Role nodes to be made invisible - As per User

Similar Messages

• QoS roles on WLC, Per user or per conection?

  Hi guys.
  This morning I`m talking with my colleages about QoS roles on WLC and their behaviour, then a question has arisen me, because I know when I apply a QoS role or QoS profile it is a per-user role. Ok said my colleage, but What is the behaviour when several devices are using the same user with a QoS role applied?
  Good question, I always assumed that this QoS role applies to every different connection managing it like a new user connection, that is, every new connection with the same user (if the QoS role is, for example, 256k for this user) will have a bandwitdh of 256k, but now I'm not sure if the WLC manages every connection at this way or divide the bandwitdh defined for that used into as many parts as connection have with this user ( for ten connections, for example, 25,6k).
  Anyone can tell me how is the behaviour of the WLC in this scenario???
  Thanks in advanced.
  Best Regards.

  My2c.
  If you apply the values on QoS profile instead of User profile then it is applicable to users connected to that WLAN mapped QoS profile. This way total no. of users will divide the available bandwidth. However, user with p2p application might consume all available bandwidth.

• Add Landing Page for Role Node

  Hi, I have a detail navigation section that is made up of roles and the roles can be expanded to present IViews.  When a user clicks on a Role Node instead of the expand icon, the 1st report in that node/role is kicked off Automatically.  Is there a way to make a custom page appear on each of these nodes instead?
  Thanks!

  Hi,
  Yes, there is a way to allow an iView to appear when this automatically opens.  What you need to do is create an iview with the parameter "Invisible in Navigation Areas" set to YES.  This will disable the item from being viewable in the navigation, but then set "Default Entry for Folder" to YES.
  This should then work as your require.  Alternatively you could change the parameter "Launch First Nav Node" in the detailed navigation, but will effect all roles within your Portal.
  Please reward points if this helps fix your problem
  Kai Chalker

• When to set iwtUser-role and other per user schema using custom athentication?

  I have written my own authentication module and would like to set per user schema on login. Can I write iwtUser-role, iwtCalendarProvider-calendarUserPassword, etc from the authentication class?

  Yes you can, after the authentication is complete you get the profile object and then set whatever value you want to set for particular attributes you want to set ..

• Maximum roles assignment per user

  Hi,
  I am in a security project and after role designing is done there are lot of roles designed by our functional consultants. And there are 33 company codes present in the company. And few end users are responsible for 20 company codes, So when I saw per user more then 450 deriroles created. Now my question is can I assign 450 roles to a user?
  As far as I know 312 roles can be assigned to user max. But is there any profile parameter available in SAP so that I can assign more then default maximum roles.
  Thanks,
  Sudip

  An auditor once had the task to audit a system of "mine" and ended up going for speculation about improvement possibilities in his presentation to the CIO (who was originally an ABAP developer when he started in the company!)
  <blabla>The overall security of the roles could be improved by using composite roles to reduce the number of roles (okay... you can use "personalization" attached to composites...) and therefore profiles assigned to the users. This will (apparently) make maintenance easier (I think he wanted to derive the composites?) and produce less SoD conflicts requiring mitigating controls, thereby avoiding long debates with the auditors each time.</blabla>
  I let him walk into that one on his own steam... the resultant discussion was like a Montypython scene, or possibly even Blackadder...
  Cheers,
  Julius
  ps: Regarding [my hat|http://www.google.ch/imgres?imgurl=http://www.chocolates-ala-carte.com/look/news/candy_mag_feb07/c_i_hat.jpg&imgrefurl=http://www.chocolates-ala-carte.com/look/news/candy_mag_feb07/index.html&usg=__m6YWntia9g543IgeOxZBu_JYSSw=&h=361&w=458&sz=137&hl=de&start=0&zoom=1&tbnid=GQ3eRe-oXx12_M:&tbnh=135&tbnw=172&ei=WkltTc_-Aoa6vwOflpm5BA&prev=/images%3Fq%3Dchocolate%2BAND%2Bhat%26um%3D1%26hl%3Dde%26rlz%3D1R2ADSA_deCH392%26biw%3D1259%26bih%3D544%26tbs%3Disch:1&um=1&itbs=1&iact=hc&vpx=126&vpy=74&dur=9750&hovh=199&hovw=253&tx=143&ty=108&oei=WkltTc_-Aoa6vwOflpm5BA&page=1&ndsp=21&ved=1t:429,r:0,s:0]: easter is around the corner.
  pps:
  If someone can convince me that it's a good idea to increase the max number then I will eat Julius' hat
  Actually I can smell blood in the water here via object K_REPO_CCA... 
  Edited by: Julius Bussche on Mar 1, 2011 8:40 PM

• Roles per user

  Hi Experts,
  I have some doubts in GRC Access control.
  1) Is it possible to see what are the roles a user is having.
  2) A particular role has been assigned to how many users and which users in particular.
  If possible, please let me know, where to see the same.
  Thanks in advance.
  Regards,
  Guru

  Hi Simon and Frank,
  Thanks for your reply. I am not able to locate the "existing roles" tab in CUP. I am in GRC AC 5.3, Support pack 7.0.
  Can you please guide me.
  In UME, we'll be able to check the portal roles assigned for a user for the specific system. Am I right? Clarifying my question, is there any functionalty in Access control, from where I can see:
  1) all the users for different systems and roles assigned to them (similar to su01 in backend, but the limitation is i can view there for a specific system.
  2)all the roles list and it's assigned to which users (similar to PFCG in backend, but here also the limitation is same like su01)
  If I am mistaken somewhere, please do correct me.
  Thanks,
  Gurugobinda

• How to make sub folders in a share invisible to certain users?

  Back in the 10.3 days simply setting the posix permissions so that certain users and groups had no access to a sub folder in a shared folder would make the folder invisible to those users and groups.
  Flash forward to Snow Leopard, I'm trying to accomplish the same thing with ACLs, and I can't seem to do it, the folders are still visible with access denied badges. I read the ACL white paper that was on AFP548, and that suggested creating a deny full control ACE for groups that shouldn't have access, but that no longer seems to work the folders are still visible.
  I've been fiddling with different ACL configurations, but I can't seem to get it to work.
  I am running Mac OS X Server 10.6.4, and the clients are 10.6.4 as well.
  Any help in figuring this out would be most appreciated. Thanks in advance.

  Hi
  Apologies I do mean Others. What I normally do is set the POSIX Owner and Group to admin and Others to No Access. Both Permission models apply so you have to take that into account. Any created user is automatically made part of the built-in POSIX staff group (ID=20). That user is also part of Others. If you're trying to deny access for that user using ACLs only yet neglecting to change the POSIX Permission accordingly that user will still have access of some sort.
  By setting the Others POSIX Permission to No Access at the Parent Folder level that user won't 'see' the Share. If you're trying to do this with a Nested Folder then that user will 'see' the folder but have no access. What they'll see is the red no entry sign folder icon.
  Don't forget to propagate afterwards as well as removing or applying appropriate ACEs if your sharing structure involves nested folders. Server Admin's Interface (IMO) is actually OK with this although you could use the command line if you wish.
  This is how it works for me and I rarely see any problems.
  Tony

• Max. No. of processes per user in Linux(Form6i related)

  I have problem with Form6i in Linux when the resource is used up. I want to find a way to limit the number of form server processes. In other UNIX they is a kernel parameter to limit the Max processes per user. Any idea to do that in Linux?
  Thanks!
  null

  That you have not reached this limit indicates that you are doing a good job!
  Tell the interviewer that if the limit is reached, then there is a design error.
  If the interviewer presses harder, then there are two technical solutions. The first is in the authorizations tab of PFCG to use the "read old and merge new" option via the "Expert options". This you are probably doing hence you don't have the problem, but it can also be triggered manually within the menus in the authorization data.
  There is one more joker you can play, but you must first tell the interviewer that they are using "Edit old data" to support a design error in the way they build and maintain roles.
  Cheers,
  Julius

• Mail Per User Quotas Not Working

  We just migrated from 10.9 server to the new 10.10 server and noticed that our per user mail quotas were no longer working.  If I change the Server app - Mail setting - to have a global mail quota on it work, however, we have a few accounts that we need to leave unlimited and the per user quota will not override the global quota.  So far we have had to leave the global quota disabled because of this.
  Even without global quota turned off - trying to set per user mail limits is still not working.  We are changing it thru the Server app and clicking users - selecting a user - then select edit mail options - and changing the setting for the limit size.  No matter what we set it to - it will not work.
  Does anyone know what command or how to change the per user quota limits from the command line?  I found that Dovecotadm quota -u username  shows you what the quota is, but I am stumped as how to change it via a command line or thru another method since the server app is not working.
  Any help would be appreciated!
  ps. Also posted my doveconf -n file below, but I am missing if there is anything not configured properly.
  bash-3.2# dovecot -n
  bash: dovecot: command not found
  bash-3.2# doveconf -n
  # 2.2.5: /Library/Server/Mail/Config/dovecot/dovecot.conf
  # OS: Darwin 14.1.0 x86_64  hfs
  aps_topic = com.apple.mail.XServer.a1c54f6d-f4ad-4431-b882-0f11570dd637
  auth_mechanisms = cram-md5 plain login
  auth_socket_path = /var/run/dovecot/auth-userdb
  auth_username_format = %n
  debug_log_path = /Library/Logs/Mail/mail-debug.log
  default_internal_user = _dovecot
  default_login_user = _dovenull
  disable_plaintext_auth = no
  first_valid_gid = 6
  first_valid_uid = 6
  imap_id_log = *
  imap_id_send = "name" * "version" *
  imap_urlauth_submit_user = submit
  info_log_path = /Library/Logs/Mail/mail-info.log
  log_path = /Library/Logs/Mail/mail-err.log
  login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
  mail_access_groups = mail
  mail_attribute_dict = file:/Library/Server/Mail/Data/attributes/attributes.dict
  mail_location = maildir:/Library/Server/Mail/Data/mail/%u
  mail_log_prefix = "%s(pid %p user %u): "
  mail_plugins = quota zlib acl fts fts_sk
  managesieve_notify_capability = mailto
  managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
  mdbox_rotate_size = 200 M
  namespace acl-mailboxes {
    list = children
    location = maildir:/Library/Server/Mail/Data/mail/users/%%u:INDEX=/Library/Server/Mail/Dat a/mail/shared/%%u
    prefix = shared.%%u.
    separator = .
    subscriptions = no
    type = shared
  namespace inbox {
    inbox = yes
    location =
    mailbox Drafts {
      special_use = \Drafts
    mailbox Junk {
      special_use = \Junk
    mailbox Sent {
      special_use = \Sent
    mailbox "Sent Messages" {
      special_use = \Sent
    mailbox Trash {
      special_use = \Trash
    prefix =
  namespace list-archives {
    list = children
    location = maildir:/Library/Server/Mail/Data/listserver/messages/archive/lists/%%u:INDEX=/ Library/Server/Mail/Data/listserver/messages/archive/shared/%%u
    prefix = archives.%%u.
    separator = .
    subscriptions = no
    type = shared
  passdb {
    driver = od
  passdb {
    args = /Library/Server/Mail/Config/dovecot/submit.passdb
    driver = passwd-file
  plugin {
    acl = vfile:/Library/Server/Mail/Config/dovecot/global-acls:cache_secs=300
    acl_shared_dict = file:/Library/Server/Mail/Data/shared/shared-mailboxes
    fts = sk
    quota = maildir:User quota
    quota_warning = storage=100%% quota-exceeded %u
    quota_warning2 = storage=85%% quota-warning %u
    sieve = /Library/Server/Mail/Data/rules/%u/dovecot.sieve
    sieve_dir = /Library/Server/Mail/Data/rules/%u
    stats_refresh = 30 secs
    stats_track_cmds = yes
  protocols = imap lmtp sieve pop3
  quota_full_tempfail = yes
  service auth {
    extra_groups = _keytabusers
    idle_kill = 15 mins
    unix_listener auth-userdb {
      user = _dovecot
  service dns_client {
    unix_listener dns-client {
      mode = 0600
  service imap-login {
    inet_listener imap {
      port = 143
    inet_listener imaps {
      port = 993
      ssl = yes
    service_count = 0
  service imap {
    client_limit = 5
    process_limit = 200
    service_count = 0
  service indexer-worker {
    user = _dovecot
  service lmtp {
    unix_listener lmtp {
      mode = 0600
  service managesieve-login {
    inet_listener sieve {
      port = 4190
  service pop3-login {
    inet_listener pop3 {
      port = 110
    inet_listener pop3s {
      port = 995
      ssl = yes
  service pop3 {
    client_limit = 5
    process_limit = 200
    service_count = 0
  service quota-exceeded {
    executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-exceeded .sh
    unix_listener quota-exceeded {
      group = mail
      mode = 0660
      user = _dovecot
    user = _dovecot
  service quota-warning {
    executable = script /Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/quota-warning. sh
    unix_listener quota-warning {
      group = mail
      mode = 0660
      user = _dovecot
    user = _dovecot
  service stats {
    fifo_listener stats-mail {
      mode = 0600
      user = _dovecot
  ssl = required
  ssl_ca = </etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.chai n.pem
  ssl_cert = </etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.cert .pem
  ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!ADH:!eNULL
  ssl_key = </etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.key. pem
  ssl_key_path = /etc/certificates/mail.maxxx.com.3524D1A33970C65E8A8DFF78E757DDE3C66AED10.key.p em
  userdb {
    args = partition=/Library/Server/Mail/Config/dovecot/partition_map.conf global_quota=0 enforce_quotas=yes
    driver = od
  userdb {
    args = /Library/Server/Mail/Config/dovecot/submit.passdb
    driver = passwd-file
  verbose_proctitle = yes
  protocol lmtp {
    mail_plugins = quota zlib acl fts fts_sk sieve
  protocol lda {
    mail_plugins = quota zlib acl fts fts_sk sieve push_notify
  protocol imap {
    mail_max_userip_connections = 20
    mail_plugins = quota zlib acl fts fts_sk imap_acl imap_quota imap_zlib
  protocol pop3 {
    mail_max_userip_connections = 6

  I guess the problem didn't resolve itself, rather it has revealed that it is intermittent (my favorite kind).
  What could made a message sent to a legitimate alias username not get picked up during the imap connection. I know the smtp server accepted the message (see logs above).

• No of Concurrent Sessions Per User  Mismatch with profile settings

  Hi
  DB Version Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  OS RHES 5U2
  I created a profile MYPROFILE and set the value of Concurrent Sessions (Per User) to 30. DB was bounced after creating the profile. I made this profile default for a particular user "MYUSER". I verified that by querying DBA_USERS (select profile from dba_users where username like 'MYUSER') I checked v$session with that particular user after sometime and noticed that it was showing 34 sessions. Some ACTIVE and some INACTIVE.
  My question is, if I have set the maximum limit of concurrent sessions per user to 30 in myprofile and made this the default profile for MYUSER, then how come i am still able to see more than 34 sessions of myuser regardless of the status? I am not sure if this is relevant or not but the IDLE TIME is set to 15 minutes.
  Thank you for your help
  Edited by: user560883 on Jul 4, 2010 12:45 AM

  user560883 wrote:
  Hi
  DB Version Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  OS RHES 5U2
  I created a profile MYPROFILE and set the value of Concurrent Sessions (Per User) to 30. DB was bounced after creating the profile. I made this profile default for a particular user "MYUSER". I verified that by querying DBA_USERS (select profile from dba_users where username like 'MYUSER';) I checked v$session with that particular user after sometime and noticed that it was showing 34 sessions. Some ACTIVE and some INACTIVE.
  My question is, if I have set the maximum limit of concurrent sessions per user to 30 in myprofile and made this the default profile for MYUSER, then how come i am still able to see more than 34 sessions of myuser regardless of the status? I am not sure if this is relevant or not but the IDLE TIME is set to 15 minutes.
  Thank you for your helpDid you set the parameter resource_limit=true ? You must do it before you test sessions_per_user. You can do so like the following,
  alter system set resource_limit=true;After this again try and post the feedback.
  HTH
  Aman....

• Per-user bandwith contracts

  Hello,
  One of our customers have one Cisco WLC 2100 (firmware 5.2) with 4 AP Mesh 1522, in a city deployment. In order to achieve local regulatory, has to implement bandwidth limitations per user.
  I got screen captures of WLC QoS Profiles options, with Average Data Rate in Per-User Bandwidth Contracts.
  So my question is, do I need any other equipment to achieve per user bandwidth limitation? Can it be done with WLC QoS options?
  If any other equipment needed, which one could I use?
  Kind regards.

  Hello,
  Yes, you can modify your settings for per-user bandwidth contracts based on a specific QoS Profile on the WLC. You can then set your various WLANs to the desired QoS profile. The instructions to do so can be found here:
  http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_controller_setting.html#wpmkr1254539
  There are a few caveats with this configuration:
  1. To modify QoS roles on the WLC, you will need to disable the radio networks on the WLC, so there will be an outage during configuration.
  2. The per-user bandwidth contracts on the WLC are applied in the downstream direction only. In other words, the wireless clients will not have limited upload capability.
  Other solutions may exist on your switch/gateway devices depending on their available features.
  -Patrick Croak
  Wireless TAC

• TV Access Connection​s per-user settings?

  I needed to set up a 2nd user acct profile on my T500 (Win XP Pro) to use for a special purpose and need for the Wireless Radio to be powered off when this user's desktop loads (same as clicking the TVAC icon in the system tray and choosing Power Off Wireless Radio).
  So far my experience has been that any TVAC changes made while using the 2nd user account are carried over to the 1st user acct, and vice-versa.  I would like settings to be on a per-user basis and not applied globally to all users.  Is this possible, and if so how can I do it?
  Using the system tray icon, I was able to have the radio powered off in the 2nd acct and powered on in the 1st acct.  And when the 2nd user's desktop loads the icon is in fact powered off, at least initially, but then the auto-connect popup appears and automatically powers on the radio.  If I could configure the 2nd acct to not attempt to connect automatically that would work for me, but I can't figure out how that is possible.
  Any help is appreciated.
  Regards,
  Frank

  It is not possible to do per user setting in Access Connections.

• SSAS Cube data display platforms (including per user permissions support)

  Hi,
  I've developed an SSAS cube for a small sales company. The company does not want to invest on sharepoint. They need to display cube data for each sales agent filtering his own records.  
  Excel and SSRS can display cube data but can they filter their data per user using the username in customdata? Can they connect with certain roles?
  Creating a .net application may also be a solution although it should take much time and effort for creation.
  What other options are there to display and work with SSAS cube data?
  What's preferable?
  Thanks
  Namnami

  Hi, 
  I didn't understand your above sentence: "there is only one
  hop and Kerberos is not required"
  what did you mean?
  I don't think roles is a good option for us, we have around 20 salesman and they keep on changing. 
  The cube currently displays in Performance Point by using CustomData and that works great. 
  But we want the users to consume it via excel, I just didn't understand clearly if username can be used
  safely without setting kerberoes. 
  Appreciate your advice!
  Namnami
  *** Update- I understand now, one hop meaning excel connects directly to cube does not require kerberoes and can use username(). Any example for two hops? Thanks a lot , you're advice really helped!

• How to set session timeout per user

  Hi,
  Ho do I set the session timeout per User in the
  Application.cfm File??
  I tried using
  <cfif SESSION.UID EQ 1>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(0,0,20,0)#">
  </cfelse>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(1,0,0,0)#">
  </cfif>
  But this didnt work because the cfapplication seems to have
  to be at the top before I call the variable SESSION.UID which
  I set on my login page..
  Someone know how to do this??
  Regards
  Martin

  Martin,
  Your code example cannot work because the "session" scope
  doesn't exist until your application scope is defined. So you have
  to handle this manually. Here's how you can get it done. First,
  define your application to the maximum sessiontimeout you want to
  have.
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  SESSIONTIMEOUT="#CreateTimeSpan(1,0,0,0)#">
  Then, I don't know how you are doing your login
  authentication but when you have authenticated the user, you need
  to define the userid and the most recent activity in the session.
  Also determine your timeout value based on the userid. See example:
  <CFIF IS_AUTHENTICATED>
  <CFSET session.user.uid = form.userid>
  <CFSET session.user.most_recent_activity = now()>
  <CFIF session.user.id eq 1>
  <CFSET session.user.timeout_mins = 20>
  <CFELSE>
  <CFSET session.user.timeout_mins = 1440>
  </CFIF>
  </CFIF>
  Now, all you have to do is check whether the user has been
  idle for too long and kill the session by purging all session
  variables. For example:
  <!--- if user id is defined, this means user is logged in
  --->
  <CFIF structKeyExists(session, "user") and
  structKeyExists(session.user, "id")>
  <!--- check if timeout has expired --->
  <CFIF datediff("n", session.user.most_recent_activity,
  now()) gt session.user.timeout_mins>
  <!--- timeout has expired, kill the session and log the
  user out --->
  <CFSET StructClear(session)>
  <!--- insert your logout code here --->
  <CFELSE>
  <!--- user hasn't timed out, so reset the most recent
  activity to now --->
  <CFSET session.user.most_recent_activity = now()>
  </CFIF>
  </CFIF>

• Amount of Resources CPU and Memory per user

  Hi,
  We are looking to deploy a Line of Business Application via RemoteApp and a custom template.  The application requires a significant amount of RAM and CPU, can someone tell me who much RAM and CPUs are allocated per session \ user?  I would expect
  that we would use the Standard tier if any difference to resources available.
  Thanks
  Giles

  Hi James,
  Currently there is no way to configure resources other than selecting either Basic or Standard.  If you would like a lower per-VM user density (and thus higher resources for each user) what you can do is create more collections, and only assign
  a small number of users to each.
  For example, say you only wanted to have a maximum of 4 users on each VM, providing typically at least 1 vCPU per user.  In this case you would create collections with the Basic plan, each linked
  to the same template image, and only assign a maximum of 4 user accounts on the user access tab of each.  Assuming each user uses 80+ hours a month, the total (before discounts) cost for each collection would be $228/month, making each user
  cost about $57/month, slightly less than equivalent cost under Standard plan pricing if you factor in resources per user.
  You probably already know this, but I will explain how scaling works normally for others that may read this.  Azure RemoteApp will automatically create more VMs for each collection as needed to handle user load (Scale-Out) and shut down VMs when the
  user load is reduced (Scale-In).  The key thing that affects this scaling mechanism is the maximum concurrent users allowed on each VM, which for Standard is 10.
  In your case you are asking if you can have more resources per user, hence my instructions above for creating multiple collections and limiting the number of assigned users to less than 10 each.
  Depending on your unique needs it may make more sense to create a custom RDS deployment on Azure IaaS VMs.  In this case you could control the size/type of VM used, user density, etc.  Downside is you have to set up and manage more
  RDS components than you do if you use Azure RemoteApp.
  -TP