URL access rights of a partner application for different user groups

Similar Messages

• Access control for different user groups in APEX 4.0

  Hi guys,
  in Apex 4.0, is there any way to use the access control page to configure access control for different user groups?
  The access control page currently only has an access control list by users with 3 privileges namely, Administrator, Edit & View where Administrator has the highest access level & View the lowest. Therefore 1 user cannot have more than 1 different privilege, however if the user belongs to 2 or more different groups then we can control what access he can have in a more fine grained manner. We also want to have more than the 3 privileges given.
  Can we assign different groups to different users and let them have different privileges to be configured by page, region, process or item level?
  Now Apex will create 2 tables, Apex_Access_Control & Apex_Access_Setup to store the application access control mode & access control list. It will also create 3 authorization schemes "access control - administrator", "access control - edit" & "access control - view" based on the 2 tables.
  Does this mean we have to change the table structures & edit the authorization schemes to suit our usage? We are reluctant to do this because if we upgrade to a newer version of Apex then we would have to merge our pl/sql coding with Apex's updated code.
  How can we auto-configure more than the 3 authorization schemes in the access control page? Is there any way to achieve a finer grain of access control based on the current access control administration page given by Apex without writing it ourselves?
  We are afraid that we may have missed something on Apex access control & do not want to reinvent the wheel.

  Hi Errol,
  to build your own application authorization scheme around the security model supplied by Apex for administration of the Apex environment would be a bad idea.
  This was never intended for authorization scheme management in custom built Apex applications, it was solely intended to control access in the Apex environment overall. The API for it is not published, and making changes to it, such as adding more roles, would run the risk of breaking the overall Apex security model. It would not be supported by Oracle and Oracle would not guarantee the upwards compatibility of any changes you make in future versions of Apex.
  In short, you should follow Tyson's advice and build your own structure. As he indicated, there are plenty of examples around and provided your requirements are not too complicated, it will be relatively simple.
  Regards
  Andre

• How to set different default interactive reports for different user groups?

  I'm probably overlooking an obvious solution, but how do I set different default interactive report for different user groups?
  For the same interactive report, I want one set of users to see a default where the default filter is based on column X. However, another group of users doesn't have authorization to see that column so I need to set the default filter to something else for them.
  Thanks

  You can set a filter on a report in a URL - would that help? I think with apex 4.x you can also link to a saved default report or alternative report...

• Mass creation of common folders for different user groups

  Hello Experts,
  We are using Portal 7.0 SP12 and we have 10 different user groups created in Portal.
  Based on this group structure, we need to create two common folders in each of the user's personnel documents in KM.
  Is there is any way to achieve this kind of requirement ?
  Can we do mass creation of these two common folders which will be assigned to all of the groups. This needs to be done in user's personnel documents and not in Public documents.
  Any help in this context would be highly appreciated. points assured.
  Thanks in advance,
  Anil Kumar.

  For every user a folder is created in userhome. One approach is to capture this folder creation event and create the folder structure you need. You need to develop a portal service which will listen to events from userhome repository.
  1. Capture folder creation event for user home
  2. Create the folder structure you want in this event handler
  Check this documentation on how to do this.
  https://media.sdn.sap.com/html/submitted_docs/nw_kmc/howto/rf/client_api/rf_client_api.html
  Regards,
  Prasanna Krishnamurthy

• How to set different urls for logoff button for different user groups

  HI All,
  We have two different set of users in our company .when one user group clicks on the logoff button in masthead we want to redirect them to for example www.google.com and for the other group we want to redirect to www.gmail.com.
  How can we acheive this particular requirement
  Thanks
  Bala Duvvuri

  hi bala,
  For the  two user groups maintain two different desktops, two/same themes and frame work.change the headeriview jsp in masthead par file to Google and save it as masthead1 and another one with gmail as masthead2 then create iviews with that par file and assign them to different groups and make invisible the default masthead iview.then the users get the logoff based on group you can get some wikis on changing log off or redirecting log off, check these threads
  Portal logoff : Redirection or Close the Entire Window
  Portal Logoff redirection URL
  Regards
  Mahesh

• Different Password Policy for Different User Groups in ACS 4.2

  Hi All,
  Can some one provide a solution for the below requirement?
  We do have ACS 4.2 appliance managing firewalls of different clients. The users are common i.e, helpdesk administrators. One of the client came up with setting different password policy for managing their devices i.e, the client wants to have min 15 characters as password length. We do have currently 8 characters as min password length. Can we change the password policy to min 15 characters only for managing the firewalls of this client whereas for all other client firewalls we feel better to have 8 characters as min password length?
  It seems that these password policies are global & affects all the users.
  This is something like, having two sets of password (for each user) policy depending on the client which he is going to manage.
  For my knowledge, i think that this is not possible. But, thought to cross-check with experts!
  -Jags.

  Hi jags,
  Yor're correct. Password policy on ACS will affect all internal user. We can't create different password policies for diferent clients/connections/set_of_users
  Password validation options apply only to user passwords that are stored in the ACS internal database. They do not apply to passwords in user records in external user databases; nor do they apply to enable or admin passwords for Cisco IOS network devices.
  HTH
  Regards,
  JK

• Using different configured views for different user group in crm2007

  Hello SAP Expert,
  Want to clarify if the BADI (Configuration Access Determination BADI ; BSP_DLC_ACCESS_ENHANCEMENT)  is used as design time or Run time. By looking the help of this BADI it says "This Business Add-In (BAdI) is used in the UI Configuration Tool (CRM-FRW-CON) component." Looks like this is at configuration time not at run time.
  The actual requirement is that for a set of users which work on a particular department, we want to have some extra information on 2 views and rest of the views they would be using same as entire organization. We are inclined towards using config role rather than zviews. If we were to use zviews then it would not be a difficult one.
  We were thinking of a mechanism to show the configured view based on user's Business Role at runtime. e.g. we have 2 roles A and B. Role A user have only 2 views specific to them and all other views they use same as Role B. We do not want to use ZView rather use Role Config Key to distinguish the views. What I was thinking that we should be able to create these 2 views with Config Role A and all  views (including these 2) with Config Role B. On Business Role A and Business Role B both, We will assign Config Role "B". but at runtime system should determine if the Business Role is A and Component is CMP1 then use the view V1 with Config Role A not the default view with config role B. (we can maintain that information in a Z table). This is not based on runtime profile but to use configured view at runtime.
  Any thoughts/ help really appreciated.
  Best regards,

  Hi Amithab,
  you can use badi CRM_BP_UIU_VIEW_CONFIG  of enhancement spot CRM_UIU_BP_ENHANCEMENT for your requirements. Please read the badi documentation because you need also a implementation of badi CRM_BP_UIU_CONFIG_CALLBACK (same spot). SAP considers badi CRM_BP_UIU_VIEW_CONFIG only for use at dynamically loading different configuartions of view details for business partners or contact persons at runtime. But you can use your badi implementation also for other views. You have to redefine method DO_CONFIG_DETERMINATION in your views. And call your badi from there. For this copy&paste the logic of DO_CONFIG_DETERMINATION of bp details to the views you have to load dynamically at runtime.
  We have used this approach for access controll and granting special access to views dependent on different employee functions.
  Best regards
  Michael

• Error when trying to configure Lync to be a partner application for Exchange Server 2013

  When I attempt to run the Configure-EnterprisePartnerApplication.ps1 script I get the following error:
  The address 'LyncEnterprise-ApplicationAccount@*.domain.com' is invalid:
  "LyncEnterprise-ApplicationAccount@*.domain.com" isn't a valid SMTP address. The domain name can't contain spaces and it has to have a prefix and a suffix, such as example.com.
  The error continues with some more things, but what I can't understand is why it is adding a *. after the @ when it is trying to create the account.
  Any help would be appreciated, thanks!

  Hi ADrake04,
  I found that the script was configured as below:
  $acceptedDomains = Get-AcceptedDomain;
  if ($acceptedDomains -eq $null)
  WriteError ("There is no accepted domain so user can not be created.")
  $acceptedDomain = $acceptedDomains[0].Name;
  if($UseDomainController -eq $true)
  $user = New-MailUser -Name $username -DomainController $DomainController -ExternalEmailAddress $username@$acceptedDomain;
  set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true -DomainController $DomainController
  else
  $user = New-MailUser -Name $username -ExternalEmailAddress $username@$acceptedDomain;
  set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true;
  WriteInformation ("Created User <$($user.Identity)> for Partner Application.");
  return $user;
  Please note the variable “$acceptedDomain”,
  this is a very important point.
  (Note: The acceptdomain is used in Exchange, and can be created in Exchange EAC )
  Now what you need to do is to run the following command in Exchange Powershell and see the result.
  $acceptedDomains
  = Get-AcceptedDomain
  $acceptedDomains[0].Name
  If you see the result “*.Domain.com”, then you should check your Exchange Configuration.
  Best regards,
  Eric

• Configuring Lync Server 2013 to be a partner Application for Exchange 2013

  Hello Guys,
  I just want to share my experience while configuring Lync server 2013 to be a partner Application for exchange 2013 sever. 
  As mentioned on technet you need to run Configure-EnterprisePartnerApplication.ps1 script that ships with Exchange 2013. 
  But when I tried to run the script as described on the technet article, I found it always fails with " the accepted domain is not valid"
  I have checked my accepted domains many times and i found that there's no issues with my configured accepted domain. 
  So I started to review the script to find the issue and I found that the script was configured  as below 
  $acceptedDomains = Get-AcceptedDomain ;
    if ($acceptedDomains -eq $null)
      WriteError ("There is no accepted domain so user can not be created.")
    $acceptedDomain = $acceptedDomains[0].Name;
    if($UseDomainController -eq $true)
      $user = New-MailUser -Name $username -DomainController $DomainController -ExternalEmailAddress $username@$acceptedDomain;
  set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true -DomainController $DomainController
    else
      $user = New-MailUser -Name $username -ExternalEmailAddress $username@$acceptedDomain;
  set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true; 
  which is totally wrong as below: 
  firstly it makes $AcceptedDomain variable to equal the Name of the accepted domain. 
  Not all customers configure the name of the Accepted Domain to be the Domain Name.
  Secondly  it makes $AcceptedDomain variable to equal the name of the first Accepted Domain.
  The first domain may be not the default Accepted Domain. 
  So I have configured the script as below
  $acceptedDomains = Get-AcceptedDomain | ? {$_.Default -eq "True"}  ;
    if ($acceptedDomains -eq $null)
      WriteError ("There is no accepted domain so user can not be created.")
    $acceptedDomain = $acceptedDomains.DomainName;
    if($UseDomainController -eq $true)
      $user = New-MailUser -Name $username -DomainController $DomainController -ExternalEmailAddress $username@$acceptedDomain;
  set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true -DomainController $DomainController
    else
      $user = New-MailUser -Name $username -ExternalEmailAddress $username@$acceptedDomain;
  set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true; 
  I hope This help. 
  Thanks 
  Ahmed Fouad

  Hi,
  This is helpful, thanks for sharing.
  Best regards,
  Belinda Ma
  TechNet Community Support

• How to secure BSP applications for external users on the internet?

  I posted this question under Enterprise Portal forum but got no response. I am hoping some of you experts in this area can help.
  We have developed BSP applications and set them up as iViews in Enterprise Portal 6. Our portal implementation will be used by external users.
  We have security concerns that the access to the BSPs  allows external users direct access to the R/3 system. We were told that we should use ITS application instead of BSP application for external users.
  Do any of you have any insight into how we could work around the security problem with BSP applications, or BSP applications in EP6? Your help will be greatly appreciated.

  In sense they are correct as to whether it is more secure or not would have to be a call by people who are more of an expert than myself.
  But I can see there point the BSP runs directly on the system and uses the system security where as the ITS is basically just an RFC call. However for us we use a 620 server with BSP's and make RFC calls to our R/3 systems thus keeping people of the R/3 directly - however we are not opened to the Internet.
  If your message is answered please remember to mark it solved so others searching in the future can find the solved ones quicker - just click on the yellow star.

• Translate Application for arab users

  hey all,
  I have an application i want to make the arabic version from the application for the users,i created a copy of the application now i want to rename the items (pages,regions,buttons,etc) to arabic in proper way and to change the direction of the items from right to left for arabic users...
  Regards ,
  Ahmed

  Hi Ahmed,
  Did you already have a look in the Shared Components section - Globalization - Translate Application?
  The steps to follow;
  1. Map your primary language application to a translated application
  2. Seed and export the translation text of your application into a translation file.
  3. ranslate text identified in translation file.
  4. Apply your translation file and publish
  5. Optionally translate messages which are used by PL/SQL procedures and functions.
  6. Optionally identify any data that needs to be dynamically translated to support SQL based lists of values.
  Or have a look in the doc: http://download.oracle.com/docs/cd/B28359_01/appdev.111/b32258/global.htm
  I never tried to translate into a language with a reading direction of right to left... interesting!
  Dimitri
  -- http://dgielis.blogspot.com

• Restricting  Access for SQ01 User Group

  Hi ,
  Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
  Thank you
  Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

  Hi,
  Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
  If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

• [SOLVED] Partition & Access for different users

  Hey guys, I’m kind of lost and need some help.
  Scenario:
  My computer is set up with two hard drives: one SSD, which holds Arch and the /home folder, and a regular HDD, which holds the /var folder and where all data should go on two separate partitions.
  Both partitions are mounted at /mnt/HDD2 and /mnt/HDD3.
  Naturally, they both belong to root. However, since I want to be able to save all my music, games and whatnot on these two partitions I need to be able to access them as a normal user. On a single user system that would be a no-brainer; I would simply change the ownership. However, I plan to have another user use my computer from time to time and thus need to have the partitions accessible not only for one but a second user as well. And that’s where I can’t get things to work.
  First I’ve changed the group for the partition (users) and added both users to the corresponding group (users) but could not write on the partition.
  Then I’ve run chmod a+rxw on the partition. Beside the fact that I think that this is quite an inelegant solution, newly created folders where still only accessible by the corresponding user.
  I’ve also set the SGID-Bit but no dice either.
  Now I’m totally lost. Obviously, I’m missing something but I don’t see what.
  tl;dr: I need access to a partition for different users on a single system so that they can easily save, write and share files between each other.
  Any help appreciated.
  Last edited by Janusz11 (2014-10-03 12:32:58)

  Problem solved.
  I ended up using umask. It's basically a single user system anyway with a second user only using it from time to time and both of us having their own group. So it should be relatively save using umask.
  I've changed the owner and group of the partition:
  chown user1:group /mnt/HDD
  ...and the permissions:
  chmod 2770 /mnt/HDD
  ...and added both users to the corresponding group of the partition:
  gpasswd -a user1 group
  gpasswd -a user2 group
  Finally I've changed umask to 007 for each individual user while leaving the system-wide umask untouched.

• Using different templates for different user access types.

  Hi all,
  I have an issue where we have a Page Group with lots of pages/sub-pages.
  There are three different User Groups, Internal, Customer and Supplier.
  I need to display the same content but with different templates (look and feel), one for the Internal, one for the customer and one for the supplier.
  Can this be done using Oracle Portal 10.1.14? If so, how?
  Many thanks.

  Hi,
  Yes you can do what you want to do in 10.1.4.
  You can call a procedure in your HTML Layout Template which will write some CSS. This procedure will be executed with the USERID parameter.
  Your procedure will check if the current user is a customer or a supplier and your CSS will reflect the differences (with different colors or whatever...)
  Good luck,
  Max.

• How to create different log files for different users in log4j

  I want to create different logs for different users, using different appenders for each user so that logs are created in his file only.
  Confusion:How to direct them to different files in my logger class

  Hi Avi,
  First of all I have given a first reading to log4j and I think there will some more easy way of logging debugging messages than log4j (If you could provide me a detailed explanation of a servlet,jsp,java bean that uses log4j and how to use log4j then it will be very helpful for me). The other easy ways (if I am not using log4j) to my problem i.e creating different log files for each of web applications deployed in oc4j are
  I have created multiple instances of OC4J that are configured to run on different ports and so on each instance I have deployed a single web application . And I started the 2 oc4j instances by transferring thier error/log messages to a file. And the other way is ..
  I have download from jakarta site a package called servhelper . This servhelper is a thread that is started in a startup servlet and stopped in the destroy method of that startup servlet. So this thread will automatically capture all the system.out.println's and will print those to a file. I believe that this thread program is synchronized. So in this method I need not run multiple instances of OC4J instead each deployed web application on single instance of oc4j uses the same thread program (ofcourse a copy of thread program is put in each of the deployed web applications directories) to log messages on to different log files.
  Can you comment on my above 2 approached to logging debugging messages and a compartive explanation to LOG4J and how to use LOG4J using a simple servlet, simple jsp is appreciated ...
  Thanks and Regards,
  Ravi.