User - Maximum logon duration, set expiry date ?
Hello,
Wanted to know whether BPC NW supports user setting of:
Maximum duration logon; does the session become inactive after a certain amount of time in case you do not execute anything?
Expiry date of user; can you set expiry dates and does a user automatically expire when you donu2019t log on for a certain amount of days?
appreciate inputs.
Thanks.
Hi Ellora,
I don't think if it possible in BPC NW, where as in BPC MS version we have Management Console which gives info. about will all users who have been online for the given period of time.
In BPC NW we have User Activity. BPC logs user and administrator behavior by recording information about each remote function call made from .NET to ABAP.
Regards,
Raghu
Similar Messages
-
How to set expiry date for a mail account?
Hi there, i'm new in Messaging Server, need help here on how to set an expiry date to a specific mail user since the mail user will be just a temporary mail user. Instead of deleting manually, is there any smarter way of doing it?
Directory Server can be set to exipre a password, indeed. That will prevent the user from logging in, when it happens. There will be no warning, or anything like that.
The account will still be on the server, and the mailbox will still contain mail. It will still receive mail.
If you want to turn an account off, you will have to make some arrangement outside Messaging Server for automating it.
You can use any kind of program you like to set the ldap attribute "mailuserstatus" to "inactive", or even "deleted" as you wish.
You can use java, "c", or any other programming tools you like. Messaging Server and Directory Server aren't written in Java, anyway. -
Enhancement /User Exit for logic setting call date / Horizon
Due toe planning in IP10 we have a horizon set by the system for (eks.) 80%. This is working OK for small planning intervals (i.e. up to 24 mth intervals).
However when intarval exceeds this limit we will set the call date to be maximum 30 days (for instance) ahead of the sceduled start date of the order.
Thus we need a user-defined way to manipulate / set the call date by a user exit (logic in ABAP - or by IMG settings if possible) that differs from the standard SAP setting for this date.
The question is then how we - in best practice - can do so.
Please advice if you need mor information on this issue.Hi
Find the available exits with the following program:::
*& Report ZFINDUSEREXIT
report zfinduserexit.
tables : tstc, tadir, modsapt, modact, trdir, tfdir, enlfdir.
tables : tstct.
data : jtab like tadir occurs 0 with header line.
data : field1(30).
data : v_devclass like tadir-devclass.
parameters : p_tcode like tstc-tcode obligatory.
select single * from tstc where tcode eq p_tcode.
if sy-subrc eq 0.
select single * from tadir where pgmid = 'R3TR'
and object = 'PROG'
and obj_name = tstc-pgmna.
move : tadir-devclass to v_devclass.
if sy-subrc ne 0.
select single * from trdir where name = tstc-pgmna.
if trdir-subc eq 'F'.
select single * from tfdir where pname = tstc-pgmna.
select single * from enlfdir where funcname =
tfdir-funcname.
select single * from tadir where pgmid = 'R3TR'
and object = 'FUGR'
and obj_name eq enlfdir-area.
move : tadir-devclass to v_devclass.
endif.
endif.
select * from tadir into table jtab
where pgmid = 'R3TR'
and object = 'SMOD'
and devclass = v_devclass.
select single * from tstct where sprsl eq sy-langu and
tcode eq p_tcode.
format color col_positive intensified off.
write:/(19) 'Transaction Code - ',
20(20) p_tcode,
45(50) tstct-ttext.
skip.
if not jtab[] is initial.
write:/(95) sy-uline.
format color col_heading intensified on.
write:/1 sy-vline,
2 'Exit Name',
21 sy-vline ,
22 'Description',
95 sy-vline.
write:/(95) sy-uline.
loop at jtab.
select single * from modsapt
where sprsl = sy-langu and
name = jtab-obj_name.
format color col_normal intensified off.
write:/1 sy-vline,
2 jtab-obj_name hotspot on,
21 sy-vline ,
22 modsapt-modtext,
95 sy-vline.
endloop.
write:/(95) sy-uline.
describe table jtab.
skip.
format color col_total intensified on.
write:/ 'No of Exits:' , sy-tfill.
else.
format color col_negative intensified on.
write:/(95) 'No User Exit exists'.
endif.
else.
format color col_negative intensified on.
write:/(95) 'Transaction Code Does Not Exist'.
endif.
at line-selection.
get cursor field field1.
check field1(4) eq 'JTAB'.
set parameter id 'MON' field sy-lisel+1(10).
If there are no available user exits you could go for badi's.
To search for a badi, go to se 24 display class cl_exithandler. double click on method get_instance, get a break point on case statement. execute and start the required transaction in new session. look for variable exit_name. It would show the available badi's.
Please reward if useful....
regards
Dinesh -
Script Add bulk user with CSV, and set expiration date
After importing the AD module, the line:
Set-ADAccountExpiration -identity JohnDoe -timespan "365"
Works just fine, but how would you automate this with a script that would read a csv-file. The -identity cmd dosen't seem to like my $SAM setup. Perhaps it's a better way to get-aduser and pipe it to set-accountexpiration. Is there a swift way to add the
expire date to the user I just created with my CSV-file?
Thanks!Thank You!
You're very welcome.
-AccountExpirationDate parameter of New-ADUser only seem to work with -DateTime, a specific date, while -TimeSpan is optimal for this solution.
You can use Get-Date's AddDays method to generate a datetime object for use in this situation, see the code I'm posting below for an example.
Now on to the next challange to warn me when they reach "32" days before expiration. Was thinking of running a Task Scheduled bath file that could collect number of days left and report it if below the mentioned days.
Here's one method you can use for finding these users:
$cutoffDate = (Get-Date).AddDays(32)
Get-ADUser -Filter * -SearchBase 'OU=Users - TEST,DC=domain,DC=com' -Properties AccountExpirationDate |
Where { $_.AccountExpirationDate -and $_.AccountExpirationDate -lt $cutoffDate }
Just so you're aware, we generally try to keep threads to a single question.
Don't retire TechNet! -
(Don't give up yet - 13,085+ strong and growing) -
Hi all,
Is it possible to set Expiry date for Item. if so, how?
Plz let me know,
thanks in advance
KumarHi,
There is no Expiry date field available in the Item Master Data. However, you can check the option of the Validity dates in Item Master Data or if your item is a batch managed item, then you can have the batch expiry date.
Kind Regards,
Jitin
SAP Business One Forum Team -
Hi experts,
Anyone knows what is the table where the portal stores the user last logon? The table WCR_USERFIRSTLOGON is for first logon, but... for the last logon?
Thanks in advance,
Regards,Hi Victor,
First thing there is no seperate table for getting User Last Logon information. But we can get the User Last Logon information
by fetching data from two Standard tables
1.WCR_WEBCONTENTSTAT
2.WCR_USERPAGEUSAGE. Using the Primary key of table 1 we can compare it the data with table2 to sort the Last Logon Date for the particular LoginID. Check it you will get a idea.
This works when all the iViews or Pages for the End-Users have Moniter Users property enabled.
Regards,
Nivas
Edited by: Nivas209 on Jul 5, 2011 7:41 AM -
Problem in setting user end date from oim to account expiry date in AD process form
Hi all,
i am updating the user end date from oim to user account expiry date in ad process form using oim api.
i am able to get the end date value from oim but when i am setting it using api it through exception but all other attribute i am able to update in process form.
i am facing the problem only with end date field because of different date format in OIM and AD .
so please suggest me what are date format in Active Directory and how can i change the oim date format to Active directory time format in in my java code.Thanks for the reply.
But all iplanet users need not contain end date attribute, and its an update on existing user.
Can you please ellaborate more on Transformation class..?? example should be helpful. -
Automatically deny access to users after expiry date
Hi All,
Is there any feature in SQL Server that automatically revert back all permissions of a user after certain days(Expiry date).
My company has a policy that all users permissions should be reverted back after every 60 days from request. After 60 days the users should request again for the access.
I am planning to automate this. Any input is appreciated
Thanks,Hi,
Never don't use the Agent job for security missions.
The Agent may skip a mission for one reason or another (eg problems related to the clock as set the system clock into the future and skip the scheduled time). That may lead to the fact that he is not scheduled to run that mission next. The Agent scheduled
his next mission A executable each time he execute the mission A. Moreover there are several known bug which include stopping the Agent as randomly stops when you schedule the job to run past midnight (There is a fix fro this), etc. The basic idea that
I want to say is NEVER use the Agent schedule for security mission.
http://support.microsoft.com/kb/2598903
as I mention in preview post I think that a trigger on logon is fit for this case (links are on my preview down)
[Personal Site] [Blog] [Facebook] -
Set Disable or Expiry Date for web app item via Edit form
I have a user that wants to delete a web app item from a secure zone edit form, but they are not the owner of that web app item. All items in the web app were imported via a csv file and hence do not have a 'submitted by' user id assigned.
Is it possible to Disable a web app item using a web app Edit form? or alternatively, is it possible to set the Expiry Date of a web app item using a web app Edit form?
Thanks
DaveSorry Brian, but I'm not sure that answers my question.
Sure, I can create a single web app item for every single client of my customer, manually.
Sure, I can create and 'allocate' that single web app item to each customer manually.
I pray the customer doesn't have hundreds of clients. And I would have to teach my customer how to do this convoluted process for every new client.
But the one thing this doesn't do is answer the question of updating the value of units held.
It seems the order module remains the closes to what I am looking for in that it allows an equation, and is automatically customer specific.
However, I am looking for a way to achieve a single daily update by the customer as to the value of the units held by each client. This can be done via the product module - update price. But this does not update existing orders. Exisitng orders are fixed at the price on the day. The customer wants to update the value once, in one place, and have that amend all existing 'orders' to reflect the new total value of units held by each individual client, and to have this show in each client's member area.
If you can think of a way of doing this in webapps or via the order module, this is what I am looking for. Anyone? -
Setting a secure zone expiry date beyond the invoice date.
Is it possible to set the secure zone expiry date later than the invoice date? We're just looking at a way to let our members continue to have access for say 1 week after an invoice has failed so that they can log in and update their credit card details, possibly without seeing the 'access expired' message.
I've seen this behaviour on a site before, but I think that may have had something to do with the fact that it was a weekly membership site and that the invoices were already generated.
Cheers
PatHey Gaurav,
This is for a monthly recurring subscription. What I was thinking was that if for example a user signed up on the 1st of the month that their SZ access expires on the 8th of the next month, but the invoice is still issued and paid on the 1st of the following month, and when the invoice is successfully paid the SZ access gets extended till the 8th of the next month - now that I've written it out like that I'm pretty sure this isn't possible, unless there is some setting that dev can see in the backend?
Pat -
Oracle database 11g
I have a database user whose password is due to expire in 5 days for example.
The user uses the default profile and the default profile PASSWORD_LIFE_TIME is 180 days.
I want to change that to UNLIMITED so:
ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
The default profile that my user uses is now password life unlimited.
BUT - If I query dba_users:
SELECT USERNAME, EXPIRY_DATE
FROM DBA_USERS;
My user still has an expiry date.
How can I remove the expiry date? Will the expiry date just pass as it is now set to UNLIMITED or will I have to change the password in 5 days when it expires and then its password life time will be unlimited?
Thanks in anticipation of your help.ynwa wrote:
Oracle database 11g
I have a database user whose password is due to expire in 5 days for example.
The user uses the default profile and the default profile PASSWORD_LIFE_TIME is 180 days.
I want to change that to UNLIMITED so:
ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
The default profile that my user uses is now password life unlimited.
BUT - If I query dba_users:
SELECT USERNAME, EXPIRY_DATE
FROM DBA_USERS;
My user still has an expiry date.
How can I remove the expiry date? Will the expiry date just pass as it is now set to UNLIMITED or will I have to change the password in 5 days when it expires and then its password life time will be unlimited?
Thanks in anticipation of your help.You have to reset the user's password before it will pick up the new profile. Altering the the password properties of the profile itself does NOT cascade to the existing properties of the users themselves. It merely sets the conditions for the next time a particular user changes their password. -
How can I change the User Password expiry date
Hi,
I want to know how can I change the password expiration date of my user without changing his password. For eg:-
User password expires on 12th May 2007. I want to extend to 12th Jun 2007. Is there any option in Oracle.
Alter User <USERNAME> password expire .....<to new date>;The command is not alter user set expire...
You should modify the user's profile, and set a timeframe:
ALTER PROFILE DEFAULT LIMIT
PASSWORD_LIFE_TIME = num_of_days;
This way your password will be valid from the last time it was changed and for the time frame previously defined.
~ Madrid. -
GTC Upload in OIM 9.1.0.2.How to capture User Expiry Date
Hi,
There are two OOB fields on User form.User account Expiry Date and User account Expiry Warning date.I have made these fields hidden.I found a strange thing happening.When I create a user manually,these two fields have a date value populated automatically,but if I perform bulk Upload,there two fields are blank.
Please help.
Regards,
ShubhraHi srini,
thanks for your reply,
Actually we integrated with 2003 exchange server, and we need a new integration with exchange server 2010.
we don't want to disturb 2003.
We are confusing with connector versions and how to perform those things.
Thnaks,
Valli -
Hi,
I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
My setup is as follows:
outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
password is selected in the publishing rules.
Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
set in AD.
If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
and change my password using the correct URL. However if I point my browser at
http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
The only recent changes made are:
- Disabling SSL 3.0 and enabling TLS (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
- Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
If I try to use ldp.exe on the inner TMG, I get the error in the pic below
Thanks
IT Support/EverythingHi,
You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
TMG 2010 – FBA, troubleshooting the change password feature
http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
Best Regards,
Joyce -
I am trying to modify the value of the field "Job Code" through API I am getting the following error.(OIM11gr2). I do not get this error when updating the other fields. There is a field by the name USR_JOB_CODE in the database. When I poked around I found that there is no Job Code field in the User Form. Any ideas?
IAM-3056160:Modify User Profile request cannot set or change attribute Job Code, since it is not defined in the corresponding data set.:Modify User Profile:Job Code
oracle.iam.identity.exception.ValidationFailedException: IAM-3056160:Modify User Profile request cannot set or change attribute Job Code, since it is not defined in the corresponding data set.:Modify User Profile:Job Code
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl_1036_WLStub.modifyx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy2.modifyx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManagerDelegate.modify(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invokeTHanks for your reply. Here is the snippet from User.xml that contains info about job code.
<entity-attribute>Job Code</entity-attribute>
<target-field>usr_job_code</target-field>
<field name="usr_job_code">
<type>string</type>
<required>false</required>
</field>
<attribute name="Job Code">
<type>string</type>
<required>false</required>
<searchable>true</searchable>
<multi-valued>false</multi-valued>
<MLS>false</MLS>
<multi-represented>false</multi-represented>
<attribute-group>Basic</attribute-group>
<metadata-attachment>
<metadata>
<name>multi-valued</name>
<value>false</value>
<category>properties</category>
</metadata>
<metadata>
<name>user-searchable</name>
<value>true</value>
<category>properties</category>
</metadata>
<metadata>
<name>category</name>
<value>Preferences</value>
<category>properties</category>
</metadata>
<metadata>
<name>bulk-updatable</name>
<value>true</value>
<category>properties</category>
</metadata>
<metadata>
<name>read-only</name>
<value>false</value>
<category>properties</category>
</metadata>
<metadata>
<name>visible</name>
<value>true</value>
<category>properties</category>
</metadata>
<metadata>
<name>encryption</name>
<value>CLEAR</value>
<category>properties</category>
</metadata>
<metadata>
<name>display-type</name>
<value>TEXT</value>
<category>properties</category>
</metadata>
<metadata>
<name>system-controlled</name>
<value>false</value>
<category>properties</category>
</metadata>
<metadata>
<name>max-size</name>
<value>512</value>
<category>properties</category>
</metadata>
<metadata>
<name>custom</name>
<value>false</value>
<category>properties</category>
</metadata>
</metadata-attachment>
</attribute>
I am able to retrieve the value of the Job Code attribute without any problem with the following code.
System.out.println("JOB Code: "+user.getAttribute("Job Code"));
Maybe you are looking for
-
ITunes crashes when processing purchases after restoring HD from Time Machine
Ever since I had to restore the HD on my MacBook Pro last weekend, iTunes crashes each time it tries to process downloaded files. Everything elses seems to work fine after restoring my HD. Any ideas? I've already tried re-setting my Apple ID password
-
Bapi or FM or other way to get Schedule lines
Hi All, Is there any BAPI or FM which can give the schedule lines and quantity as output for given input of Customer, Material, Requested date, Requested quantity, Plant.It would be very helpful if you give any other way to get the above details. T
-
I recently used SuperDuper! to transfer my old MBP hard drive and its settings to a new SSD. Everything went smoothly. When I opened the "About this Mac" section and looked under Storage it showed this: Where are the "Backups" (purple) located? I w
-
Route inside does not work on ASA 8.2(3), ASA cannot ping inside hosts
Hi Guys, I have a problem on one our ASA seems to acting strange. I have copy these routes below on ASA, and able to ping only 10.126.0.32. route inside 10.126.0.10 255.225.255.255 10.20.3.1 route inside 10.126.0.30 255.225.255.255 10.20.3.1 route in
-
Tutorial on randomization is up on the Animate team blog
Hi, guys- Just wanted to let you guys know that I just published a blog post on our Animate team's blog on randomization. We've received a couple of questions about randomizing quiz questions, etc., and I thought I would explain the slightly complic