Third party users

Similar Messages

• Third-Party User Management Tools

  I'm looking for recommendations for third-party user management tools that can do the following:
  - Identify and bulk-expire/no visibility users that are inactive for >XXX days
  - Identify users with auto-forward rules
  - Bulk-delete inactive accounts (from GW database only, not eDirectory accounts)
  - Maybe even bulk-move inactive/expired accounts to a "dead accounts" post office?
  I have an immediate mandate to clean up our environment, and I don't see how to do this in bulk with existing native tools. It's just one guy (me) versus 42 post offices and 23,000 user accounts...
  Thanks!

  You can create your own tools using the GroupWise Administrative Object API and the GroupWise Object API.
  Please refer to the Cool Solutions article I wrote ( shameless self promotion ) "Scripting GroupWise" - Scripting GroupWise | Novell User Communities for more information on the GroupWise Admin API. I suggest that you modify the script listUser.vbs to include domain name ( GWUser.PostOffice.Domain.Name ) , post office name ( GWUser.PostOffice.Name ), visibility ( GWUser.Visibility ) and last login date ( GWUser.MailboxLastLoginDate). You will need to run an audit report on each post office to update the MailboxLastLoginDate property. Import the output into Excel and sort / filter accordingly for analysis.
  Setting an expiration date ( MailboxExpDate ) and / or visibility ( Visibility ) is done by assigning values to the respective properties and using the commit method - e.g GWUser.Commit
  Identifying accounts with auto-forward rules can be using GroupWise Object to log into each account using a trusted application key. I posted ( more shameless self promotion ) some sample code to list proxy access in another thread - https://forums.novell.com/novell-pro....html#poststop. It is not too difficult to modify the code to iterate through rules and select those that include the action forward.
  Deleting is be done using the the delete method - e.g. GWuser.Delete(eadGW) where eadGW is constant with the value 1.
  I would advise against using the Administrative Object API to automate moving accounts. Best practices to avoid problems during moves involve running GWCheck against user objects until there are no errors. I perform structure, contents, contents with attclip and contents with deldupfolders checks until there are no error before moving accounts. There is also the issue of how many simultaneous moves the post office agents can handle. More accurately it is the number of simultaneous purges on the source post office that need to be monitored.
  If you need more help with coding let me know.
  Sincerely,
  Bryan Vandenberg
  Originally Posted by gregamy
  I'm looking for recommendations for third-party user management tools that can do the following:
  - Identify and bulk-expire/no visibility users that are inactive for >XXX days
  - Identify users with auto-forward rules
  - Bulk-delete inactive accounts (from GW database only, not eDirectory accounts)
  - Maybe even bulk-move inactive/expired accounts to a "dead accounts" post office?
  I have an immediate mandate to clean up our environment, and I don't see how to do this in bulk with existing native tools. It's just one guy (me) versus 42 post offices and 23,000 user accounts...
  Thanks!

• ALE third party: User name in change log of PO item is updated inconsistently

  Hello,
  We're running third party process, where changes in SO item are auto updated into PO item via workflow. Normally, user who changed SO item is updated in change log of PO item. However, there are several cases where workflow user is updated in PO item change log. There seems to be an inconsistency here. Do you have any idea? I've searched SAP Note but could not find any.
  Thanks,
  Duc. 

  Hello Jurgen,
  Checking data in system, I found one thing:
  if change document of PO item is created later than change document of SO item, change user in PO item is workflow user; in the other hand, if change document of PO item and SO item are created at same time, change user in PO item is same as change user in SO item.
  So I guess root cause of issue is: Change User in PO change log depends on which task system is doing (updating SO item or updating PO item) at the time the log is recorded; due to this, the t-code in log is also different (ME22 for workflow user and VA02 for normal user).
  Is it correct?
  Regards,
  Duc.

• How to Retrive data Form Third party tool & up lode  in  SAP

  HI Friends,
  My client was implementing sap & parlay  .NET for   HR module .
  my client requirement was what ever amount   he payed  for Employees  that should also uplode in sap.
  In SAP he is treating employee as Vendor .
  so please guide me how can I Retrive data from third party tool & how can i uploaded in sap .
  Regards,
  Reddy

  Hi,
  Third Party Tool must be having some features of downloading data in a format like Excel.
  In SAP Side, this File is going to be your input...Now you can try different options:
  1) Identify the IDOC that serves your purpose and populate the idoc and fire an Inbound IDOC.
  2) Run a BDC for your relevant Txn Code by uploading the Third Party generated Excel data into an internal Table.
  3) Use an Standard BAPI to upload data into SAP.
  4) If possible, Use an SAP Provided Direct Input program to pump data in SAP.
  You need to give the expected format of Excel to the Third Party user generating the Excel for you.

• Third Party Email Certificate

  Hi,
  I am in a project that using three java based application in a SOA.
  Those applications have some needs to send email to a third party user, who don't have email account in our domain.
  I've told to use email certificate to ensure the security, what I want to ask is, is there any need for every application to invoke the certificate (which I'm going to install in my mail server) to put it in every email send? or I just install the email certificate in the email server and registering my domain? I really need help on this, thank you.

  Either your code or the API will need to do the same as any other mail client and compose a properly signed and optionally encrypted message.
  In the case of a normal mail client, the user's certificate is stored somehow on the client. In highly secure environments, that certificate is stored on an ID card which must be physically inserted in a reader attached to the system sending the message. In that case, the actual signing is done by the card. A more common alternative is that the certificate is stored in a local DB and password protected. For example, Thunderbird keeps the user's certificates in a local file:
  * Tools->Options...
  * Advanced
  * Certificates
  * View Certificates
  * Import
  I do not know if the JavaMail API has any features to help you with this. You should ask about that in the JavaMail forum:
  JavaMail

• Error on load: System.IO.IOException: The process cannot access the file : error in event viewer when users want to view documents from this third party deployed scan solution

  Error on load: System.IO.IOException: The process cannot access the file
  '\\server1\SCANSHARED\.pdf' because it is being used by another process.
     at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
     at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
     at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
     at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
     at System.IO.File.WriteAllBytes(String path, Byte[] bytes)
     at abc.Scan.Layouts.ICC.Scan.View.Page_Load(Object sender, EventArgs e)
  I faced this  error in event viewer  when users want to view documents from this third party deployed scan solution
  here I have two WFS servers  and they configured with load balancing in F5 .
  when I enable both servers in F5 I receive this error messages in 2nd server,
  when users want to view documents
  adil

  Do you have antiVirus installed on the sharepoint servers?
  These folders may have to be excluded from antivirus scanning when you use file-level antivirus software in SharePoint. If these folders are not excluded, you may see unexpected behavior. For example, you may receive "access denied" error messages when files
  are uploaded.
  Please follow this KB and exclude the folders from Scanning.
  http://support.microsoft.com/kb/952167
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• How do I allow parental controlled users to access third party apps on the admin account?

  I just set my son up with a separate parental controlled user account and he can't seem to access some third party games that we installed for him under my admin account. He has saved progress on these games that we don't want to lose, so I don't want to reinstall them. I checked them off as allowed apps, but when he tries to play- the game icon shows up in the doc then changes to the updater icon and they won't run. I've searched for answers to this question, but can't seem to find any. Please help? My son and I would be very grateful!

  jeremiahfromva wrote:
  Mavericks (isn't that an old Ford model?
  Sure was! They used it on 4 different models. But that was Maverick, as in horse. This will be Mavericks as in ocean waves.

• From sales order to third party sales order user ex

  hi .....my client busieness process is normal he produces the product his own and whenever the stock is not available automatically sys sends purchase requistion to third party................. how to write a user exit for this........
  can pls explain how we maintain functional specs.................for this reuirements.
  thanks,
  hari shankar...
  Message was edited by:
          hari shankar

  You should use a user exit such as MV45AFZZ to do this. Get an ABAPer to help you do this.
  You'll need to read the unrestricted stock level for the material in question and if that level is less than the order quantity, then you would need to change the item category of the material to BANS. this will prompt the creation of purchase requisition for the material.
  You'll need to set up the item category assignment table to add BANS as a manual entry. You will also need to ensure that you create a purchasing information record as well as a source list for your material and vendor. You will need to set up the program behind transaction ME59 in a daily batch job (this converts the purchase requisition which is automatically generated from the sales order) into a purchase order.
  Go to http://www.sap-img.com/sap-sd/process-flow-for-3rd-party-sales.htm for further details.
  Please award points if helpful.
  Thanks
  Jon

• Third party system user click the url iam getting error?in sap crm IC

  Hi Team,
  I have given URL to Thrid Party systems.user clicks the link,then he enter the password and username then its getting error like as below..Please help here what settings we need to do.
  Third party system user clicks the URL link ,after entering username password Iam getting error ?
  Thanks
  Kalpana

  HI  Team,
  I have added the parameter crm-ext-integration=true , or we need to any settings for this..Could you please help here..
  Error: TO help protect the security of information you enter into this website,the publisher of this
  content does not allow it to be displayed in a frame
  Thanks
  Kalpana

• Third-Party Authentication: Search User identity problem

  I have installed OpenSSO agent on my SGD server. I have followed this doc: http://wikis.sun.com/display/SecureGlobalDesktop/HOWTO+Use+OpenSSO+With+SGD
  Everything works except the part where the SGD server tries to map the username with the Local+LDAP repository
  I have enabled the Third-Party Authentication and selected the option: "Search the User Identity in the LDAP Repository and use the closest matching LDAP Profile from the Local Repository"
  I have also kept the already working System Authentication (Active Directory) enabled
  I have 2 problems:
  1 - If the user does not exist in local directory (but exists in the active directory) the user is not automatically logged (the login screen of sgd appears).
  In the log file (catalina.out) I have an "Invalid credentials" message.
  The user is then able to log on manually.
  2 - If the user exists in both directories (local and Active Directory) the user is automatically logged-in but the profile is not the same. (the application list is different and the client settings are reset)
  I have checked the open session on the Administration console and I see a difference in the case of the User identity.
  If I log manually I will see "DC=COM / DC=DOMAIN / CN=User Name (LDAP)" (this is the right user)
  If I log with opensso I will see "DC=com / DC=domain / CN=User Name (LDAP)"
  I can log on with both at the same time, SGD seems to consider it like two different users.
  Thanks

  Hi,
  You need to create at least one high level "LDAP Profile" user profile in the SGS ENS.
  Regards,
  Arno Staal
  Divider B.V.

• HT201365 Does Find My iPhone collect data on user whereabouts for Apple or any other third party?

  Does Find My iPhone collect data on user whereabouts for Apple or any other third party?

  Google search produced this article: http://support.apple.com/kb/HT4865

• Access to my Office 365 third-party app for external user : "a User account is not registered for the account"

  In my third-party web application of Office 365, I want to have access to the contacts, events and emails of all the users from the organizations who installed my app. The thing is I don't want that all these users have to grant me access, I just want one
  admin of the org to grant access for my app and then be able to retrieve the data I need for all the users.
  To test for one organization, I logged in as the admin and proceed to the Oauth2 authentication to retrieve the access token and in the first request (the GET one to retrieve an authorization code) i add the parameter
  prompt=admin_consent.
  With this access token, I can access the data (emails, contact, event) of the admin
  for instance for the contacts
  uri: https://outlook.office365.com/ews/odata/Users(adminemail)/Contacts
  but not the data of the other users of this org with this uri
  uri: https://outlook.office365.com/ews/odata/Users(useremail)/Contacts
  The only thing I can do is retrieve an access token for each user but it supposed that each user has to authorize the access to the app but it's very cumbersome. So, i don't see what enables the parameter prompt=admin_consent and how to use it. Does anybody
  know what it does?
  And my question is: how can I do to access the data of all the users of one organization when the access has been granted by one admin?
  Thank you!

      
  This was answered on StackOverflow by Dushyant Gill.  http://stackoverflow.com/questions/25316175/access-to-my-office-365-third-party-app-for-external-user-a-user-account-is-n/25316678#25316678
  You are sending the OAuth request to a tenant specific endpoint of Azure AD. Note the {key_provided} part of your Url - that part represents the tenantid or a registered domain name of an Azure AD tenant. Azure AD throws this error is the user signing in
  is not a user in that tenant.
  Multi-tenant applications like yours have two options:
  Perform home realm discovery yourself and send the SSO request to the correct tenant-specific endpoint of Azure AD: when a new Azure AD organization signs-up for your application, record its tenant ID, and registered domain names. On your login page, ask
  the user for their email and try to discover what Org they belong to using the suffix the email.
  Use the common endpoint of Azure AD. Instead of the {key_provided} part of the URL, use 'common'. In this case Azure AD will determine the user's tenant and sign-in the user. The token that your application will receive will still be from the user's tenant
  (iss claim).
  2 is more convenient for apps. However #1 has an advantage when the user's Organization has customized their sign-in page with the company logo etc - in the case of #1 the user will directly be taken to the customized and familiar sign-in page.
  I recommend a combination of the two: try determining the user's organization and sending them to the tenant specific SSO endpoint. If you're not able to - send them to the common endpoint.

• Cannot add users to mapped third party group

  when i try to add a user to a group i get the following message
  "cannot add users to mapped third party group"

  If a group was mapped in via AD/LDAP/SAP then the users must be added in the 3rd party (AD/LDAP/SAP) you cannot create members inthe CMC. This is by product design. If you want to add members to groups in the CMC they must be enterprise groups only (groups created in the CMC not mapped in from 3rd parties).
  Regards,
  Tim

• Trigger for blocking user using third party tool !

  Dear Friends ,
  I have to block the users from using sqlplus, TOAD, PLsldev etc (Except SYSTEM user) from client end using the below trigger :
  create or replace trigger check_logon
  after logon on database
  declare
  cursor c_check is
  select
  sys_context('userenv','session_user')
  username,
  s.module,
  s.program
  from v$session s
  where
  sys_context('userenv','sessionid')=s.audsid;
  lv_check c_check%rowtype;
  begin
  open c_check;
  fetch c_check into lv_check;
  if lv_check.username in ('SYSTEM')
  then
  null;
  elsif upper(lv_check.module) like
  ('%SQL*PLUS%') or
  upper(lv_check.program) like
  ('%SQLPLUS%')  or
  upper(lv_check.module) like
  ('%T.O.A.D%') or
  upper(lv_check.program) like
  ('%TOAD%')    or
  upper(lv_check.program) like
  ('%PLSQLDEV%')    or
  upper(lv_check.program) like
  ('%BUSOBJ%')    or
  upper(lv_check.program) like
  ('%EXCEL%')
  then
  close c_check;
  raise_application_error(-
  20100,'Banned! Contact with Database Admin!');
  end if;
  close c_check;
  end;
  It works fine all normal user cannot access the database using above third party tools .
  But the problem is , user with DBA privileges can access the database with generating an trace file . Is there any way to restrict DBA Privileged user ? or is there any mechanism to create a log/trace file so that If there any  DBA Privilege user acess to the Database , then we can get the information from that specified log/trace file ? 
  Waiting your kind reply ... ...

  Hi,
  If the DBA users has the DBA role granted to them so they will by passes the logon trigger. For example, the SYSTEM user has the DBA role and the DBA role has the ADMINISTER DATABASE TRIGGER privilege. The ADMINISTER DATABASE TRIGGER by pass the logon trigger. If you want to restrict the access to a DBA user, then you need to revoke the ADMINISTER DATABASE TRIGGER privilege from the DBA role or grant individual privileges except the ADMINISTER DATABASE TRIGGER privilege to the DBA users.
  Cheers
  Legatti

• For third party email users

  AKA anything that isn't @verizon.net (ie @hotmail.com, @juno.com)
  Verizon is blocking port 25, please check: http://www22.verizon.com/ResidentialHelp/HighSpeed/General+Support/Top+Questions/QuestionsOne/124274...
  Reason:  Most common email viruses are sent using port 25 to infect computers. Often times the user never knows their computer has been infected. In order to protect our customers, Verizon has turned off the ability to send email using port 25 for all users other than those using a @verizon.net email address.
  They give some step by step instructions for anyone who are using a third party email here:  http://www22.verizon.com/ResidentialHelp/HighSpeed/Email/Setup+And+Use/QuestionsOne/124333.htm
  Just an FYI if your non Verizon email suddenly stops working in outlook, macmail etc.  Simply change the outgoing smtp port from 25 to 587.  You won't notice any difference.
  Just thought I'd give everyone a heads up if you didn't know about this.

  I have a non-verizon email account, and must run everything through the verizon server.  I have changed the smtp port to 587, I have it marked to authenticate. The outgoing server is smtp.vzwmail.net    I still cannot send email.  I can receive, but not send.  Can anyone help?