Users and Security Levels in lookout client

Similar Messages

• High level user and Low level user

  Hi to all gurus,
  How SAP diffrentiates between high level user and low level users?? I mean if the licences are for 25 high level user and 50 lowevel users, than how SAP will categorize the high level and low level user licenses?? Is there anyway where BASIS person has to specify??
  Thanks and Regards,

  Ask your SAP Account Manager, he will be happy to explain it for you.
  Regards
  Juan

• Restrict concurrent user and/or session from a client

  Hi All:
  We have an application with database Oracle 10g.
  I want to add a new validation to restrict concurrent user and/or session from a client. (we have almost 60 client firms using the software to enter daily trasnactions).
  All users from all clients are connecting to the database using a common functional ID.
  What I did was:
  1) Add a column 'user_logged_in' in the master table for client and update it as Y when user from that client logged on to the system,
  2) Insert the application logon details (we can figure out the client details from this) into a global temp table,
  3) Create a logoff trigger to update the 'user_logged_in'flag in client master table by using values from global temp table when session logged off and
  4) Restrict the users from same client if the flag is 'Y'
  But the problem in this case is logoff trigger will not be executed in case if the session got killed or terminated abnormally.
  Is there any other good solution for this scenario?
  Thanks
  Robin

  >
  But the problem in this case is logoff trigger will not be executed in case if the session got killed or terminated abnormally.
  Is there any other good solution for this scenario?
  >
  A better question might be - is there any other 'worse' solution than that?
  >
  2) Insert the application logon details (we can figure out the client details from this) into a global temp table,
  >
  Meaning - if that session goes down you have NO logon details since the data isn't persistent. Is that really useful?
  There is nothing you can do to account for someone just pulling the plug on: the server, the network connection, the bridge, the router, etc. And if a user is connected, starts a long-running process and then gets disconnected the process is likely to keep running in the background until Oracle needs to talk to the user again and then realizes that they are gone.
  Meanwhile the user is trying to logon again but can't because the system thinks they are already logged on.
  >
  All users from all clients are connecting to the database using a common functional ID.
  >
  Doesn't that kind of make it harder, not easier, to track who is really connecting and using your application?

• MaxL command to import users and security in eas

  Hello,
  I would like to know if there is a command that allows Maxl export and then import the list of users native EAS and filters.
  In summary, I have a few applicationsversion 9 essbase to 11.1.2.2, via migration wizard. my essbase 11 is in standalone mode with SSO configuration to MSAD external authentication. In version 9 essbase security is mounted on the shared services.
  My question is, if I take my file essbase.sec version 9 and the copy in version 11, to get my native users and security filters. Will I lose my config sso?.
  Thank you in advance
  Edited by: 851398 on 25 sept. 2012 09:20

  851398 wrote:
  My question is, if I take my file essbase.sec version 9 and the copy in version 11, to get my native users and security filters. Will I lose my config sso?.It is probably not adviserable trying to copy your essbase.sec between versions or environments,
  You could look at the advanced security manager as an alternative solution to extracting the information, it is free and definitely worth a go - http://www.appliedolap.com/free-tools/advanced-security-manager
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Difference between Security Oracle user and Security User

  Hi All,
  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.
  Thanks,
  Mahesh.
  Edited by: 991854 on Mar 12, 2013 1:49 AM

  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.Security > Oracle > Register:
  Use this window to register an ORACLE username with Oracle E-Business Suite. An ORACLE username grants access privileges to the ORACLE database
  http://docs.oracle.com/cd/E18727_01/doc.121/e12893/T174296T174305.htm
  Security > Oracle > Data Group:
  A data group defines the mapping between Oracle E-Business Suite products and ORACLE database IDs. A data group determines which Oracle database accounts a responsibility's forms, concurrent programs, and reports connect to. See: Defining Data Groups, Oracle E-Business Suite System Administrator's Guide - Configuration.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Security > User > Define:
  Use this window to define an Oracle E-Business Suite user. This user is an authorized user of Oracle E-Business Suite, and is uniquely identified by a username.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Thanks,
  Hussein

• Manage users and groups on 10.5 client like 10.5 server?

  can anyone recommend software for managing local users and groups on 10.5 client? we only need filesharing and don't need the added expense of OS X Server.
  thanks

  oh, right. we can add users with the File Sharing pref pane and can add groups under the Accounts pref pane.
  i'm assisting a friend reconfigure a 'server' (os x client box) that was damaged.
  i'd like to create a new group and then add a handful of users to that group for filesharing. these users don't really need to access the mac for local login.
  they are using Windows Vista from the clients and the way it's set up now, if a user connects and modifies/creates a file, no one else can then modify the file. we have to run chmod on the file/directory for everyone to be able to change it. i'd like to configure it so the permissions work correctly without having to do this.

• People Picker can resolve users and security group from another domain but no validation for groups

  Dear all,
  Here is the scenario of our issue:
  We are migrating from Domain A to Domain B and in Domain A we currently have a SharePoint 2013 on which we want to set permissions for users and groups that have already migrated to Domain B.
  A bi-directional trust exist between the two domains and all applications relying on trust and resolving IDs from on domain to another are working fine (Windows RDS for instance)
  The "bug" that we have is when using the PeoplePicker, it can resolve without any issue a user account in Domain A or B, and a security group (type global, I haven't tried local or universal yet) from domain A or B. But for the security groups
  only (it works well for users), when I click on "Save" to validate the add of the group to the site permissions, I have the following error:
  I have seen a lot of similar issues on the web but no answer so far that work :( 
  Example: https://social.technet.microsoft.com/forums/sharepoint/en-US/74e8d14b-a0f4-4e21-8cfa-b1a937247160/cant-provision-security-to-old-domain-users
  If you have any question that could help you to understand it, do not hesitate. 
  Thanks a lot in advance for your help ! :)

  Can you give the snippet from the ULS log where you're seeing this error?
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Users And Security Best Practice

  Dear Experts
  I am designing an application with almost fifty users scattered in different places. Each users should access tables according to his/her criteria. For example salessam, salesjug can see only the sales related tables. purchasedon should access only purchase related tables. i have the following problems
  Is it a best practice to create 50 users in the DB i.e. 50 Schemas are going to be created? Where are these users normally created?
  or is it better for me to maintain a table of users and their passwords in my design itself and i regulate through the front end. seems that this would be risky and a cumbersome process.
  Please advice
  thanks
  Manish Sawjiani

  You would normally create a single schema to own the
  objects and 50 users to use them. You would use roles
  and object privileges to control access.Well, this is the classic 'Oracle' approach to do this. I might say it depends a bit on what you want to achieve. Let's call this approach A.
  The other option was to have your own user/pwd table. You can create your own custom authentication but I would go for the built-in Application Express Users - authentication scheme. You can manage the users via the frontend (Application builder > manage Application Express Users) . There you can manage the groups and end users which you can leverage in your Apex app. You can even use the APIs to create the users programmatically. It is all done for you. Let's call this approach B.
  Some things to consider:
  1) You want to create a web application and also other applications that access the data stored in Oracle (another PHP / Oracle Forms / Perl ) or allow access via SQL/Plus. Then you should use approach A. This way you don't need to reimplement security for these different approaches.
  2) You want to create one (or multiple) Apex applications only. This will be the only mechanism the users will access your data. Then I would go for approach B.
  3) When using approach A some users didn't like that all users will have access to their workspace, including the sql command line and having the capability of building applications and possibly being able to change the data they have access to through the Oracle roles. Locking down this capability is possible but it takes some effort and requires an Apache as a proxy.
  4) When using approach A you will need DBA privileges to manage the users and assign the roles. This might not always be possible nor desired. Depends on who will manage the Oracle XE instance.
  5) Moving the application including the end users to another machine is a bit easier using approach B since they are exported via the application export mechanism. Using approach A you would have to do it yourself. Be aware that the passwords are lost when you install the users into a different Oracle XE instance.
  6) If you design the application using approach B you will have to design security in a way that doesn't rely on the Oracle roles / grants security mechanisms. This makes it easier to change the authentication scheme later. For example, later you want to use a LDAP directory, a different custom authentication scheme or even SSO (SSO is not available out of the box but feasible). This is directly possible.
  Using approach A you would have to recode the security mechanisms (which user is allowed to update/delete which data).
  Hope that clarifies your options a bit.
  ~Dietmar.
  Message was edited by:
  Dietmar Aust
  Corrected a typo in (5): Approach B instead of approach A , sorry.
  Message was edited by:
  Dietmar Aust

• Portal groups/users and security

  Hi,
  I have created an application and that application has forms, reports, meunes, page with three tabs for Admin, Librarian and Reports. I put some portlets of Forms etc in different tabs. Now i want that the Admin can access and see all tabs, Librarian can access and see Librarian and Reports tab while Users just can see and run Reports. For that i created three groups
  Admin_group, Librarian_group and user_gropus. For each group i created test users and attach or add these users to the group. To each group i gave execute permission of the application. After that i went to the page and on the page i assign follwoing permission to the tab.
  Reports: all three groups(view only)
  Librarian: Librarian_group and admin_group view_only
  Admin: Admin_group view_only.
  Then i log on as a test user of the User_groups but i was just able to see the report tab but not the menue (which is portlet in this page). Same with other tabs and users. I want to know what i am missing.
  Your help will be highly appreciated.
  Thanks
  Muhammad Ejaz Azimi
  null

  All the groups has execute permissions of application. Can you please tell me for any documentation for Portal Security i.e group and user management or if possible you can little explain ?
  Your help will be highly appreciated.
  Thanks
  Muhammad

• Check number of users and security

  Gurus,
  In our EPM environment (system 11.1.2), we have four different applications/databases (planning and essbase included) and i need to list the total users in all of the applications and see what there provisioning and security are. How could I be able to do that?
  Do I need to export security on all of them and filter them or is there any way to check the users in all of the applications at once?
  Thanks

  hyperion start wrote:
  Thanks for your reply Celvin
  Is there any way I can view a list of users by department?
  Is there any thing like that to sort by group/department.
  ThanksList of users by department - There are groups in Shared Services, are your groups arranged by department? if the answer for that is "Yes", then yes, the export of all Groups from Shared Services will list the children (member) of each group.
  I don't think there is a sort in Shared Services, however once the csv file is exported, you can do the sorting.

• "oracle" user and security

  I am running Oracle 10g XE on a Linux machine (RHEL 4.0).
  I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:
  Authentication Failures:
  unknown (200.3.248.22): 4159 Time(s)
  oracle (200.3.248.22): 36 Time(s)
  How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.
  Can I change the password to something strong without affecting my system?
  Thanks!

  Can I change the password to something strong without affecting my system?
  I just wonder if it will cause any problems if I change the password? I don't want to mess up my system.Well for Oracle SW (and whole local OS) there is no problem. Problem could be if you are using some external scripts that you are using on remote machine (and which using login password sequence to access the OS).
  How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.To check the password strength you can use some utilities. For example John is very good for that: http://freshmeat.net/projects/john/
  I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:Why aou are running your database in untrusted network segment (internet). Best practice is to place such system to secured segment (DMZ, VLAN). If the reason is that your 3rd party partner needs to connect to database you can do IPSEC tunnel.
  Of course don't allow to connect anyone to your machine and to any port. So the recommendation about iptables (netfilter) is appropriate.

• How to find the correct SR of MAM3.0 and SP Level of MI Client

  Hi All,
  My Backend is ECC 6.0 - 604 SP03
  My WAS is 7.01 SP04
  I want to Implement a MAM 3.0 Solution. For MAM, I have various SR Releases, SR6 being the latest I think.
  For MI Client also, there are lot of SPs available.
  My Question is that for the given version of Backend and WAS, How can I know which SR of MAM3.0 we need to pick?
  And which MI Client SP is the minimum to be used and what does it depend on?
  Thanks & Regards,
  Ankur Malhotra

  1) So the Backend's version doesnt effect anything, right?
  Mostly NO.
  2) I followed the path you gave till -
  -> Entry by Application Group -> SAP NetWeaver -> SAP NETWEAVER
  -> SAP EHP1 FOR SAP NETWEAVER 7.0 -> Entry by Component -> MI Client
  But then I didn't see a MI Client 7.01.
  I only saw a MI Client 7.00. Where shall I look?
  May be your SMP id did not have the rights.
  3) I can still see a SR6 - MAMLAPTOP3006_0-20001490.ZIP.
  i was not knowing that. Thanks for the update.
  4)So even if I go ahead and dowload SR4, Is there a Minimum SP of the MI Client which I need to use for SR4. Where to find this relation?
  There is no relation between xMAM SR release and client. The MI server and Client versions have to match as I mentioned earlier.
  For xMAM you always have SR (Service Releases) and the patches say PL5 and so on.
  But for major products like SAP NetWeaver MI, BI you have SP level say SP15 and so on.
  The terminolgoes in SAP world are more often confusing, I agree
  Chintan

• User's security level issue

  I have an Administrative and a Limited User accounts on my PC. iTunes works fine under the Administrative account, but in Limited User account I get an error everytime I try to change some kind of configuration option at Preference's window (Edit/Preferences). I think iTunes should store the configuration file at user's account folder.
  The other problem on my Limited User account is that I'm no longer able to add musics on iTunes. I use the "Keep iTunes Music folder organized" and "Copy files to iTunes Music folder when adding to library" options. WHen I try to add a file, iTunes show an error like "Attempting to copy to the disk 'C:\' failed. The disk could not be read from or written to.". iTunes is configured to store all my musics at an folder like C:\MP3 and even my Limited User account has Full Control to this folder.

  Limited user accounts have limited access to folders, I think if you want iTunes to work in a limited access account accessing a folder outside it's own account you will probably need to adjust the the permissions.
  This should be straight forward in XP Pro. You need to set the folder permissions so the limited user at least has write/modify access and preferably full control of the iTunes folder and iTunes Music folder.
  You can do this from the security tab in the folder's properties.

• Groups of users and application level access

  Hello,
  just to be sure that I got it right.
  If I have a single workspace and I want to have two distinct applications, where the users of one application do not access the other one and vice versa, should I manage the access on a page by page basis, using two different authorization schemes made up of PL/SQL functions checking user's group membership?
  I believe there is no way to specify an authorization scheme for a whole application, isn't it?
  Thanks,
  Flavio

  Scott,
  if I am not wrong, the checks you suggest to include require an authorization scheme applied once per page view.
  I wrote the following function as authorization logic:
  if :APP_USER is not null and
  upper(:APP_USER) not in ('NOBODY','PUBLIC_USER','HTMLDB_PUBLIC_USER')
  then
  return nvl(htmldb_util.current_user_in_group('PROMO'),false);
  else
  return true;
  end if;
  This works fine only if I specifiy "once per page view" in the "validate" property.
  If I choose "once per session", any authenticated user can enter the application, no matter what the user group is.
  Given this scenario, do you think it is still possible in some way to use the authorization scheme on a per-session basis?
  Bye,
  Flavio

• SOAP Adapter with Security Levels - HTTP & HTTPS

  We have a successfully working interface scenario where SAP XI is hosting a web service and the partner systems calling it using SOAP Adapter URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel with Security Level HTTP on the SOAP Sender Communication channel.
  Going forward, for other similar interfaces (SAP XI hosting Web Service and partner systems calling it), we would like to use HTTPS and/or certificates.
  If we enable HTTPS on XI J2EE server as per the guide How to configure the [SAP J2EE Engine for using SSL - Notes - PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc]....
  can partner systems still use the URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel or should they switch to https://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel?
  can we continue to have the existing interface working using HTTP Security Level i.e. partners not having to send the certificate with each message?
  If we use HTTPS security level, is it mandatory for the partner system need to send the certificate? Is it possible to have an HTTPS scenario w/o certificates?
  What is the difference between Security Levels  'HTTPS Without Client Authentication' & 'HTTPS with Client Authentication'?
  I appreciate your inputs on this.
  thx in adv
  praveen
  PS: We are currently on SAP PI 7.0 SP17

  Hi Praveen,
  There is no need to change the interface and It is manditory for the partners to send certificates in order to validate each other. Use the https in url.
  HTTPS With Client authentication:
  The HTTPS client identifies itself with a certificate that is to be verified by the server. To validate the HTTPS clientu2019s certificate, the HTTPS server must have a corresponding CA certificate that validates this certificate. After validation of the clientu2019s certificate, the server maps the certificate to an actual system user executing the HTTP request.
  and check this link.
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  Regards,
  Prasanna