Security Data Propagation

Similar Messages

• Unable to find security data

  Hello,
  I am trying a scenario file--> xi ---> RFC , does anybody know what this message means. The problem appear when I send a flat file to XI.  My question is, do I need to make some extra settings ?
  This is the error am getting.
  <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--  Technical Routing
    -->
  - <SAP:ErrorHeader xmlns:SAP="http://sap.com/exchange/MessageFormat">
    <SAP:Context />
    <SAP:Code p1="Intromoto_bus,zempiface/http://empinfo.com" p2="sap_bus,ZHRONBOARD_ACCEPT/urn:sap-com:document:sap:rfc:functions" p3="" p4="">PHYROU.UNDEFINED_SECURITY</SAP:Code>
    <SAP:Text language="EN">Technical routing: Unable to find security data for sender Intromoto_bus,zempiface/http://empinfo.com for receiver sap_bus,ZHRONBOARD_ACCEPT/urn:sap-com:document:sap:rfc:functions</SAP:Text>
    </SAP:ErrorHeader>
  Rgds,
  Ram Sri

  Hi,
  but then, the error message is very concise. The security object in the integration directory with the key:
  Send:
  Intromoto_bus
  zempiface
  http://empinfo.com
  Rec:
  sap_bus
  ZHRONBOARD_ACCEPT
  urn:sap-com:document:sap:rfc:functions
  is missing. You need to create it in the directory.
  Regards,
  Hermann

• Unable to find security data for sender

  Hello, does anybody know what this message means. The problem appear when I send an Idoc to XI. Other interfaces (Master data) are working properly. My question is, do I need to make some extra settings for the transactional data interfaces (SHPMNT)?
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--  Technical Routing
    -->
  - <SAP:ErrorHeader xmlns:SAP="http://sap.com/exchange/MessageFormat">
    <SAP:Context />
    <SAP:Code p1="sapdev222,SHPMNT.SHPMNT05/urn:sap-com:document:sap:idoc:messages" p2="VENDORMASTER_WOLTERKLUWER_ERP_BE,IDZ0001_DeliveryReplicate_IB/http://wolterskluwer.com/xi/midas_deliveries" p3="" p4="">PHYROU.UNDEFINED_SECURITY</SAP:Code>
    <SAP:Text language="EN">Technical routing: Unable to find security data for sender sapdev222,SHPMNT.SHPMNT05/urn:sap-com:document:sap:idoc:messages for receiver VENDORMASTER_WOLTERKLUWER_ERP_BE,IDZ0001_DeliveryReplicate_IB/http://wolterskluwer.com/xi/midas_deliveries</SAP:Text>
    </SAP:ErrorHeader>
  regards
  Ernesto Duran

  HI,
  i am also getting the same error in my scenario. Could u plz inform me what is the solution?
  Rgds,
  Ram Sri

• Data propagation problems w/ NIS+ to LDAP migration..

  Hello All,
  I'm running in to an issue performing an NIS+ to LDAP migration with Solaris 9.
  It all happens like this: NIS+ successfully populates the directory through the 'initialUpdateAction=to_ldap' option-- afterwards, no updates made directly to LDAP are ever pushed back into NIS+.
  I'm of the understanding (which might be incorrect) that after performing the initial update, NIS+ should simply act as a cache to the data stored in LDAP. Do I need to perform an 'initialUpdateAction=from_ldap' after populating LDAP to force the direction of the data propagation to change?
  I'm experienced with LDAP, so I'm comfortable everything is all right on that side, however, I'm not so sure about NIS+. Anyone out there who has gone through this migration who'd be willing to offer some assistance or advice would be greatly appreciated.
  Many thanks in advance..
  ..Sean.

  Well, you neglected to outline exactly how you accomplished your migration.
  Starting with Tiger Server using NetInfo as a standalone server, we created an Open Directory Master, as described in Apple's Open Directory Guide. By the time we'd finished that, we had an OD admin. From there, we did as I previously described -- exported with WGM from NetInfo, imported with WGM into LDAP, deleted with WGM from NetInfo.
  See http://support.apple.com/kb/TA23888?viewlocale=en_US
  This seems to be an article on how to re-create a password that's been lost. That's not really what we need, though. The OD admin account we created works fine for other services, just not for WGM. And other admin users we created work fine for other services, but not for WGM. The problem is that although admin users can log into many services, they can't log into WGM -- only root can.

• Does anyone have any information regarding securing data.

  I want to secure data to assure that each department can only view their own PO's, req's, invoices and payments. Can anyone provide or direct me to the documentation on this? Thank you for any help.

  Hi,
  You can try using security hierarchy or other appropriate document security control, but I'm afraid it only works for purchasing document
  One way is to separate the OU, but that would take an implementation and maintenance effort
  Gerry

• Object Level Security,Data Level Security&Row level Security

  can anyone explain main difference between "Object Level Security,Data Level Security & Row Level Security " and how to implement.
  Thanks in advance,
  Kumar

  Hi Kumar
  Dashboards, Reports, Guided Navigation Links, Texts, briefing books are all Dashboard OBJECTS which are available at UI level of OBIEE..if you restrict them Say User 'A' wants to see 2 Dashboards and USer 'B' Wants to see 1 Dashboard....these settings & permission u r restricting in Object level called Object Level Security
  lly datalevel security is restriction of Data.. consider the same above example and User 'B" wants to see 2-3 regions data where as User A will see only Single Region Data..which you will do/restrict at logical tables, using variables..
  Row level security: http://groups.google.com/group/obiee-enterprise-methodology/browse_thread/thread/131ee938a5aefde0 refer this link, clearly explains you
  Please mark Correct or helpful if this clears

• Securing data - custom vs VPD vs another solution

  Hi we have a requirement in our project to secure data for entities like "cases" based upon attribute value like "dispute type". So if the attribute "dispute type" has a value "franchise"; an admin can go and create a group "franchise" so that Members of the “Franchise” group can VIEW all parts of all case records with a dispute type of “Franchise” but others cannot. Also we could control the permissions e.g VIEW, Edit CREATE for that group on thoserecord
  Like this we could decide to secure "cases" based upon another value for dispute type. Also we could then secure data based upon another attribute.
  Potential solutions:1) Custom
  we use standard ADF grid to display all data to super admin. He can filter based upon the required attribute, all cases with the value for that attribute.
  e.g filter on "dispute type" column and get all cases with "dispute type"= "franchise". We select all these cases and create an access control list (ACLs) a combination of group and permission and apply to these cases. The ACL resides in the database linked to the "cases". This could be normalized tables again. Like this we can filter records at run time and build the ACLs for the cases for which we need to link the groups based upon conditions.
  At run time, we only need to check the ACL for a case to decide if the user has access to that based upon whether or not user is any of the group and the permissions then available.
  This is on top of the standard ADF permissions
  2) VPD - use virtual private data base to do this
  3) Other solution
  We need to know what could be best possible solution. Also would a VPD based solution be better here? would it allow flexibility like custom solution? also in terms of timelines and performance which is best match ..

  Hi,
  VPD for sure is a good solution if the same rules apply to multiple applications, not just one and not just ADF. My take on data security usually is to no query what users aren't allowed to see anyway. Data that is left in the database cannot be stolen on transit. For other options I can envision, is the use of discriminator columns as explained here: http://mjabr.wordpress.com/2011/06/17/using-discriminator-columns/ or polymorphic views (see sample 10 at https://blogs.oracle.com/smuenchadf/resource/examples#10) (doc: http://docs.oracle.com/cd/E25178_01/web.1111/b31974/bcadvvo.htm#CEGDCCCB)
  You can then define security roles for the different application or enterprise roles that you check (in the case of ADF Security) using EL, Java or Groovy.
  Frank
  Ps.: Note that JDeveloper 12c will provide options to dynamically apply view criteria based on user security roles, in which case you get another option.

• Security Data : No WS-Security Header - UTL_HTTP for HTTPS calls -Oracle 9i

  Hello,
  I have a SOAP requests to transmitt a on the fly parsed XML file to UTL_HTTP to connect to a SSL connection. Oracle Wallet is installed and connectivity is working as expected. However, in the SOAP response I am getting
  Security Data : No WS-Security Header I am not sure what I am missing? How can I resolve this error?
  Below is the SOAP response that shows this error.
  <?xml version="1.0" encoding="utf-8" ?>
  - <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  - <soap:Header>
  - <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  - <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-17449452">
    <wsu:Created>2010-11-20T05:03:40.568Z</wsu:Created>
    </wsu:Timestamp>
    </wsse:Security>
    </soap:Header>
  - <soap:Body>
  - <soap:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:c="urn:schemas-asource-com:transaction-data-1.0">
    <faultcode>wsse:InvalidSecurity</faultcode>
    <faultstring>Security Data : No WS-Security Header</faultstring>
    </soap:Fault>
    </soap:Body>
    </soap:Envelope>Below is my compete code that generated above response.
  BEGIN
           soap_request :=
                 '<?xml version="1.0" encoding="utf-8"?>
                     <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:ns1="urn:schemas-asource-com:transaction-data-1.31">
  <SOAP-ENV:Header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-
  secext-1.0.xsd">
  <wsse:Security SOAP-ENV:mustUnderstand="1">
  <wsse:UsernameToken>
  <wsse:Username>NPCOMMERCE_DEV</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wssusername-
  token-profile-1.0#PasswordText">Il/vJa0jat7929f8xxklPjYZIMy5eBCqBMILeGaC+E/1NfIWv+I2KfgghlhkSOaN6rme70OQHEo3e4LJMlWvfC7UfYaN9bqyQwYACmrDFpoiQYCOS+XLnRshhLHMio5VY4+P3C/25tCEH4lBAMRjP1LmjIvZI/h4YJ/65x8OQrqO7tdggZ/KAgvOiNc1GSU+NhkgzLl4EKoEwgt4ZoL4T/U18ha/4jYp+CCGWGRI5o3quZ7vQ5AcSjd7gskyVa98LtR9ho31urJDBgAKasMWmiJBgI5L5cudGyGEscyKjlVjj4/cL/bm0IQfiUEAxGM/UuaMi9kj+Hhgn/rnHw5Cug==</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </SOAP-ENV:Header>'
              || '<SOAP-ENV:Body>'
              || '<ns1:requestMessage>'
              || '<ns1:merchantID>'
              || 'ACOMM_DEV'
              || '</ns1:merchantID>'
              || '<ns1:merchantReferenceCode>'
              || lv_sequence
              || '</ns1:merchantReferenceCode>'
              || '<ns1:billTo>'
              || '<ns1:firstName>'
              || p_cc_holder_name_first
              || '</ns1:firstName>'
              || '<ns1:lastName>'
              || p_cc_holder_name_last
              || '</ns1:lastName>'
              || '<ns1:street1>'
              || 'XXX Charleston Road'
              || '</ns1:street1>'
              || '<ns1:city>'
              || 'Mountain View'
              || '</ns1:city>'
              || '<ns1:state>'
              || 'CA'
              || '</ns1:state>'
              || '<ns1:postalCode>'
              || '94043'
              || '</ns1:postalCode>'
              || '<ns1:country>'
              || 'US'
              || '</ns1:country>'
              || '<ns1:email>'
              || '[email protected]'
              || '</ns1:email>'
              || '</ns1:billTo>'
              || '<ns1:item id="0">'
              || '<ns1:unitPrice>'
              || 12.34
              || '</ns1:unitPrice>'
              || '<ns1:quantity>'
              || 2
              || '</ns1:quantity>'
              || '</ns1:item>'
              || '<ns1:purchaseTotals>'
              || '<ns1:currency>'
              || 'USD'
              || '</ns1:currency>'
              || '</ns1:purchaseTotals>'
              || '<ns1:card>'
              || '<ns1:accountNumber>'
              || 111111111111111
              || '</ns1:accountNumber>'
              || '<ns1:expirationMonth>'
              || 12
              || '</ns1:expirationMonth>'
              || '<ns1:expirationYear>'
              || 2020
              || '</ns1:expirationYear>'
              || '</ns1:card>'
              || '<ns1:ccAuthService run="true"/>'
              || '</ns1:requestMessage>'
              || '</SOAP-ENV:Body>'
              || '</SOAP-ENV:Envelope>';
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20003, errx);
        END;
        BEGIN
           UTL_HTTP.set_wallet
                              ('file:/p01/oracle/prj1db/9.2.0/appsutil/wallet',
                               'p4ssword'
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20004, errx);
        END;
        BEGIN
           http_req :=
              UTL_HTTP.begin_request ('https://rvcotest.ss.com/commerce/999/tProcessor',
                                      'POST',
                                      'HTTP/1.1'
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20005, errx);
        END;
        BEGIN
           UTL_HTTP.set_header (http_req, 'Content-Type', 'text/xml');
           UTL_HTTP.set_header (http_req,
                                'Content-Length',
                                LENGTH (soap_request)
           UTL_HTTP.set_header (http_req,
                                'SOAPAction',
                                'xmlns="urn:rvcotest.ss.com/commerce/999/tProcessor"'
        EXCEPTION
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20006, errx);
        END;
        BEGIN
           UTL_HTTP.write_text (http_req, soap_request);
           http_resp := UTL_HTTP.get_response (http_req);
           UTL_HTTP.read_text (http_resp, soap_respond);
           UTL_HTTP.end_response (http_resp);
        EXCEPTION
           WHEN UTL_HTTP.end_of_body
           THEN
              UTL_HTTP.end_response (http_resp);
           WHEN OTHERS
           THEN
              errx := SQLERRM;
              raise_application_error (-20007, errx);
        END;

  Thank you Fahd for quick response.
  I have gone through the note. So, it seems that I have to put a Header tag with username and password. But such tag definitions do not exist neither in my WSDL nor in my XSD that gets validation on destination server. In that case what do I do? :(
  -R

• Securing data from dba access , like Credit Card Details

  Hello ,
  is there any way of hiding CC details from all users in db level except specifc users
  enrypting cc data like oracle hashed passwords
  for ex,
  case (1)
  user 1 ( has access to these details )
  select acc#,customer_name from cc_details
  output : it will show all the details decrypted
  case (2)
  user 2 : ( doesnt have access )
  select acc#,customer_name from cc_details
  output : it will show all the details encrypted
  both in db level , like using sqlplus or toad
  any idea!
  thanks and regards,

  Hi, Peter,
  You wrote:
  Can you please document the problems you mention for Patch Sets/ CPU?
  What are the vulnerabilities? Search Alex's Web site but didn't find anything in regards to >DBVault.I've told about these
  http://dms.aladdin.ru/file.php?id=d7eb03f7f47ec3c68f4b1f1fe3317119
  http://dms.aladdin.ru/file.php?id=88cf1d7a962eddf7e57e2447d1e5b207
  and may be this
  http://dms.aladdin.ru/file.php?id=232eb8ed58d04295bb3920dbe805358d
  (Note: The link will be valid until 26 Jun 2008 GMT).
  In reg's to reading data from datafile, that's where TDE comes into the picture; then no-one can read from data file directly.
  There is no user who owns TDE; TDE is enabled on a database-wide level. So the >normal data owner (who is the only who should have full access to his own data with >DBVault) can use TDE to encrypt; no extra privileges needed.I’ve told about the user who is the owner of the database wallet (usually SYS). He can temporary disable encryption, takes the data, then restore encryption.
  DBVault and TDE should be the perfect match for 'securing data from dba access , like >Credit Card Details'In other words we have yet another administrator (DV owner) instead of the good old SYS :)
  And I have a question: in case the protection with DV of some tables was made from the SYS, can he make (in example) full backup or full export of the data (his ordinary administrative tasks)? If yes, then it isn't protection, if no, then...what?
  The solution is somewhere else, I think

• RAC data propagation delay?

  Hi Experts,
  I have a multi-threaded app that connects to a RAC DB using OCI.
  Flow:
  1.) Get an expired resource
  2.) Assigned it to a user
  Each thread executes the following sequence of queries:
  1.) SELECT id, data FROM table_name WHERE date_expiry = :min_date AND rownum = 1 FOR UPDATE;
  2.) UPDATE table_name SET date_expiry = trunc(sysdate) + 30, user = :user WHERE id = :id
  3.) COMMIT;
  -- :min_date is always <= trunc(sysdate)
  I expect that each row will only be assigned to a unique user.
  Apparently, this is not the case. It seems that some threads can still get a row even after the date_expiry has been updated.
  Is there a data propagation delay between RAC nodes?
  If there is, a thread can fetch a row even after another thread have updated it if the threads are connected in different nodes.
  This is the only reason I can think of.
  I tested this many times on a stand alone DB, but I can't replicate the error.
  Please help!
  BTW, our oracle version is:
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production With the Partitioning, Real Application Clusters, OLAP, Data Mining and Real Application Testing options
  Edited by: user11912154 on Sep 17, 2009 3:01 AM

  user11912154 wrote:
  Each thread executes the following sequence of queries:
  1.) SELECT id, data FROM table_name WHERE date_expiry = :min_date AND rownum = 1 FOR UPDATE;Bad method IMO. I have experimented with it when designing a PL/SQL replication system (Oracle SE) and this approach was not very robust and did not work properly.
  A better method would be to use something like a dispatcher/thread manager that hands out the work. So instead of each thread trying to discover what work needs to be done - and running into concurrency issues - the manager process picks up a batch of work to be done and distributed that amongst threads.
  Simplistic example. The thread manager fires of the SQL to find work and bulk fetches the 1st 50 rows. It closes the cursor, caches the 50 rowids and fires off 10 threads to process the 1st 10 rows. Each sleeps for a few seconds, wakes up, checks the thread number, finds that 8 threads are still busy and fires off 2 more threads to do the next 2 rowids. Repeat. When the cache has been processed (or when it is down to the last 10 rowids), the manager finds the next batch of work to do.
  The key design issue is not to have threads competing to find work. As this means competing for access to the same resource, and potential serialisation issues - threads stepping on one another's toes and getting hurt.

• Do data modeler support ORACLE Secure Data Masking and Subsetting ?

  How to use the security(Contains PII, Masking Type, ...) in conjunction with ORACLE Secure Data Masking and Subsetting. Is it possible to generate masking definitions for ORACLE Data Masking ?

  Hi Philip,
  it's a XML-format an looks like:
  <?xml version="1.0"?>
  -<MASKING_DEFINITION PROD_VER="10.2.0.4.4" META_VER="1.0">
  <DEFINITION_NAME>MASKING_DEF_1</DEFINITION_NAME>
  <TARGET_NAME>orcl</TARGET_NAME>
  <TARGET_TYPE>oracle_database</TARGET_TYPE>
  <ADV_OPTION_DISABLE_LOGS>Y</ADV_OPTION_DISABLE_LOGS>
  <ADV_OPTION_REFRESH_STATS>Y</ADV_OPTION_REFRESH_STATS>
  <ADV_OPTION_DROP_TEMP_TABLES>Y</ADV_OPTION_DROP_TEMP_TABLES>
  <PARALLEL_DEGREE>DEFAULT</PARALLEL_DEGREE>
  <DM_FLAGS>15</DM_FLAGS>
  MASKING_COLUMN>
  <OWNER>OWNER</OWNER>
  <TABLE>TABLE</TABLE>
  <COLUMN>COLUMN</COLUMN>
  <COLUMN_GROUP/> <FORMATS> <FORMAT> <RULE_ORDER>1</RULE_ORDER> -<RULE_CONDITION>
  <![CDATA[ 1=1 ]]>
  </RULE_CONDITION> -<FORMAT_ENTRY> <ORDER>1</ORDER> <TYPE>RS</TYPE> <START>1</START> <END>40</END> </FORMAT_ENTRY> </FORMAT> </FORMATS>
  </MASKING_COLUMN>
  </MASKING_DEFINITION>
  This is a example from my local 11 g database control on our OEM 12 c it starts with:
  MASKING_DEFINITION PROD_VER="12.1.0.4.0" META_VER="1.0">
  Perfect would be if we can choose the type of masking "Redaction/Data Masking" in the preferences and the properties of "Masking Type" and "Mask Template" properties would match the choosed type of masking.(i assume they can be found somewhere in the SYSTEM data dictionary)
  Besides the present properties there exists many others for "Data Masking Pack" like Start/End, ...
  Complete support of Data Masking Pack over Data Modeler would be great, OEM is more a dba tool and on our site definition of security is a product-owner/designer responsibility.
  Regards Günter

• Scrub3.exe - IBM Secure Data Disposal Utility - Problem

  D10 6493 Problem
  I have a refurbished D10 6493, upon boot up get the following message:
  IBM Secure Data Disposal Util 2.0
  Remote Deployment Mgr 4.1
  Command Code Executed
  C:\Dos7|Scrub3.exe /d=all /1=2
  Return Code = 0
  I changed the boot sequence to CD and tried to load Win7 OS but to no avail. End up with the following message.
  What changes should I make to the BIOS so I can install my OS.
  Ted

  What does your startup sequence look like?  Assuming you're trying to install the OS from optical, you should have the optical in front of the HDD in the startup sequence, and you might have to hit a key right after POST in order to boot the system to the DVD.
  That message you're seeing looks like it might be a log from the secure erase utility.  That's a utility usually used to wipe media.  I'm guessing this is displaying because your system is booting to a blank (but formatted) HDD that's been scrubbed already.

• FSL-02003  Unable to set owner /sapmnt/MHS/global/security/data for 512.

  Hello,
  I got the error "FSL-02003  Unable to set owner /sapmnt/MHS/global/security/data for 512" while installing SM 7.0 EhP 1 on Linux at phase "Create Secure Store". I have tried changing owner of the folder, but no change.
  Can anybody help?
  Thanks for your help
  Kris
  WARNING[E] 2009-07-24 17:54:48.617
             CJSlibModule::writeError_impl()
  FSL-02003  Unable to set owner /sapmnt/MHS/global/security/data for 512.
  TRACE      2009-07-24 17:54:48.618 [iaxxejsbas.hpp:483]
             EJS_Base::dispatchFunctionCall()
  JS Callback has thrown unknown exception. Rethrowing.
  TRACE      2009-07-24 17:54:48.699 [syuxctask.cpp:1382]
             CSyTaskImpl::start(bool)
  A child process has been started. Pid = 18576
  TRACE      2009-07-24 17:54:48.784 [syuxctask.cpp:1382]
             CSyTaskImpl::start(bool)
  A child process has been started. Pid = 18577
  ERROR      2009-07-24 17:54:48.822 [sixxcstepexecute.cpp:950]
  FCO-00011  The step createSecureStore with step key |NW_Doublestack_DB|ind|ind|ind|ind|0|0|NW_CreateDBandLoad|ind|ind|ind|ind|9|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR .

  Hi Kris,
  Have you tried to change permission of the file as logs are showing ?
  Check SAP Note 1257481 - SAP NetWeaver Inst. Based on Kernel 7.11: IBM DB2 for i which is not for your OS but similar error is described in that which is telling that by changing the permission you can proceed.
  Thanks
  Sunny

• Data security (Data from SAP BW) for AD users

  Hi  All,
  I have a scenario.
  BO env : Business Objects 3.1 Sp3
  Sap Integration kit Sp3
  My target is to implement AD SSO & also provide data security for data from SAP BW. Currently there are no roles & authorization defined in the sap System. My plan was
  Step 1:-  Implement AD SSO in Business Objects
  Step 2:  Map the AD users in SAP system
  Step 3:- Crate roles in SAP System
  Step 4:-  Assign the users roles
  Steps 5:- (Not sure) :-  Map the users (Now in SAP) to BO & then aliases them with the users from AD.
  Pleas let me know if this would be correct approach... if not please suggest.... I am kind of new to SAP BO integration with experience in BO admin

  Step 1: Setup Windows AD SSO on your BOBJ server
  Step 2: Import Windows AD groups in BO
  Step 2-  Setup Server-side SNC between BO and your SAP system
  Step 3:- Create roles in SAP System and import them in BO
  Step 4:-  Assign SAP users the created roles
  Step 5: - In the CMC create SAP aliases for your Windows AD accounts
  Step 6: - Setup your reports and/or universe connections to use SSO.
  For more information on server side SNC check the installation guide of the integration Kit.
  Regards,
  Stratos

• Can you create a javascript dynamic menu based on security data in oracleDB

  I am looking for a dynamic javascript menu that is generated based on the user role... basically i get the user role from ldap and then I have a Security table in oracle data base that has the permission info and i want to generate my dynamic menu based on the data in the database table.... the table has the following columns
  private String userId;
  private String security_level; // page level , field level
  private String permission; //CRUD
  private String permissionType; //ALLOW, DENY

  Hello Suzie,
  It is possible but you have "many" ways to do it, since what will happen is the javascript will be generated by an application.
  Are you developing a J2EE application? with or without JSF?
  The best way will be to Google to find a good Javascript menu library, and adapt the generation of it based on the content of your database.
  Regards
  Tugdual Grall