Using Mapping Tables to restrict access

Similar Messages

• Login issues using linked tables in Microsoft Access

  Hello everyone!!!
  Anybody knows how to set the ODBC Login and password for a group of Oracle ODBC linked tables in MS Access by using DAO or VBA?. I need to use DAO instead of ADO for my application since I use ODBC and an Oracle Database.
  I know I can use the "save password" check box in the linked tables dialog, but I am developing and Access Application for my company and I'm using a generic username for the application itself by I need not to store the password in the connection string because is easy for an end user to obtain.
  I would like to have a form to set the password as long it is opened, and when the form closes, the password is cleared. (Actually, when the control panel form closes, I close Access itself).....
  Is there any way to set the password in the DBEngine.Workspaces object??
  I searched Microsoft Developer web site and there is severan articles about this topic, but none of them work in an Oracle Database.
  Is there any way to communicage with the Oracle Client from the Access application and set the password??
  Thanks, I know it's a very technical question, but is the only thing I need to solve to finish my application.!!!!

  Does anyone know if JDBC can access linked tables
  in a Microsoft Access?I doubt the bridge can. However the link is created using ODBC so you can access it directly.

• Cisco ISE - How to map User- Location - Restrict Access to other locations

  Hi,
  i've got a simple question and I hope someone here can help me out with this mess.
  The problem is about WLAN 802.1x Auth with Cisco WLC and a ISE.
  The design goal is the following:
  There are several branch facilities. A user belongs to only ONE facility. This user should not access the WLAN in other facilities.
  The technical design is this:
  Local WLC and/or central vWLC. In the datacenter is one ISE which must handle the auth-requests. The identity source of the users, where I add and manage them, should be the ISE itself for the first time, later I want to AD and LDAP sources.
  Here is the problem:
  I don't understand how I can create a ruleset or something else where I can define that a user of facility A can only login over APs, WLCs,.....in facility A and NOT facility B. Or maybe my design is so bad that I have to start from scratch.
  PLEASE HELP.

  I don't know but may be this is the correct way to validate the user:
  NAS-ID in AP-Groups (One AP-Group per facility) must match "12345" AND Identity-Group must match "12345".
  Iam confused because there is no way to compare these values. 
  In this case to compare the value of "NAS-ID" and die users "IDENTITY-GROUP".
  If they match against each other than "Permit-Access".

• I am using workgroup manager to restrict access in the finder to students, i have selected basic finder this seems to work when you try and launch finder, but when you are in another application eg safari and select open you can see shared devices

  as well as shared devices you can see locations etc in the side bar. i know you can edit this in finder preferences or simply drag them off and they will be removed but i want to remove them as a student logs on. i know you can edit the finder plist file in workgroup manager but i do not know what keys i need to add to remove these options and the keys are not there as default can anyone please help any ideas on how to achieve this would be great

  Please post in the Photoshop forum.
  http://forums.adobe.com/community/photoshop
  Bob

• Problem with Restrict Access to Page with access level using ASP

  I'm using Dreamweaver CS3 with ASP-VBScript and an Access
  database. The pages were created from scratch for this project,
  using those tools all the way through.
  I've created a login page, an admin homepage, and add, edit,
  and list records pages for three tables. The login page uses the
  Server Behavior "Log in User", all other pages use the Server
  Behavior "Restrict Access to Page". All of these are based on an
  Access Level.
  Login seems to work correctly, and redirects to the admin
  homepage. From the admin homepage, I can open any other page as
  expected, and they initially display correctly. On the add and edit
  pages, however,
  submitting the form often results in getting logged out, but
  not always.
  Once this happens, I can log back in, but other problems will
  sometimes occur during that second login session. Sometimes,
  logouts will occur on pages that worked fine during the first login
  session. Sometimes, another session variable that I've setup
  manually will change when it shouldn't...as if there were two
  values stored for my session variable, and reloading the page
  changes to the other value.
  This
  post seems closest to my experience, but it doesn't look like
  there was really an answer beyond "I had to fight with it for a bit
  to get it to work":
  I suspected that there is some problem with session settings
  on the server. We have an almost identical tool on the same server
  that was developed with an older version of DW that works more
  reliably; it sometimes has problems with the initial login, but
  never has a problem after that.
  Has anyone experienced problems like this? Any suggestions
  for what to check? I'm really pulling my hair out since it's so
  unreliable...the kind of problem that goes away when you try to
  show someone and comes back when they leave.

  Hello,
  I was thinking that all I would need would be the username, although username and paswsword would be more secure.  There are about 50 users and no groups or levels.  They are all equal ... same level.
  The website is private and there is a general content area for all users and then there will be private areas for each user where proprietary documents will be held.  I need to be able to ensure that user 'A' can only see the user 'A' pages, user 'B' can only see user 'B', etc.
  I don't really understand what the Dreamweaver script is doing, but the overview sounded like it was the right tool to accomplish what I'm trying to do.
  Any assistance greatly appreciated.
  thanks.

• Restrict Access to Page Using a password.php Instead of Server Behavior

  I previously used "log in" and "restrict access to page" server behaviors for my client portal when I only had one client. I had my username and password stored in mySQL database. I recently have gained more clients that all needed to be redirected to their own customized landing page when logged in. Because of this, I used a password.php to store the usernames and passwords and to redirect to different pages. Now, I am wondering how I can restrict access to these pages (i.e. someone won't be able to access the pages by typing the url) since I will not be connecting to a database anymore.

  I'm also confused by your statements.
  >Now, I am wondering how I can restrict access to these pages
  >(i.e.  someone won't be able to access the pages by typing the url)
  >since I  will not be connecting to a database anymore.
  It doesn't matter where you store the credentials - database or php file - the techniques for restricting access will be similar. I really don't understand why you moved away from the database when you got more clients. The more data you need to manage, the more reason to store it in a database.
  After logging in, most sites direct users to the same page, yet pull user specific data from the database. If for some reason you can't do this and need to built individual pages for each client, then store the 'landing' page for the client in the php file or database. Restrict access to each page by comparing the logged in name with an allowed login name. Or a more dynamic approach would be to dynamically pass the page name to a database query that validates that it's ok for the logged in user to access.
  Also, these questions are more appropriate for the app dev forum.

• RemoteApp 2012 R2 Restrict Access to Session Host Desktop

  Here is our current situation: I have set up Remote Desktop Services on Server 2012 R2 and published RemoteApp programs. Everything works great with load balancing, collections, etc... and I have been very impressed. However, as it always has been an issue,
  I have always had the question of how to allow users to access RemoteApp applications on the session host without allowing them to RDP directly onto the server to access the server desktop. Obviously, you have to add them to remote desktop users group and
  they need to be allowed to access over RDP so I figure that the next best thing is to restrict access to the desktop should they manually type the name into an RDP client connection. I know you couldn't restrict them from using mstsc.exe because they need
  that to open the RemoteApp since it just uses RDP and I am aware of using GPO's to restrict access to drives and many other things but I would like to remove the desktop altogether. Would it be plausible to remove the GUI feature and restrict access to CMD
  and SCONFIG through Server Manager and still allow the session host to present RemoteApp applications or is there a better way to approach this? I figured if I just remove the GUI and access to cmd and sconfig then if they logged on, they would get a blank
  screen. Thank you in advance for your time!

  Hi,
  One technique for this is to set the Custom User Interface group policy setting to logoff.exe.  You would have the GPO apply to normal users, but not applied to Domain Admins (or other users that you need to have full desktop).
  User Configuration\Administrative Templates\System
  Custom User Interface     Enabled
  Interface file name: %systemroot%\system32\logoff.exe
  You should also use NTFS permissions, group policy settings, AppLocker, etc., to further restrict what users are able to do.
  -TP

• How can i access value mapping table using xslt mapping

  Hi All,
  I have maintained value mapping table in integration directory.I want to access the data from the value mapping table in XSLT mapping using java function.PLease suggest me to do this.
  Thanks
  Pullarao.

  Value mapping that thread should solve your query !!!

• Restrict access to rows in tables using S_TABU_LIN

  Hello
  Is it possible to use this authorization object to restrict access to rows in data tables, based on role?
  Namely, a query is created for table holding financial documents data, and I would like users in charge of one company code, to only be able to see rows relating to that company code when they execute the query.
  I have defined and activated an organization criteria, and included it in the role authorization data restricted to only one company code value, but the user is still able to see all rows in the table.
  The system trace doesn't show a check for the S_TABU_LIN Object while the user is executing the query.
  Can anyone tell me what I'm missing?
  Thanks in advance
  A.

  If you activate S_TABU_LIN, whenever that org criterion is hit with table data being retrieved then the check will be performed.  If it is a standard SAP table field then that could potentially become problematic depending how you set it up.
  By extending the security in the infoset query you are turning the query from a quick and dirty tool to extract data into something that you can control as you would a bespoke report.  Once your dev team have worked out what they need to do, you can apply the standard auth concept to queries with relative ease and without impacting other parts of your security.
  Another thing to mention is that if your developers use logical databases to retrieve query data then there is usually auth checks incorporated in there (which don't show up in SU53 or ST01).

• Accessing ID Value Mapping table in XSLT

  Hi Experts,
  In the XSLT mapping,I would like to access my value mapping table which i defined in ID .The purpose of ID value mapping here is, the table entries will be changing in future and i don want to use fix values, XML table  which is defined in runtime.
  I have gone through the blog
  /people/sreekanth.babu2/blog/2005/01/05/design-time-value-mappings-in-xslt
  which explians design value mapping table in XSLT.
  Is there any way to access Configuration Value Mapping table in XSLT? If yes, can you explain how should i achieve it ?

  Hi,
  you can use the xivmService to call ID val map tables.
  Use tha java function executeMapping, Its a standard SAP api.
  Declare the Service in XSLT at start
  <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:vm="com.sap.aii.mapping.value.api.XIVMService" version="1.0"> 
  Call the val mapping table using below template wherever required.
  <xsl:template name="ValueMapping">
  <xsl:param name="SenderParam"/>
  <xsl:value-of select="vm:executeMapping( 'SenderType', 'SenderTypeSchema', $SenderParam, 'receiverType', ReceiverTypeSchema')"/>
  </xsl:template>
  Call template like :
  <xsl:call-template name="ValueMapping">
  <xsl:with-param name="SenderParam">
  try it and let me know if you have any doubt.
  regards
  Inder
  Edited by: Kulwinder Grewal on Aug 12, 2009 11:36 PM

• Access to KeyPolicy mapping table

  Hi all,
  i've the following scenario:
  - Sender system: B1.2007 - Sender Object: customized Purchase Order
  - Receiver system: B1.2007 - Receiver Objcet: standard Sales Order
  For the insert operation of a new PO, it's all right.
  About the operation of update i've read that with KeyPolicy, B1i can mantain a key mapping table of the key value of the sender object and the key value of the object created.
  I've seen that in the message monitor, effectively, when a SO is inserted, the system  stores the primary keys (DocEntry) of object sent (PO) and received (SO).
  i would use these values in a QueryParams tag for update phase. How can i access these values?
  Thanks

  Hi Shaun,
  >>>Also does anyone know the directory where SAP ultimately stores the .jar files that get produced as a result of the graphical mappings
  sure we know:
  SID\DVEBMGS10\j2ee\cluster\server0\temp\classpath_resolver
  you'll find all the mapping jars you need inside this folder:)
  >>>Is there an easy way to view the Java code that is the result of a graphical mapping?
  yes - just decompile those jars and you can see all the code - no other way to see it
  Regards,
  michal

• Port Access Mapping Table

  PORT_ACCESS
  TCP|*|*|192.168.1.121|* \
  $C$[IMTA_LIB:conn_throttle.so,throttle,$1,1]\
  $N421$ Too$ Many$ Connection$E
  Anyone has any idea what does these lines do? Especially, I would like to know whether $1 refers to the 1st "*" or the 2nd "*" ??

  I suggest having a look at the improved documentation for 6.1:
  http://docs.sun.com/source/817-6266/filter.html
  A particular IP address can be limited to how often it connects to the MTA by using the shared library, conn_throttle.so in the Port Access mapping table. Limiting connections by particular IP addresses may be useful for preventing excessive connections used in denial-of-service attacks.
  conn_throttle.so is a shared library used in a PORT_ACCESS mapping table to limit MTA connections made too frequently from particular IP addresses. All configuration options are specified as parameters to the connection throttle shared library as follows:
  $[msg_svr_base/lib/conn_throttle.so,throttle,IP-address,max-rate]
  IP-address is the dotted-decimal address of the remote system. max-rate is the connections per minute that shall be the enforced maximum rate for this IP-address.
  The routine name throttle_p may be used instead of throttle for a penalizing version of the routine. throttle_p will deny connections in the future if they�ve connected too many times in the past. If the maximum rate is 100, and 250 connections have been attempted in the past minute, not only will the remote site be blocked after the first 100 connections in that minute, but they�ll also be blocked during the second minute. In other words, after each minute, max-rate is deducted from the total number of connections attempted and the remote system is blocked as long as the total number of connections is greater than the maximum rate.
  If the IP-address specified has not exceeded the maximum connections per minute rate, the shared library callout will fail.
  If the rate has been exceeded, the callout will succeed, but will return nothing. This is done in a $C/$E combination as in the example:
  PORT_ACCESS
  TCP|*|25|*|* \
  $C$[msg_svr_base/lib/conn_throttle.so,throttle,$1,10] \
  $N421$ Connection$ not$ accepted$ at$ this$ time$E
  Where,
  $C continues the mapping process starting with the next table entry; uses the output string of this entry as the new input string for the mapping process.
  $[msg_svr_base/lib/conn_throttle.so,throttle,$1,10] is the library call with throttle as the library routine, $1 as the server IP Address, and 10 the connections per minute threshold.
  $N421$ Connection$ not$ accepted$ at$ this$ time rejects access and returns the 421 SMTP code (transient negative completion) along with the message �Connection not accepted at this time.�
  $E ends the mapping process now. It uses the output string from this entry as the final result of the mapping process.

• ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

  Hi All,
  I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
  The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
  There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
  The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
  I can only do an all or nothing scenario.
  It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
  Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
  Scenario 2 would be an ideal longer term solution.
  Any thoughts, ideas or assitance would be greatly appreciated.
  Cheers

  This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
  assert(function()
     if ( (type(aaa.ldap.distinguishedName) == "string") and
          (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
  then
         return true
     end
     return false
  end)()
  from the debug dap you can see what Users relates to;
  DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
  My admin account fails to get me in to the same profile:
  DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
  Thanks
  Andrew

• How to pass table in RFC and use that table to populate fields in Mapping?

  Hi,
  I have a requirement FIle to CSV, the file consists of thousand lines...
  What I did first is to put RFC look up per line. It is taking too long to process the message.
  One work around that I could think of is to pass all the values to a table then pass the table to RFC then RFC returns another table, so only one RFC call is required.
  How am I going to use the table returned by the RFC? Please advise how to achieve this scenario.

  Hi,
  I use an ABAP RFC function, which has a parameter that contains many rows.
  In ABAP, I create a two types. First is a ROW - contains some fields, for example, param1, param2, etc.
  Second is a TABLE - contains multiple count of ROW.
  Then I create a Remotecallable Function that has this TABLE-type as parameter (you can make this parameter as INPUT and OUTPUT). So in my mapping program after import RFC Function, I see a message looks like this:
  MY_TABLE_PARAM (Occurences: 1)
  item (Occureces: 0..unbounded)
  param1 (Occureces: 1)
  param2 (Occureces: 1)
  etc (Occureces: 1)
  Regards.

• How to create a table in MS Access from Labview using ActiveX?

  I want to transfer datas from Labview to Access using activeX method. My only problem is to find out how to create a new table (array) in Access from the Labview program.
  Remarks: I use Labview 6i and MS Access 2000.
  For the moment I can write and read datas of Access from Labview.
  If someone could help me... that would be grate!

  This is off the Microsoft MSDN site "creating an external table". I think you can drop the last step.:
  Open the database you want to create the table in. If it is the current database, use the CurrentDb function to return an object variable that represents the current database. If it isn�t the current database, use the OpenDatabase method to open the database you want.
  Use the CurrentDb function to create a Database object that points to the current database.
  Use the CreateTableDef method of the Database object to create a table definition for the Microsoft Access table.
  Use the CreateField method of the TableDef object to create one or more fields in the Microsoft Access table.
  Use the Append method of the Fields collection to add the new field or fields t
  o the Microsoft Access table.
  Use the Append method of the TableDefs collection to create the Microsoft Access table.
  Use the TransferDatabase method to create the external table in the specified folder.
  Use the Delete method of the TableDefs collection to delete the Microsoft Access table definition.