Users can see Vacant Positions

Similar Messages

• Unauthorized User can see the aggregated result?

  Dear all,
  I got a problem that, unauthorized user can see the aggregated result.
  e.g. A user who is allowed to read data of Sales Office (0SALES_OFF) 0001 only. (It is done in the RSECADMIN already)
  Now a cube contains Sales records of Sales office 0001 & 0002 :
  Sales Office 0001  Sales Value 3000
  Sales Office 0002  Sales Value 2000
  When the user execute a query from the cube without any selection criteria, it give the aggregated Sales Value 5000.
  But if the user try to drill down for each sales office, it can then give error, because the user are not suppose to see Sales Office 0002 records.
  What I expect is an error at the very beginning when the user execute the query, saying the cube contains data that the user is not suppose to see, the user need to put in the correct Sales Office as criteria first.
  Is there anyone can help on this issue?? I have no idea how can this happened?
  Many Thanks!!!
  Chris

  Hi,
  Now I understood your concern correctly. Unfortunately, I do not have prompt answer for you. So, User should be able to view the aggregated result, but not to irrelevant sales office. If you don't have condition on Aggregated Result, restricting to individual Sales Office can be done in RSECADMIN.
  Let's wait for other's opinions.......
  Regards,
  Suman

• Hi, I have got three ipad minis which I would like to use in a business environment whereby the users can see and update a single calender.  Is this possible? Would they have to be run form one account?

  Hi, I have got three ipad minis which I would like to use in a business environment whereby the users can see and update a single calender.  Is this possible? Would they have to be run form one account?

  Drrhythm2 wrote:
  What's the best solution for this? I
  Copy the entire /Music/iTunes/ folder from her old compouter to /Music/ in her account on this new computer.

• User can see all resources, not only Permitted for his/her Organization

  Hi,
  I have set three self-serviceable resources as Permitted Resources for a specific organization. So if I click on Permitted Resources for that organization I can see only those three...
  When an user of that organization clicks on Request New Resources, all self-serviceable resources are listed to the user, not only the Permitted Resources. I thought the user could see only the permitted resources...
  If I log as sys admin and Request Resources for an user of this organization, I can see only the three permitted resources.
  I saw the sql statement that OIM run to list the resources:
  select
  obj.obj_key,obj_name,obj.sdk_key,sdk_name, obj_order_for,obj_auto_prepop, obj_type,
  obj_allow_multiple, obj_self_request_allowed,obj_autosave,obj_allowall,
  obj_rowver, obj_note,obj_autolaunch
  from obj obj
  left outer join sdk sdk on obj.sdk_key = sdk.sdk_key
  where obj.obj_key in
  select distinct obj.obj_key from obj obj
  left outer join sdk sdk on obj.sdk_key = sdk.sdk_key
  left outer join acp acp on obj.obj_key = acp.obj_key
  left outer join oba oba on obj.obj_key = oba.obj_key
  where
  obj.obj_self_request_allowed='1' or obj.obj_key in
  select obj_key from acp where act_key in
  select act_key
  from usr
  where usr_key= 5 and acp_self_servicable = '1'
  ) and
  obj.obj_order_for = 'U' and
  (obj.obj_type='Application' or obj.obj_type='Generic') and
  obj.obj_key not in
  select pop.obj_key
  from pop pop, pol pol, pog pog, ugp ugp, usg usg
  where
  pop.pol_key=pol.pol_key and
  pol.pol_key=pog.pol_key and
  pog.ugp_key=ugp.ugp_key and
  ugp.ugp_key=usg.ugp_key and
  usg.usr_key in (5) and
  pop.pop_denial='1'
  ) and
  obj.obj_key not in (
  select distinct obj.obj_key
  from obj obj, obi obi, ost ost, oiu oiu
  left outer join orc orc on oiu.orc_key=orc.orc_key
  where
  oiu.obi_key=obi.obi_key and
  oiu.ost_key=ost.ost_key and
  upper(ost.ost_status) <> 'REVOKED' and
  obi.obj_key=obj.obj_key and
  oiu.usr_key in (5) and
  obj.obj_allow_multiple='0'
  ) and
  obj.obj_key in
  select distinct obj_key
  from pkg
  where pkg_type='Provisioning'
  As you can see in the query above, if I change the snippet below the result is what I expect.
  obj.obj_self_request_allowed='1' AND obj.obj_key in
  Did I miss to set something or doing something wrong?
  Thanks,
  Renato.

  Sorry, but I do not understand your last reply. You mentioned the following:
  for option B, even when option A is unchecked, you can set self-request only for a specific organization when assign permitted resources.
  Isnt this what you wanted? You should set the resource as permitted resources in all the organizations whose users can request that resource. I have implemented this and it works just fine. It works for both types of requests. a) My resources -> request new resources and b) Requests -> Resources -> Grant resources.
  In case of b, depending on the organization to which the selected user belongs, the Resource is displayed. all resources are not displayed.
  So the solution is to uncheck in RO and put the resource under specific organizations permitted resources and make it self-requestable. It should work fine. Let me know your exact issue if it does not work this way.

• Anonymous Users can see pages and files only about 10 minutes

  We have set Anonymous access permission to an KM repository. After the portal restarting very strange things are happen. An user who belongs to the Anonymous Users group can see and open pages (created by WPC),  files and hyperlinks. But after about ten minutes of such browsing a login screen begins to appear. Since that time the user canu2019t see and open any file of the repository.
  We have accurately read and applied recommendations of the Note 837898 - How to configure anonymous CM access.
  All URL Generator Service properties are exactly satisfied recommended values (e.g. /irj/go/*).
  We have granted Read permissions to all required repositories and recourses for Everyone and Anonymous Users groups (checked End User fieled as well).
  The site navigation structure and pages have been developed by mean of Web Page Composer (WPC).
  Security Zone (no safety) of WPC has been set with Read permission of Everyone and Anonymous Users groups.
  How to work around this?

  >
  Kyle Lawrence wrote:
  > Vladimir -
  >
  > Vladimir -
  >
  > Does this behaviour occur outside of WPC? 
  This behavior occurs then we click link inside pages generated in WPC. After that the anonymous see the login screen.
  > For example, if the anonymous user only has portal content, does the timeout occur? 
  What do you mean? Between ten and twenty minutes an anonymous user lost the ability to access any pages generated in WPC, any file contained in the portal, any XML Forms generated by XML Forms Builder (e.g. the News XML pages).
  > Does the timeout occur if the user does not navigate anywhere in the portal? 
  I'm not sure we didn't check. It's most likely that after a number previews of the pages it happens.
  > Does the timeout occur with  only KM and not WPC?
  >
  Again between ten and twenty minutes an anonymous user lost the ability to access any pages generated in WPC, any file contained in the portal, any XML Forms generated by XML Forms Builder (e.g. the News XML pages).
  Please read the following clarification of our situation.
  During setting up access of anonymous user to Web Page Composer pages we need to use Web Content repository that is not in the Documents repository.
  As is in the note 837898 there are no prefixes for WPC pages in the URL Generator Service.
  So the an anonymous user get login screen then attempt to access any WPC pages of the Web Content repository.
  How to achieve that content in the Web Content repository get as Content Link property the value '/irj/go/km/docs/wpccontent/u2026', rather than '/irj/servlet/prt/prtroot/...'?
  > It almost sounds like the user's logonticket has expired after 10 minutes.
  >
  As far as I know an anonymous user doesn't provided with logon ticket at all. You can check this in the SDN SAP Help.
  > Regards,
  >
  > Kyle

• Is there any other way to  limit the data a user can see

  We are using Discoverer 10.2.xxx
  We are running it against an Oracle applications database but we do not have Discoverer integrated with the apps. I have created database users for discoverer and granted access to the data at the db level.
  We have about 40 salesreps and we only want each rep to see their own data. We have a high turn over with the reps
  For now, I have created the row level security in that folder in my eul. If the username = XXXX then Salesrep = XXXXX
  OR
  If username = YYYY then DSM = YYYY
  etc.. This goes on for about 40 users We have 3 levels of "users" - Salesrep, DSM or RSM (District or Region sales manager)
  These users are setup in my apps and I can write a database procedure to select their salesrep name based on their username.
  Is there any other way to limit the data that the salesreps can see ?
  Possibly with a stored procedure some way?
  Thanks
  Angie

  At a previous client's, I had created a system not too unlike what you're describing.
  Basically, I created an Oracle table that stored information concerning the salesperson as in Oracle Apps the data was not reliable for what they were doing (ie: with adding Apps modules, sometimes salesperson data was there, but with say, CRM, it was in another place, etc.).
  So, since this table was going to be used for driving everything about a salesperson (commissions, who they report to, when they started, territory, when / if they moved territories and/or manager, etc, etc.) I put lots of good stuff in it that would make life easier for them.
  The end user in charge of all this had was given a Form to add, edit, delete all this good stuff and they were happy.
  When it came time for security, it worked like a charm in that I used the concept of the BIS views where a user has an apps id associated to them and all data was filtered by that id. All I really had to do was to create this view that simply filtered data to that user's id. Then whenever I had a Discoverer report for salespeople, managers, etc. I just made sure the folder used had a join to this filtering view and I chose an item from the filtering view and all worked fine. All Discoverer reports only returned row level information for the salesperson who ran it.
  Likewise, the same Oracle table was queried by another security view that only brought back the same IDs for the salespeople associated to each manager. When this simple view was joined to any sales Discoverer folder (and used in Disco), it limited all data to the salespeople the manager was responsible for.
  Obviously this is just an overview and would take pages to explain, but essentially, if you can associate some kind of unique ID to each salesperson (I used the one returned in BIS views when someone logs into Apps, but you could just assign a different in your case), then you can create a view that filters to that id. Then when that view is brought into the EUL and joined to any other folder in the sales area (and you choose a column from the security view), you'll have what you're referring to - row level security for all salespeople and managers.
  When it works - it sure does look impressive.
  Russ

• User can see the subject are but nothing under the subject area.

  Hi
  I have OBIEE 11g.
  I was thinking this is a very simple case where I have one subject area for which I want to create a user such that it can create analysis and reports on that subject area.
  I BIAdmin can do that currently.
  So I created a new user in console. Under the 'Groups' tab of this user, I choose 'BIAuthors' from the 'Parents Group Available'.
  Then I logged in as this user. User was able to see the subject area but only the header. When it clicks on the expand ( + icon in tree) it expands to nothing.
  So i logged into the rpd and Under Identity -Manage , and open the properties for BIAuthor. and under Permissions , I gave BIAuthor the permission to the subject area.
  That did not help.
  I also opened the subject area from the presentation layer and under permission I made sure that "Everone" has Read access.
  But even after a bounce the user just sees the header and it expands to nothing,
  Any suggestion.
  (I was also thinking that why do I see BIAuthors in weblogic where as BIAuthor in rpd (without s ). I was thinking the rpd BIAuthor is something from 10g version.
  Thanks for all the help.
  Edited by: user6287828 on Sep 13, 2012 2:33 PM

  Hi,
  Better to decline the subfolder permissions from the user @answers,then user can only see the subject area but he can't access the subfolders...
  mark if helpful/correct...
  thanks,
  prassu

• Users can see, but can't open image files

  We store all of our digital photos (jpg's) on an Xserve RAID attached to an Xserve.
  Twice in the last 3 weeks I have started getting calls from staff members to tell me that they can see the files but can't open them.
  The jpg files aren't recognized.
  If I click on a file from my iMac I get the following message:
  "Couldn't open the file. It may be corrupt or a file format that preview doesn't recognize."
  If I reboot the server. The problem goes away. The files aren't corrupt and people can access them again. I saw this three weeks and then again today, so it's not like it happens every day.
  Even though I connect from a Mac, most of my users are Windows users connecting via Samba.
  We are using RAID Admin: 1.5 and Firmware ver.: 1.5-1.5.xfb
  Mac OSX Server is 10.4.1
  Any ideas why this happens?

  Does the same thing happen with files that are on the local drive? That would be the first thing I'd check.
  Any reason you're running 10.4.1 server and not 10.4.3? There were tons of fixes in 10.4.2 and 10.4.3 around the file system... I'd recommend the update strongly.

• Missing Monitor Task:  Some users can see, some cannot

  We have a task in the monitor that came up missing in February 2009.  We do not know if it was accidently deleted and sent with a transport we recently sent or if it has been missing for a while and noticed until February 2009 was closed.  The task is still in all previous periods/years.  It was added back in February 2009 and we thought successfully transported.  We now have some users who can see the task and others who cannot.  One user cannot see it in February 2009, but in all periods going forward.  We do not have any authorizations by task and this task has been in the monitor for 4 years.

  Have the users that cannot see the task refresh the monitor to see if that helps.
  In the configuration for the task, with the parameters set to the version period and year (Feb. 2009), make certain that the consolidation frequency is up-to-date as well as the method assignments. I have experienced the method assignment missing when there are several different consolidation frequencies in play.

• Valid users can see a site, but not the document libraries they have permissions for

  Hello everybody,
  at a customer's site, there is SharePoint Foundation 2013 SP1 running, bound to both http and https. Seeminlgy out of nothing, a strange behavior occurred: Visting
  http://intranet/subsite showed the page headers (logo, global navigation etc.), but no content. The welcome text was missing as well as the links to the document libraries which should appear in the left navigation.
  After explicitely adding http://intranet as an alternate name (https://intranet was active only, don't know why), we can again reach content via http. Still strange appears, that
  http://intranet global navigation links get redirected to https (fine, but unexpected). If we change a deep link to a document library from https to http in the browser's address bar, we can reach the content fine.
  However, one problem still exists: This site gets published via TMG 2010 via https, and that also worked just fine for many months. But now, I can try what I want in TMG, valid authenticated users see only the top navigation, but no content at all.
  Can anyone give me a hint about what to check? Of course, I will provide any info you may need.
  Best Regards, Stefan Falk

  Hello Daniel,
  Thank you for your response. As to your questions:
  I just added http://intranet to the alternate access mappings of the intranet zone and did not extend a website.
  Besides SharePoint Central Administration, there is no other SharePoint web site collection on this server, and no other non-SharePoint-IIS-Site. This is a VM for nothing else than hosting this single intranet site collection.
  We do see the same issue under two sub-websites underneath
  http://intranet, namely http://intranet/Datenaustausch and
  http://intranet/Protokolle. In both sub-sites, there is some welcome text on the home page and there are several document libraries, each with permissions not interited, but explicitely granted to specific users.
  The first (solved) issue was, that we could not see the document libraries when using http, but could see them using https. This was solved by adding the alternate access mapping for
  http://intranet explicitely.
  We can successfully browse the sites (using http and https now) from the internal network. The one issue left is that the same does not work through TMG, that is, coming from the external network, we can see and call up the sites in a browser, but not any
  content in them. We do see the site title and logo, and the global navigation at the top of the page, but we do not see the welcome text, nor the document libraries. This did work last week, and we do not know nor could find, why it stopped working. The issue
  persists regardless of whether we use bridging to https or to http between TMG and SharePoint.
  We have already restarted the SharePoint box, with no success.
  If I can provide any further information needed, I will be glad to do so.
  Best Regards, Stefan Falk

• Library in shared folder - users can see, but not change?

  We have or music library saved to the shared folder so all of the users in the family can access the music. However, only the original user can make changes (change genre, mark don't include in shuffle, etc.). Is this by design, or should everyone be able to make changes to the music?

  This still does not fix it... If you cannot R&W over the folders and the library, you cannot even open the library. I've been looking into the same issue, and have not been successful. I might try what I used for iPhoto and worked beautifully; I have not done so, because if I remember correctly, it was posted that this does not work:
  sudo fsaclctl -p / -e
  sudo chmod +a "<other user> allow delete,chown,list,search,add_file,\
  addsubdirectory,delete_child,file_inherit,directoryinherit" <path to directory>

• Document library: user can see the metadata but not the file itself

  Hello,
  For a specific document library certain users will have the right to see the metadata but not the file itself. The only solution I can  think of is using a http handler. But I don't know if I can get the user that requests the document.
  Are there any other approaches to this requirement?
  Can I get the username of the user that makes that request?
  I guess that http handler is deployed at the Web application level - am I right?
  Thank you
  Christos

  Nicolas, thank you for your answer.
  I think this this is not a strong protection. Everybody can istall sp designer or go through UNC path, like \\myserver\documentlibray or \\myserver\lists\mylist and see the documents- and we use unc paths a lot. I don't want to get into trouble when a (wiki)
  leak is made.
  Christos

• Users can see documents for all users on the computer?

  when I log in to user A and do a search this Mac, it finds all documents even from other users that are supposed to be confidential!  How can I change this so that searches only find documents on that user?
  Hunter

  Guess you're my Ed Snowden go to guy for this stuff. 
  I have been naively thinking my confidential stuff was confidential.  I don't think my staff have the wherewithal to figure that out and they are too busy and generally good people anyway. 
  One think I did notice when I was browing the Users from my employees computer: all other Users Documents folder had the RED dash on the folder.  The only one missing the red dash was from mine which is the  confidential User.  I did set my documents folder to NO Access earlier today but no red dash appeared on that folder.  Just checked it again after a restart.  seems odd.
  Thanks very much for your help Barney. 

• Users are unable to see their own profile photo although everyone else can see it in Lync 2013 client

  We have Lync 2013, Exchange 2010 and several AD
  servers in mixed mode 2003/2008.
  All user are unable to see their own profile photo
  either in the main Lync window, in the settings or in a chat although other user can see that their photo is there and displaying. The user experiencing the issue can go open Outlook 2013 client and will see their photo displaying correctly in the file menu
  (and elsewhere) here.
  I have confirmed this happens with any new users I set up as well. We have gone through a fair amount of troubleshooting with other Lync photo issues and simple fixes such as deleting the SIP cache folder etc proves to be ineffective.
  Our Cs-ClientPolicy Global is set to websearchonly.
   We have "Replicate this attribute to the Global Catalog" set
  for the ThumbnailPhoto attribute in AD.
  We are also forcing photos from AD only (or no photo) by setting the following:
  "Set-CsClientPolicy -Identity PhotosControl -DisplayPhoto
  PhotosFromADOnly"  
  and finally we are importing the photo in ad using this PS command:
  "Import-RecipientDataProperty -Identity "Test User"
  -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\pictures\testuser.jpg" -Encoding Byte -ReadCount 0))"
  The pictures being uploaded are under 10KB in size.
  I have followed many threads and will provide any information I can to help find the problem. Thank you in advance.
  EDIT: I have also tried the following but with no success: https://knowledge.zomers.eu/misc/Pages/How-to-fix-your-photo-not-showing-up-in-the-Lync-client.aspx

  Hi Jdentremont,
  Lync client gets user photos by first querying the Address Book Web Query (ABWQ) service on the server, which is exposed through the Distribution List Expansion web service. The client receives
  the image file and then copies it to the user's cache to avoid downloading the image each time it needs to be displayed. The attribute values returned from the query are also stored in the cached Address Book Service entry for the user. The Address Book Service
  deletes all cached images every 24 hours, which means that it can take up to 24 hours for new user images to be updated in the cache on the server.
  To troubleshoot your problem, please follow the steps below:
  1.  Navigate to
   “X:\share\1-WebServices-1\ABfiles\000000000\000000000” folder. (ABS file share)
  You should see some photo files in this folder as the following screenshot.
  2. Delete all the files in this folder.
  3. On test PC, delete local cache files.
  %userprofile%\AppData\Local\Microsoft\Office\15.0\Lync\[email protected]
  4. Sign-in Lync with the test account.
  5. Go back to the ABS file share, check if there is any Photo file in the folder.
  Best regards,
  Eric
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• In po my doc type,other users can't do me21n&me22n but they see in me23n

  i have created my own document type in po, that document use for me only not other users but other users can see(me23n) display mode but can't do me21n & me22n with my own document type, this option is there in sapmm plez explain
  thank u

  HI,
  For achieving this you have to restrict the authorization for other users in authorization object M_BEST_BSA.
  Regards,
  Bharat.