Role based reflection security manager?

Similar Messages

• Role based data visibility is not working in Round manager

  I am looking for role based data visibility in Syclo round manager application where technician will see the data which is assigned to his name only (not all the data)  I have created one custom role in SAP system and it's working fine .It's showing the below message :
  Now I want to implement the same in syclo round manager .So I went to the SAP configuration panel and set the same user role on the security setting in class handler .Z_SYCLO_RM_ROLE is the custom role which I mentioned earlier .I tried with different option in this tab but it's not working .
  Please let me know if I missed something to mention or is there any other process I need to follow .
  Tags edited by: Michael Appleby

  is not working Insufficient information. In what way is it "not working"? The page doesn't render as required? There's an error message? The browser crashes? The server room has been trampled into dust by a herd of buffalo?
  >
  I am unable to make it as page form / report.
  v1 := v1 || ' ' ||'<input inline type =submit style="color:BLUE;background-color:RED" value='||c2.plot_id||'>';
  ...It is not possible to generate form elements in an APEX page in this way. The [APEX_ITEM API|http://download.oracle.com/docs/cd/E14373_01/apirefs.32/e13369/apex_item.htm#CACEEEJE] is the only way to create APEX items in PL/SQL. However it contains no procedures to generate button items, so an alternative design is required in this case, e.g. a report with links.
  (Also what is the intention of "inline" in the above code? [There is no *inline* attribute|http://www.w3.org/TR/1999/REC-html401-19991224/interact/forms.html#h-17.4].)

• Role based oracle adf security and filtering data

  while oracle adf security looks great its only role based... does anyone know of any resources describing an architecture where this is used in addition to filtering of data based on say, organization?
  it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...

  Hi,
  it seems that oracle adf security is not really geared towards a self service app where administrative users have a security interface as part of the application where they can assign roles and associate users to entities for the further filtering of data...
  ADF Security is a JAAS based security implementation to protect resources (like entities). It is nota security provider like OPSS or OID which you can use for user provisioning and self service (if you code against the IDM APIs). ADF Security only checks for whether a user is authenticated and if the user has the permission to perform a task.
  However, you can use groovy to access the security context from Groovy, which allows you to add the authenticated username to a query - for example to filter recrds out that match the username in one of its attributes.
  For example, you could create a ViewCriteria that for example filters the query by a specific attribute. Say that managers can see data starting from department 10 whereas employees can see data starting from department 100. The ViewCriteria would reference a bind variable with the following default setting
  adf.context.securityContext.isUserInRole('manager')? 10 : 100
  Frank

• Role-Based Security In SQL Server Reporting Services

  Hi
  I have created Reports,
  Now I need to assign Role-Based Security, ie like some particular clients can access only some particular report.
  http://localhost/reports/Pages/Folder.aspx
  Here in the above link i can see the property tool bar where i need to set the user assignement roles.
  could any one please help me out how to set different login assigned to a set of report.
  Or is there any tutor links for this.
  Thanks a lot.
  Shan

  Create folders under the Home page (the link you have there).  For each folder set group athentication (AD) or harder managed, user account roles for the folders and the reports under the folder.
  If you set security at that home level you will not be able to control what reports they see or can't see.  You'll need to go all the way to the folder/report level.
  It's also not best practice to deploy reports directly to the home level.  Not best practice in it creating a very hard to manage security level.  Think of the levels in security as such to SQL Server.  Set the connect to sql level, database level and then down to the objects in them.  Same priciples apply to SSRS.
  Here is a cast going through some security settings as well http://technet.microsoft.com/en-us/sqlserver/dd391734.aspx fro creating your roles and utilizing them
  Ted Krueger Blog on lessthandot.com @onpnt on twitter

• Server (Tomcat) Managed "Role-Based" Authentication (isUerInRole)

  I am using the Tomcat 5.0.27. In order to use server managed "role-based" authentication, we supply the server with two tables. One of the tables containes userID and password, and the other tables contains userID and userRole (a person can have more than one role). (We must map each user to his/her role somewhere, and it is in the $TOMCAT/conf/server.xml file)
  My difficulty stems from the tables are structured in my database. I do have a table that contains userID and password; however, I do not have a table that contains userID and userRole. In order to know a person's role, I have to navigate from one table to another using foreign key and primary key.
  Is there a way to tell the server to navigate from one table to another to find a person's role? Or we "must" create a table that contains userID and userRole for us to use the isUserInRole() method for security check?

  check out the tomcat docs
  http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JDBCRealm
  according to docs you have to create these tables
  create table users (
  user_name varchar(15) not null primary key,
  user_pass varchar(15) not null
  create table user_roles (
  user_name varchar(15) not null,
  role_name varchar(15) not null,
  primary key (user_name, role_name)

• CRM 2011: Can you control which form is used based not security roles, but on a field value?

  I see that you can control which form is used based on security roles, but can you control it based on other field values?  I'd like a new record to use a different form until a given status is updated.  I have a status of draft and active. So
  it would be nice if I could use form1 for those in draft, form2 for those that are active.  But I only see where you can control that via the security roles.
  I can code all of this via JavaScript, but having the ability to use two separate forms would be nice.  Is that even possible.
  Best regards,
  Jon Gregory Rothlander

  Hello,
  Recheck following article - http://gonzaloruizcrm.blogspot.com/2014/11/avoiding-form-reload-when-switching-crm.html
  Dynamics CRM MVP/ Technical Evangelist at SlickData LLC
  My blog

• What is the mean of using Portal with Role Based security as entry point

  Hi Experts we have requirement of integration of Portal and MDM
  I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
  1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
  2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from  SAP 4.6c
  Please give me the clarity of what is the meanin of second point
  Regards
  Vijay

  Hi
  It requires the entire land scape like EP server and MDM server both should be configured in SLD.
  Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
  Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
  Please go through this link
  http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
  You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
  The estimation involves as per your requirement clearly
  Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
  Regards
  Kalyan

• Error in Role Based security using weblogic 9

  Hi All,
  Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>Success</web-resource-name>
            <url-pattern>/form.jsp</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
            <role-name>admin</role-name>
       </auth-constraint>
       <user-data-constraint>
  <transport-guarantee>INTEGRAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>myrealm</realm-name>
  </login-config>
  <security-role>
       <role-name>admin</role-name>
  </security-role>
  When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
  Error 403--Forbidden
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.4 403 Forbidden
  The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
  So can any one provide me the solution for the above problem.
  Thanks in advance.
  By,
  Sandip Pradhan

  Here is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.

• R12: Role based security : Hiding a button in OAF page for roles

  Hi All,
  We have a requirement where in which, we have to hide a "Create" button in AR customer search form for some roles ... we have implemented UMX - Roles based security in our project and we cant hide it based on user or resp ...
  Any ideas ... Is it feasible with this new featue of RBAC?
  Thanks and Regards,
  Senthil

  Hi Ajay,
  metalink note 2778881.1 is discussing "Page access tracking report".
  but here i want to implement access restrictions to a particular page.
  Regards,
  Naren.

• RBAC / Role Based Security Set Up in R12

  We are working with a 3rd party consulting organization to implement Role Based Access Control in E-Business Suite R12. We have approximately 50 users and with 35 responsibilities today and are currently in the process of designing our role based security set up. In advance of this the consulting company has provided us with effort estimates to cutover from the current responsibility structure to RBAC. We are told this must be done while all users are off the system. The dowtime impact to the business is very high, expecially considering our small user base.
  With RBAC cutover downtime estimates such as these I can't understand how any company larger than ours could go live with it?
  Does anyone have previous Role Based Access Control implementation experience in EBS R11i or R12 and could provide some insight on their experience and recommendations, best practice for cutover to mitigate impacts to the business as we cannot accept the 90 hours of downtime outlined by the consulting company below?
  Disable users old assignments:
  *12.00 hours*
  Disable Responsibilities targeted for the elimination:
  *12.00 hours*
  Disable Responsibilities targeted for the elimination:
  *16.00 hours*
  Setup OUM options and profiles:
  *6.00 hours*
  Setup Roles and Hierarchies:
  *14.00 hours*
  Grant Permissions:
  *12.00 hours*
  Setup Functional Security and disable the obsolete responsibilities:
  *12.00 hours*
  Setup Data Security and disable the obsolete data accesses:
  *6.00 hours*
  Total *90 hours*
  Note - all activities must be performed sequentially*
  Any advice or experiences you could share would be extremely valuable for us. Thank you for taking the time advance to review & respond.

  On Srini`s comments "Creating Roles.. will have to be done manually "... I would like to know will the same approach be followed for PRODUCTION instance also. Say if we need to create 35 responsibilities and 50 roles so should this be done manually in PRODUCTION.
  I have not worked on this but I know that in my previous company this was done using scripts. Need to find more on this.

• Weblogic security & EJB role based access

  How does (or not) weblogic security tie into the EJB notion of role based
  control ? Can we create a 'custom' security mechanism for EJB (which
  basically uses the EJB facilities but extends it within the application) by
  using custom weblogic realms ?
  Thanks
  Raju

  Thanks !
  "Terry" <[email protected]> wrote in message
  news:[email protected]...
  comments inline
  r <[email protected]> wrote in message
  news:[email protected]...
  >>
  Here are some more specific questions around an 'example' scenario:
  The application has an entity bean 'Account' that can be accessed by the
  roles 'Bank Employee' and 'Customer'
  'Bank Employee' can execute the 'getBalance()' and 'placeOnHold()'
  methods on the 'Account' bean
  'Customer' can execute the 'withdraw()', 'deposit()', and'getBalance()'
  methods on the 'Account' bean
  These permissions are set up through the deployment descriptor by
  mapping
  the 'Bank Employee' and 'Customer' roles
  to the particular bean methods that the role should be given access to.
  1. How does weblogic provide the facility to map the EJB deployment
  descriptor
  <security-role> to a particular weblogic principal (user orgroup)
  Or, should I say, how do I map the user or group to a
  deployment-descriptor defined role?In the deployment tool, once in the jar select the 'Security' item,create
  an application role (in your case it is probably best to create 2 security
  roles - the bank employee role refering to the bank employee group (usethe
  'in role' checkboxes, and the customer role refering to the customergroup -
  there may at some point be use for an allUsers role, which includes both
  groups, maybe not. What I am saying is that a role is made of a one ormore
  of Principals - in our case groups)
  In the Account Bean select the method permissions item, and create amethod
  permission perm-0, select the perm-0 item that has just popped up in the
  left hand window, tick the box for placeOnHold(), and the boxes for<remote>
  and <home> one level deeper than this in the tree (as an aside, I have
  absolutely no idea why there would be a 'home' box here, ho hum). Selectthe
  'bank employee' 'can invoke' tickbox
  Create perm-1, and do what you did above for 'withdraw()' and 'deposit()'
  methods, and the 'customer' tickbox
  I believe the documents say you would have to set up another permission to
  allow both groups access to the getBalance method, but in practive Ihaven't
  found this the case.
  The documentation for this is at
  http://www.weblogic.com/docs51/classdocs/API_ejb/EJB_deploy.html#1102211
  (or
  search for 'Deploying EJBs with DeployerTool'
  2. Are there any administrative tools provided by weblogic to do
  this
  mapping ?The deployer tool. Otherwise I think it's the acse of writing your own xml
  files
  3. How much effort & complexity is involved in creating a custom
  realm
  Hmmm, depends - you could have the RDBMSRealm that is provided in'examples'
  in half an hour or so (there is a problem with one of the RDBMSUser's
  methods - getUserType or something like that - the solution can be foundin
  the newsgroups if you search), the same is probably true of the LDAPRealm,
  NTRealm etc (although I have never used these).
  Which one you choose depends on what equipment you have available,although
  I would say that the RDBMSRealm canuse a lot of optimisation
  Thanks,Welcome
  Raju
  "Terry" <[email protected]> wrote in message
  news:[email protected]...
  The Principals (i.e. groups and users) from your custom realm are used
  to
  define application roles for the EJBs, but, as far as I am aware youcannot
  use a custom implementation for the ACLs for EJBs
  terry
  r <[email protected]> wrote in message
  news:[email protected]...
  How does (or not) weblogic security tie into the EJB notion of rolebased
  control ? Can we create a 'custom' security mechanism for EJB (which
  basically uses the EJB facilities but extends it within the
  application)
  by
  using custom weblogic realms ?
  Thanks
  Raju

• Cisco Security Manager Local RBAC Authentication Radius assign user role

  Is it possible to use Cisco Security Manager with local RBAC, authenticate the user to Radius and retrieve it's role from Radius. Getting the authentication to work isn't the problem, but is it also possible to return the role the user has (i.e. Super Admin) via Radius, without having to create all the users one-by-one in the local CSM database with the correct role.
  Can i use a certain Cisco-AV-Pair attribute to return the user role via Radius?

  I just got asked to look at the same situation by one of our security people.
  We have exactly the same problem but it reports a username of "*****" and we are running CSM 4.7 (upgraded last week)

• Reseeding cache for users with role based security

  I have role based security and trying to set up cache by purging all cache and later seeding cache by query. The query would be different for different users. What is the best way to purge all cache and reseed cache for administrator as well as all users. The EPT would purge cache based on updated tables. But how do I next go about reseeding cache for better performance to all the users. Thanks.

  I have created an ibot with the following:
  General - Normal Priority, Personalized (recipient's data visibility)
  Conditional Request - example_report
  Schedule - some schedule
  Recipients - Me(administrator) and User1
  Destinations - Oracle BI Server cache
  when the ibot runs 2 cache entries are created (for the 2 recipients).
  I have the report (example_report) on the dashboard (1 dashboard, 1 page, 1 report).
  After the ibot runs:
  When the administrator logs in first, there is a cache hit on the report. Followed by when the User1 logs in there is NO cache hit.
  On the other hand when the User1 logs in first, there is a cache hit on the report. Followed by when the administrator logs in there is no cache hit. The query log creates a Query issued to the database instead of cache hit on query.
  The User1 has a data level security.
  Please let me know where was I making an error in setting the ibot and how to get the cache seeding work for the different users with different role based security.
  Thanks for your inputs.

• JHeadStart Security problem-error page cannot be found- role based security

  JHeadStart Security problem-error page cannot be found- role based security
  Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
  Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.

  Thand you very much for your reply! Unfortunately there is a specific restriction-convention in the project I work in. I am supposed to perform role based security with my own tables and no by the jheadstart’s ones. Could you find out what is my fault with the steps I follow trying to perform the process?
  To remind you my steps I paste the following again:
  JHeadStart Security problem-error page cannot be found- role based security
  Good morning! How are you? I would need some help in a jheadstart 10.1.3.2 security case and I was wondering if you could give me a hand to go on. I create the Model project with tables of oe schema. Then in JHeadStart to perform security I follow the following steps: In ViewController/WEB-INF/web.xml – properties I do the following: login configuration: http basic authentication rfc 7617: realm:jazn.com
  Security roles : I define two roles: customer and administrator , Security Constraints: web_resources: All_pages, Url Patterns: faces/*. Then in Tools/Embedded OC4J Preferences/Global/Authentication JAZN/Realms/jazn.com/users: I define two users c1, password c1 and a1,password a1, roles/member users/ I attribute the roles to the relevant users c1—customer and a1—administrator. Then in application definition editor on service level I define security/use role based authorization=true , authorization type: JAAS and when access denied go to next group=true. On group level e.g.: ProductInformation: Authorization/Authorized Roles Permissions: administrator.On item level : Orders/Items/OrderTotal/Operations/Update Allowed: #{jhsUserRoles['administrator']},Then I generate the pages (run the jag) . The generation is completed successfully but when I run the View Controller project a “the website declined to show this webpage…(page cannot be found)’ is displayed. What should I do? I would appreciate it if you would help me on this issue! Thank you very much.

• Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing

  In JHeadstart 11g TP1 the option Use Role-based Authorization is missing.
  Will this option only be available in de production release of JHeadstart 11g? What is the reason why this is missing? Is it still possible to use CUSTOM authorization in JHeadstart 11g TP1?

  It is not missing.
  If you turn on custom authorization, you can specify your own roles against groups to access them, and use role names in the insert allowed/update allowed and delete allowed expressions.
  Steven Davelaar,
  JHeadstart Team.