.war deployment and restricted access to admin activities

Hi,
1.
Is there a way to configure the iAS7 to pick up the .war, .ear files from a directory and deploy those modules automatically? I am expecting a feature to be similar to that of the Tomcat. In Tomcat, if you copy your .war file in the web-apps directory, it automatically deploys the application.
2.
I am planning to restrict access rights to the developers through the web based admin application for iAS7.
For ex: I only would like to allow the developer (non admin user) to deploy the applications but nothing else (not even restarting the server). Current web based admin interface allows the users to do everything, if logged in with the admin user. I read the documentation that mentions about distributed administration but I did not find any further doc on it.
Any help on this is greatly appreciated.
TIA
Thirupati Panyala

1. No currently SUN ONE appln server does not have such a facililty.It is planned for the future release.
2. Distributed administration is not supported by S1AS

Similar Messages

How can you create a weblogic ID and restrict access within weblogic?

for e.g. I would like to create an account 'x' in weblogic and give this user access to only 'security realms' within weblogic and NO other functionality.
Is this possible?
Thanks.

In OBIEE 11g the weblogic roles follow the same type of logic as we all have come to enjoy from role based security.
There are some default roles in WLS such as Deployer, Administrator, etc. defined by default in web logic.
You can create a WebLogic user using the DefaultProider, Security Realm > Realm > User >New ...
and then add that user to a group or directly to a new Policy Role.
Take a look at the "Administrators" Group for an example of how it relates to the global "Admin" role under the Role & Policies tab.
Finally, I don't think that you can isolate just the Security Realm for a Web Logic user. Take a look at this document to see what aspects you can provide privileges on,
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13747/types.htm#i1241945
Cheers,
Christian
http://www.artofbi.com

Access denied errors in domain logs after configuring Ldap and restricting access to users

Hi Experts,
I'm getting access denied errors in my domain logs , this log is written continiously ..Has any one encountered the same issue and fixed this?
####<Sep 2, 2014 2:30:07 PM EDT> <Error> <Default> <ftizsldmwapp001.ftdc.cummins.com> <AdminServer> <[ACTIVE] ExecuteThread: '27' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <096a131bdb6c126e:6cecae89:14834848020:-8000-0000000000009bc8> <1409682607304> <J2EE JMX-46335> <MBean attribute access denied.
MBean: EMDomain:EMTargetType=j2ee_application,name=em,type=EMIntegration,Application=em
Getter for attribute HostName
Detail: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[]
TIA,
-Karthik

Hi Experts,
I'm getting access denied errors in my domain logs , this log is written continiously ..Has any one encountered the same issue and fixed this?
####<Sep 2, 2014 2:30:07 PM EDT> <Error> <Default> <ftizsldmwapp001.ftdc.cummins.com> <AdminServer> <[ACTIVE] ExecuteThread: '27' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <096a131bdb6c126e:6cecae89:14834848020:-8000-0000000000009bc8> <1409682607304> <J2EE JMX-46335> <MBean attribute access denied.
MBean: EMDomain:EMTargetType=j2ee_application,name=em,type=EMIntegration,Application=em
Getter for attribute HostName
Detail: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[]
TIA,
-Karthik

Workset validation and restricted access to other workset based on first

Hi All,
I have a requirement in which I need to allow other worksets in ESS to be accessed only if one workset "Personal Information" is completed.
in this workset, there is an iView "Certify Own Data". In this ivew there are couple of checkboxes which need to be ticked and saved. this checkboxes will automatically be checked when the user enters required data in other related ivews such as "Address", "Family Details", "communications" etc.
Please someone suggest me how to achive this functionality. Do i need to develop new application or i can achieve this functionality by just maintaining some kind of iview validation.
Earlier response would be much appreciated.
Thanks
Uday

HI
In your case,If your users are limited users then no worries....
They cannot open it with their license...
Only "Super user" can do that....
OR
You can restrict the other users by giving 'Authorisations'.
Goto Administration -> system initialisation ->Authorisation_>General Authorisation.
Now you select the users to whom you want to restrict the access and at right hand side you can see "Customization tools"
You can set as "No authorisation" for Customization tools for that particular user and update it...
So that he cannot do anything with the user defined windows
Edited by: kambadasan on May 25, 2011 2:21 PM

WAR Deployment and overriding web.xml

Hi there,
I've been racking my brains out trying to determine if it is possible to override specific declarations of my WAR file's web.xml without actually mutating it.
I have a web application contained in a WAR and want to simply copy it to the webapps folder of my container and then maintain another file that overrides the web.xml's servlet/init-param declarations. The web.xml that is part of the WAR is development specific and I want to declare production information without upsetting the WAR file.
Am I barking up the wrong tree i.e. going about this all-wrong - is there a "J2EE way" of overriding WAR file declarations?
Thanks for any help.
Cheers,
-C

You could use Apache Ant and create 2 separate WAR files , one for development and one for production.
Normally I don't create a WAR file for the development environment. WAR file is made only for production.
This is how my Ant task runs currently.
1) For the development environment the ant task runs only to compile Java classes and nothing else, web.xml is that for development environment.
2) When the app is ready for production , I run Ant to copy all files from my dev folder to a temporary build folder - during this copy I filter out the .java files (since there's no longer a need for them in production) only class files are moved.
3) Then I treat the above temporary folder as the source folder, and run the Jasper pre-compiler which significantly alters the web.xml file .
But the good part is that my original development web.xml stays unaltered since it is in it's own folder.
4) Then finally I run a WAR task on the processed contents of the temporary build folder which contains the modified web.xml
This way each environment has it's own web.xml .

War Deployment and JNDI troubles - Possibly more than one problem

So this all started with the deployment of a *.WAR file that uses a Spring injected JNDI connection. The JNDI connection is set up in Weblogic 10.3 which is what I'm using for an App server. Problem I am seeing right now is nearly identical to the issue posted in this Struts 2 thread:
http://article.gmane.org/gmane.comp.jakarta.struts.user/165150
In a nutshell, my classes aren't getting loaded properly.
Error looks like: Could not load servers/AdminServer/tmp//appmergegen....
It's a Spring/Struts 2 Project.
Jim C.

you may want to post it in this forum for Web Logic.
WebLogic Server - Upgrade / Install / Environment / Migration
regards,
AMN

2013 SP Site Collection and Farm Admin permissions and cannot access site

I am Farm Admin and Site Collection admin on my 2013 SP server and CAN access Central Admin, but CANNOT open the site without being promted for user name and password. When I enter the user name and password they are not accepted.
This is on my production server. I have NO PROBLEMs with the staging server. The 2 are set up exactly the same.
Any suggestions?

Discussion
Farm Administrators are not automatically able to access site collections. They can however add themselves to the site collection administrators group. Additional detail:
Permissions for site collection administrators - scroll down to the
SharePoint farm administrators section (midway down) and look for the
Note.
Resolution
Add your farm administrators account to the site collection administrators group. You can do this two ways:
Go: Central administration > Application Management > Site Collections > Change site collection administrators
Go: [your site collection] > Site Settings > Users and Permissions > Site collection administrators.

Restrict Access To Page Not Working with Different Auth Levels

I have just started playing with the idea of using different auth levels to allow different users access to certain pages on my site.
Within my SQL database I have a authlevel table consisting of 3 possible levels (guest, user, admin)
I am using the Dreamweaver "Log in user" to log in users based on username, pass, and auth level and "Restrict access to page" set to allow user levels 'user' and 'admin'.
The problem, however, occurs when trying to log in. No matter what auth level I try I am redirected to my page where users should be redirected if they are not allowed to enter that page.
I have included below my code from my login page and the page where all authorized users (user and admin) should be directed upon entering the restricted area.
Login Page:
<?php require_once('../Connections/hondovfd.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
return $theValue;
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "authlevel";
$MM_redirectLoginSuccess = "/membersonly/membersonly.php";
$MM_redirectLoginFailed = "/membersonly/loginfailed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_hondovfd, $hondovfd);
$LoginRS__query=sprintf("SELECT username, password, authlevel FROM login WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $hondovfd) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
    $loginStrGroup = mysql_result($LoginRS,0,'authlevel');
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    header("Location: " . $MM_redirectLoginSuccess );
else {
    header("Location: ". $MM_redirectLoginFailed );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Log In</title>

<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />

<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
    <ul>
      <li><a href="/people.php">Our People</a></li>
      <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
      <li><a href="/medical.php">Medical</a></li>
      <li><a href="/apparatus.php">Apparatus</a></li>
      <li><a href="/training.php">Training</a></li>
      <li><a href="/volunteer.php">Volunteer</a></li>
      <li><a href="/statistics.php">Statistics</a></li>
      <li><a href="/patchtrading.php">Patch Trading</a></li>
    </ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
</div>
<div id="sidebar2">
    <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
    <p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="60%">EMS Calls</td>
    <td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
    <td>Fire Calls</td>
    <td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
    <div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
    new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
     
</div>

<div id="mainContent">
<div class="top"></div><div class="wrap">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td height="47" class="h2">Members Only Login</td>
</tr>
<tr>
    <td><form ACTION="<?php echo $loginFormAction; ?>" id="login" name="login" method="POST">
    <table width="40%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="31%">Username:</td>
    <td width="69%"><input name="username" type="text" /></td>
</tr>
<tr>
    <td>Password</td>
    <td><input name="password" type="password" /></td>
</tr>
</table>
<input name="Submit" type="submit" />
    </form></td>
</tr>
</table>

</div>
<div class="bottom"></div>
</div>
      <br class="clearfloat" />
<div id="footer">
    <p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
</div>
</div>
<script type="text/javascript">

</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
</html>
Other Page:
<?php
if (!isset($_SESSION)) {
session_start();
$MM_authorizedUsers = "user,admin";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    if (($strUsers == "") && false) {
      $isValid = true;
return $isValid;
$MM_restrictGoTo = "/membersonly/loginfailed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Members Only Area</title>

<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />

<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
    <ul>
      <li><a href="/people.php">Our People</a></li>
      <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
      <li><a href="/medical.php">Medical</a></li>
      <li><a href="/apparatus.php">Apparatus</a></li>
      <li><a href="/training.php">Training</a></li>
      <li><a href="/volunteer.php">Volunteer</a></li>
      <li><a href="/statistics.php">Statistics</a></li>
      <li><a href="/patchtrading.php">Patch Trading</a></li>
    </ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
</div>
<div id="sidebar2">
    <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
    <p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="60%">EMS Calls</td>
    <td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
    <td>Fire Calls</td>
    <td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
    <div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
    new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
     
</div>

<div id="mainContent">
<div class="top"></div><div class="wrap">
    <table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td height="47" class="h2">Members Only Area</td>
</tr>
<tr>
    <td><p><a href="/membersonly/documents.php">Useful Documents</a></p>
      <p><a href="/membersonly/IncidentCount01_08.pdf">Current Call Statistics</a> as of 9/3/09</p>
      </td>
</tr>
</table>
<script type="text/javascript">

</script>
</div>
<div class="bottom"></div>
</div>
      <br class="clearfloat" />
<div id="footer">
    <p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
</div>
</div>
<script type="text/javascript">

</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
</html>

you don't need all that bloat. set a session during login of some kind of uniquely identifying id. i.e.
$_SESSION['id'] = $row_rs['id'];
then on the pages you need to protect, check it like this....
<?php
session_start();
if (!(isset($_SESSION['id']) && $_SESSION['id'] != '')) {
die(header("Location: http://www.notinprotectedareas.com")); }
?>
you can use an include file i.e.
<?php require_once('login_check.php'); ?>
where file is name login_check.php to make your auth controls clean on your protected pages.

How do you restrict access to custom applications?

When I create portlets, there is usually an associated "admin" functionality that needs to be created for each custom application. An example is a shopping cart that we just created, we needed admins to be able to go in and upload photos.
The way that I do this is I create a new portlet "Shopping Cart Admin" and restrict access to it that way. However, because I usually add everything in the /remoteserver/shoppingcart/. folder to the gateway space (its too painful to add one by one), this means that I can't put admin.aspx in that folder. So I usually end up creating a NEW folder /remoteserver/shoppingcartadmin/ for the admin portlet.
Long story short, its a lot of work. I know that I could try to use activity rights, but those seem very global. How do you control edit access to your custom portlets?

Well, there are a few different ways to go about it. You could add a preferences page with the admin functionality, and then an admin would just have to click the little pencil in the portlet titlebar. No admin/edit access, no little pencil.
I have often set the visibility of an ASPX control directly from activity rights, in OnPageLoad, if it isn't postback time. The activity rights should be inherited by the user, through the user's group. Best practise is to create empty groups called Roles, add activity rights to the Roles, and then have the actual groups (that contain users) inherit from one or more Roles.
You already knew that part, I added it for the others. My personal definition of a portlet is 'polymorphous instance of a web service'.
So:
Role: Store Manager (has Edit Shopping Cart activity right)
^
Group: Store Managers (has Store Manager parent group)
User: Vladimir (inherits Edit Shopping Cart activity right)

RemoteApp 2012 R2 Restrict Access to Session Host Desktop

Here is our current situation: I have set up Remote Desktop Services on Server 2012 R2 and published RemoteApp programs. Everything works great with load balancing, collections, etc... and I have been very impressed. However, as it always has been an issue,
I have always had the question of how to allow users to access RemoteApp applications on the session host without allowing them to RDP directly onto the server to access the server desktop. Obviously, you have to add them to remote desktop users group and
they need to be allowed to access over RDP so I figure that the next best thing is to restrict access to the desktop should they manually type the name into an RDP client connection. I know you couldn't restrict them from using mstsc.exe because they need
that to open the RemoteApp since it just uses RDP and I am aware of using GPO's to restrict access to drives and many other things but I would like to remove the desktop altogether. Would it be plausible to remove the GUI feature and restrict access to CMD
and SCONFIG through Server Manager and still allow the session host to present RemoteApp applications or is there a better way to approach this? I figured if I just remove the GUI and access to cmd and sconfig then if they logged on, they would get a blank
screen. Thank you in advance for your time!

Hi,
One technique for this is to set the Custom User Interface group policy setting to logoff.exe. You would have the GPO apply to normal users, but not applied to Domain Admins (or other users that you need to have full desktop).
User Configuration\Administrative Templates\System
Custom User Interface Enabled
Interface file name: %systemroot%\system32\logoff.exe
You should also use NTFS permissions, group policy settings, AppLocker, etc., to further restrict what users are able to do.
-TP

Restrict access for Vendor Master Data

Hi all.
Our company structure is like below:
Single instance, just one mandant.
Company codes like 1001, 3001, 6002, 6006, etc... over the world.
At some companies just the central administration can create vendor for the companies using the transaction XK01.
Now we need to give access to users from one of our company from other country but we can´t give access to transaction XK01 because just the central administration can create the master data for the vendors.
I already read about the object F_LFA1_AEN that is possible to create some field groups and give access just for the rigth groups. I also read that this authorization groups don´t have effect on the vendor master data like address.
How can I restrict access for the vendor master data? I´m thinking to give access to transaction FK01 and MK01 and restrict access for create a new vendor, I only want that the users can create the data for a new company or new purchase organization.
Thank you
Darlei Friedel

among many other authorization objects, you find following three:
F_LFA1_GEN general data
F_LFA1_BUK company code data
M_LFM1_EKO purchasing org data.
If the user does not have authorization for F_LFA1_GEN , then he cannot maintain general data.

Restrict Access to Page Using a password.php Instead of Server Behavior

I previously used "log in" and "restrict access to page" server behaviors for my client portal when I only had one client. I had my username and password stored in mySQL database. I recently have gained more clients that all needed to be redirected to their own customized landing page when logged in. Because of this, I used a password.php to store the usernames and passwords and to redirect to different pages. Now, I am wondering how I can restrict access to these pages (i.e. someone won't be able to access the pages by typing the url) since I will not be connecting to a database anymore.

I'm also confused by your statements.
>Now, I am wondering how I can restrict access to these pages
>(i.e. someone won't be able to access the pages by typing the url)
>since I will not be connecting to a database anymore.
It doesn't matter where you store the credentials - database or php file - the techniques for restricting access will be similar. I really don't understand why you moved away from the database when you got more clients. The more data you need to manage, the more reason to store it in a database.
After logging in, most sites direct users to the same page, yet pull user specific data from the database. If for some reason you can't do this and need to built individual pages for each client, then store the 'landing' page for the client in the php file or database. Restrict access to each page by comparing the logged in name with an allowed login name. Or a more dynamic approach would be to dynamically pass the page name to a database query that validates that it's ok for the logged in user to access.
Also, these questions are more appropriate for the app dev forum.

Restrict Access to certain users based on if a variable in the SQL database is set to 1

Hey guys,
I am quite new to PHP and MySQL and I have a question concerning access restriction. For a website project I am experimenting with Dreamweaver's login and restrict access behavior, which works fine. However, on the website I would like to restrict access for users that only have a 1 set in the corresponding MySQL database (which means that e.g. each page has a different variable in the database that can be set to 1, which would allow me to personify access beyond the level of the out-of-the box option, where each user can only have one access level). So it is quite similiar to the out-of-the-box restrict access to page based on user group, but just depending on another variable in the database.
I guess it can be done with an if condition that checks in the database if the logged in user has a 1 in this variable, and if yes give her/him access if not redirect to another page. However, I could not figure out how to implement that.
Your help is highly appreciated!
Thanks in advance!

Hello guys,
I spend quite some time on the internet reseaching my wish and redefined my need: I would basically like to have the possibility to assign a user multiple access levels. There would be e.g. 10 pages for each I create an access level. Then a user with e.g. access to pages 2 and 8 can only access these two pages. So my basic question is if and if yes how I can assign a user muliple access levels at a time and store these values in the MySQL database.
Thanks a lot for your help!!

Ver 8.8 Restricted access to BP accounts and activities

Currently, I am not aware of a way to restrict access to certain BP accounts, including the related activities for a BP. For example, our bank, HR consultants, etc. where I would like to limit the access to these BP accounts and related attachments to certain users, such as our management group.
Primary importance would be to limit access to related activities where sensitive information may be stored in the form of emails, attachments, etc.
Our previous CRM allowed us to flag BP accounts as restricted and set up permissions to authorized users.
Is anyone aware of a way to limit access to these activities?
If not, this is a great enhancement for future releases.

Current system design has only set up confidential GL Account but not for BP. You probably need to post it on the R&D forum here:
/community [original link is broken]
Thanks,
Gordon

Ver 8.8 Restricted access for BP and activities

Currently, I am not aware of a way to restrict access to certain BP accounts, including the related activities for a BP. For example, our bank, HR consultants, etc. where I would like to limit the access to these BP accounts and related attachments to certain users, such as our management group.
Primary importance would be to limit access to related activities where sensitive information may be stored in the form of emails, attachments, etc.
Our previous CRM allowed us to flag BP accounts as restricted and set up permissions to authorized users.
Is anyone aware of a way to limit access to these activities?
If not, this is a great enhancement for future releases.

Current system design has only set up confidential GL Account but not for BP. You probably need to post it on the R&D forum here:
/community [original link is broken]
Thanks,
Gordon

.war deployment and restricted access to admin activities

Similar Messages

Maybe you are looking for