Setting Access Restrictions

Similar Messages

• WRT54G V5 Not able to set Access Restrictions on URL or Keywords

  As stated above I am trying to restrict acces to certian types of web sites as well as known known websites. I am also setting up time restrictions as well. how do I do this. I have setup different policy names to do different things si it is not trying to do it on just one. any help would be great.

  it shows that it is there and it just does not work. do I need to do anything after I set and save? restart anything or something? I do enable it so i just dont know. Do I need to subscribe to something?
  Message Edited by Malachy209 on 04-08-200706:21 AM

• Access restrictions timing off by 1 hour

  I don't know if anyone else is experiencing this problem.  I have set access restrictions on my WRT610N router and they execute an hour earlier than set.
  I checked the time zone settings, the system clock and all seem correct. I have a rule that is supposed to turn off access to the Internet at 11:55pm. However, the rule gets executed at 10:55pm.
  This was happening on my first WRT610N which was also dropping network connections. So, I returned that unit and got a replacement.
  The new unit does not drop connections but has the same timing problem.  The only solution I have found is to change the time zone to the next one that is 1 hour behind my time zone.
  Please let me know if anyone else has experienced this same situation.

  My ISP is on the same town as I am. The information they are supplying appears to be correct as my WRT54G uses the same information and its rules execute properly.
  I think there is a problem with the WRT610N. My solution is temporary I hope that Linksys will fix this problem. 

• Access Restrictions for Time?

  I keep trying to set access restrictions for my wrt54g router for time. There is no 12 for time so I'm selecting 11:55 pm to 6am but I keep getting an error message of, "end time must be bigger then begin time." I get this no matter if I select 9pm, 10pm, etc.........
  Any ideas?

  You cannot choose a time frame through midnight. You have to split it in two rules, one before midnight and one after, i.e. choose 12am to 6am and 9pm to 11:55 pm.

• Access restriction based on Sales Units / Sales Area

  Hi all,
  I am looking into the access restriction functionality on business roles.
  One of our customers has a requirement to separate data between their different sales organisations. One sales organisation should not see customers, opportunities of the other sales organisation and vice versa.
  In the access restriction I see that the access context defines on which elements you can set the access restriction.
  For customers and opportunities the possibilities are: Employee or Territory.
  Setting the access restriction on Employees is not a solid solution for me (when the employees are changed in the org model, the access restriction is influenced on several business roles..)
  So what if we do not use territory management / if the territory management setup differs from the actual sales areas / sales units?
  So my main questions are: can we set access restriction based on Sales Units? (we will setup integration with SAP ERP which means we cannot enter sales areas for prospects...). And can we influence the access context or do we need developments for that?
  Kind regards,
  Jasper

  We plan to enhance the access restrictions based on sales organization and distribution channel in a future release.
  If you setup territory management, we offer sales office and sales group including sales organization as attributes to define a territory if you are connected with SAP ERP.

• WRT Clock - affect on Access Restrictions

  Hi - this is my first post on this forum. I have a WRT320N and I have set access restrictions so that the Internet is only accessible between 7:00AM and 10:00PM for certain IP addresses on my home network. The problem is that once enabled the Internet is not available at any time - to be fair I haven't checked in the middle of the night. Is there any way that I can check the clock in the router ? Its not shown on any of the management console screens.
  TIA

  Log on to your router and go to the status page.  You will find the correct time.
  Greetings from Northern Ontario, Canada

• How to set 'colliding' access restrictions in wrt610n - what are rule preferences?

  Hello. I want to set up access restrictions to one MAC address (my kid's machine) basing on week days. From Su to Th allow less access time while during Fr-Sa afternoons access time should be longer. The question is how to program it in router. I know I can set rules with "allow" and "disable" keyword, but I don't know rules preference.
  When I set (Su-Th 6-21) allowed access time then router automatically denies defined machine internet access outside this time range. The problem is in the power of thus calculated denying time. I want to allow more access time in weekend, so I hoped if I can simply add "Fr-Sa 6-22:30 allowed access time" rule. I hoped that router will regard explicitly set time over inexplicitly set  time but it appears it is not so.
  Does anyone know the rule of rules? What are their preferences/priorieties, iis it possible to stack more rules affecting one MAC address or it is so simple that the first rule "rulez"? Is it possible to set more than one time rule affecting the one machine?
  Solved!
  Go to Solution.

  Agh! Thanks for your reply, it was good incentive to test the problem little more. Now I'm pretty sure that wrt610n algorithm has problem - it lies with power cuts. In my flat, the last internet user usually turns off power board when goes to sleep. After power is resumed router seemed to work flawlessly yet herein lies the problem and I hope I've found solution.
  The tests I have done:
  1. 2 rules (as mentioned in my first post). Kid's machine works (this is day now). Didn't played with rules times. Just turned router off. When router was turned on, two other (parents) machine get internet access while kid's machine didn't! Kid's machine was banned from internet against the rules. Router has proper time set - I checked it's status.
  2. I turned both rules to "disable access" versions (1. disable access Su-Th 21-23:55; 2. disable access Fr-Sa 22:30-23:55). This rules should work almost the same way (the only problem is, that no rule can expand over midnight, so the third rule should be added, banning access from midnigts to early mornings). The router was switched off. Then on. All three machines now has internet access. I hope, router will ban access in the afternoon automatically, as is set
  My deduction. Algorithm bases on time points. When marked time comes, algorithm do, what it should do (but only, if router is powered). When you set "turn internet access on" time (this is "allow rule"), router turns on the access precisely at the chosen moment of time. If router was dead at that time, it doesn't turn the access on however, when power is restored. But when you set "disable rules" in place of "enable rules" I hope it should work and I tested, that this way router gives access after turning it on. Router should disable internet access to the kid's machine at selected time - at least until smart kid does not turn the router off a few seconds before the switch_off time and soon after turn it on But then there is plenty of more powerfull means of control, so I don't worry too much Yet it seems to me, there is a flaw in algorithm, which doesn't run properly after power on.

• Setting time access restrictions

  I'd like to use time access restrictions to allow access from 7AM to 1AM; but software won't allow.  Am I missing something or is it that inflexible?  I used to be able to do this without a problem with my Cisco router.

  Did you try this?
  Develop one rule for access everyday between 7 AM and 11:59 PM
  Develop a second rule for access everyday between 12:00 AM and 1:00 AM
  Works fine. There will be no break in the connection.

• How to configure CLI/DNIS based access restriction in 5.3 ?

  Hi,
  does anybody have an idea how the setting
  define CLI/DNIS-based access restrictions which is defined in ACS v. 4.2
  can be configured in acs 5.3 ?
  in v. 4 for every user in a group with 40 members  a different CLI is defined for each. How can I configure that in version 5.3 ?
  any help as always much appreciated!

  The equivalebt to NAR functionality can be found at:
  Policy Elements > Session Conditions > Network Conditions > End Station Filters
  Can then define an object with a set of CLI values
  These objects can then be used in policy conditions. So can create a condition with a set of CLI values and then match in authorization policy for values that are included in this set and set authorizations accoridngly
  Not sure if this is your use case but hopefully may be a start

• WRT160Nv3 problem with blocking traffic using Access Restrictions

  Hi.
  I want something quite simple. Block Youtube. I go into "Access Restrictions", choose a name for policy 1, enable it, choose the pc from the pc list, but then...
  if a click Deny, all other options will be disabled (greyed out, can't click nor write on them).
  Therefore, I can't put the urls I want (youtube).
  I tried writing the url with "allow" and then change it to "deny" but it will block ALL traffic.
  No good.
  So, how do I make a new policy just to block this one URL?
  Is it normal that when I click and choose "Deny" everything gets disabled afterwards?
  Thanks in advance.
  Regards,
  Leo
  Solved!
  Go to Solution.

  for internet access policy DENY means to restrict internet access during specified days and hours. this will block ALL internet traffic for the said schedule. website blocking by URL, blocking by means of keyword and blocking applications would then be NOT AVAILABLE as the computers would not have internet access to begin with if you have such a policy disabled.
  for your case, you may want to try to set restriction to ALLOW internet access then specify youtube.com under Website Blocking by URL. this would allow computers to have access to the internet all the time (if you have the schedule set to EVERYDAY) or during specific days and hours but NOT have access to youtube.

• Access restriction in Universe

  Hi All,
  In our environment we have 2 domain (US and Europe) and most of the user have id created for both the domain. We have 2 identical databases one in US and other in Europe. US database holds US information and Europe holds Europe data. 
  In our BO environment we have set the ad groups to create new id for each user Alias i.e if the user abcd has access in both US and Europe domain BO creates 2 separate ids for each domain (bo internally creates abcd and abcd0). We have only one universe and set of reports which has connection switching based on the domain user logs into BO (access restriction at connection level). This works absolutely fine, switches database connection depending on the domain user logs in.
  Now we are hearing from our users that they can access the personal reports created under Europe login in US login (this because users has abcd and abcd0). So we decided to create enterprise id and alias the users from AD group (abcd --> alias AD abcd), if we do this the change the connection swap is not happening as the BOUSER always returns abcd as user and universe restriction is only picking the default connection.
  Thanks
  Srinivas

  Hi,
  As you have mentioned in the post that OS is solaris. so for Solaris LAFix has been released by PG for this issue.Below are the details:
  VERSION:     XIR3.0 LAFix0.18
  PLATFORMS:       Solaris Solaris 10
  LANGUAGES:       English
  ADAPT ID:      ADAPT01099598
  Synopsis:     Universe connection override does not work u2013 Error WIS 10901
  WARNING: This LAFix has not been through a full regression test cycle but it has been deemed to fix the problem reported by the customer.  Inadvertent introduction of an unforeseen issue can however not be fully excluded. Before providing this LAFix to the customer, Customer Assurance must perform their own tests to confirm customer issue is solved.
  ADDITIONAL INFORMATION
         Installation Instructions :
  1.     Stop all BO Enterprise services, e.g <BOE_DIR>/bobje/stopservers
  2.     Gunzip and Untar  XI3.0_RHEL_LAFix0.18.tar.gz
  3.     Change directory to <EXTRACTED_LOCATION>/LAFix0.13/DISK_1
  4.     Run install.sh
  5.     Re-start all BOE services, e.g ./startservers
         Uninstall Instructions :
  2. Run uninstallpatch.sh from your system.
       New Behavior :
              The above issue is now resolved.
       Limitations :
              No known limitations
       Component(s):
        libuum.so
  Note: LAFix is released on top of XI 3.0
  To download the or get the LAFix you need to contact to your Sales Account Manager of BusinessObjects.
  Cheers,
  Deepti Bajpai

• Session and Access Restriction

  Hi:
  I have this problem with access restriction. I was trying to build a "secure" site with sessions where users are able to login and access secure webpages upon successful login. And these webpages are not available as soon as the user session expires or terminated. However, from time to time, these web pages are still accessible after logging out by pressing "back" button on the browser or book-marking these pages.
  I noticed that Hotmail and old Yahoo mail system have the same problem as the one that I have just described.
  I am not using https or virtual host or anythind like that, because I didn't have the resource. It is supposed to be a Basic Authentication (login/password) scheme.
  Could any one light me some fresh ideas?
  Thanks
  Tian Lei Xia ":)

  To avoid the bookmarking problem, set a session attribute with the login details.
  Once they login:
  if(request.getParameter("username")!=null)
       session.setAttribute("username","personA");
  if(session.getAttribute("username")==null)
       //don't display the page
  else
       //show them the pageThis is a very basic technique and there are other ways of doing this. As for logging out then the session should just be invalidated.
  An alternative would be to use the security features of the web deployment descriptor and get the web container to handle the sessions for you (See servlet API specs 2.3 for more details).
  Good luck,
  Anthony

• "access restrictions" did not work sometimes when using 3-tier DeskI.

  My customer found that "access restrictions" did not work sometimes when using 3-tier DeskI.
  But this issue can be solved by logging on from another machine, or restarting the DeskI.
  For I can reproduce this issue, so I just want to know that:
  1.What is it probably related to?
  2.If this issue happens again, what can I suggest my customer for tracking it?
    For example, get some log files from servers etc.
  Thanks!

  Hi Sarah,
  Also you can try the following solution.
  1. Import the universe.
  2. Go to manage access restrictions
  3. Remove the restriction .
  4. Again create the rescrition and unchecked the " limit size of result set to"
  5. Now assign it to the unlimited results group ( this is the name of
  the group we have given to those users who should be able to retrieve
  more than X rows)
  6. Now we save the universe. (Dont export the universe).
  I hope this will help you.
  Regards,
  Sarbhjeet Kaur

• Setting access rights at component level

  I have created a component. The business wants to restrict its use to a certain group of users.
  If a user is part of that group, ONLY then the coomponent should be available in sidekick at time of page creation.
  How is setting access rights at component level being achieved?

  As Jorg stated, Group ACL settings are meant to control access at a page
  level.  As he also stated is possible to control access even further, but
  with additional effort and difficulty. But, nearly every client wants this
  done down to the component level and on a group by group basis.  So, what
  I've found, over the years that works is the following:
  - Configure the available components per template type per parsys
  - Further configure the available components at the group level
  For the custom built components, you can remove them at the group level by
  un-checking the 'read' ACL on the dialogs for the given component.  You
  don't want to un-check read for the whole component because then the users
  of that group experience random 'holes' in the content.  But, if you
  un-check 'read' for the dialogs, then the component will not display in
  Side-kick (at least on 5.4 and prior this is the case).
  The only caveat to this is the OOB components.  That is where you will run
  into a lot more difficulty.  Those should mostly be enabled/disabled at the
  design level for the entire page/parsys.
  Hope this helps.
  Todd

• Setting access for one user

  Hi,
  Our client has ACS server and implemented AAA fro logging into switches and routers through ACS which is being cofigured RADIUS . They are telnet into rotuers and switches from any user but they are want to setting access from only one user . Can someone plz tell me what can i do to solve yhis problem ?

  Hi,
  If I understand this right, you have multiple users that can access the routers and switches right now but would like it so only 1 username has access?
  If so, you could use NARS (network access restrictions) and deny access to everyone else but the one specific user.
  Just select
  1.Group Setup
  2.Select the group which "already has" router switch access, edit the group settings
  3.Then scroll down to the "per group defined network access restrictions" Enable it with a checkmark.
  4. Select deny calling/point
  5. AAA client = routers and switches (NDG)
  6. Ports = *
  7. Address = *
  8. Hit enter and the new rule will be added to the window above.
  9. Click submit (not submit and restart until you create the other NAR for the other group)
  ***Remember that groups that are mapped to and outside group (ldap, AD) will be able to connect to your routers and switches UNLESS to tell the ACS not to. By default the ACS doesn't know not to let USER1 access the routers but not allow USER2.
  That being said, you'll need to deny access to your routers and switches (network device group) to all groups that are not allowed to connect to those devices.
  Click submit and restart but remember this will stop authenticating users for the time its restarting.
  Hope this helps and feel free to ask anymore questions.
  Craig
  Pls rate helpful posts.