User Access Restriction to BPEL & ESB PM

Similar Messages

• Schedule Portal Users Access Restriction

  Hi All,
  I have a scenario where in I need to restrict the access of some specific user(s)/Groups to the portal during a specific time period daily. This has to be automated and scheduled accordingly. I dont want to either delete the users or specifiy user expiry date. Please suggest if any one of you have a solution or suggestion regarding this.
  Regards,
  Sreeram

  What are you using for your LDAP?
  I do not see a way to do it via portals but with me in MSADS I can restrict days and time from there.

• ACS 3.2.2 : user access restriction on define AAA client

  Is it possible to restrict some users, who use remote connection, to be only authenticated on selected device ?
  For exemple, I want authenticate users defined for WireLess Lan only on ours AP and i don't want that this users can be authenticated on our CVPN.

  Hello,
  Yes, this is possible with NAR (Network Access Retriction). I am assuming you are using ACS Windows, if so, here is a good white paper on this. For configuration help, please refer to user guide. But, this link will get you started.
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml
  Thanks,
  Mynul

• User Access restriction for certain infotype

  Hi,
  We have a requirement from our management that for some specific user we need to give all infotype view access I mean PA20 but excluding payroll data for 14 grade and above.
  For this requirement I cannot give grade wise authorization because as per the requirement they can view all the hr related infotype except grade 14 and above our user should not view any payroll related infotype but less than 14 they can view the same.
  For this I need to create one object and give it to them but I donu2019t how to find it out?
  Can any one guide me?
  Thanks
  Gudia

  Hi,
  You can create dynamic action for IT 0008 that will copy grade value to field org.key in IT 0001.
  This field can be used in authorization object P_ORGIN.
  Then you can specify 2 P_ORGIN objects in the user role:
  1. IT - all
      Org.key 1-13
  2. IT - non-payroll
      Ogr.key 14 and above.
  Cheers!

• Use access level in BPEL console

  Hello Everyone,
  We started using BPEL (SOA Suite 10.1.3.3) for OTM to 11i integration. Currently, everyone has access to the BPEL console to monitor BPEL processes or to track errors, even in production. Now this is really scary as anyone could go in and mistakenly clear the instance archives or even undeploy a process. No one other than the Unix admin has admin privileges to any of our other middle-tier applications and this should not be any different. But we also need a way for analysts to view process progress and trouble-shoot issues.
  Is there any way we could give specific users access to the BPEL domain with only read-only privileges? I read about changing the Bpel console servlets to do the task, but I am afraid, this might violate Oracle support contract. I am sure we are not the only one having this problem.
  Does anyone has any suggestions?
  Thanks in advance!
  Shaf

  Not sure if that functionality is provided in 11g.
  I'm not sure how much access you would want to give non-technical people to the console, all the information here requires a fair bit of training.
  Oracle has human workflow and, bpel error frame work, which is deigned to notify and inform non-technical people of issues, etc. This means that you don't need to grant access to the consoles.
  cheers
  James

• How to restrict user access in Oracle Application Server 10g (9.0.4)?

  Can anybody please let me know how to restrict user access in 10g AS? To be specific, how to allow http requests from specific IPs only?

  Hi,
  You have to edit httpd.conf and modify acces rights for each protected directory
  e.g.
  <Directory /var/www/sub/payroll/>
  Order allow,deny
  Allow from 192.168.1.0/24
  </Directory>
  then you have to restart Oracle HTTP Server
  jm--

• ACS User Group Network Access Restrictions

  Hi to all,
  We have a problem trying to restrict the access for users to an acces point: All users in any group can access the access point, although the group has a network restriction whichs restricts this access.
  We have other restrictions which work perfectly. So we are beginning to think that this must be a problem in the access point (Cisco Aironet 1100)...
  Thanks in advance,
  Coloma Crespí

  Hi Andrew,
  Thanks a lot for your reply. I was really worried about this problem, I had tried everything to solve it and anything worked...
  Regarding what you say, the network access restrictions we have created are the generic ones. I don´t have the option to choose between a dialup or telnet restriction. Where is it? Can you give more detailed information, please?
  Thanks in advance,
  Coloma Crespí

• Restrict the User name / Password Auto complete option for users accessing

  Hi All,
  Can any one know the Restrict the User name / Password Auto complete option for users accessing Portal from within and outside of Portal.
  Regard's
  Rama

  Are your referring to the browser functionality of remembering the usernames and passwords?
  Thanks,
  GLM

• Time restricted user access

  Dear Experts,
  we are dealing with the following issue. Is it possible to set up time restricted user access in BPC 7.5? It means e.g. we want user to have access to BPC only in the first half of the year or (a bit trickier) in every first half of each month.
  And is it possible to temporarily prohibit access for an user without deleting him or his rights?
  Thanks for the reply,
  Jakub

  Hi Jakub,
  Can you explain why you want to set up your system this way? Depending on what you are trying to accomplish, there may be a good way to make it work in BPC (work status, security, data model design), but as Nilanjan said, there is not an easy way to totally lock out users based on date.
  Ethan

• WRT54G2 and WRT54G locks-up (freezes) when blocking web sites using Access Restrictions

  I am convinced that a few Linksys routers such as WRT54G2 and WRT54G have a major issue when blocking web sites using Access Restrictions (Internet Access Policy). After a few hours of internet access by 15 wired users the Linksys locks-up and blocks all internet web access. The only solution is to restart the power on the router.
  We are currently using a Linksys WRT54G2 v1 (firmware 1.0.04). We upgraded the WRT54G2 v1 firmware to the latest 1.0.04 version which did not resolve the issue.  NOTE: We were previosuly using a a Linksys WRT54G v1.1 (firmware 4.21.1) until the power supply blew a week after we started blocking web sites using Access Restrictions (Internet Access Policy).  
  Basically, we have a T1 internet connection and a hub connected to the Linksys router. We are trying to block several web sites such as facebook, myspace, etc. for 15 wired users. We do not use wireless connections.
  This is the 2nd time it happened with 2 different models.
  Please help ASAP.
  Thank you,
  Lance
  (Mod note: Edited post. Some parts off topic.. Thanks!)

  Also,  you have already upgrade/re-flash the firmware of your Linksys Router you need to reset and reconfigure your router from scratch. Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...

• How to configure CLI/DNIS based access restriction in 5.3 ?

  Hi,
  does anybody have an idea how the setting
  define CLI/DNIS-based access restrictions which is defined in ACS v. 4.2
  can be configured in acs 5.3 ?
  in v. 4 for every user in a group with 40 members  a different CLI is defined for each. How can I configure that in version 5.3 ?
  any help as always much appreciated!

  The equivalebt to NAR functionality can be found at:
  Policy Elements > Session Conditions > Network Conditions > End Station Filters
  Can then define an object with a set of CLI values
  These objects can then be used in policy conditions. So can create a condition with a set of CLI values and then match in authorization policy for values that are included in this set and set authorizations accoridngly
  Not sure if this is your use case but hopefully may be a start

• User access at IO level

  I have 2 OUs-- OU1 and OU2.
  OU1 has 1 inv org-- IO11
  OU2 has 2 inv orgs-- IO21 and IO22.
  I will define responsibilities at IO level, i.e., 3 responsibilities for an application --R11(for IO11), R21 (for IO21) and R22 (for IO22).
  I want to restrict user access at the IO level.So, R21 should access only IO21 and not IO22. Same for R22.
  What will be the value of the following profile options in order to achieve this? My BG name is Set up business Group.
  MO:Operating unit
  MO:security profile
  HR:security profile
  HR:business group

  Hi,
  Try with organization access.
  Guess the above 4 profiles wil help you to restrict at OU level only.
  Hope this helps.
  tks
  M J

• Create access restriction in designer using script

  Hello,
  I am looking for a way to automate the creation of access restriction within universe.
  I looked in the API universe reference and it seems that there is no entries for such an object
  For information I use Business Objects XIR2 with SP3
  Thanks for any help or answer

  Creation/Modification of Universe Access Restrictions is not part of the Universe Designer SDK, but part of the BusinessObjects Enterprise SDK. 
  It requires sending requests to the CMS using the SDK to get User and UserGroup information.
  For the COM-based version of the Enterprise SDK, the object is known as Overload, and described here:
  [http://devlibrary.businessobjects.com/BusinessObjectsXIR2SP2/en/en/BOE_SDK/boesdk_com_doc/doc/boesdk_com_doc/CrystalEnterpriseOverloadPluginLibrary.html#1351377]
  Sincerely,
  Ted Ueda

• Access restriction in Universe

  Hi All,
  In our environment we have 2 domain (US and Europe) and most of the user have id created for both the domain. We have 2 identical databases one in US and other in Europe. US database holds US information and Europe holds Europe data. 
  In our BO environment we have set the ad groups to create new id for each user Alias i.e if the user abcd has access in both US and Europe domain BO creates 2 separate ids for each domain (bo internally creates abcd and abcd0). We have only one universe and set of reports which has connection switching based on the domain user logs into BO (access restriction at connection level). This works absolutely fine, switches database connection depending on the domain user logs in.
  Now we are hearing from our users that they can access the personal reports created under Europe login in US login (this because users has abcd and abcd0). So we decided to create enterprise id and alias the users from AD group (abcd --> alias AD abcd), if we do this the change the connection swap is not happening as the BOUSER always returns abcd as user and universe restriction is only picking the default connection.
  Thanks
  Srinivas

  Hi,
  As you have mentioned in the post that OS is solaris. so for Solaris LAFix has been released by PG for this issue.Below are the details:
  VERSION:     XIR3.0 LAFix0.18
  PLATFORMS:       Solaris Solaris 10
  LANGUAGES:       English
  ADAPT ID:      ADAPT01099598
  Synopsis:     Universe connection override does not work u2013 Error WIS 10901
  WARNING: This LAFix has not been through a full regression test cycle but it has been deemed to fix the problem reported by the customer.  Inadvertent introduction of an unforeseen issue can however not be fully excluded. Before providing this LAFix to the customer, Customer Assurance must perform their own tests to confirm customer issue is solved.
  ADDITIONAL INFORMATION
         Installation Instructions :
  1.     Stop all BO Enterprise services, e.g <BOE_DIR>/bobje/stopservers
  2.     Gunzip and Untar  XI3.0_RHEL_LAFix0.18.tar.gz
  3.     Change directory to <EXTRACTED_LOCATION>/LAFix0.13/DISK_1
  4.     Run install.sh
  5.     Re-start all BOE services, e.g ./startservers
         Uninstall Instructions :
  2. Run uninstallpatch.sh from your system.
       New Behavior :
              The above issue is now resolved.
       Limitations :
              No known limitations
       Component(s):
        libuum.so
  Note: LAFix is released on top of XI 3.0
  To download the or get the LAFix you need to contact to your Sales Account Manager of BusinessObjects.
  Cheers,
  Deepti Bajpai

• Session and Access Restriction

  Hi:
  I have this problem with access restriction. I was trying to build a "secure" site with sessions where users are able to login and access secure webpages upon successful login. And these webpages are not available as soon as the user session expires or terminated. However, from time to time, these web pages are still accessible after logging out by pressing "back" button on the browser or book-marking these pages.
  I noticed that Hotmail and old Yahoo mail system have the same problem as the one that I have just described.
  I am not using https or virtual host or anythind like that, because I didn't have the resource. It is supposed to be a Basic Authentication (login/password) scheme.
  Could any one light me some fresh ideas?
  Thanks
  Tian Lei Xia ":)

  To avoid the bookmarking problem, set a session attribute with the login details.
  Once they login:
  if(request.getParameter("username")!=null)
       session.setAttribute("username","personA");
  if(session.getAttribute("username")==null)
       //don't display the page
  else
       //show them the pageThis is a very basic technique and there are other ways of doing this. As for logging out then the session should just be invalidated.
  An alternative would be to use the security features of the web deployment descriptor and get the web container to handle the sessions for you (See servlet API specs 2.3 for more details).
  Good luck,
  Anthony