternatively, is there a way to see which web service the client is requesting from the SecurityEnvironmentHandler (callbackHandler)?

• BlazeDS role based authorization

  Hi,
  I'm half the way in developing a POC for using flex as the front end of our application and I'm having some security issues.
  I'm using JBoss with JAAS and I figured that using BlazeDS just uses JAAS login module to perform authentication.
  * Will it use JAAS for authorization too? Will EJB method level permission will still apply?
  * How can I use the Subject/Principals/Policies in the client side flex application to inflect some UI restrictions on unauthorized operations?
  Thanks,
  Eyal

  Hey Jiby,
  I already posted this question to the forum http://swforum.sun.com/jive/thread.jspa?threadID=44893&tstart=15 prior to opening this ticket with Sun
  Regards
  Matthew Key

• NxOS and Role Based Authorization

  Guys,
  Basic setup - using default default user admin I login and no problems - commands such as show mod and config changes, no problem: role =
  network-admin
  I create a user account with the same role as the admin user and I cannot issue the same commands - permission denied?
  Stumped - any ideas what's missing here?
  Thanks

  Out of desperation, I tried combinations of shorter usernames, similar to the admin username
  The result - for whatever reason it seems (I cannot confirm as such) if you use usernames for authentication locally in excess of 8 characters you cannot get full network-admin role privilidges
  even though when you do a show user-account, it displays your full username and the correct role.
  It seems almost as if the authenticaion element works, but the the role categorisation seems to fail for whatever reason (what I would call authorisation).
  Feels like a bug to me, anyway putting it on tacacs tomorrow hopefully with different results
  I am running 4.2(1)SV1(4) on an nexus 1000v.  I hope this saves you some time.
  Apologies if this is a known issue or "feature" - but I was not aware of it. 

• Open source role based framework

  We have an application which is using :-
  1) spring framework/j2ee code at the backend
  2) while the front end is comprised of Adobe flex and action script. The app is web based.
  A need of the application at the moment is for a role based authorization framework, based on which a decision can be made as to which widgets/tabs/screens should be visible to the user and which should be hidden from him.
  Wanted to know
  1) if somebody was willing to share some of his experiences on a similar project.
  2) found and existing framework open source or otherwise helpful.
  3) would recommend one architecture over the other
  4) or anything else he would think might be beneficial to know.
  Thanks

  Most app servers have some built in container managed security (for example Tomcat Realms) which may or may not meet your requirements.

• Resource Based Authorization sample program and application

  Recently i have studied about the types of authorization and i also did some samples for role based authorization. Now i am looking for Resource based authorization, the sad thing is that i could not able to understand the concept.
  So i am looking for the sample application and C# program. 
  I just want to know the concept of resource based authorization and also the sample application file and c# coding file.
  Please provide me the sample.
  Thanks in Advance. 

  Hi,
  Technet forums are dedicated by technologies. Since you are more looking for concept, you should check for blogs on the Internet (try google...).
  Otherwise please refer to TechNet forums homepage and look for your technology (C# for instance).
  Hope this helps.
  Guillaume Rouyre - MBA, MCP, MCTS

• User based authorization

  I have a question about role based authorization. Guess we have 100 transactions and 100 users. I know we have to create a new role for a new combination of transaction list. Ex: 1,2,3,4,14,15 is RoleA and 1,4,25,34 for RoleB and so on. What will it be If we have a really mixed authorization combination. Guess 15 users use A Role and 20 B Role. But we have a three new user. They mustn't use only two transaction in A Role. Now we came subject of my question. I don't want to create a new role for these users. Is it possible to restrict authorization? As if in same role but restricted to use these transactions. (without abap coding) In a clear expression user based transaction authorization, not role based.

  Hi,
  in my opinion that isn't possible without coding.
  Sorry ;-(
  Regards
  Bernd

• JHeadStart Security problem-error page cannot be found- role based security

  JHeadStart Security problem-error page cannot be found- role based security
  Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
  Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.

  Thand you very much for your reply! Unfortunately there is a specific restriction-convention in the project I work in. I am supposed to perform role based security with my own tables and no by the jheadstart’s ones. Could you find out what is my fault with the steps I follow trying to perform the process?
  To remind you my steps I paste the following again:
  JHeadStart Security problem-error page cannot be found- role based security
  Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
  Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.

• Help needed in Role Based authorisations in WEB UI for RESELLER Role

  Hi All,
  I am working on a requirement where i need to disable/hide/grey out EDIT button on Account Details and on all assignment blocks in WEBUI(CRM2007). This is needed for the accounts having  the Role RESELLER only.
  The same functionality is working fine in GUI. This is achieved by Role based authorizations.But the role based authorizations are not working in WEBUI.Any pointers on how to achieve Role Based authorizations in WEBUI.
  Thanks in advance.
  Regards,
  Udaya
  Edited by: Udaya Bhaskar Perecharla on Aug 20, 2008 12:31 PM
  Edited by: Udaya Bhaskar Perecharla on Aug 20, 2008 12:33 PM

  Hi Uday,
  Could you let me know the process to disable the edit button for the following scenario -
  Using Account Managment, you can display the Account and on double clicking the reponsible employee (hyperlink), WEB UI displays the employee master record with option edit. You can edit  the employee details here, which I don't want. User should only be displayed with the employee details without option of editing the master record. How can I achieve this without changing any code..
  Your kind assistance will be highly appreciated.....
  Cheers,
  Peter J.

• Error in Role Based security using weblogic 9

  Hi All,
  Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>Success</web-resource-name>
            <url-pattern>/form.jsp</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
            <role-name>admin</role-name>
       </auth-constraint>
       <user-data-constraint>
  <transport-guarantee>INTEGRAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>myrealm</realm-name>
  </login-config>
  <security-role>
       <role-name>admin</role-name>
  </security-role>
  When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
  Error 403--Forbidden
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.4 403 Forbidden
  The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
  So can any one provide me the solution for the above problem.
  Thanks in advance.
  By,
  Sandip Pradhan

  Here is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.

• Role-Based CLI Views with AAA method

  Hi,
  I'm configuring Role-Based CLI Views on a router for limiting access to users.
  My criteria:
  - There should be a local user account on the router that has the view 'service' attached to it
  - If the router is online and can reach the radius server, people in the correct group are assigned the view 'service'
  My configuration:
  aaa new-model
  enable secret 1234
  username service view service secret 1234
  aaa group server radius my_radius
  server-private 10.1.1.1 auth-port 1645 acct-port 1646 timeout 3 retransmit 2 key 0 1234
  server-private 10.1.1.2 auth-port 1645 acct-port 1646 timeout 2 retransmit 1 key 0 1234
  aaa authorization console
  aaa authentication login mgmt group my_radius local
  aaa authorization exec mgmt group my_radius local
  line con 0
  authorization exec mgmt
  logging synchronous
  login authentication mgmt
  line vty 0 4
  authorization exec mgmt
  logging synchronous
  login authentication mgmt
  transport input ssh
  The ERROR
  Now I want to go configure the cli view 'service'...
  # enable view
  Password: 1234
  *Jun  1 08:00:02.991: AAA/AUTHEN/VIEW (0000000D): Pick method list 'mgmt'
  *Jun  1 08:00:02.991: RADIUS/ENCODE(0000000D): ask "Password: "
  *Jun  1 08:00:02.991: RADIUS/ENCODE(0000000D): send packet; GET_PASSWORD
  *Jun  1 08:00:21.011: RADIUS: Received from id 1645/13 10.1.1.1:1645, Access-Reject, len 20
  The Questions
  Why does the 'enable view' try to pick a method list when you have to supply the enable secret to access the root view?
  Can you change this behaviour to always use the enable secret?
  The TEMP Solution
  If you're logged on to the router via telnet or SSH, the solution or workaround to this issue is:
  aaa authentication login VIEW_CONFG local
  line vty 0 4
  login authentication VIEW_CONFG
  Do your configuration of the view and re-configure the line to use the correct (wanted) method of authentication.
  Thanks so much for the suggestions
  /JZN

  hi,
  You have the following configured:
  aaa  authentication login mgmt group my_radius local
  aaa authorization  exec mgmt group my_radius local
  line  con 0
  authorization exec mgmt
  logging synchronous
  login  authentication mgmt
  line vty 0 4
  authorization exec mgmt
  logging synchronous
  login authentication mgmt
  transport  input ssh
  Hence every time you try to login to the console or try the ssh the authentication will head to the radius server because of the following command "login  authentication mgmt".
  You cannot make it locally. Whatever defined on the method list mgmt first will be taking the precedence.
  enable seceret will be locally defined. but you have the following configured:
  aaa  authorization  exec mgmt group my_radius local
  line  con 0
  authorization exec mgmt
  line  vty 0 4
  authorization exec mgmt
  Hence exec mode will also be done via radius server.
  when you configure:
  aaa  authentication login VIEW_CONFG local
  line vty 0 4
  login  authentication VIEW_CONFG
  You are making the authentication local, hence it is working the way you want.
  In short, whatever authentication is defined 1st on the method list will take precendence. the fallback will be checked only if the 1st aaa server is not reachable.
  Hope this helps.
  Regards,
  Anisha
  P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

• Difference between ID and Role based Administration - Firefighter 5.3

  In GRC AC 5.3 Firefighter, security guide, there are two sections for role design,
  1. Firefighter Role based Administration
  2. Firefighter ID based Administration
  Can someone explain what is the difference between the two?
  I have read the documentation, but it does not have a clear description of the
  differences between the two.
  Please help.
  Thanks

  HI Prakash,
  Though both of them eventually achieve the same function, that is giving access rights to the user for a certain period under monitring these differ based on the following:
  1. Firefighter Role based Administration
  You identlfy a particular role as a firefighter role and give it to the user.
  2. Firefighter ID based Administration
  You create a separate user altogether and give the normal dialog user, the access to this user's authorization.
  For the implication that both of these have and the differences or comparisons between using 1 & 2, I would suggest you do a bit of Mock testing for both of these. Also, there are a lot of posts related to this on the forum already, which you can refer to, for getting a more detailed idea on this topic. Unlimately, it depends on organization to organization which methodology they folow as per what suits them, according to features which both have. But generally what is preferred is Number 2.
  Regards,
  Hersh.