User Level Security

Similar Messages

• Converting a pre-Access 2000 database w/ user-level security to Access 2010

  Hi -
  An old database was passed down to me and I'm tasked with converting it so that we can use it with Access 2010. Sounds simple. However, I'm blocked in every attempt that I make to convert, export, and, in some cases, modify the database, due to not
  having the "appropriate permissions". We (my manager and I) do not know the original owner, and we do not have the original workgroup file. I've had our IT guy check to make sure I am the system admin on my machine in hopes of that making a
  difference - I was even able to create new workgroups and add and remove users to and from those groups but when I tried to convert (or save) the database, write some vba code behind the database, create and save new forms, or even update certain tables,
  I'm told to contact my system administrator or original owner of the object about giving me the "appropriate permissions" to do either of those things. I'm out of ideas here. I've even had a team of people contribute ideas as to how I can get around
  this. I cannot even convert this old database (which is in .mdb format, fyi) to an MDE. Is there any way that the user-level protection can be removed from this database? I'm hoping for an alternative other than to start over from scratch.

  Hi,
  As you said that the .accdb format does not support replication or user-level security, we need to use the MDB format in Access 2010. Please try to follow the steps to remove the user-level protection:
  1.Start Microsoft Access, and log on as a member of the Admins group.
  This can be the administrator account that you created when you secured the database, or it can be any member of the Admins group. Be sure that you’re using your own security-enhanced workgroup information file when starting Access.
  2.Open the database.
  3.On the Tools menu, point to Security, and then click User And Group Permissions.
  4.In the User And Group Permissions dialog box, assign full permissions to the Users group for the database and all the objects in the database.
  Because all users are automatically part of the Users group, this step has the effect of concealing security again.
  5.Click the Users tab, click Admin in the Name box, and then click Clear Password.
  Clearing the password for the Admin user disables the Logon dialog box that is displayed when you start Access. All users are automatically logged on as the Admin user the next time they start Access. This step disables the Logon dialog box for all databases
  that are using the same workgroup information file.
  6.Restart Access.
  7.Create a new database, and then import all objects from the security-enhanced database.
  You can accomplish this easily by using the Import command (File menu, Get External Data submenu).
  Quote From:
  http://office.microsoft.com/en-ca/office-2000-resource-kit/removing-user-level-security-HA001138118.aspx
  Regards,
  George Zhao
  TechNet Community Support

• How to set users level security profiles and auditing?

  hi,
  We are using EBS 12( 12.0.6 ) with database 10g (10.2.0.3) on Linux redhat 4.
  I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
  infos and attempts should be audit.
  Please also explain the empact of audit on running system?
  Thx

  I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
  infos and attempts should be audit. https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+API&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+Audit&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Please also explain the empact of audit on running system?https://forums.oracle.com/forums/search.jspa?threadID=&q=Auditing+AND+FND+AND+Profile+AND+Option&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Try this in a TEST instance before you promote it to Production.
  You will need to bounce the application services and enforce the users to sign off/on after setting those profile options.
  Thanks,
  Hussein

• Instance Level Security (user level security) ?

  Hi, I would like to have instance level security in my ejbs. That is I want to verify that the person calling my CMP ejbs is the one who logged-in. I don't want the logged-in user accessing someone else's information. I would like to know what is the best way to implement this?
  I was thinking along the line of having code in my cmp's ejbload method. The code would find the user owner of the record it belongs to by navigating to the owner using the cmr relationships. Let us say that there are three cmp beans: user, order and orderlineitem with the following relationships:
  user has 1-to-n relationship with order. Order has 1-to-n relationship with orderlineitem. So, in my orderlineitem->ejbLoadmethod, I would try to find the user to it belongs to by navigating to user bean and finding the userlike this:
  String userName = getOrder.getUser().getUserName();
  if (userName.equals(ec.getCallerPrincipal().getName)) {
  System.out.println("user is right");
  } else {
  System.out.println("user is NOT not the right user");
  Is this a good idea? Is there a better way to do this?

  When I go to application server controlHow you are accessing the ASC? Please also check your IE settings.
  Additionally you can review
  http://download.oracle.com/docs/cd/B25221_04/core.1013/b25209/tools.htm#i1055655
  I do think that the error is related to role. You can also check the above link under heading (Creating Administrative Users and Assigning Administrative Roles).
  Hope it is helpful.
  Adith

• Domain and User Level Security

  Dear Friends
  Tuxedo Version : 8.0
  Weblogic Server: 7.0
  Operating System : Win 2000
  I have successfully run the simpapp example with WTC as the connector between
  the remote domain (tuxedo) and local domain (WLS).
  Now, i want to perform authentication, the documents are not being of much help
  so can anybody give me any suggestion to create domain level security and ACL.
  Please note, i'm just using the services (import).
  As per the documents and newsgroup,
  i made changes to the TUXEDO ENVIRNMENT, ubbdomain, adding SECURITY , AUTHSERV
  parameters in it.
  Also made respective changes in WTC, but when i run the example,
  it throws an exception as TPENOENT.
  Thank you in anticipation.
  Please help me !

  Hi Shamu,
  I answered similar questions in a posting with title "Service
  Authentication How to". The questions were posted after your post.
  Check out the questions and my reply see whether they are useful to you.
  Regards,
  Honghsi
  shamu wrote:
  >
  Dear Friends
  Tuxedo Version : 8.0
  Weblogic Server: 7.0
  Operating System : Win 2000
  I have successfully run the simpapp example with WTC as the connector between
  the remote domain (tuxedo) and local domain (WLS).
  Now, i want to perform authentication, the documents are not being of much help
  so can anybody give me any suggestion to create domain level security and ACL.
  Please note, i'm just using the services (import).
  As per the documents and newsgroup,
  i made changes to the TUXEDO ENVIRNMENT, ubbdomain, adding SECURITY , AUTHSERV
  parameters in it.
  Also made respective changes in WTC, but when i run the example,
  it throws an exception as TPENOENT.
  Thank you in anticipation.
  Please help me !

• Apex User Level Security

  Hi,
  I have configured the APEX 3.2.1 with Oracle 11g. I have following requirement,
  When user login to the http://localhost:8080/apex page then user should be able to access only "SQL Worksop" and no other feature of APEX.
  Can anybody tell me how can I achieve this?
  Thanks and Regards,
  Ketan Dangi

  [READ HERE|http://download.oracle.com/docs/cd/E14373_01/nav/portal_booklist.htm] Hello
  In APEX there are different roles for different users which can be either: ADMIN, DEVELOPERS or USERS.
  Developers can view all of the development tools which includes: APPLICATION BUILDER, WORKSHOP and UTILITIES.
  Investigate more on this... READ HERE
  Or how about making your SQL Query tool... using APEX?
  In ORACLE you can parse SQL codes at runtime...this possible..
  Its hard and time consuming but will help you fullfill your goal..
  http://download.oracle.com/docs/cd/E14373_01/nav/portal_booklist.htm READ HERE for begining
  i know i am not useful and hope others can help you more..
  Regards,
  Noel Alex Makumuli
  Tanzania

• Information Regarding Essbase Security Except Filter Level and User Level

  I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
  Asia and America are defined in my location dimension.
  can any one explain about it without using user Level Security and Filter level security.
  Please tell me how to do it?
  Thanks in advance.

  Sandeep's reference the DBAG and the section on filters is the right direction. The filter is created in EAS.
  Let's use an example.
  You create a METAREAD filter (that is, it filters both data and dimensionality) that gives a user limited access to the Location dimension (I think I have that right), e.g., the British Isles, the UK and Ireland. You can also create a READ filter but it only limits data and, in my opinion at least, causes confusion because users can see metadata (the whole world) but only see data for the British Isles.
  NB -- filters can be assigned to individual usernames or to groups that users are members of. For a POC, I'd keep it simple and just assign it to a username, but it's your choice.
  Assign the filter to the user in Shared Services.
  Try connecting to the database in Excel through the Classic Add-In or SmartView to test what the user sees -- it should be: Total Location, British Isles, the UK, and Ireland. You will see Total Location (top of the dimension) because that's how Essbase navigates down -- it has to have the dimension name to find the limited children. You won't see any data there. But you will see data at the Location members that the METAREAD filter allows.
  That's it -- it's been around since the year dot, and is the way access is restricted. You shouldn't need to reinvent the wheel to get this to work in OBIEE. Essbase should do the work.
  Regards,
  Cameron Lackpour

• How to do data level security on users based on region

  Hello guys
  I currently have created a report with dashboard prompt on column "state" with a default value "CA"
  Now, the requirement is to perform data level security on this report, so different users based out of different state will log in to the dashboard and this prompt will change its default value accordingly so the user will have the report on only users home state prompted, and users can't see other state data..
  I have thought of creating session variables to achieve the same, but how should i set up the initialization string?
  Do I need to create a new table called "user table" that stores username/password and state columns and make that user table join to the fact table in the db?
  If so, how should I configure the session value so that users get filtered date based on its state location?
  PLease provide guidance
  Thanks

  Here’s an idea off the top of my head (untested):
  First, set up your security constraints normally using Manage…Security in the Administration Tool, so that each user can only see his/her state. Refer to the previous responses to this post for guidelines.
  Then, in your dashboard prompt, for the “Default Value”, write a tiny bit of logical SQL to query the “state” column from the presentation layer. If your security constraints are properly in place, the SQL should only return one value.
  To get an idea of what the logical SQL should look like, select “All Values” as the default value, then switch it to ‘SQL Results’. That will show you the basic format of the logical SQL. It’s really just normal SQL (select <this> from <that> where <the other>), but referring to presentation layer objects rather than to physical tables and columns.
  Untested. Please reply back and let us know how it goes.

• Data-level security in user level

  Hi All,
  In our OBIEE we have created several application roles and assign them to the users. We set data-level security for each application role, and the filter does apply to all related users. But we want to do more specific data-level security for each user, which we did by clicking on user name in Manage Identity, and set permission with additional data filter. But this does not work.
  Let's say we have Application Role1 with access to region='Asia', but then we want to set User1 to access only subregion='North Asia' and User2 to access only subregion='South East Asia', where User1 and User2 belongs to Application Role1.
  Is this possible to work in OBIEE 11g?
  Thanks.

  Hi,
  Yes it is possible,
  Please refer the below link.
  http://satyaobieesolutions.blogspot.in/2012/06/obiee-11g-security-week-row-level.html -- stey by step is there.
  Hope this help's
  Thanks
  Satya

• HR: Security Profile at User Level

  Hi
  As HR: Security Profile is not enabled for user level, but sometime we need it for some users. Workaround is set up a different responsibility for the same.
  Also We can go to Application Developer Responsibility and set enable user level for HR: Security Profile option. Is it Ok to do it or this may break the system at some point.
  Suggestions Please.

  Gaurav,
  I am not an expert in this area, but I do not think enabling the profile at the user level will cause any issues. In our site, what we have done is to create a security profile specific to that user and assigned it in the HR module (not sure of the specifics, but I can find out if you are interested) - we did not enable the profile option at the user level as you are wanting to do. SR can provide you with another opinion :-)
  HTH
  Srini

• Row-level security tied to a user account.

  Bear with me, I'm not quite sure I know what I'm talking about.
  Recently we migrated from BO 5.1.7 to BO XII r2 on Solaris. Under Bo 5.1.7 our Finance users tell me there was a way to attach row level security to the account itself. For example, Finance users could only access RU's which belonged to Finance. This there a way to recreate this global security level so that we don't have to do it on a case-by-case basis?
  Thank you in advance.

  You can specify row-level security for a User or UserGroup on a Universe via the Universe Designer in Tools -> Manage Security
  But that would be per Universe, and not global to Enterprise.
  Sincerely,
  Ted Ueda

• How To Setup User Row Level Security In Answers From Values In Table

  I am trying to setup row level security when a user logs into BI Answers. Basically I want the user to create any report that they would like but only see the data that they are associated to being retrieved in the Answer Report results. I have users stored in an Oracle authentication table where they have multiple values for schools that they can view. I have data in my RPD file that contain tables with multiple rows for schools. What I would like is to capture the associated school values for the user logged into BI Answers and place a filter on the data being retrieved in the RPD file to only show rows for the user's associated schools. Can I add a WHERE clause on the Business Model and Mapping layer of the RPD that would retrieve the multiple associated schools in my authentication table and filter/match them (IN clause maybe) to the school values in the RPD data being retrieved?
  Thank you in advance for any information you my have to help me along,
  Kyle

  Turribeach,
  I appologize, I did not use those exact words to search on in the forum. I should have and what I did use didn't turn anything up for my situation.
  Thank you for the link. It helped me find the below link which describes the setup in detail and resolved my issue:
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
  What I needed was a row-wise variable/initialization block that stored the multiple school values for my logged in user. I then edited the "Content" tab of the Logical Table Source with a WHERE/IN clause that filtered down the result set based on my variable/initialization block SQL query.
  This solution works great!
  Thanks again!

• Data Level security for specific Users

  Hi,
  Can you please suggest some ideas on by-passing the Data Level security for specific users or specific group?
  Currently, we have data level security defined on a group permissions for one group and for people belonging to another group, the security should not apply and they should see entire data.
  But, key thing here is that, the user belongs to both the groups.
  Any ideas helps.
  Thanks,
  Chandu.

  So you are saying you want a user to belong to a group with data-level security filters, but you don't want the filters to apply to that user?
  Why are they in the group then?
  Are the data filter defined with variables or are the hard-coded?
  If variables, you may be able to put logic in initialization block to set the variable appropriately for specific users.
  I'd rethink the security model - when I define data level security filters, I tend to force users to only belong to a single group/role.

• Row Level Security not working for SAP R/3

  Hi Guys
  We have an environment where the details are as mentioned below:
  1. Crystal Reports are created using Open SQL driver to extract data from SAP R/3 using the SAP Integration Kit.
  2. The SAP roles are imported in Business Objects CMC.
  3. Crystal Reports are published on the Enterprise as well.
  3. Authorization objects are created in SAP R/3 and added as required for the row level security as mentioned in the SAP Installation guide as well. The aim is when the user logs into the Infoview and refreshes the report he should only see data that he is meant to so through the authorization objects.The data security works very much fine when the reports are designed directly on the table but when the reports are built on the Business View it doesnt work hence the user is able to see all data.
  Any help in this issue is greatly appreciated.
  Thanks and Regards
  Kamal

  Hi,
  In order for row level security to work for you using the OpenSql driver, you need to configure the Security Definition Editor on your SAP server.  This is a server side tool which the Integration solution for SAP offers as a transport.
  This tool defined which tables are to be restricted based on authorizations.
  However since you are seeing the issue on reports based on Business Views, you need to identify whether the Business View is configured in such a way where the user refreshing the report is based on the user logging into Infoview.  If the connection to your SAP server is always established with the same user when BV is used then you security definition is pointless.
  You can confirm this by tracing your SAP server to identify what user is being used to logon to SAP to refresh the reports.
  thanks
  Mike

• Object Level Security in OBIEE 11.1.1.5

  Hi All,
  I am trying to implement object level security for certail groups. We have BI Apps 7.9.6.3 implemented in whch obiee 11.1.1.5 is integrated with EBS R12. Users are able to login through diffrent responsiblities to OBIEe. I need insight into how to implement object level security. Below are the steps whihc i have followed but still i am facing strange issues i.e. some users are able to see dashboards which they have no access with view display error. I checked in dashboard permission. They do not have access
  1) Created application roles in OBIEE with the same resposiblity names
  2) Grouped the application roles in diffrent groups. I.e. if application roles a,b,c should have access to dashboard x then i made b and c member of a.
  3) Configured security in manage previleges and catalog for these application roles i.e. i used application role a mentioned in step 2 in manage previleges etc.
  4) Restarted the BI server and presentation servers.
  Are there any other steps which should be followed apart from above mentioned steps. Do i have to make use of groups.
  Regards,
  Sandeep

  Sandeep Saini wrote:
  I checked the inheritance. I did a lot of investigation but it is weird. My purpose of asking the question was to find out if there are any bugs in version 11.1.1.5 otherwise i didn't see any issues.
  There are a couple of bugs related to the issue but I have checked that on 11.1.1.5.5 and its works as expected.
  Bug 13982971 : PERMISSIONS ON WEB CATALOG OBJECTS NOT APPLIED IMMEDIATELY
  In case you see anything like this -> QA:USER WITH NO ACCESS OVER A FOLDER IS ABLE TO RUN ANALYSIS REPORT CONTAINED then [Patch ID 15626966]
  1) I want to check if there are any components i.e. BI server, presentation server or any other service that should be started after creation of application roles. I started only BI server after creating application rolesAny changes made to the Application policies should need a restart of admin and managed server however if you are not creating policies just Roles with similar names OPMN restart should be good to see the changes made.
  2) I made use of application roles throughout in object level security . Is it the correct approach ?Yes that is the right approach to use application roles for defining object level permission settings throught, do not go for catalog groups its makes it nasty to manage. Here is the quote from Sec Guide : " Using catalog groups is not considered a best practice and is available for backward compatibility in upgraded systems."
  3) To check if there are any object level security related bugsThere might be more than once mentioned above since 11.1.1.5 .. I do not trust that version it bites a lot ;)
  And to explain step 2 lets say there are n number of application roles which should have same object level security but diffrent data level security. In that case i made all such application roles member of another application role and configured object level security for that group only. For ex in manage previlege i configured "Access to Answer" for one application group and made other application group member of this group. I hope its clear now .Grouping of Roles with other similar roles is what needs to done to get functionality like catalog groups.However a reference of the 5 basic rules is always a lifesaver : [Rules for Inheritance for Permissions and Privileges|http://docs.oracle.com/cd/E29505_01/bi.1111/e10543/mgrgrpsusers.htm#autoId16]
  Hope this helps.!
  SVS