User Access level help

Similar Messages

• Best way to handle user access levels with spring.

  I'm a spring newb, and I'm not sure how to properly handle user access levels with a validation controller. There seems to be a lot of information out there about creating simple login validators but like I've said I need to create multiple levels of user access. I could throw something together but i want to do it correctly. Does anyone here have any links to resources or information they could provide?

  ZimmerS1337 wrote:
  SoulTech aren't you a smart ass, why post anything at all?You don't get to control what people post, any more than we can control what people ask. It's best to let stuff roll off your back.
  ST wasn't exactly abusive. If you had typed "spring security" into Google, you would have gotten exactly what I recommended. So why would you say that his advice to try Google first was being a "smart @ss"? It's actually a good recommendation. Try it before you post here.
  %

• Tracking User Access to Help

  Is there a way to track user access to HTML help?  I'm wanting to be able to run a report that will tell me how often the online help is accessed either at topic level or just the full help level if that is the only possibility. Is there a plugin or third party app that can do this?
  For my Webhelp apps, I am able to tag individual html files with Omniture tags, however I can't do this for a compiled .chm file. The issue with the Omniture tags is that everytime I recompile help, I have to reinsert the tags.
  I am using Robohelp 8, HTML Help and Web Help
  Thanks in Advance,
  Diana Weber

  Hi Diana.
  With the web output you could try using something like Google Analytics or even invest in the RoboHelp Server application. However neither of these will work with HTML Help. The problem with HTML Help may not be the feasibility of recording hits on a file but pricacy concerns by the user. The Windows System Monitor records file hits but you'd have to manage a way of homing in on the data on each end user's PC!
  Read the RoboColum(n) for a tips, tricks and musings on the Technical Communication Suite products.
  Follow the RoboColum(n) on Twitter

• Problem with user access level

  David,
  I have so far succesfully implementend your tutorial on users registering and having to validate their emailaddress (both part I and II).
  Part I: http://cookbooks.adobe.com/post_Registration_system_that_requires_the_user_to_vali-16646.h tml
  Part II: http://cookbooks.adobe.com/post_Registration_system_that_requires_the_user_to_vali-16649.h tml
  When creating a login form however, I don't get it to work based on the access level verified = y. The database is set up exactly as you described in the above tutorials.
  This is the HTML for the log in form (index.php):
  <form ACTION="<?php echo $loginFormAction; ?>" method="POST" id="logon">
  <label for="user">Username</label>
  <input type="text" id="user" name="username" />
  <br />
  <label for="pass">Password</label>
  <input type="password" id="pass" name="password" />
  <br />
  <label for="done"> </label>
  <input type="submit" value="Log On" />
  </form>
  Below the code that is found above the <html> tag in the index.php file:
  <?php require_once('../Connections/conn.php'); ?>
  <?php
  if (!function_exists("GetSQLValueString")) {
  function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    if (PHP_VERSION < 6) {
      $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
    switch ($theType) {
      case "text":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;   
      case "long":
      case "int":
        $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
      case "double":
        $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
      case "date":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
      case "defined":
        $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
        break;
    return $theValue;
  ?>
  <?php
  // *** Validate request to login to this site.
  if (!isset($_SESSION)) {
    session_start();
  $loginFormAction = $_SERVER['PHP_SELF'];
  if (isset($_GET['accesscheck'])) {
    $_SESSION['PrevUrl'] = $_GET['accesscheck'];
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=$_POST['password'];
    $MM_fldUserAuthorization = "verified";
    $MM_redirectLoginSuccess = "overview.php";
    $MM_redirectLoginFailed = "index.php";
    $MM_redirecttoReferrer = false;
    mysql_select_db($database_conn, $conn);
    $LoginRS__query=sprintf("SELECT username, password, verified FROM users WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
    $LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    if ($loginFoundUser) {
      $loginStrGroup  = mysql_result($LoginRS,0,'verified');
      //declare two session variables and assign them
      $_SESSION['MM_Username'] = $loginUsername;
      $_SESSION['MM_UserGroup'] = $loginStrGroup;          
      if (isset($_SESSION['PrevUrl']) && false) {
        $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];    
      header("Location: " . $MM_redirectLoginSuccess );
    else {
      header("Location: ". $MM_redirectLoginFailed );
  ?>
  On the overview.php page, I applied the restrict access to page behaviour, which results in the following code:
  <?php require_once('../Connections/conn.php'); ?>
  <?php
  if (!isset($_SESSION)) {
    session_start();
  $MM_authorizedUsers = "y";
  $MM_donotCheckaccess = "false";
  // *** Restrict Access To Page: Grant or deny access to this page
  function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;
    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
      // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
      // Parse the strings into arrays.
      $arrUsers = Explode(",", $strUsers);
      $arrGroups = Explode(",", $strGroups);
      if (in_array($UserName, $arrUsers)) {
        $isValid = true;
      // Or, you may restrict access to only certain users based on their username.
      if (in_array($UserGroup, $arrGroups)) {
        $isValid = true;
      if (($strUsers == "") && false) {
        $isValid = true;
    return $isValid;
  $MM_restrictGoTo = "index.php";
  if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
    $MM_referrer .= "?" . $QUERY_STRING;
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
  ?>
  Any idea/thoughts on what I'm not adding to the page in order to work?

  David,
  Thank you for that insight, I figured it would be something like that and when I woke up this morning, it all made sense. I changed somthing from the tutorial (part I) you wrote and now it works fine.
  I had trouble with the validation link in the email that is sent automatically. In your tutorial, section "generating and sending the validation email", you write:
  $message .= urlencode($_POST['username']);
  $message .= '&amp;t=';
  $message .= urlencode($token);
  When using the code like this, it wouldn't set the verified column to y. However, when I changed the middle $message to
  $message .= '&t=';
  it updated the verified column to y. The URL that displayed from the original code displayed the & sign as &amp; in the URL itself.
  Next to that, whenever I try to add something to the e-mail, the validation link becomes not clickable anymore.
  As the login problem concerns, encrypting indeed did the trick.
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=sha1($_POST['password']);
  Putting the $_POST['password'] between brackets, adding sha1 in front of it. It works just fine now.
  Hopefully no further problems on this anymore! Thanks a lot for your insights!
  EDIT: I can't mark this thread as answered anymore?

• Query users, access level and last logon date

  <p>Hello,</p><p> </p><p>Does anybody know how to query Essbase to look up users accesslevel and last logon date?</p><p> </p><p> </p><p>Rey Fiesta</p>

  It can be done using the API. Access level is a little complicated because it can be by individual or group they belong to and it of course is different by application/database

• Security and access levels

  I have created 4 users access levels, however, when I try to implement, when I keep inheritence, default security keeps coming up,   e.g. try changing everyone to my new access level and I get the new access level, but I also get view (inherited) - how can I "clean out" the old security settings??

  Sorry for the delay!
  OK, here's our situation - it's pretty straight forward;
  1500 users
  1500 (all) users in Everyone
  Of the 1500 users in Everyone;
  1200 in subgroup A
  200 in subgroup B
  90 in subgroup C
  10 users in Administrators
  4 universes
  1 connection
  Goal:
  Everyone and subgroups, same as admin, exception: can't delete or save to "corp" doc's.  My thought is to use same access level, then use the advanced configuration on the folders to prevent everyone from deleting any "corp docs"
  I have applied this access level to everyone and admin at;
  application > infoview, webi. cmc, deski, discussions, search
  universes > all 4
  connections > the 1
  folders > root folder,  level 1, denied access to everyone accordingly on level 2
  I have also added this access level to the top level security for users and groups
  Issues; 
  1. When I check the access level for everyone on folders, level 1 and below, I get the custom access level as inherited, but also view aslo as inherited.
  2. The users added to the admin group do not have same rights as the "administrator - for example, administrator can delete objects in the folders, but other users (within admin group) can not?  if I manually add the users to the folders, I can get this to work,  but doesn;t make sense, why would a user within a group have different rights, than any other user within the same group, with the same rights???
  Hope this helps!
  Edited by: Michael Bujarski on Jun 5, 2009 3:56 PM

• Action page based on Access Level

  I put this together using a couple of different sources. It
  worked until I put in the switch statement and commented out
  <cfset MM_redirectLoginSuccess="DRIVERS.CFM">
  Now, I am getting this error when the login is successful:
  Variable MM_REDIRECTLOGINSUCCESS is undefined.
  I'm just trying to let the user access level control which
  page they are routed to upon a successful login.
  Can anyone tell me what I can do to make this work?
  <cfif IsDefined("FORM.USERNAME")>
  <!-- <cfset MM_redirectLoginSuccess="DRIVERS.cfm">
  -->
  <cfset MM_redirectLoginFailed="INDEX.cfm">
  <cfquery name="MM_rsUser" datasource="vol" username=""
  password="">
  SELECT USERNAME,PSWD,ACCESS_LVL FROM dbo.USERS WHERE
  USERNAME='#FORM.USERNAME#' AND PSWD='#FORM.PASSWORD#'
  </cfquery>
  <cfif MM_rsUser.RecordCount NEQ 0>
  <cftry>
  <cflock scope="Session" timeout="30" type="Exclusive">
  <cfset Session.MM_Username=FORM.USERNAME>
  <cfset Session.MM_UserAuthorization= MM_rsUser.ACCESS_LVL
  >
  </cflock>
  <cfif IsDefined("URL.accessdenied") AND false>
  <cfset MM_redirectLoginSuccess=URL.accessdenied>
  </cfif>
  <cfswitch expression="#MM_rsUser.ACCESS_LVL#">
  <cfcase value="A">
  <cfset MM_redirectLoginSuccess="DRIVERs.cfm">
  </cfcase>
  <cfcase value="B" >
  <cfset MM_redirectLoginSuccess="VOL_GRID.cfm">
  </cfcase>
  </cfswitch>
  <cflocation url="#MM_redirectLoginSuccess#"
  addtoken="no">
  <cfcatch type="Lock">
  <!--- code for handling timeout of cflock --->
  </cfcatch>
  </cftry>
  <cfelse>
  <cflocation url="#MM_redirectLoginFailed#"
  addtoken="no">
  <cfset MM_LoginAction=CGI.SCRIPT_NAME>
  <cfif CGI.QUERY_STRING NEQ "">
  <cfset MM_LoginAction=MM_LoginAction & "?" &
  XMLFormat(CGI.QUERY_STRING)>
  </cfif>
  </cfif>
  </CFIF>
  <cfset MM_LoginAction=CGI.SCRIPT_NAME>
  <cfif CGI.QUERY_STRING NEQ "">
  <cfset MM_LoginAction=MM_LoginAction & "?" &
  XMLFormat(CGI.QUERY_STRING)>
  </cfif>
  <head>
  </head>
  <html>
  <body>
  <form
  action="<cfoutput>#MM_loginAction#</cfoutput>"
  method="POST" name="index">
  <input type="text" name="USERNAME" accesskey="1"
  tabindex="1" id="USERNAME" />
  <label for="USERNAME">USERNAME</label>
  <p>
  <input type="text" name="PASSWORD" accesskey="2"
  tabindex="2" id="PASSWORD" />
  <label for="PASSWORD">PASSWORD</label>
  </p>
  <p>
  <input type="submit" name="Submit" value="Submit"
  accesskey="3" tabindex="3" id="Submit" />
  <label for="Submit">SUBMIT</label>
  </p>
  </form>
  </body>
  </html>

  You somehow have a case where the variable
  MM_REDIRECTLOGINSUCCESS is not defined. The best practice is to
  cfparam or set a default to the variable, even if it's to an error
  page so you don't get these undefined errors. Also, indenting helps
  code readabilitly a lot.

• User access at IO level

  I have 2 OUs-- OU1 and OU2.
  OU1 has 1 inv org-- IO11
  OU2 has 2 inv orgs-- IO21 and IO22.
  I will define responsibilities at IO level, i.e., 3 responsibilities for an application --R11(for IO11), R21 (for IO21) and R22 (for IO22).
  I want to restrict user access at the IO level.So, R21 should access only IO21 and not IO22. Same for R22.
  What will be the value of the following profile options in order to achieve this? My BG name is Set up business Group.
  MO:Operating unit
  MO:security profile
  HR:security profile
  HR:business group

  Hi,
  Try with organization access.
  Guess the above 4 profiles wil help you to restrict at OU level only.
  Hope this helps.
  tks
  M J

• Php code limit a user based on access level

  building site where users post items for sale
  different levels of access
  want to limit basic access level to 10 postings
  use php/mysql and dreamweaver CS4
  thanks for your help,
  jim balthrop

  sounds phenominal
  Like Craigslist but you have to pay... sign me up!
  If the activation method of the registration being sent to your email is this method then, as mentioned, it can be circumvented. And the IP address is an absolute fool-proof way to prevent multiple registration. That is of course without the consideration that the user may use a proxy server or otherwise cloak their IP address.
  Think of it this way: what if you were only allowed to post 10 threads in the Adobe forums and after that you had to pay to get "many benefits besides unlimited posting" What do you think DWFAQ would do?

• TFS - Access Level - page not found when trying to add user

  When I'm trying to modify some group under Limited Access Level I cannot do that because of the following error:
  Page not found.
  wrapErrorCallback/</<@server/tfs/_static/tfs/12/_scripts/TFS/debug/Presentation/Scripts/TFS/TFS.Core.Ajax.js:175:37
  endRequest@server/tfs/_static/tfs/12/_scripts/TFS/debug/Presentation/Scripts/TFS/TFS.Core.Ajax.js:114:17
  wrapErrorCallback/<@server/tfs/_static/tfs/12/_scripts/TFS/debug/Presentation/Scripts/TFS/TFS.Core.Ajax.js:141:1
  jQuery.Callbacks/fire@server/tfs/_static/3rdParty/_scripts/jquery-1.8.3.js:984:10
  jQuery.Callbacks/self.fireWith@server/tfs/_static/3rdParty/_scripts/jquery-1.8.3.js:1094:7
  done@server/tfs/_static/3rdParty/_scripts/jquery-1.8.3.js:7815:1
  .send/callback@server/tfs/_static/3rdParty/_scripts/jquery-1.8.3.js:8528:8
  Any ideas why it happens?
  Environment: Windows Server 2012 with latest updates, TFS 2013.4, user which is used for TFS is a member of local administrators group.

  Hi Rybak,  
  Thanks for your reply.
  Try to clean the Cache for TFS 2013 manually(delete the content of the folder only, not the cache folder itself):
  Clean the Cache folder on Server machine. The folder path is:
  C:\Program Files\Microsoft Team Foundation Server 12.0\Application Tier\Web Services\_tfs_data.  
  After cleaned, on Server machine, click Start and select
  Run… to open the dialog box, then input iisreset.exe and click OK, wait it run completely.
  If clean Cache cannot resolve this issue, please try to repair your TFS 2013 Update 4 Server, then check the result.
  Additionally, you can run TFS 2013 Power Tools BPA to scan the installation of your TFS Server.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Can not assign custom access level with a user login

  Hi,
  I am using Business objects XiR3. When I am loging in with a user having full control access and then I select a folder added a principal from user sercurity and when I am trying to add custom access level it gave me error
  An error occurred at the server during security batch commit: Request 0 of type 38 failed with server error : You do not have sufficient rights to make the requested security changes.
  it allow me to give access to standard access levels. also when I tried to assign custom access level with administrator user, it assigns custom access level to a principal without error.
  Can any body tell me what I am doing wrong?
  Thanks in advance,
  Rajendra

  Hi Rajendra,
  You have to make sure that the user group has the right 'Use access level for security assignment' assigned as granted on the access level you created. You can find this right under System / Access Level. That should do the trick!
  Hope this helps...
  Martijn van Foeken
  Focuzz BI Services
  http://www.focuzz.nl
  http://nl.linkedin.com/in/martijnvanfoeken
  http://twitter.com/mfoeken

• The best way to implement user's access level via Servlet & JSP (or more)?

  Hi all,
  I am trying to implement user's access level in an application to allow certain access to certain page or components within a page (buttons, etc.). From my experience with JSP, Java, servlet, I am think of having the jsp/servlet to check for user's access level to decide what jsp components or forward page to go to next but that doesn't seem clean or elegant way to handle it.
  Any suggestions of how to do this? Are there other technologies (Struts) out there that can handle this?
  Thanks so much in advance for your feedback or suggestion,
  Thong Bui

  I haven't experienced a lot in defining security roles before, and there is probably a lot to learn about this area. However I might be able to assist you in some way. Whenever I have 2 or more objects that need to be stored in the session, I create a class called UserContainer. Say you have three properties:
  empSsn (String) , isAdmin (Boolean), isAgent (Boolean), then:
  public class UserContainer implements Serializable  {
  private String empSsn = null;
  private Boolean isAdmin = null;
  private Boolean isAgent = null;
  public UserContainer() {
  super();
  public void setIsAdmin(Boolean isAdmin) {
  this.isAdmin = isAdmin;
  public Boolean getIsAdmin() {
  return this.isAdmin;
  // getters and setters for the other properties
  Of course after you decide (in your sevlet) whether the app user is an administrator or an agent, you can set the corresponding property in the user container, and then save it in the session. Afterwords, in any jsp, you can decide to display a certain element (e.g a button) after you check the user's role. Example:
  // Welcome.jsp
  <% UserContainer userContainer = (UserContainer) session.getAttribute("userContainer");
  boolean isAdmin = userContainer.getIsAdmin().booleanValue();
  boolean isAgent = userContainer.getIsAgent.booleanValue();
  if(isAdmin) { %>
  <!-- HTML/Code corresponding to an administrator -->
  <% } if(isAgent) { %>
  <!-- HTML /Code corresponding to an agent -->
  <% } >Of course, this is a very simple way of doing such a task, you will find more secure ways if you look at LDAP or something of that matter.
  Cheers

• Help creating apple script to create folder and set access levels

  I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
  Thanks

  I'm trying to create folders in FileMaker Pro using apple script and need some help in setting the access level for the folders.  I want to set both Staff and everyone to Read and Write access.   Secondly I would like to have a function key set on the desktop to create new folders and set that same access level.  The default access is Read and I can not find a way to change that.
  Thanks

• Multiple Access Levels per User

  In a site I'm building, I need the ability to allow an administrator to intuitively assign different access levels to different users. There may ultimately be roughly 25 different pages to which a user may be granted access. One user may have access to section/page levels 1, 4, 5, 7 and 21. Another user may get access to 2, 3, 4, 17, 19 and 24, etc. While this is possible under the existing ADDT user login system by creating a separate access value that includes only the permissible pages (access level 1 could get to page 1, 4, 5, 7 and 21; access level 2 could only get to pages 2, 3, 4, 17, 19 and 24) it becomes impractical for the administrator since the developer (me) would have to come up with an access value and corresponding permissible pages for every possible combination. Every time a new combination was needed, my client would have to contact me to add that access integer and modify all the corresponding sections/pages that the user could access.
  The ideal solution IMHO in this scenario would be for the administrator to simply be able to select or deselect a checkbox at will for each page to which the user is granted access (this is actually the scenario to which another of my feature request post refers:
  http://www.adobeforums.com/webx/.59b75119
  In searching the old InterAKT forums, I came across a post in which this exact scenario was requested. The user and Ionut came up with a solution which I was able to modify to enable the system I describe above. Rather than repeating the solution, here is a link to that post:
  http://www.interaktonline.com/Products/Dreamweaver-Extensions/MXUserLogin/Product-Forum/De tails/110205/Access+level+based+on+pages.html
  While it appears this solution will work for me, it took me quite a while to find it, and even longer to understand it.
  So, that's my feature request: The ability for an administrator to easily assign any combination of pages to which a user is granted access, preferably with a set of checkboxes.
  Thanks!

  This is functioning now.  With 9.0 you simply use a forward slash between device IDs.
  [device ID #1]/[device ID #2]
  Put this information in the "Mobile Device ID" field on the user form.
  It also has been verified with 8.82 PL15-16, but I don't know how far back it goes.

• Custom Access Level/User groups in BOBJ XI

  Experts,
  We are currently implementing BOBJ XI 3.1. Up on go-live, it will be handled by the Operations team from BOBJ CMC. We do not want to give administrator group for the operations users in CMC. Instead, we want to create custom groups with custom access levels.
  Ex. one for basis who will set up authentication, licenses etc
        one for the functional folks to maintain universes, export universes and set up security.
  Is there a way to set up user groups like this. We were able to successfully restrrict access just to folders, universes by creating a custom access level. But we were not able to do it on other items listed in CMC. Has anyone done this level of access before for the operations or even with in the development team instead of using administrator group>
  Appreciate your response
  Thanks
  Kee

  Hi,
  We can assign different rights to a group by creating custom access levels.
  Create a new group ,and also create custom access level and assign it to the new group.
  you can provide access to different objects to the group by adding rights to the access level.
  Under the access level > click  Included Rights > Add and Remove Rights > Under the Rights Collection > click on System.
  You  could find all the CMC object access rights can be assigned.
  Regards,
  Rameez