Router Access for Specific ACS Group

Similar Messages

• Restricting  Access for SQ01 User Group

  Hi ,
  Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
  Thank you
  Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

  Hi,
  Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
  If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

• CANNOT OVERRIDE DOCUMENT ROUTING ID FOR SPECIFIC TRADING PARTNER FOR ROSETT

  Cannot override Document Routing ID for specific trading partner for RosettaNet transactions.
  The Document Routing ID for other transactions types (e.g EDI) can be overridden when creating operation capability for a trading partner by unchecking "Use Existing Document Proto Parameter Values" and "Use Default Document Definition".
  This does not work for RosettaNet transactions as no option to override the values is available when "Use Default Document Definition" is unchecked.

  Hello,
  I have replicated this issue and it appears to be a bug. I shall follow up regarding the same.
  Rgds,Ramesh

• Modification in me23n :for specific purch. group ,user can enter specific

  Hi ,
  I have to make modification in me23n that for specific purchase group ,user can enter specific matrial no .But I have never did anything before  in standerd sap.So how I have to proceed in order to achieve this.
  Regards,
  Seema.

  Hi,
    This can be achieved using enhancements in SAP, which could be customer-Exits or BAdi implementations. I think this can be achieved using enhancement(Customer-Exit) MM06E005(Tcode-SMOD) function module EXIT_SAPMM06E_012.Here you have import parameter I_EKKO which will have purchase org and tables TEKPO which will ahve all lines so youc an add a custom check to validate materail based on purchase org.
  Regards,
  Himanshu

• File and folder permissions for specific AD groups

  Having a special folder over multiple servers that certain user groups can access with specific permissions I'd like to audit the security mappings using get-acl commandlet. It's easy for a single folder but I would need subfolders and files too. I know
  I can assign a variable say $object = dir c:\MyShare -recurse  and then would need to somehow pipe each object to get-acl and filter for the AD groups I'm interested in. Ideally if the results were then passed on to csv. Can someone help with getting
  this to work?
  yaro

  Hi Yaro,
  I checked your script, and found you haven't defined the variable $folder before use, please refer to the script below:
  $folders = dir D:\TEST1 -recurse | where {$_.psiscontainer -eq $true}
  foreach($folder IN $folders){
  $folder|Get-Acl | Select-Object -ExpandProperty Access | where {$_.identityreference -match "sys|Adm"}
  Get-Acl $folder.fullname | Select-Object -ExpandProperty Access | where {$_.identityreference -match "sys|Adm"} |
  Select-Object @{n="object";e={ $folder.fullname }},
  @{n="security_principal";e={ $_.identityreference }},
  @{n="type";e={ $_.accesscontroltype }},
  @{n="rights";e={ $_.filesystemrights }}
  And to list the nested groups on local computer, please check this function writed by Boe Prox, which will also list the property "isGroup":
  Get-LocalGroupMembership
  If there is anything else regarding this issue, please feel free to post back.
  Best Regards,
  Anna Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Securing AnyConnect VPN user access via specific LDAP groups in Active Directory?

  Is there a brief tutorial on how to secure AnyConnect VPN access using Active Directoty security groups?
  I have AAA LDAP authentication working on my ASA5510, to authenticate users against my internal AD 2008 R2 server, but the piece I'm missing is how to lock down access to AnyConnect users ONLY if they are a member of a specific Security Group (i.e. VPNUsers) within my AD schema.

  This looks fairly complete
  http://www.compressedmatter.com/guides/2010/8/19/cisco-asa-ldap-authentication-authorization-for-vpn-clients.html
  Sent from Cisco Technical Support iPad App

• Approve suppliers only for specific material groups

  Dear Experts,
  Current scenario: Our purchasers can buy products from all material groups from every boarded supplier. E.g. they can buy production materials from an office paper supplier.
  Target scenario: The moment a purchaser buys a material that's not part of the approved material group of that specific supplier, he get's an error.
  What is a practical way to achieve this?
  Thanks a lot,
  Steffen

  Normally we maintain Source lists,  which restrict the list of vendors from whom certain materials can be purchased. 
  Sometimes you can also create a Material group level contract, and then in the PO  specify the materials from that specific material group.
  but ideally you should go for source list, as it is the simplest and standard way to control approved suppliers for materials.  I know its not at material group level , but still its the best option.
  Last case, you can go for a development  , use the BADI ME PO PROCESS CUST i think it is.

• Restrict telnet access for specific users on ios router

  aaa new-model
  aaa authentication login default local
  username aaa password aaa
  username bbb password bbb
  user aaa should have ssh and telnet access.
  user bbb  is only used for vpn authentication, i dont want him to access router via ssh or telnet ,even in user exec mode.
  i also can not  apply access-class on vty lines because i am loging in device from different places ,and dont know exact ranges of ip address to create access-list
  radius and tacacs is not option for me
  what can be done in order to restrict user bbb from ssh and telnet access ?

  OK. I did not clearly remember the OP description of aaa and bbb. So for bbb to only have VPN access try
  User bbb password bbb privilege 0
  HTH
  Rick
  Sent from Cisco Technical Support iPhone App

• ACS- Dynamic VLANS for different ACS groups with AD

  Hi all,
  How do I tied diff Active Directory domain groups to diff ACS defined groups? Each domain group will be tied to an ACS defined group with a diff vlan. I read about the option in help but don't see the option to actually do it.
  using ACS 3.3.
  JT

  You could refer to the document 'User Group Mapping and Specification' at http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/qg.htm#.

• ISE - Guest - permanent access for specific device

  Hello,
  In brief: I'm using ISE 1.2, 5508 wlc and few 3702-I APs - brodcasting 2 SSIDs: Internal and Guest (Internet olny). Guest SSID forces user to provide username and password through guest portal.
  Is there any way to configure some policy on ISE to allow specified mobile device(s) (filtering by IMEI or MAC address) access to Internet via Guest network without necessity of provide username and password? An exception that is avoiding guestportal and/or permanent remember that particular device.

  Hey kkoziarski,
  It sounds like you are looking for the functionality of that known as Web Passthrough.  Where the device can just view some TOC and possibly be presented with a Guest AUP.  This is something that is doable with a Standalone WLC, as I am sure you know.
  Funny thing is that I was coming here to post something along the same lines.  I've spent the past week researching and trying some configs on both ISE 1.2 and ISE 1.3.  It appears that the final answer is no.  This wouldn't be performing any authentication and neither would it be applying any permissions to the device/user, which at that point - it wouldn't be utilizing any of the functionality of ISE.
  What I have found is that there are 2 methods that can offer a similar experience, but will not be a true Webb Passthrough, and it will not be easily configurable.
  1.  Creating a customized HTML page for the WebAuth AUP, that would then have the username and password embedded in the code, and more than likely need to be linked to the Submit button or something of that nature.
  2.  Utilizing ISE policies on a per-WLAN basis and including specific attributes, which would then have to communicate with the above custom HTML page.
  Any other users out there, please feel free to correct me if I am wrong!  I wonder if they will ever come out with a feature as such :/

• SCOM 2012 - how to setup alerts for specific IT groups.

  Hello everyone - I have seen a few similar questions but never any specific answers.
  Our IT department is split up in teams.  We have a Database team - Exchange Team - SharePoint Team - Web Team and others.
  We currently run around 650 Servers for the department.  Exchange team for example will need to get alerts off of their 12 Exchange servers.  SharePoint team will need alerts off of say 22 servers and etc...
  Is there "Anyway" to make sure they only get the alerts for their servers?
  I recently setup a new group for our Web Team and they are getting SharePoint, Exchange, DPM and other alerts which they do not need to be getting.  Also I have noticed from this that the SharePoint and Exchange teams are not even getting all their
  alerts since apparently we had to refine them so much so as not to get other alerts (thus causing them to miss many).  SCOM seems like a great package but it falls very short (from my limited experience with it so far) in being able to really customize
  alerts for IT environments.
  Can you enable a group to get all alerts for a specific group of servers?
  SharePoint uses IIS, Database, Windows OS etc....  If I set it up for this it gets all IIS, Database servers when I only want them to see the 22 servers - if I restrict it down then they miss alerts.  Sorry repeating myself now -
  Thanks for any help.
  Willis

  Hi,
  "Can you enable a group to get all alerts for a specific group of servers?"
  Yes you can. In Authoring, Group, create groups with the servers, e.g create an Exchange Group with all 12 Exchange servers. In Adminstration, Notifications, Subcricptions, create a subscription and in the "raised by any instance in a specific group" select
  the group (Exchange servers)
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• How can I know how many views are maintained for specific or group material

  Hello, All,
  How can I get know how many views which are already maintained in the material master for one specific or one group material? And which views? Is there any T-code or table to get those views list for material?
  Thank you very much

  Hi,
    You can check in table MARA, field VPSTA details as given below
  User department     Maintenance status
  Work scheduling           A
  Accounting                                 B
  Classification                            C
  MRP                                 D
  Purchasing                                  E
  Production resources/tools       F
  Costing                                  G
  Basic data                                  K
  Storage                                  L
  Forecasting                              P
  Quality management           Q
  Warehouse managemen          S
  sales                                        V
  Plant stocks                                 X
  Storage location stocks            Z
  regards,
  zafar

• Email Alert for Specific Server Groups

  We are using SCOM 2012 R2. We have windows server 2003 and 2012 servers. 
  I configured email alerts for this servers. 
  Criteria: 
  Notfiy on alerts
  of a critical severity.
    and of a high priority
    and with New(0) resolution state.
  I succesfully recieve alerts and emails from this configuration.
  But i want to recieve email alerts from specific Windows Server 2003 servers or Windows Server 2012 servers.
  I create a server 2003 and server 2008 group in scom.
  I use  "raised by any instance in a specific group" OR "raised by any instance of a specific class". I shutdown one of the servers. I can see alerts in scom active alerts section (hearthbeat alerts) but i cannot recieve emails about
  this alerts.
  If i use monitor rule (for example printer spool service rule) , I can recieve emails but it does not for work hearthbeats alerts.
  I recently install Windows Server MP and Active Directory MP .

  Create a group containing watchers/watcher groups for your servers and use this group in subscription filter. See this
  post for more info.
  Gleb.

• Recycle bin to show all deleted items on the site collection for specific user group

  hi there, is there any way where a certain sharepoint group (i.e. site collection members) to view and restore deleted items on theentire collection, without giving them site collection rights orgive them more rights than necessary? we wanted to create
  aSP group that has the permission to restore deleted items and give them to selected users so that our users won't have to contact us when they want to restore a deleted item

  I don't believe you can. If an item get's deleted it should go to the first recycle bin @ /_layouts/15/RecycleBin.aspx
  The Recycle Bin gives a site collection administrator
  greater control when users delete files, versions of files, list items, libraries, lists, and folders from a SharePoint site by providing a second stage safety net before an item is permanently deleted from a site. When a user deletes an item from the Recycle
  Bin, the item is sent to a second stage Recycle Bin (also known as the Site Collection Recycle Bin) that the site collection administrator manages. This article focuses on how a site collection administrator can manage the Recycle Bin for a site collection.
  https://support.office.com/en-US/Article/Manage-the-Recycle-Bin-of-a-SharePoint-site-collection-5fa924ee-16d7-487b-9a0a-021b9062d14b
  Ibrahim Sukari, Technical Consultant | SharePoint | Dynamics CRM |
  LinkedIn Profile

• PO Qty in SKU configuration for specific Material Group in PO

  Dear All,
  I face issue when I do MIGO, which is that unit measure KG can not covert to stockunitstock unit measure PC.
  After I checking, I found the following information in tab Qualities/Weights of PO:
  PO Quantity                     2 PC     Order Unit <-> Ord. Price Unit        PC  <->         KG
  PO Qty in SKU               0.000        Order Unit <-> SKU             0      PC  <-> 0
  What I can configure is "Order Unit <-> Ord. Price Unit        PC  <->         KG", but I can not conifgure "Order Unit <-> SKU" for PO to buy material group rather than sepcific material.
  Could anybody can tell me how to configure "PO Qty in SKU               0.000        Order Unit <-> SKU             0      PC  <-> 0" for PO to buy material group in ME21N?
  I am looking forward to your kind suggestion, which is really appreciated!
  Cheers!

  Does anyone face the same issue before? could you give me any tips if you have such problem? thanks in advance!