Security Access to Parent but not Base member
In BPC Security, Is there a way to provide access to a parent member but not to the children that the parent rolls up to?
The user needs to see the aggregate amount in the Parent, but the requirement is for them to not have access to the child entities that make up that parent.
For example, say Entity is a secure Dimension, and I have Parent MyParent1. Under MyParent I have Child1, Child2, Child3.
The requirement is to allow the user to see the aggregate value in MyParent1, but not be able to see the values in Child1, Child2 or Child3.
Greg
I think there are 2 possiblities. One is to grant the user his own member access profile (since a user canhave more than 1), and ONLY give him access to the Parent. The non out of the box way I can see doing that is to write the aggregate value to a standalone member in a seperate or same parent hierarchy. That way the values are dsiconnected.
Hope this helps.
Similar Messages
-
On imac 10.6.8 using current version of Aperture. How can I access the Aperture Library on my external hard drive that I use with time machine for backup? I can only access the application but not the library..
Go into Time Machine (the program not the bundle on the extrnal disk) and using Time Machine's browser go to the Folder where the library lives. You could look in the library bundle in Time Machine but that won't really tell you much,
If you want to make sure it truely has backed up your library you will need to restore it and open the restored library with Aperture.
If all this still has you confused you need to read up on Time Machine in order to get a feel for how it works, for what it is doing and for how to restore files from it. -
I can access my libray but not the store. It says I'm signed in but the page is blank. I get an unknown error code -1202. I tried redownloading iTunes but that didn't work. My firewalls show that iTunes is allowed. Please help.
I can access my libray but not the store. It says I'm signed in but the page is blank. I get an unknown error code -1202. I tried redownloading iTunes but that didn't work. My firewalls show that iTunes is allowed. Please help.
-
Revision: 1364
Author: [email protected]
Date: 2008-04-23 14:30:57 -0700 (Wed, 23 Apr 2008)
Log Message:
MessageBroker provided access to Log but not to what managed Log: LogManager. Added MessageBroker.getLogManager method but marked it with @exclude as it's probably only useful for testing purposes.
Modified Paths:
blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/MessageBroker.javaSecurity Questions
http://support.apple.com/kb/HT5312
Apple ID Contact
http://www.apple.com/support/appleid/contact/ -
Get Parent node from Base member
Hi ,
My user select base member from CV .
I want parent node for that base member .
I am using =EVPRO( App name , memmber id , "PARENTH1" ) .
I am not getting parent member from this funcation .
Pls let me know any other way for this ?
regards,
PSRHi,
EVPRO for getting the value for PARENTH1 of any member should work. Please check whether you have included all the parameters of this function inside double quotes.
EVPRO("APPNAME","MEMBER_ID","PROPERTY")
Hope this helps,
Regards,
G.Vijaya Kumar -
Need to have access in report but not in analysis.
Hi Experts,
All my users have analysis access ( adhoc ), in that only Admin users have access for detail table access. General users will have access only at Agg level.
Below is my requirement:
User A ( General ), he has access to subject area but not on detail table ( restricted detail table access in RPD ) so when ever he is creating his own report he will not be able to see detail table. this is good working as expected.
User B ( Admin ), he can able to create report using detail tables columns as well.
my requirement is if user B creates a report with detail table columns and shares with general user, general user should able to see the detail table columns ?can any one suggest us how to do this ?
We are on 11.1.1.6.5.
Thx...Declare a session variable (say, USER_SECURITY). Use init block to set it to zero. Allow user A to access detail table but add a condition that whenever any presentation columns from detail table is accessed by him, following condition must be met: ValueOf(NQ_SESSION.USER_SECURTIY) = 1 (use filter tab in permission window)
At this point, user still can not see data from detail table. The administrator can create a report and set this session variable to 1 in the advanced tab of the report. So user will be able to view the report always. The scope of the modified value of the session variable would be at report level, so there is no requirement of resetting it. -
I need to reset/change/clear my cookies, probably clear my cache, and change my history preferences. When I use the Tools-Options choice to bring up the appropriate menu (General, Tabs, Content, Applications, Privacy, Security,and Advanced) all allow me access to make changes (or not), the PRIVACY tab does not open up. It does no allow access to any info contained there in. It is like it doesn't exist or isn't even there. Also, in the Tools menu on the Firefox toolbar, both "Stop Private Browsing" and "Clear Recent History" are grayed out. What gives? Thank you for your help.
This can be caused by in incompatible/malfunctioning add-on. To test if this is the case follow the procedure in the [[troubleshooting extensions and themes]] article.
-
Remote Access VPN connecting but not passing traffic
I have a remote access VPN configured on a device here. I'm able to connect a device and it assigns me an IP address out of the pool, and injects the routes to its local network, but I'm not able to pass any traffic through the VPN and none of the IPSec SA counters increment for the dial-in connection. I've compared the config here to the samples from documentation and I don't know what I'm missing. Config is below.
3118-FWL001(config)# sho run
: Saved
ASA Version 7.2(3)
hostname 3118-FWL001
domain-name rr-rentals.com
enable password hEgvNHfNHV8zypPu encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 199.X.X.162 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd 2KFQnbNIdI.2KYOU encrypted
banner exec
banner exec
banner exec
banner exec Any attempted or unauthorized access, use, or modification is prohibited.
banner exec Unauthorized users may face criminal and/or civil penalties.
banner exec The use of this system may be monitored and recorded.
banner exec If the monitoring reveals possible evidence of criminal activity, Adhost can
banner exec provide the records to law enforcement.
banner exec Be safe! Do not share your access information with anyone!
banner exec
banner exec
banner exec
banner asdm
banner asdm
banner asdm
banner asdm Any attempted or unauthorized access, use, or modification is prohibited.
banner asdm Unauthorized users may face criminal and/or civil penalties.
banner asdm The use of this system may be monitored and recorded.
banner asdm If the monitoring reveals possible evidence of criminal activity, Adhost can
banner asdm provide the records to law enforcement.
banner asdm Be safe! Do not share your access information with anyone!
banner asdm
banner asdm
banner asdm
ftp mode passive
dns server-group DefaultDNS
domain-name rr-rentals.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_acl extended permit ip any host 199.X.X.163
access-list outside_acl extended permit icmp any any echo
access-list outside_acl extended permit icmp any any echo-reply
access-list outside_acl extended permit tcp 216.X.X.64 255.255.255.192 any
access-list outside_acl extended permit tcp host 76.X.X.166 any eq 3389
access-list outside_acl extended permit tcp 67.X.X.192 255.255.255.224 any eq 3389
access-list outside_acl extended permit tcp any any eq ftp
access-list outside_acl extended permit tcp any any eq ftp-data
access-list outside_acl extended permit tcp host 72.X.X.71 any eq 3389
access-list outside_acl extended permit tcp host 26.X.X.155 any eq 3389
access-list outside_acl extended permit tcp host 24.X.X.155 any eq 3389
access-list outside_acl extended permit icmp any any unreachable
access-list outside_acl extended permit icmp any any time-exceeded
access-list outside_acl extended permit tcp host 71.X.X.170 any eq 3389
access-list outside_acl extended permit tcp host 24.X.X.200 any eq 3389
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_2_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list outside_4_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list outside_3_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list rr-vpn_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list rr-vpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging buffer-size 1048576
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.20.1-192.168.20.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 199.X.X.163 192.168.10.2 netmask 255.255.255.255
access-group outside_acl in interface outside
route outside 0.0.0.0 0.0.0.0 199.X.X.161 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 216.X.X.64 255.255.255.192 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 1200
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 50.X.X.58
crypto map outside_map 1 set transform-set ESP-AES-128-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 75.X.X.253
crypto map outside_map 2 set transform-set ESP-AES-128-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set pfs
crypto map outside_map 3 set peer 173.X.X.69
crypto map outside_map 3 set transform-set ESP-AES-128-SHA
crypto map outside_map 4 match address outside_4_cryptomap
crypto map outside_map 4 set pfs
crypto map outside_map 4 set peer 70.X.X.194
crypto map outside_map 4 set transform-set ESP-AES-128-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.10.2 255.255.255.255 inside
ssh 192.168.0.0 255.255.0.0 inside
ssh 216.X.X.64 255.255.255.192 outside
ssh 50.X.X.58 255.255.255.255 outside
ssh timeout 60
ssh version 2
console timeout 0
management-access inside
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
service-policy global_policy global
tftp-server outside 216.X.X.116 3118-FWL001.config
group-policy rr-vpn internal
group-policy rr-vpn attributes
dns-server value 216.X.X.12 66.X.X.11
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value rr-vpn_splitTunnelAcl
username rrlee password B6rKS8LmKC50oIXK encrypted privilege 0
username rrlee attributes
vpn-group-policy rr-vpn
username cschirado password QYICGrOFAZ9iPWpp encrypted privilege 0
username cschirado attributes
vpn-group-policy rr-vpn
username daniel password SZsXZCSuVXcFn9NB encrypted privilege 15
username adhostadm password 7P2Y2Ow1o0.VSjvh encrypted privilege 15
username troy password amZKsxVU.8N9kKPb encrypted privilege 0
username troy attributes
vpn-group-policy rr-vpn
username troyr password Hek9zbMrM6wEDSfi encrypted privilege 15
username druiz password 33oau7XOcvhJ3DMv encrypted privilege 0
username druiz attributes
vpn-group-policy rr-vpn
username theresa password qWsPnR.vfjXzlunC encrypted privilege 0
username theresa attributes
vpn-group-policy rr-vpn
username kevin password R5DPfUVhzGCEg6pu encrypted privilege 0
username kevin attributes
vpn-group-policy rr-vpn
username andrea password MyhIPdH6UJQDon77 encrypted privilege 0
username andrea attributes
vpn-group-policy rr-vpn
tunnel-group 50.X.X.58 type ipsec-l2l
tunnel-group 50.X.X.58 ipsec-attributes
pre-shared-key *
tunnel-group 75.X.X.253 type ipsec-l2l
tunnel-group 75.X.X.253 ipsec-attributes
pre-shared-key *
tunnel-group 72.X.X.71 type ipsec-l2l
tunnel-group 72.X.X.71 ipsec-attributes
pre-shared-key *
tunnel-group 173.X.X.69 type ipsec-l2l
tunnel-group 173.X.X.69 ipsec-attributes
pre-shared-key *
tunnel-group rr-vpn type ipsec-ra
tunnel-group rr-vpn general-attributes
address-pool vpnpool
default-group-policy rr-vpn
tunnel-group rr-vpn ipsec-attributes
pre-shared-key *
tunnel-group 70.X.X.194 type ipsec-l2l
tunnel-group 70.X.X.194 ipsec-attributes
pre-shared-key *
prompt hostname contextHere are the results of the commands you requested. I'm not able to ping either direction.
Thanks,
James
3118-FWL001# sho cry isa sa
Active SA: 5
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 5
1 IKE Peer: 50.34.254.58
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
2 IKE Peer: 173.10.71.69
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
3 IKE Peer: 75.151.109.253
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
4 IKE Peer: 70.99.88.194
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
5 IKE Peer: 216.211.143.85
Type : user Role : responder
Rekey : no State : AM_ACTIVE
3118-FWL001# sho cry ips sa
interface: outside
Crypto map tag: outside_dyn_map, seq num: 20, local addr: 199.21.66.162
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.20.2/255.255.255.255/0/0)
current_peer: 216.211.143.85, username: kevin
dynamic allocated peer ip: 192.168.20.2
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 216.211.143.85
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: CBF94621
inbound esp sas:
spi: 0x8D8279CA (2374138314)
transform: esp-3des esp-sha-hmac none
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 200, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 28715
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0xCBF94621 (3422111265)
transform: esp-3des esp-sha-hmac none
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 200, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 28715
IV size: 8 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 1, local addr: 199.21.66.162
access-list outside_1_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
current_peer: 50.34.254.58
#pkts encaps: 15356573, #pkts encrypt: 15356573, #pkts digest: 15356573
#pkts decaps: 9021115, #pkts decrypt: 9021114, #pkts verify: 9021114
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 15356573, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 50.34.254.58
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: FE16571B
inbound esp sas:
spi: 0x78BD7E4F (2025684559)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 86, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4263158/5788)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0xFE16571B (4262876955)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 86, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4064653/5788)
IV size: 16 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 4, local addr: 199.21.66.162
access-list outside_4_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.4.0/255.255.255.0/0/0)
current_peer: 70.99.88.194
#pkts encaps: 491814, #pkts encrypt: 491814, #pkts digest: 491814
#pkts decaps: 416810, #pkts decrypt: 416810, #pkts verify: 416810
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 491814, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 70.99.88.194
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 533F55E1
inbound esp sas:
spi: 0xE2F461AD (3807666605)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 194, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4273818/27167)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0x533F55E1 (1396659681)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 194, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4266133/27167)
IV size: 16 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 2, local addr: 199.21.66.162
access-list outside_2_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
current_peer: 75.151.109.253
#pkts encaps: 207718, #pkts encrypt: 207718, #pkts digest: 207718
#pkts decaps: 142739, #pkts decrypt: 142739, #pkts verify: 142739
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 207722, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 75.151.109.253
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 8D74AC18
inbound esp sas:
spi: 0x0CF7F70B (217577227)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 195, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4274490/23242)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0x8D74AC18 (2373233688)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 195, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4270718/23242)
IV size: 16 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 3, local addr: 199.21.66.162
access-list outside_3_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0)
current_peer: 173.10.71.69
#pkts encaps: 3427935, #pkts encrypt: 3427935, #pkts digest: 3427935
#pkts decaps: 2006044, #pkts decrypt: 2006044, #pkts verify: 2006044
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 3427935, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 173.10.71.69
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 2E8A6147
inbound esp sas:
spi: 0x467968AB (1182361771)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 154, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4270213/18597)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0x2E8A6147 (780820807)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 154, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4162093/18597)
IV size: 16 bytes
replay detection support: Y
3118-FWL001# sho run route
route outside 0.0.0.0 0.0.0.0 199.21.66.161 1 -
How do I limit access to certain (but not all) applications on my laptop?
Hello,
Is it possible to reduce access to certain applications (eg Email) while allowing other applications to remain "open" to all users?
I only have one account on my powerbook, and would like to simply prevent access to certain applications.
Any help will be greatly appreciated,
thank you,
nihalKorelice
you would need , in following Matt's advice to ensure that the restricted users were not created as admin users. That is, on creation do not click the 'allow this user to administer computer' box. If you tried parental controls on them, you would be told by the OS that you can't restrict an admin.
The better advice would be to restrict the actual use of the single user you have now, who is presumably an admin, to just admin (installations, re configs, set up new users etc) tasks. Change his password so those real people you don't trust (?) couldn't get to him. You could have a 'restricted' user who is not restricted in respect of apps (email, browser etc) but can't admin. Use him yourself for browsing etc and general use. Add another restricted user for(the kids, irresponsible friends and such) who are not admins and can only use certain apps. I am aware that is not precisely what you asked. -
if some experienced try this
#6
Registriert seit:
Beiträge:
08.2009
1.192
spaceman88
MU Mitglied
01.04.2013, 22:10
Ja habe ich auf 0
Mit folgerndem Befehl kann Festgestellt werden welcher hibernate Modus aktiviert ist:
pmset -g | grep hibernatemode
Bei neuen Geräten ergibt die Anfrage 3, wobei es folgende Modi gibt:
0 – Die alte Sleep-Variante, in der das RAM über Akku oder Netzadapter mit Strom versorgt wird.
1 – Hier wird das RAM auf die Festplatte gesichert und der Laptop heruntergefahren.
3 – Der Standard-Modus neuerer Laptops vereint Modus 0 und zur Sicherheit Modus 1.
5 – Dieser funktioniert wie Modus 1, aber ist für sicheres virtuelles RAM gedacht, welches in den
Sicherheitseinstellungen aktiviert werden kann.
7 – Dieser funktioniert wie Modus 3, ist aber ebenfalls für sicheres virtuelles RAM gedacht.
Mit folgerndem Befehl,
sudo pmset -a hibernatemode x
ändert man den Modus. (x steht hierbei für eine obigen Zahlen.)
Falls mit Deep Sleep Probleme mit dem normalen Hibernate (Standby) auftreten kann dies durch
sudo pmset -a hibernatemode 3
wiederhergestellt werden.
i found on
MacUser.de
now go i go on trying first at system Security preferences as stated out to 5 –.Thank you!
Kappy Nov 24, 2014 3:01 PM
Re: Mac Pro's (early 2008) Back up plan towards a possible OS upgrade to Yosemite in response to Juan Huerta
All new drives need to be partitioned GUID and formatted Mac OS Extended, Journaled before they can be used.
OK, is that an option I'll be prompted to by the OS or do I have to "tell" that to...Disk Utilities (?)
If cloning is your purpose then use Disk Utility's Restore option. It will clone the drives and their Recovery HD partitions automatically.
I didn't know that Disk Utility had an option for cloning a bootable drive...is it better than CCC? (I have used neither one) I really would like to save $40 and avoid downloading additional software/applications...please if you don't mind...what option would that be once I click on "Disk Utility"? If you know of a good link or reliable article on the topic that will work for me too.
Test a clone be trying to boot the computer from it.
Any bootable drive in any bay can be used to boot the computer. Use Startup Drive preferences to set the desired boot volume.
Erase the target and try again.
But if the computer fails to start because I didn't create a good copy, how do I go back? Keyboard shortcuts? I keep reading that a wired keyboard must be used...and that's scary. If that's true, could I hook up any of my Windows based keyboards via USB?
Erase the drive and install OS X. You cannot use any software installed by the prior owner that was purchased via the App Store including OS X. You must start from scratch. (this actually is 5B rather than item 6.)
Well, he created an Admin account for me and I have been handling updates and everything with the new password he created for me. I wonder if I could access the Apple Store with my ID though...it's all under my name in that computer though, so I figure that at the Apple Store I'd just enter my ID...I guess, I have not tried that yet
Yes. -
@ATTRIBUTESVAL works properly in Calc script but not in Member Formula.
We are using Essbase 11.1.2 –
"Global_Period" is a Dynamic Calc Member. Below is its Member Formula:
"ProjType " is an attribute (text) dimension.
"Global_Period" ="ValidAccount";
IF (@ISLEV ("Total_Expenses", 0) AND @ISMBR("HSP_InputValue") AND @ISLEV ("Version",0) AND
@ISMBR("No_GL_Account") AND @ISLEV ("Scenario",0) AND @ISLEV ("Years",0) AND @ISMBR ("Local")
AND @ISLEV("Tot_Org",0) AND NOT @ISIDesc ("Service_Division") AND @ISLEV("Tot_PRJ",0) )
"Global_Period"->"No_GL_Account"-> @CURRMBR ("Projects") =
1* "ValidAccount"->"Global_Version" ->"Global_Scenario"->&Budget_Year->"Global_Entity"->
"No_GL_Account"->"HSP_InputValue"->"Local"->
@MEMBER(@NAME(@CONCATENATE ("Proj_",@ATTRIBUTESVAL("ProjType"))));
ENDIF
The above Member- Formula is failed to work when opening a Data Form that contain "Global_Period".
The error messages in the log file are as follow:
[Thu Mar 1 16:55:39 2012]Local/Projects/Plan1/admin@Native Directory/1122748736/Error(1200370)
Error executing formula for [Global_Period] (line 1): attempt to cross a null member in function [@X]
[Thu Mar 1 16:55:39 2012]Local/Projects/Plan1/admin@Native Directory/1122748736/Error(1200370)
Error executing formula for [Global_Period] (line 0): attempt to cross a null member in function [@_VAL]
When converting the "Global_Period" to be a Store member.
The Calc Script below is exactly equivalent to the Formula, and run perfectly with no Errors.
"Global_Period" ="ValidAccount";
FIX ("HSP_InputValue", "Local","No_GL_Account", @RELATIVE ("Total_Expenses", 0),
@RELATIVE ("Version",0), @RELATIVE("Scenario",0), @RELATIVE ("Years",0),
@REMOVE (@RELATIVE ("Tot_Org",0),@IDESCENDANTS ("Service_Division")),
@RELATIVE ("Tot_PRJ",0))
SET CREATENONMISSINGBLK ON;
"Global_Period"
("Global_Period"->"No_GL_Account" -> @CURRMBR ("Projects")=
1* "ValidAccount"->"Global_Version" ->"Global_Scenario"->&Budget_Year->
"Global_Entity"->"No_GL_Account"->"HSP_InputValue"->"Local"->
@MEMBER(@NAME(@CONCATENATE ("Proj_",@ATTRIBUTESVAL("ProjType"))));
SET CREATENONMISSINGBLK OFF;
ENDFIX
For many reasons we prefer to use the Dynamic Calc Formula for "Global_Period".
As result of some checking I discover that the problem is with the function @ATTRIBUTESVAL,
because the formula has worked fine when I replace the @ATTRIBUTESVAL with a string.
Please help, what is the right way to write the formula in order to make it work.
Thanks
Tami KedemDear Cameron Lackpour,
Thank you very much, for your reply.
I'd given it a try, but it didn't help.
The purpose of this formula is as follow:
We holds 1's (ones) for allowable combinations of "Project_Type and Accounts", namely, each project type has different list of accounts that are allowed for input.
I need to populate the input 1's to all projects (and their children) according to its "ProjType".
The Data forms has periods in columns, thus by putting "Global_Period" (Hide) as the first column, and use "Suppress Missing rows" - for each project (on the "Page") , the form will show just the allowable Accounts in rows.
(we have around 300 Accounts, 50,000 members in Project dimension and around 25 Types of projects).
Please help.
Thanks!
Regards,
Tami Kedem -
I had bought two Network Drives so I could watch my own movies anywhere in my house and clear up the clutter of all the DVDs, Blurays and CDs, Works greate with the PS3, Bought the Apple TV version 3 because it was smaller and resently bought the IPAD 3 and have the IPHONE 4S and other apple products.
My wish is to access my Network drives with the Apple TV - I have herd of Jailbreaking it (Not Avalible from where I can tell for the Version3) - but why didn't Apple ever think of accessing a Network drive and is their a work around for this? Should I just shutup and wait till Jail Breaking is avalible for the Version 3?.
Thank you for any helplongbeachjoe wrote:
......but why didn't Apple ever think of accessing a Network drive and is their a work around for this?
I'm sure they did think of it, but quickly discarded the idea because of the horrendous user experience this causes. -
Limited Access in parent objects not working
In my scenario I've a document library with several document sets. I break the role inheritence in the document set and provide individual permissions for users.
The thing is, that no limited access is granted to the parent object (list and web). Does that change in SharPoint 2013? I saw that the method AddToCurrentScopeOnly is new for developers - does SharePoint use that method, too for adding users?
Is there a way how I can change the behavoiur to the old one (like 2010)? Or what is the recommended workaround.
Thanks in advance!Hi Fidy13,
In SharePoint 2010, it shows the Limited Access permission in the parent scope. For site administrators, it is very hard to manage site permissions because they cannot make sure where the limited users have permissions or not.
In SharePoint 2013, although it doesn’t show Limited Access permission in the parent scope, the users who have limited aceess permission can access the specified scope, and when you remove the permission in the specified scope, the limited access is removed.
It is convenient to site adminitrators to manage the site. So , I don’t recommand you change it.
Here is a similar post for you to take a look at:
http://social.msdn.microsoft.com/Forums/windowsapps/en-US/8ce65f4b-fe3b-4326-b4c3-41c0fb427c40/sharepoint-2013-limited-access-permission?forum=sharepointgeneral
I hope this helps.
Thanks,
Wendy
Wendy Li
TechNet Community Support -
Samba: write access from Ubuntu but not arch ?!?
Hi !
I am currently dual booting Arch and Ubuntu on my laptop and have a problem with getting write access to samba shares on an Arch mythtv backend.
I have full write access when using Ubuntu on the laptop, but when I boot into Arch I can see the shared folders and their contents, but I do not have write access.
The laptop Arch and Ubuntu user names are the same, as are the passwords (in case that matters).
This is the smb.conf on the Arch backend:
[global]
workgroup = MYGROUP
netbios name = BACKEND
server string = laffi
wins support = yes
wins server = 192.168.1.103
log file = /var/log/samba/log.%m
max log size = 50
map to guest = bad user
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
dns proxy = no
guest account = laffi
[public]
path = /home/laffi
public = yes
only guest = yes
writable = yes
Any ideas ?Nothing ?
This is currently the show stopper for switching my laptop to Arch, so any help with getting this problem sorted will be much appreciated ;-) -
New Install - Can access the internet but not with Web Browser
I just installed Solaris 10 11/06 with my new Ultra 20 M2 workstation. I can ping, complete NSLOOKUP commands on public domain names and can telnet; however, when I try to use the browser it says it cannot connect to the internet. I made sure of the following:
- Web Browser is not using proxy
- resolv.conf is accurate
- defaultrouter is accurate
- hosts, hostname.. are good
- netmasks is fine.
Any thoughts? thanks for your help.Is there a firewall between the server and the internet, try telneting the fully qualified domain name again but on port 80 (or 8080) (i.e. telnet www.yahoo.com 80), do you have another machine on this network that can access the internet through a browser (if so check it's settings) also if you have an intranet see if the browser can access that, if these don't work then the problem is settings\config in your browser.
also try a traceroute and see where the packets are routed and how many hops it takes.
Maybe you are looking for
-
I have a requirement where users need to be created into OIM bu running a one time Trusted Source Recon. Once the users are created on OIM we want to link the account on OID with the user account created on OIM. When we run a Target Recon for these u
-
My iphone is not recognised by itunes or my computer
My iphone is not recognised by either i tunes or my computer. Everything was working fine but now when i plug my phone into the computer it does not charge up the battery nor does it appear in tunes or my computer. I have gone through the apple check
-
How to use COGM ( cost of goods manufactured )
Hi my company is a consumer goods ( dairy product ) manufacture. I 'm interested to use SBO. I have installed a trial version, and see the process on the SBO using sample database ( OEC Computer ). There is a GL account for COGS ( Cost of Goods Sold
-
I can't open a new page in my firefox window
If I want to open a new page in my firefox window, I click on the + button, but nothing happens. Thanks for your help!
-
Flicker on iMac 17" Dual 1.8
I've got a flicker on my screen, as thought the refresh rate is too low. If I reboot it seems to go away for a while, but always comes back. My software is up to date. Is there anything I can try?