VLAN assignement per user group with WDS

Similar Messages

• How does schedule with RESTful API a Webi report for a group of users ("Schedule For" to "Schedule for specified users and user groups" with one or more users/groups)?

  SAB BO 4.1 SP1
  Does it have an RESTful API to schedule a Webi report with the parameter to specify a group of users ("Schedule For" to "Schedule for specified users and user groups" with one or more users/groups)?

  Hello Ricardo,
  have you try a call like this one ?
      <schedule>
        <name>"test"</name>"
        <format type=\"webi\"/>
        <destination>
          <inbox>
           <to>userId1,userId2,userId3,groupId1,groupId12</to>
          </inbox>
        </destination>
      </schedule>
  Regards
  Stephane

• ABAP Query : user is not assigned to user group

  Hello All,
  i have created user group using sq03 and assigned user name for change authorization in 'assign users and infosets'.
  But when user tries to run query using sq01 system is giving message 'User XXX is not assigned to any user group'.
  I tried every thing but facing same problem.
  Could anyone please help me out .
  Thanks

  I actually assigned the user group to a role in SQ10.  The user is assigned to the role.  I also created a new post under Security which has more detail:
  http://scn.sap.com/thread/3198604

• Not assigned to user group /SAPQUERY/H2

  Dear Gurus,
  I have assigne Tcode S_PH0_48000510 to a user but when she executes this TCode, she is getting an error that "Username is not assigned to user group /SAPQUERY/H2. How can I resolve this?
  Chansa

  Hi,
  Assign the user name to the relevant user group via SQ03.
  regards,
  Dilek

• No infoset has been assigned to user group

  Hi Experts
  I am having problem like this
  No infoset has been assigned to user group/sapquery/h2 .
  why its giving error like this . how do i slove this problem .
  thanks
  Sandya

  Hi,
  U might not have assigned the infoset query created to the user group...
  Check in T-Codes SQ01, SQ02 and SQ03 , whether everything is properly assigned and linked to each other.
  Regards
  Priya

• Selective LOV per User/Group

  Hi Guys,
  Just would like to ask if there's a way on how to limit or only show a selected number of LOVs per User?  For example,
  I have a parameter for Country and I have 2 Users... User1 should only see let's say China, Japan and Korea, while User2
  should be able to see all countries..
  Kind  Regards and Many Thanks,
  Mark

  I am facing the Same Issue. I implemented Dynamic LOV and published the CR into BOE. But when user runs the report he/she see all the avilable LOVs.  But we need only Selective LOV per User/Group.
  Please suggest me where can I use the Current CE User function becuase we are already using security table in Crystal Reports.
  Thanks
  Reddy

• ISE 1.2 & AD & Meraki - Per User Group Policy ?

  I am working on a PoC for a deployment in an MDU. We are using Meraki switches and access points. There are 250 units in the building, each unit will have it's own subnet. The goal is to have the tenant be able to connect to a common building SSID and be placed into their assigned VLAN. There will also be physical ports in each unit that will need to do the same. I am trying to figure out a way to use ISE to authorize on a per user basis and not based on groups of users. On the Meraki system there are group policies that will assign the VLAN for the user as well as any type of layer 7 firewalling and bandwidth control. So there will be 250 group policies, one for each unit. There is a deployment guide that shows how to setup ISE for use with Meraki and it is great but it assumes that there will be large groups like Employees, Contractors, etc.. that will be used. This is where I'm being tripped up, also... this is my first swing at a NAC deployment so I have a lot to learn.
  1.Can I setup each user in Active Directory to have a tag that ISE can then forward on to Meraki for the group policy? Say it's unit 101 and I have a group policy called 101 in Meraki, Meraki documentation says to use the Airespace-ACL-Name attribute in ISE to indicate the group policy to use. This gives me the ability to place a group into that policy but not an individual. Or would this be better done by creating the users in ISE directly? Omit AD entirely?
  2. Each unit will have devices that will need MAB because they are not 802.1x compatible. I need to do the same as above with them. I would create a separate SSID for these devices but then use the MAC address to authenticate them but will need to authorize them to go into a specific group policy.
  I know this isn't a typical ISE application but I think that this will work really well in the end, just need to iron out these details and get a test system functioning. Any help would be greatly appreciated!!!
  Thanks,
  Nathan

  Please find the Meraki_ISE integration doc. in attachment.
  When VLAN tagging is configured per user, multiple users can be associated to the same SSID, but their traffic is tagged with different VLAN IDs. This configuration is achieved by authenticating wireless devices or users against a customer-premise RADIUS server, which can return RADIUS attributes that convey the VLAN ID that should be assigned to a particular user’s traffic.
  In order to perform per-user VLAN tagging, a RADIUS server must be used with one of the following settings:
  MAC-based access control (no encryption)
  WPA2-Enterprise with 802.1x authentication
  A per-user VLAN tag can be applied in 3 different ways:
  The RADIUS server returns a Tunnel-Private-Group-ID attribute in the Access-Accept message, which specifies the VLAN ID that should be applied to the wireless user. This VLAN ID could override whatever may be configured in the MCC (which could be no VLAN tagging, or a per-SSID VLAN tag). To have this VLAN ID take effect, “RADIUS override” must be set to “RADIUS response can override VLAN tag” under the Configure tab on the Access Control page in the “VLAN setup” section.
  The RADIUS server returns a group policy attribute (e.g., Filter-ID) in the Access-Accept message. The group policy attribute specifies a group policy that should be applied to the wireless user, overriding the policy configured on the SSID itself. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user.
  On the Client Details page, a client can be manually assigned a group policy. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user. 

• ACS- Dynamic VLANS for different ACS groups with AD

  Hi all,
  How do I tied diff Active Directory domain groups to diff ACS defined groups? Each domain group will be tied to an ACS defined group with a diff vlan. I read about the option in help but don't see the option to actually do it.
  using ACS 3.3.
  JT

  You could refer to the document 'User Group Mapping and Specification' at http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/qg.htm#.

• Assigning Protal Roles/ Groups with a vaildity date?

  Hi Experts,
  I am trying to find a way by which I can assign the roles / groups to a user in Portal system with a validity date.
  Please comment.
  Thanks, Vishwas

  Directly in the way you are expecting it will not work.
  However there is a report you can schedule called prgn_compress_times which removes duplicate and obsolete assignments of roles. This will then also remove the UME group assignment if the portal used ABAP as UME.
  However you cannot use it if the CUA is active!
  Cheers,
  Julius

• Assign a user/group to support group SCSM RTM

  Hi
  I want SCSM update the incident's "assigned to" based on "support group". If the support group is Tier 1 I want "assigned to" to be a user group. I have solved this by adding in Workflow "Incident Event Workflow Configuraion" Event on Update Criteria
  Change from not "Tier 1" Change to Equals "Tier 1" Apply the following template where the template updates "assigned to" with a usergroup. It works but I have to wait for the workflow to run. Is there a better way to solve this ?
  Please advice
  Jon

  I'm using SCSM 2012 SP1 but not find s similar function like this. Only a “Global Operators Group” can be used, which is far from enough.
  Yog Li
  TechNet Community Support

• Restrice subroles as per Users/Groups

  Hello Experts,
  We have one role (say for e.g. Main Role) in portal which has 4 subroles under it. The 4 subroles are assigned as Delta link to the 'Main Role'.
  Now when I assign this 'Main Role' to user, the user has assess to all the 4 subroles. This is a problem.
  The requirement is to assign the Main Role to a user and that user only needs to see 2 subroles out of the 4.
  Is there any way through which we can restrict access to the sub roles as per the Users/Group?
  Thansks in Advavance,
  Sanjay Sarode

  Hi Sanjay,
  Did you try the same using Merge ID concept, that way you can restrict according to your need.
  To be more clear
  Role 1   Role2    Role3
  wks 1    wks2     wks3
  in WKS you have Mege ID Property give a test name and in other workset give the same name in that property.
  now you can assign each role individually or assign 2 or more than 2 at a time.
  when you assign more than 2
  Role1
  WKS1  WKS2
  Hope this helps.
  Cheers-
  Pramod

• Maximum roles assignment per user

  Hi,
  I am in a security project and after role designing is done there are lot of roles designed by our functional consultants. And there are 33 company codes present in the company. And few end users are responsible for 20 company codes, So when I saw per user more then 450 deriroles created. Now my question is can I assign 450 roles to a user?
  As far as I know 312 roles can be assigned to user max. But is there any profile parameter available in SAP so that I can assign more then default maximum roles.
  Thanks,
  Sudip

  An auditor once had the task to audit a system of "mine" and ended up going for speculation about improvement possibilities in his presentation to the CIO (who was originally an ABAP developer when he started in the company!)
  <blabla>The overall security of the roles could be improved by using composite roles to reduce the number of roles (okay... you can use "personalization" attached to composites...) and therefore profiles assigned to the users. This will (apparently) make maintenance easier (I think he wanted to derive the composites?) and produce less SoD conflicts requiring mitigating controls, thereby avoiding long debates with the auditors each time.</blabla>
  I let him walk into that one on his own steam... the resultant discussion was like a Montypython scene, or possibly even Blackadder...
  Cheers,
  Julius
  ps: Regarding [my hat|http://www.google.ch/imgres?imgurl=http://www.chocolates-ala-carte.com/look/news/candy_mag_feb07/c_i_hat.jpg&imgrefurl=http://www.chocolates-ala-carte.com/look/news/candy_mag_feb07/index.html&usg=__m6YWntia9g543IgeOxZBu_JYSSw=&h=361&w=458&sz=137&hl=de&start=0&zoom=1&tbnid=GQ3eRe-oXx12_M:&tbnh=135&tbnw=172&ei=WkltTc_-Aoa6vwOflpm5BA&prev=/images%3Fq%3Dchocolate%2BAND%2Bhat%26um%3D1%26hl%3Dde%26rlz%3D1R2ADSA_deCH392%26biw%3D1259%26bih%3D544%26tbs%3Disch:1&um=1&itbs=1&iact=hc&vpx=126&vpy=74&dur=9750&hovh=199&hovw=253&tx=143&ty=108&oei=WkltTc_-Aoa6vwOflpm5BA&page=1&ndsp=21&ved=1t:429,r:0,s:0]: easter is around the corner.
  pps:
  If someone can convince me that it's a good idea to increase the max number then I will eat Julius' hat
  Actually I can smell blood in the water here via object K_REPO_CCA... 
  Edited by: Julius Bussche on Mar 1, 2011 8:40 PM

• How to only synchronize one specific LDAP user group with SAP?

  Hi,
  Hopefully this is the correct forum to post this in. I want to have continuous one-way synchronization of users from my LDAP server to my SAP central system. I've started configure in SAP using transaction SM59 and LDAP. Can I somewhere set that only one specific LDAP user group shall be transferred to SAP (they do not need to be assigned to any specific group, profile, role in SAP) - or should this be done on the LDAP server side (or is it at all possible)?
  Correct me if I'm wrong, but the User Group field in the report RSLDAPSYNC_USER only concerns SAP user groups right? This would therefore not be sufficient since I want to select the users to synchronize based on user groups in the directory.
  Thanks, Oscar

  We've used a repository constant to specify the LDAP filter for reading users / groups from the LDAP target.
  E.g. LDAP_FILTER_USERS (&(objectCategory=person)(objectClass=user))
  Then we also have a constant for the LDAP_STARTING_POINT
  For our AD Group Initial Load we filter according to these settings:
  LDAP_FILTER_GROUPS = (objectclass=group)
  LDAP_STARTING_POINT_GROUPS = ou=IDMManagedGroups,ou=Groups,dc=cfstest,dc=le,dc=ac,dc=uk
  The above example only reads AD groups starting at the specified OU
  Then in a Job From LDAP Pass the LDAP URL looks like this:
  LDAP://%$rep.LDAP_HOST%:%$rep.LDAP_PORT%/%$rep.LDAP_STARTING_POINT_GROUPS%?*?SUB?%$rep.LDAP_FILTER_GROUPS%
  I hope this helps
  Paul

• Login on user group with redirect ORA-01403: no data found

  Hi,
  i have 3 home page, one for each user group
  I would like to address the home page based on the value the group's
  i tried to do this with a process on login page
  :FSP_AFTER_LOGIN_URL := null;
  declare l_page varchar2(30);
  begin
  SELECT gr.GRP_ID
  into :P101_GRP_ID
  FROM DB1USG ug, DB0USR us
  WHERE
  AND us.USR_ID=:P101_USERNAME
  AND us.USR_ID=ug.USG_USR_ID;
  if :P101_GRP_ID = 'CPY' then l_page := '5007';
  elsif :P101_GRP_ID = 'TRF' then l_page := '5005';
  elsif :P101_GRP_ID = 'VND' then l_page := '7051';
  else l_page := '1'; -- default home page
  end if;
  wwv_flow_custom_auth_std.login(
  P_UNAME => :P101_USERNAME,
  P_PASSWORD => :P101_PASSWORD,
  P_SESSION_ID => v('APP_SESSION'),
  P_FLOW_PAGE => :APP_ID||':'||l_page
  end;
  after password input i received ORA-01403: no data found error
  Any help?
  Thanks in advance
  km

  Hi Scott,
  first access
  user USR1--> page afer login --> 7051 ->OK
  logout
  user USR2-->page right 5007
  page afer login --> 7051 --> no 5007
  Scott,
  in process on login page i added the line
  :P0_FIRST_PAGE_ID := l_page;
  and
  i modified logout URL on my Authentication Scheme
  wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=&APP_ID.:&P0_FIRST_PAGE_ID.
  Many thanks
  km

• Server 2008 R2 RDP: limit max number of rdp connections per user group?

  Hello everyone,
  I have a Windows Server 2008 R2 with RDP installed.
  I want to create a couple of user groups which will have 5 different users in each. Then I would like to limit RDP connections, let's say 2 connections for the first group and 3 connections for the second group. For example, if 2 users from Group 1 are connected
  then when a 3rd user from Group 1 tries to connect it will be rejected to connect, but 3 users from Group 2 still can connect. Is it doable?
  Thanks in advance.

  Hi,
  I would like to check if you need further assistance.
  If you need help to create script, please post your questions in our related forums.
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home
  Thanks.
  Jeremy Wu
  TechNet Community Support