Users with same role but cannot acess/see the restrcited page
Hi, SDN Fellows.
I have a requirement as stated below:
Said, I have Role A, which have WorksetA , that contains Page1, Page2,Page3.
The requirement is: User A was assigned to RoleA, he can see all the pages in the role hierarchy.
But User B was assigned to RoleA too, but I want to restricted this user to see Page3.
In this, case, how should I manage that? Can we set some authorization from the page? If yes, is it going to be troublesome for the system admin to maintain that?
Thanks.
Kent
Hi Kent,
> Can we set some authorization from the page?
No, you can't. Permissions ar set on the unique object within the PCD, this is the role in your case.
The standard scenario is to create two roles A and B, where user A is assigned to both roles and user B only to role B. Role B contains WorksetA and Page3, whereas role A contains WorksetA and Pages 1 & 2 -- an both roles are merged.
By this, you have one navigation structure but user B only sees page3, whereas user A sees all three pages under the workset entry (from the navigational point of view).
See http://help.sap.com/saphelp_nw04s/helpdata/en/53/89503ede925441e10000000a114084/frameset.htm for details.
Hope it helps
Detlev
Similar Messages
-
Mitigation runs against role but not user with same role assignment
Hello, I'm currently running Compliance Calibrator 4.0. I've created a Mitigation Control and assigned a number of Risks to the Mitigation Control.
I've then assigned the Risks in that Mitigation Control to a specific role.
When I run the SoD check, the role no longer shows any issues. This is good and expected.
However, when I run the SoD against a user that has that role assigned the user is reported with issues when no SoD issues should be shown.
Am I missing something? I don't believe I need to assign Mitigation Control to the user, because one day the risk might be valid to that user, but just not for the role I'm trying to mitigate against. Many thanks.Hi Dylan, the system is reacting correctly.
When you mitigate a role, you mitigate the risk associated with the role and under 'Role Analysis' you will see that this role has been mitigated.
However when u run a User analysis, the system will still identify him if there is a 'RISK' associated with the user and this is regardless of whether the associated Role is mitigated or not because what you want to know is the risk of the user and not what roles this user has.
You will need to specifically mitigate the User in order for the mitigation control to show against the User in the report.
This is the same Vice Versa. when you mitigate a User, it also does not mean that all the associated Roles that the user have are mitigated. The risk associated with the roles will still appear when you do 'Role Analysis'
Cheers! -
AD user with no role assignment cannot login
We have created AD users that are being authenticated through OBIEE 11g. In the AD we currently have the user, password and group information associated with all the users created.
As per system behavior if an user's group is not mapped to a role within the EM, it should automatically be tagged with the authenticated-role which being a part of the 'BIConsumer' role will give the corresponding privileges to that user. This does not seem to be happening. Any insights on why this would be the case?
Additionally - If there is a group associated with a AD user within the active directory itself, is it mandatory that the AD groups be associated with a role? What I mean by this is, if we have RPD level init block to map authenticated users to custom database roles imported within the RPD and EM, would they not work unless there is a direct AD group to role assignment?The RPD had no access set for "Authenticated Users" and "BI Consumer Role" for all subject areas as part of the presentation layer permissions, hence unless a user was assigned to a role that could access either one of the subject areas the default authentication would not work.
-
Finger print marks on new macbook pro not goin inspite of cleaning with soft cloth? I can see some smudges, How to clean them ?
Good idea to ask!
Cleaning Apple products:
http://support.apple.com/kb/HT3226 -
Users with same configurations - one has access not the other
Hi all,
I have a real mysterious problem.
On the same computer, installed with "Cisco VPN Client v5.0.07.0410", one user can connect to the VPN and not the other. Both users uses the same Dynamic Access Policies on our ASA firewall. We are certain that the users entered the correct name and password. But one can enter in our network and the other gets an "Authentication failed" message directly in the "User Authentication" window.
Has someone an idea to help us solve this problem ?
I provide you here a log file of the problem (IKE.log level 3), if you think you need an other, please ask.
In this log, I have the feeling that the cause (and maybe the solution) is around event 293, but......not sure.
Thanks in advanceHi Balthazer,
Please send us the following outputs from the ASA. Run a conditional debug for the specific user who is facing the issue.
debug crypto condition [username string]
debug cry isa sa 200
deb cry ips sa 200
Also, you have mentioned that you are using DAP policy. Can you share the DAP policy with us.
Regards,
Abhishek Purohit
CCIE-S- 35269 -
HT5205 I am roaming but cannot connect to the internet?
I am roaming with my iPad, but cannot connect to the internet?
I am roaming with my iPad, but cannot connect to the internet?
-
Nyt times photo blog says latest FP version needed. I have it but can't see the pictures. HELP
I am running vista home premium and I use both internet explorer and firefox. The NYT website photo blog is called LENS and I have always been able to use it. A week or two ago I was told that I needed the latest version of flash drive to view photos. I went to the download site. got the software and loaded it. My list of program now shows Version 10 active x with flash plugins but can't see the photos. Appreciate any help
Hi, Are you using a 64bit Operating System? What version of IE are you using? Did you use the DLM(download manager) when Installing?
Thanks,
eidnolb -
Restiction on SAP Lumira user with BI_DATA_ANALYST role
Hi,
Is there an option to disable the SAP Lumira user with BI_DATA_ANALYST role from loading the Excel data into SAP Hana? We would like the user to be able to create story boards and publish it on SAP LUMIRA server using HANA views but not allow him to load any flat file data.
Thanks,
LakshmiManish - if you are on BI4 there is no need for the SAP Integration Kit with Web Intelligence
You can connect using the BEx Query
For Lumira right now you can connect using the BEx query but only in the Visualize room - more enhancements are planned in 1.27 - see SAP Lumira Webcast including H1 Plans with BW Updates
I don't think Gateway is needed in these scenarios
Tammy -
I was making new Apple ID with my other Email on iTunes, but I canceled the process on payment page. After a while I went to make a new ID with same Email but it says the Email is already in use! what should i do?
You will need to try changing the email address on the first account and see if you can then re-use it on a new account - you can try changing the email address via http://appleid.apple.com or by logging into it via the Store > View Account menu option on a computer's iTunes (if you don't have a spare email account then you can create one via http://gmail.com or http://hotmail.com)
-
when I connect my apple tv to my access point upstair and connect my ipad to the same access point i cant see my apple tv when i open up the airplay menu on my ipad. but i can see the apple tv in the living room downstair which connect to the main router.
Below is some info i get about ports.
I tried to set DMZ on my main router to have full access to ported to access point upstair which is in the ip of 192.168.1.2 and the main router in the living room is the gateway router with the 192.168.1.1 ip.
I still cant see apple tv after i try the DMZ method.
any suggestion ?
These network ports are used by Apple TV for communications on your network.
TCP port 123 is used to communicate with a network time server.
TCP port 3689 is used to communicate with iTunes while using the iTunes Library Sharing feature.
UDP port 5353 is used by Apple TV for automatically finding computers with iTunes on your network using Bonjour.
TCP port 80 is used for communicating with podcast servers.
TCP port 80 and 443 are used for basic and secure communications with the iTunes Store via the Internet.
TCP port 53 is used for regular DNS.
These are well-known ports used by Apple products, like iTunes. If you can use all the features of iTunes, these ports are likely already open on your firewall or NAT router. Note: These ports may also used by other services such as YouTube and Flickr.When the Apple TV is paired with a remote, it means only that remote can control it, when it's not paired any remote can control it. You will need a remote for each of your devices.
-
Two methods with same name but different return type?
Can I have two methods with same name but different return type in Java? I used to do this in C++ (method overloading or function overloading)
Here is my code:
import java.io.*;
public class Test{
public static void main(String ar[]){
try{
//I give an invalid file name to throw IO error.
File file = new File("c:/invalid file name becasue of spaces");
FileWriter writer = new FileWriter(file ,true);
writer.write("Test");
writer.close();
} catch (IOException IOe){
System.out.println("Failure");
//call first method - displays stack trace on screen
showerr(NPe);
//call second method - returns stack trace as string
String msg = showerr(NPe);
System.out.println(msg);
} // end of main
public static void showerr(Exception e){
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
e.printStackTrace(pw);
try{
pw.close();
sw.close();
catch (IOException IOe){
IOe.printStackTrace();
String stackTrace = sw.toString();
System.out.println("Null Ptr\n" + stackTrace );
}//end of first showerr
public static String showerr(Exception e){
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
e.printStackTrace(pw);
try{
pw.close();
sw.close();
catch (IOException IOe){
IOe.printStackTrace();
return sw.toString();
}//end of second showerr
} // end of class
[\code]Overloading is when you have multiple methods that have the same name and the same return type but take different parameters. See example
public class Overloader {
public String buildError(Exception e){
java.util.Date now = new java.util.Date() ;
java.text.DateFormat format = java.text.DateFormat.getInstance() ;
StringBuffer buffer = new StringBuffer() ;
buffer.append(format.format(now))
.append( " : " )
.append( e.getClass().getName() )
.append( " : " )
.append( e.getMessage() ) ;
return buffer.toString() ;
public String buildError(String msg){
java.util.Date now = new java.util.Date() ;
java.text.DateFormat format = java.text.DateFormat.getInstance() ;
StringBuffer buffer = new StringBuffer() ;
buffer.append(format.format(now))
.append( " : " )
.append( msg ) ;
return buffer.toString() ;
public String buildErrors(int errCount){
java.util.Date now = new java.util.Date() ;
java.text.DateFormat format = java.text.DateFormat.getInstance() ;
StringBuffer buffer = new StringBuffer() ;
buffer.append(format.format(now))
.append( " : " )
.append( "There have been " )
.append( errCount )
.append( " errors encountered.") ;
return buffer.toString() ;
}Make sense ???
Regards, -
How to get Unique calid for users with same name in multiple domain env..
I found we need to use "-k legacy" option for creating users in non-hosted setup..
I had two domains default as xxxx.com and the one that I created as yyyy.com
When I have users with same name in two of the domains as user1..
The calid for both of them is... user1 ....so they share the same calendar
When Im in valid SSO of yyyy.com I get the mail account for user1 as [email protected] .....but the calid .. common as user1
How I can get unique calid for users under two domains..
whether I need to set Hosted domain support...Then how the mailid's differ with out using hosted domain support..
And I need to login UWC without using @domain.com...
Help me on this...
AshikDo you have UWC and Cal configured at least for virtual domain support?
basically.. for discussion.. let's say you have three domains on your server.. 1st domain is the default domain. other 2 domains are virtual domains.
if all domains were created with mail and cal support (-S mail,cal).. you would use the following options when creating users:
1) for the default domain.. you must use the "-k legacy" option when adding users.
2) for the other two domains.. when you create the user.. do NOT use a "-k" option.
If you do not use the "-k" option.. it defaults to "hosted" which will cause the user's calid to be [email protected]
If you Do use the "-k legacy" option.. it will create the calid as just "userid"
With regard to logging into UWC without the @domain.com part of a username in a hosted domain.. the easiest way to avoid this.. is to point a host name under the hosted domain to the server.
if you point webmail.xxxx.com to the server... and then access it via:
http://webmail.xxxx.com/uwc/
any users in the xxxx.com hosted domain will NOT need to use @xxxx.com when logging in... they can just use "userid"
This feature does not take any special configuration (aside from adding a DNS entry for the hosted domain)
Hopefully that helps. -
To create multiple files with same content but with different names
Hi SapAll.
here i have got a tricky situation on Idoc to File Scenario.
in my interface of an Idoc to file ,there is requirement to create multiple files with different file names but with same content based on one Idoc Segment.
which means there will be one Zsegment with two fields in the idoc,where one field with (content refers to the name which file name should start with .so lets say if this segment is repeated for 3 times then PI should create 3 files in the same directory with same content but with different file names (from the filed).
so here for now iam using one reciever file communication channel.
can any body give me the quick answer.
regards.
VarmaWhat do you mean by different names?
when i make proper setting in the Receiver Channel....on how to create the filename (what to append) like add Timestamp, counter, date, messageid.....even in this case you will ahve file with different names and that too from same File channel.
You can perform multi-mapping in XI/ PI and then your File channel will place the files in the target folder with relevant names. You cannot use Dynamic Configuration with Multi-Mapping!
If you intend to use different File channels, then do the configuration as required (normal)...even over here you can follow multi-mapping.
Do not use a BPM!
Regards,
Abhishek. -
2 users with same user id in OIM!
hi,
can you please help me with this production environment issue!
there are 2 users with same userid, same first name and last name in OIM but are only one is present in all of the target resources. i just dont know how to delete such user, as the two are in active state.
Any suggestions are welcome!!
Thanks!This can only happen if something went wrong with your trusted reconciliation settings. Mostly with the settings of recon rule. Please check whether in the rule definition, whether it is set to case sensitive. Even that, it shouldn't create 2 users with the same user id in OIM as user id is unique in OIM enforced in the database table.
-
How can OIM provision users with same Display Name in AD?
I can create users with same First Name, Middle Name and Last Name (same Display Name) in OIM if they have different UserId.
But I can not provision two users with same Display Name to one Organization Unit in AD, the resource provisioning shows
Status: Rejected
Response: AD user already exists
Can AD be configured to create users with same Display Name (different UserId) in one OU, or would I have to create logic in OIM to modify the display name so it gets accepted by AD?
Thanks!Thanks Nitesh. Also, I can create the user with same DN in different OU's, not in same OU.
I agree once we determine that same cn exists in one OU , I can modify the display name by appending a number at the end or something. I understand the logic but I need more details on how to specify this logic in the pre-pop adapter, can you please share more details.
Thanks a lot!
Maybe you are looking for
-
Credit check issue in third party order
Dear all, We are facing some issues related to credit management data for one of our customer. I need your valuable inputs for below mentioned queries- 1. As a genaral question- When we releases a SO through VKM* How the system calculated the " Relea
-
My login is showing server error when tryinng to login through my application
Server Error in '/' Application. Failed to generate a user instance of SQL Server due to a failure in copying database files. The connection will be closed. Description: An unhandled exception occurred during the execution of the current web request.
-
IPod touch 2G not detected in iTunes 10.1.2.
Hello, I have a Apple iPod touch 2nd Generation bought in 2009 running iOS 4.1. I'm currently running iTunes 10.1.2(x64) on Microsoft Windows 7 Ultimate(x64). Recently when I connected my iPod touch to my PC, it didn't got detected in iTunes but was
-
Basically when i try to reinstall it says its only for iOS 7 or later and that I cant install it. Ive tried everything at this point. someone help
-
Problem embedding video in Pages and exporting as epub
I'm using pages 09 ver 4.2 (1008). I' trying to embed video (.m4v and .mov) I can't find the checkbox 'Copy audio and movies into document'. The user guide says it's an advanced option on the 'save as' but my version of pages runnning on Lion 10.7.