Using Roles with Access Control Pages

Similar Messages

• Create Roles with acess control in SAP MDM

  Hi Experts,
  I am new to SAP MDM.I want to know how to create roles with access control for various users in SAP MDM.
  Thanks,
  Manoj

  hi,
  in the console; you can create roles with access control and you can assign these roles to users.
  follow this path:
  Console --> repository --> Admin node --> roles,
  here you can create new role. for role here you can maintain
  1. role detail
  2. Functions --here you can restrict the particular role ,  none / Execute the functions.
  3. Tables/fields  -- here you can give access to the role Read only / Read and write, and you can apply constraints also.
  and follow the links:
  http://help.sap.com/saphelp_mdm550/helpdata/en/8e/9f9c427055c66ae10000000a155106/frameset.htm
  http://help.sap.com/saphelp_mdm550/helpdata/en/8e/9f9c427055c66ae10000000a155106/frameset.htm
  http://help.sap.com/saphelp_mdm550/helpdata/en/8e/9f9c427055c66ae10000000a155106/frameset.htm
  http://help.sap.com/saphelp_mdm550/helpdata/en/8e/9f9c427055c66ae10000000a155106/frameset.htm
  http://help.sap.com/saphelp_mdm550/helpdata/en/8e/9f9c427055c66ae10000000a155106/frameset.htm
  hope this may help you,
  Regards,
  Srinivas

• Importing a pkg with rely on server storage and roles for access control

  Hi we run std 2008 r2.  I'm reading documentation on prot levels during pkg import to catalog at
  https://msdn.microsoft.com/en-us/library/ms141747(v=sql.105).aspx but unfortunately the definition of prot level "rely on server storage and roles for access control"
  isn't clear.  They used the prot level name to define it which didn't help me.
  This option looks appealing but it isn't clear why I need to enter a pswd when choosing this option.  Will my peers need to know that pswd when they export?  Will the sql agent job need to present that pswd when running?  If I just keep current
  prot level "encrypt with user" will the agent job be able to run it?  I'm sure it (agent) isn't running with my creds now.  Also, how can I tell what prot level it was deployed with last?  I rt clicked on the pkg in the catalog
  and don't see anything obvious about that.  I already understand that on export prot level is changed to encrypt with user. 
  I'm going to look at the sql agen job right now to see what creds it runs with.

  First thing to understand is that protection level is used for determining how package (dtsx) file have to be protected. Once package is deployed in server and executed from agent, the conventional way is to use method of configurations or parameters if
  2012 to get required connection etc values and execute using it. It never uses the values that were set during the design time. So it doesnt matter what protection level was so far as its based on config
  However if you're planning to export existing package to your system and do modification thats where protection level comes to play. If its set to any of ENcryptSensitive... type value then you'll to provide the value (either a passowrd or your userkey which
  it takes automatically from login info) to see the sensitive info (connection info,passwords etc) The package will still open and so far as you manually type in missing values you will be able to execute the package. If protection level is set to one of ENcrptAll
  then you will have no way to open package itself unless you provide password/ have correct userkey.
  The rely on server storage option uses sql server security context itself ie it doesnt do any encryption within package by itself but will assume values based on sqlserver security. This is used when you store package itself in SQLServer itself (MSDB)
  Please Mark This As Answer if it solved your issue
  Please Vote This As Helpful if it helps to solve your issue
  Visakh
  My Wiki User Page
  My MSDN Page
  My Personal Blog
  My Facebook Page

• To run OHS at port 80 using solaris role based access control

  Hi.
  I already know & have done setuid root to ohs/bin/.apachectl to allow ohs to listen to port 80. Now on a new OFM 11.1.1.4 install, I want to use Solaris Role Based Access Control (RBAC) instead. Is it possible? RBAC does work as I can run a home built apache2 httpd at port 80 withOUT suid root.
  On Solaris 10, I enabled oracle uid to run process below port 1024 using RBAC
  /etc/user_attr:
  oracle::::type=normal;defaultpriv=basic,net_privaddr
  Change OHS httpd.conf Listen from port 8888 to port 80.
  However, opmnctl startproc process-type=OHS
  failed as below with nothing showing in the diag logs:
  opmnctl startproc: starting opmn managed processes...
  ================================================================================
  opmn id=truffle:6701
  0 of 1 processes started.
  ias-instance id=asinst_1
  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  ias-component/process-type/process-set:
  ohs1/OHS/OHS/
  Error
  --> Process (index=1,uid=187636255,pid=25563)
  failed to start a managed process after the maximum retry limit
  Thx,
  Ken

  Just to add my two cents here.
  The commando used on Solaris to assign the right privilege to bind TCP ports < 1024 is:
  # usermod -K defaultpriv=basic,*net_privaddr* <your_user_name>
  Restart the opmnctl daemond.
  After that OHS/Apache user can bind to lower TCP ports.
  Regards.
  Edited by: Tuelho on Oct 9, 2012 6:05 AM

• ADF UIX Role Based Access Control Implementation

  Hi,
  Can anybody suggest a detailed example or tutorials of how to implement a role based access control for my ADF UIX application.
  The application users can be dymanically added to specific roles (admin, Secretary, Guest). Based on the roles, they should be allowed to access only certain links or ADF entity/view operations. Can this be implemented in a centralized way.
  Can this be done using JAZN or JAAS. If so, Please provide me references to simple tutorial on how to do this.
  Thanks a lot.
  Sathya

  Brenden,
  I think you are following a valid approach. The default security in J2EE and JAAS (JAZN) is to configure roles and users in either static files (jazn-data.xml) or the Oracle Internet Directory and then use either jazn admin APIs or the OID APIs to programmatically access users, groups and Permissions (your role_functions are Permissions in a JAAS context).
  If you modelled your security infrastructure in OID than the database, an administrator would be able to use the Delegated Administration Service (DAS), as web based console in Oracle Application Server. To configure security this way, you would have two options:
  1. Use J2EE declarative security and configure all you .do access points in web.xml and constrain it by a role name (which is a user group name in OID). The benefit of this approach is that you can get Struts actions working dirctly with it because Struts actions have a roles attribute.
  The disadvantage is that you can't dynamically create new roles because they have to be mapped in web.xml
  2. Use JAAS and check Permissions on individual URLs. This allows you to perform finer grained and flexible access control, but also requires changes to Struts. Unlike the approach of subclassing the DataActionForward class, I would subclass the Struts RequestProcessor and change the processRoles method to evaluate JAAS permissions.
  The disadvantage of this approach is that it requires coding that should be done carefully not to lock you in to your own implementation of Struts so that you couldn't easily upgrade to newer versions.
  1 - 2 have the benefit of that the policies can be used by all applications in an enterprise that use Oracle Application Server and e.g. SSO.
  Your approach - as said - is valid and I think many customers will look for the database first when looking at implementing security (so would I).
  Two links that you might be interested in to read are:
  http://sourceforge.net/projects/jguard/ --> an open source JAAS based security framework that stores the user, roles and permissions in database tables similar to your approach
  http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf --> a whitepaper I've written about J2EE security for Web applications written with Struts and JavaServer pages. You may not be able to use all of it, but its a good source of information.
  Frank

• Any best practice to apply role based access control?

  Hi,
  I am starting to apply the access permissions for new users as being set by admin. I am choosing Role Based Access Control for this task.
  Can you please share the best practices or any built-in feature in JSF to achieve my goal?
  Regards,
  Faysi

  Hi,
  The macro pattern is my work. I've received a lot of help from forums as this one and from the Java developers community in general and I am very happy to help others and share my work.
  Regarding the architect responsibility of defining the pages according to the roles that have access to them : there is the enterprise.software infrastructure.facade
  java package.
  Here I implemented the Facade GoF software design pattern in the GroupsAndRolesAccessFacade java class. Thus, this is the only class the developer uses in order to define groups and roles of users and to define their access as per page.
  This is according to Java EE 6 tutorial, section VII Security, page 471.
  A group, role or user is created with an Identity Management application or by a custom application.
  Pages of the application and their sections are defined or modified together with the group, role or user who has access to them.
  For this u can use the createActiveGroup and createActiveRole methods of the GroupsAndRolesAccessFacade class.
  I've been in situations where end users very strict about the functionality of the application.
  If you try to abstract web development, u can think of writing to database, reading from database and modifying the database as actions.
  Each of these actions should have suggester, approver and implementor.
  Thus u can't call the createActiveGroup method for example, without calling first the requestActiveGroupCreationHelper and then the approveOrDeclineActiveGroupCreationHelper method.
  After the pages a group has access to have been defined with the createActiveGroup method, a developer can find out the pages and their sections a group has access to by calling the getMinimumInformationAboutGroup method.
  Further more, if the application is very strict, that is if every action which envolves writing to the database must be recorded, this concept of suggester, approver and implementor is available throught the recordActiveGroupAction method.
  For example, there is a web shop, its managers can change the prices of the products, but the boss will want to know who had the dared to lower prices.
  This action of lowering prices, is an action of modifying the information in the database and u can save in the database who suggested it, who approved it and who implemented it.
  Now that I write about the functionality of the macro pattern, I realise that some methods should have more proper names and I haven't had time to write documentation in the API, but this will be a complete when I add the web pages for the architect to use for defining access control and for the end users to view who and what is doing with their application.

• Role Based Access Control in Java

  Hi,
  we are designing a software solution that makes use of the Role Based Access Control pattern to control access of functions, EJBs, Servlets to certain users based on their "role".
  I have not been able to understand clearly how that pattern can be implemented in Java. In addition, I stumbled on the java.security.acl and I wondering how will the package work together with RBAC pattern (Or is the pattern already implemented in some package)?
  Does any1 have any comments on this? Thnx
  Dave

  Hi David,
  Permissions based on GUI components is a simple & neat idea. But is it rugged? Really secure? It might fall short of Grady Booch's idea of Responsibilities of objects. Also that your Roles and Access components are coupled well with Views!!!!!!!
  My suggestion regarding the Management Beans is only to do with the dynamic modification which our discussion was giong forward.
  If we go back to our fundamental objective of implementing a Role based access control,let me put some basic questions.
  We have taken the roles data from a static XML file during the start up of the container. The Roles or Access are wanted to be changed dynamically during the running of the container. You would scrutinize the changes of Roles and access before permission during the case of dynamic modification.
  Do you want this change to happen only for that particular session? Don't you want these changes to persist??? When the container is restarted, don't you want the changes to stay back?
  If the answer to the above is YES(yes I want to persist changes), how about doing a write operation(update role/access) of the XML file and continue your operation? After all, you can get the request to a web or session bean and keep going.
  If the answer to the above is NO(no, i don't want to persist), you can still get the change role request to a web or session bean and keep going.
  Either way, there is going to be an intense scrutiny of the operator before giving her permissions!!!
  One hurdle could be that how to get all neighbouring servers know about the changes in roles and access??? An MBean or App Server API could help you in this.
  May I request all who see this direction to pour in more comments/ideas ? I would like to hear from David, duffymo, komone and jschell.
  Rajesh

• In JSF, how to make a menu with access control?

  In JSF, how to make a menu with access control?
  The access control can be guided by programming, database or other means if possible?
  Thanks

  I want to make a dvd menu in iMovie because i don't have IDVD and can't find anywhere to download it?
  For making DVDs I would recommend iMovie 06 and iDVD 09 both readily available on Amazon or eBay.  Shop for iLife 06 and iLife 09.
  You can make menus and chapters with any version of iMovie except the latest one. There's nothing wrong with iMovie 11 either but I prefer iMovie 06.
  By using iMovie 06 and iDVD 09 I make DVDs with professional moving menus with very little effort. They look almost as good as Hollywood.

• Public parts not allowed to be used by the access control list

  hi,
  I have 2 DCs. DC1 and DC2.  I want to use public parts of DC2 in DC1. When I try to do so in in the dependencies tab, I get the following error.
  some public parts are not allowed to be used by the access control list.
  how to resolve this error ?
  Thanks !

  Hi,
  Sorry for the delayed response ....Both ends static routes are added for the connected test interfaces.....
  Regards,
  Mahesh 

• I turned off Internet access, using airport timed access control.  Now, I can't turn it back on.  The base station can't be found.  Please help.

  I turned off Internet access, using airport timed access control.  Now, I can't turn it back on.  The base station can't be found.  Please help.

  Can you take a look at this one and offer your opinion please?
  https://discussions.apple.com/message/21889032#21889032

• Unable to use the Assign Access Control feature in shared services

  Hi,
  When I try to right click on the essbase applicaiton in Shared Services to assign access control( to assign a new filter) I keep getting the following error
  " Internet cannot display the webpage" message with the following
  This problem can be caused by a variety of issues, including:
  Internet connectivity has been lost.
  The website is temporarily unavailable.
  The Domain Name Server (DNS) is not reachable.
  The Domain Name Server (DNS) does not have a listing for the website's domain.
  There might be a typing error in the address.
  If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section
  All the services are running file and I can create new users/ groups and also perform appication migration.
  I'm using Hyperion 11.1.3.24 on windows 2003 r2.
  Any help is appreciated. Thanks.
  Regards

  vs wrote:
  John,
  I tried the refresh button and nothing appears. I have created a group and gave it filter access. Now I'm trying to attach that filter to the group.
  Appreciate your help.Can we replace backup .sec file for shared services?
  For example: In planning if the .sec file corrupted then we replaced with old .sec file...rite...the same way can we do it in shared services?
  I know if we replace the old sec in planning...it will take old securities only...
  Edited by: Prabhas on Feb 12, 2013 9:27 PM

• Create user menus in hierarical tree with access control

  Hi All,
  I am facing problem in populating user menus in hirarical against user access control.
  I have table of menus in which i populate data as:
  Menu
  - Sub Menu 1
  -- Form 1
  -- Form 2
  -- Form 3
  - Sub Menu 2
  -- Form 4
  -- Form 5
  -- Form 6
  Now I have created hierarical query as:
  SELECT -1, LEVEL, menu_name, NULL, id
  FROM menu_opt
  START WITH parent_id IS NULL
  CONNECT BY PRIOR menu_id = parent_id
  and menu_id in
  (3, 4);
  Note: where menu_id 3 = Form 1, Menu_id 4 = Form 2.
  If I allow only menu ID 3 and 4 (not parents menus) then Hierarchy should be completed from top to bottom. What change i have to made to achieve my target?
  Thankx
  Qasim Javaid

  Hi,
  Sorry, it's very unclear what you want to do.
  Whenever you have a problem, please post CREATE TABLE and INSERT statements for a little sample data, and the results you want from that sample data.
  Say which version of Oracle you're using, e.g. 11.2.0.2.0. This is always important, but especially so with CONNECT BY queries, because every version since Oracle 7 has had significant improvements in this area.
  See the forum FAQ {message:id=9360002}
  If you can show the problem using commonly available tables (such as scott.emp or hr.employees, both of which contain trees) then you don't need to post any sample data; just the results you want and an explanation of how you get those results.
  For example, I think you're asking something like this:
  "I want to show the hierarchy in scott.emp, but I only want to show certain nodes and their descendants. For example, if I ask for 'MILLER' and 'SCOTT', I would want to see
  {code}
  ` EMPNO ENAME
  7876 ADAMS
  7788 SCOTT
  7934 MILLER
  {code}
  (order doesn't matter). ADAMS is included because ADAMS is a child of SCOTT."
  Here's one way to do that:
  SELECT DISTINCT
       empno, ename
  FROM     scott.emp
  START WITH     ename     IN ('MILLER', 'SCOTT')
  CONNECT BY     mgr     = PRIOR empno
  ;This query should work in any version of Oracle.

• How many of us are having problems with accessing web pages?

  For five days I have been having problems accessing web pages, constantly getting the message
  Safari can't connect to server etc. etc. It takes me ages just to get to one page without permanently returning to the previous one & trying again. I have tried to use these support pages & find it increasingly difficult to just open a page let alone post anything. If this works I'll be amazed!
  I have checked with my ISP - British Telecom. who say there have been a lot of "worms" & 'viruses" across the internet in the last week. Has Safari been contaminated or is it just the www that is the problem? Has anybody at Apple investigated this problem?
  I am getting increasingly frustrated by the whole thing as nobody seems to come up with a viable answer. Even if Safari is at fault it would be nice to know where we stand & that somebody is trying to do something about it!

  Thanks for that suggestion petitbjs. I think all is OK now. It started without warning, I hadn't changed anything, I just tend to use everything on the computer as it came, I'm a bit chicken to change anything incase I mess it up!!
  Starman et al,
  I had to phone BT this evening when I found my internet wireless phone wasn't connecting when I dialled out, it was the same yesterday evening but as I was trying to phone my son in Rio & was expecting him to move house at any time, I thought he might have had the phone disconnected, or it was just something wrong their end as I had the dialling tone OK & assumed the phone was fine. I have been using the landline, both of which go through the Home Hub, all through the last week without any problems.
  Eventually the BT man had me unplugging the Hub from the mains whilst holding down the Wireless Association button, after which it was OK, however during all this (apart from when it was unplugged, obviously) I still had uninterrrupted internet service as I had to log into the BT website to check the configuration or something, & the chap seemed to think the phone's hub problem would have had nothing to do with my internet problem over the past few days.
  Anyway, things seem to be fine now, I'll just hope it stays that way but at least I can try the unplugging trick if I have similar problems in the future.
  Once again, thank you all for your help & suggestions, it is a great comfort to me knowing that I have these boards to call on for assistance on virtually any problem I have with my Mac. Before he moved to Rio I could cry "Help" to my son too, hopefully once they move & get set up with an internet connection next week we will be able to video chat (the whole reason I bought the new Mac!).
  Many thanks to all,
  Carol.
  Wippitwalker

• Using CD with parental controls

  I teach college and I have twelve MacBooks in my classroom. I've enabled parental controls on student accounts, but apparently this disables their ability to run software from the CD that accompanies their textbook. How can I enable use of CDs with parental controls enabled?

  I can, but the software is specifically designed to be run from the CD because it's a hybrid CD (runs under Windows and Mac OS). I'd rather not bother with installing anything.

• Business Rules Framework (BRF) with Access Controll V10 (ERM and CUP)

  Hi Experts,
  where can I find some information about the usage of BRF with respect to Access Controll (especially ERM and CUP)?
  Thanks in advance and best regards,
  Marlen

  Hi Marlen,
  For ramp-up customers we have ramp-up knowledge transfer to be found here:
  http://service.sap.com/rkt
  If you are not participating in the AC 10.0 ramp-up you would need to wait until the product is general available.
  For general information on BRF have look here:
  http://help.sap.com/saphelp_nw70ehp2/helpdata/en/43/8b85c9db2f614fe10000000a1553f7/frameset.htm
  Best,
  Frank