Webi LOV filter based on BW roles

Similar Messages

• Web Server Filter Based SSO to Non-SAP Apps

  Hi,
  I am following SAP Note 442401 for configuring the Non-SAP App for Web Server Filter based SSO using SAP Logon Ticket. Also, I have downloaded the 5_0_2_8.zip file.
  The Readme doc of this zip file says:
  "<b>Changes in Web server filter plugins
  The Web server filter plug ins and the Ticket Toolkit now were separated.
  See subdirectories for further information:
  "C"          the Ticket Toolkit
  "filter"     the Web server filter plug ins
  This is the last released version (5.0.2.8) on SAPSERV.
  Pleaser refer for newer versions to SAP Service Marketplace (http://service.sap.com/patches)
  Technology Components-> SAP SSOEXT -> SAP SSOEXT</b>"
  Zip file has two folders named "C" and "filter".
  "C" folder has cpp code to varify the ticket.
  "Filter" folder has DLLs for the different web servers.
  So far so good . Now, what I want to know is that is placing the  DLL from the Filter folder onto the respective web server and doing some configs, as per the PDF provided with ZIP file, enough?
  Or do I need to do anything else, like writing any class to read and validate the Ticket?
  Thanks,
  Vivek

  See Web Server Filter Based SSO to Non-SAP Apps

• Custom plugin based on user role membership

  Hi all,
  I would like to develope a custom plugin that generates account userid (on process form) with different syntax against role membership.
  With "syntax" I mean name.surname.random_number for employee users and surname.company.random_number for example.
  I'll try to explain the scenario more in details:
  1. I create a user identity through a request
  2. After user identity has created successfully, I assign a role to the user. Since roles are associated with access policies, role assignment triggers provisioning on target system.
  3. The custom plugin that I would like to develope shuold be able to generate proper userid against role membership. For example if I assigned the role "Project Manager" the custom plugin should generate the account userid with name.surname.random_number format; viceversa if I assigned the role "External Reseller" the custom plugin should generate the account userid with surname.company.random_number format.
  Looking for custom plugin based on role membership in forum, I found a couple of threads about this subject:
  - Email notifications after role grant
  - Re: OIM 11g Role Membership Event Handlers.
  I tried to implement what explained in the threads, but I would be sure about what I've done.
  Here what I've done:
  1. created plugin.xml file
  2. created EventHandler.xml metadata file
  3. developed a java calss for testing pourpose
  4. copied the custom plugin class to OIM server for example in $MIDDLEWARE_HOME/OIMPlugins/lib
  NOTE: during this operation I have exactly mantained the same directory structure of custom java package.
  For example custom plugin class is under my.custom.plugin java package and I have copied custom java class under $MIDDLEWARE_HOME/OIMPlugins/lib/my/custom/plugin folder
  5. created a zip file containing custom plugin class (always with its directory structure) and plugin.xml file
  6. copied the zip file to $OIM_HOME/server/plugins
  7. edited ant.properties file (under $OIM_HOME/server/plugin_utility) setting wls.home and oim.home variables
  8. built the wlfullclient.jar (only the first time)
  9. registered the custom plugin
  10. created the custom plugin dataset file
  11. imported it in OIM database using "weblogicImportMetadata" utility
  12. purged cache using "PurgeCache" utility
  NOTE: all the steps above was executed using the system user running OIM process
  test java class
  package com.zeropiu.sky.custom.eventhandlers;
  import java.io.Serializable;
  import java.util.HashMap;
  import com.thortech.util.logging.Logger;
  import oracle.iam.platform.kernel.spi.ConditionalEventHandler;
  import oracle.iam.platform.kernel.spi.PostProcessHandler;
  import oracle.iam.platform.kernel.vo.AbstractGenericOrchestration;
  import oracle.iam.platform.kernel.vo.BulkEventResult;
  import oracle.iam.platform.kernel.vo.BulkOrchestration;
  import oracle.iam.platform.kernel.vo.EventResult;
  import oracle.iam.platform.kernel.vo.Orchestration;
  import oracle.iam.platform.context.ContextManager;
  import java.util.Set;
  public class TestUserAnonimi implements PostProcessHandler, ConditionalEventHandler {
       private static final Logger logger = Logger.getLogger("com.zeropiu.sky.custom.eventhandlers");
  private static final String className = "TestUserAnonimi";
       @Override
       public void initialize(HashMap<String, String> arg0) {
            // TODO Auto-generated method stub
            String methodName = "initialize";
            System.out.println("###### " + className + " - " + methodName);
       @Override
       public boolean isApplicable(AbstractGenericOrchestration abstractGenericOrchestration) {
            // TODO Auto-generated method stub
            String methodName = "isApplicable";
  System.out.println("###### " + className + " - " + methodName + " - STARTED");
  System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextType(): " + ContextManager.getContextType());
  System.out.println("###### " + className + " - " + methodName + " - ContextManager.getContextSubType(): " + ContextManager.getContextSubType());
  System.out.println("###### " + className + " - " + methodName + " - abstractGenericOrchestration.getOperation(): " + abstractGenericOrchestration.getOperation());
  System.out.println("###### " + className + " - " + methodName + " - Printing ContextManager parameters");
  HashMap allContextManagerPairs = ContextManager.getAllValuesFromCurrentContext();
  Set<String> allContextManagerParams = allContextManagerPairs.keySet();
  String[] parameters = allContextManagerParams.toArray(new String[allContextManagerParams.size()]);
  for (int i = 0; i < parameters.length; i++) {
            System.out.println("###### " + className + " - " + methodName + " - Context parameter " + i + ": " + parameters[i] + " - Object type is: " + Utils.getObjectType(ContextManager.getValue(parameters)));
  System.out.println("###### " + className + " - " + methodName + " - ENDED");
  return true;
       @Override
       public boolean cancel(long arg0, long arg1,     AbstractGenericOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "cancel";
            System.out.println("###### " + className + " - " + methodName);
            return false;
       @Override
       public void compensate(long arg0, long arg1, AbstractGenericOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "compensate";
            System.out.println("###### " + className + " - " + methodName);
       @Override
       public EventResult execute(long arg0, long arg1, Orchestration orchestration) {
            // TODO Auto-generated method stub
            String methodName = "Eventresult execute";
            System.out.println("###### " + className + " - " + methodName);
            return null;
       @Override
       public BulkEventResult execute(long arg0, long arg1, BulkOrchestration arg2) {
            // TODO Auto-generated method stub
            String methodName = "BulkEventResult execute";
            System.out.println("###### " + className + " - " + methodName);
            return null;
  plugin.xml file
  <?xml version="1.0" encoding="UTF-8"?>
  <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
  <plugin pluginclass="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" version="1.0" name="TestUserAnonimi">
  </plugin>
  </plugins>
  </oimplugins>
  EventHandler.xml metadata file
  <?xml version='1.0' encoding='UTF-8'?>
  <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
  <action-handler class="com.zeropiu.sky.custom.eventhandlers.TestUserAnonimi" entity-type="RoleUser" operation="CREATE" name="TestUserAnonimi" stage="preprocess" order="1007" sync="FALSE" />
  </eventhandlers>When I assign a role to a user through OIM web interface, I can see in OIM log file all System.out.println contained in initialize(), isApplicable() and BulkEventResult execute() methods. Is it correct? Can I implement my custom plugin logic now, or my starting point is wrong?
  ###### TestUserAnonimi - initialize
  ###### TestUserAnonimi - isApplicable - STARTED
  ###### TestUserAnonimi - isApplicable - ContextManager.getContextType(): ADMIN
  ###### TestUserAnonimi - isApplicable - ContextManager.getContextSubType():
  ###### TestUserAnonimi - isApplicable - abstractGenericOrchestration.getOperation(): CREATE
  ###### TestUserAnonimi - isApplicable - Printing ContextManager parameters
  ###### TestUserAnonimi - isApplicable - Context parameter 0: origuser - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 1: oimuser - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 2: RESOLVED_LOCALE - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 3: counter - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 4: TIME_ZONE - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - Context parameter 5: ipaddress - Object type is: java.lang.String
  ###### TestUserAnonimi - isApplicable - ENDED
  ##### TestUserAnonimi - BulkEventResult execute
  Thanks,
  Daniele
  Edited by: 886636 on Jan 24, 2012 2:53 AM
  Edited by: 886636 on Jan 24, 2012 2:53 AM

  Probably I don't explain myself clearly....sorry for that!
  Anyway you are right, the role of the user can change after the user is initially provisioned.
  I'll try to summarize to be sure to have understood your answer and to explain my scenario more in details:
  1. After user identity creation, I'll assign the role "Project Manager". Before role assignment the user has not any role. So using a pre-populate adapter I can retrieve the assigned role and compose the right userid.
  2. After step 1, I need to assign another role to the user, the new role should be "External Reseller" for example. In this case the user has a role already. What I would is: basing on the role that I'm assigning (External Reseller), the pre-populate should compose the right userid. Obviously this second userid will be different from the first one and this means a new account will be created for the user. At the moment I don't care to deprovisioning the first userid.
  Is it possible with pre-populate adapter?
  Sorry again for my not very clear explanations.
  Daniele
  Edited by: 886636 on Jan 24, 2012 4:10 AM

• How to open network tab in developer tool and filter based on a value in C# selenium webdriver

  Hi,
  I am using selenium webdriver in c#, is there any way i can open the network tab of developer tool for the opened page, filter based on a value, and click on the event where i can check the value of the variable
  Sample code woulb b helpful
  Thanks,
  Prahal
  if not possible wat is the best way to automate web analytics 

  Hi Prahal,
  Thank you for posting in MSDN forum.
  Since you are using Selenium WebDriver which is third-party product, the issue is out of support range of Visual Studio testing forum. I suggest that you can consult your issue on Selenium support:
  http://docs.seleniumhq.org/support/ for better response.
  Thanks for your understanding.
  Best Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How to filter based on two keywords (using And)?

  Something that seems so simple but I just can't figure it out.
  I've added keywords to a lot of my photos. Now I want to find all the keywords that match multiple pictures -- like with Snow AND Tree.
  When I select multiple keywords using shift, it builds a filter Snow OR Tree instead of what I want, Snow AND Tree.
  How do I build up a filter based on multiple keywords with AND logic?
  And along the same train of thought, I imagine someday I might want to even build on this and say Nature is synonymous with Tree or Lake... and then build a filter based on Nature AND Snow. Is this possible?
  Sorry for such an obvious question and thanks in advance.
  Love Lightroom so far, in the 2 days I've played with it and see it as finally being a way to quickly and easily organize and manage my photos.
  Ron

  For NOT it works if you do the following:
  1. Select keyword (e.g foo) to find photos with just that keyword
  2. Ctrl + A to select all
  3. Go to All Photogrpahs in the Library (selection will be maintained)
  4. Go to Edit -> Invert Selection
  This should leave you with all photos without 'foo'.
  Works for me (Windows XP).
  Andy.

• Filter Based on other report not working

  Hi Gurus,
  I am using OBIEE 10g.
  I have a Dashboard page in that i have a prompt and 2 reports,(A, B reports). Report B is using the same columns as prompt where as report A not.
  Report A has columns which hold the same data as report B, so i thougt to pass the values based on Report B column using the filter based on other report. I am able to complete it succssfuly but Report A is not having amount of data that i was excepting. When i started investigating i found out that the column which i am using in the prompt and report B have values ( NEW, OLD, NULL) report A able to take the values NEW and OLD but the NULL values are not passing to report A. In report B it is taking null value as it has filter as prompted.
  Is it any way to have the values (NEW, OLD, NULL) in report A?
  Thanks in Advance.
  Regards
  Ali

  Hi Deep,
  Thanks for taking time to answer my question.
  I have to display null. If i Mask with something then i dont get proper data in report A, couse in the table it is null.
  Thanks
  Ali

• SSO between R/3 and Web Server Filter is not working

  Hi all,
  I have to configure SSO to access from SAP R/3 to a third-party web application through Web Server Filter.
  R/3 &#61664; WSF &#61664; 3rdParty App
  I think everything is configured properly, but when I issue the http request from R/3 to WSF I get the following error in sapsso.log file in apache server:
  ======================================================
  trc file: "/usr/local/app/apache/sapsso.log", trc level: 3, release: "620"
  Thu Nov 29 13:44:40 2007
  Webserver Ticket Filter Release Version 5.0.2.8
  Loading of the props returned 0=OK.
  Max cache size =  0
  Initialization done.
  Checking validity...
  Ticket Validation Error: expired.
  Checking validity...
  Ticket Validation Error: expired.
  Checking validity...
  Ticket Validation Error: expired.
  Checking validity...
  Ticket Validation Error: expired.
  Checking validity...
  Ticket Validation Error: expired.
  Checking validity...
  Ticket Validation Error: expired.
  ======================================================
  And in the error_log file of the apache http server there’s the following:
  ======================================================
  proxy_cache.c(969): No CacheRoot, so no caching. Declining.
  proxy_http.c(586): Content-Type: (null)
  Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...
  Got date              from ticket.
  Cur time = 200711291244.
  Computing validity in hours.
  Computing validity in minutes.
  CurTime_t = 1196426640, CreTime_t = -496601312
  validity: 216000, difference: 1693027952.000.
  proxy_cache.c(969): No CacheRoot, so no caching. Declining.
  proxy_http.c(586): Content-Type: (null)
  Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...
  Got date              from ticket.
  Cur time = 200711291244.
  Computing validity in hours.
  Computing validity in minutes.
  CurTime_t = 1196426640, CreTime_t = -496601312
  validity: 216000, difference: 1693027952.000.
  proxy_cache.c(969): No CacheRoot, so no caching. Declining.
  proxy_http.c(586): Content-Type: (null)
  Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA...
  Got date              from ticket.
  Cur time = 200711291244.
  Computing validity in hours.
  Computing validity in minutes.
  CurTime_t = 1196426640, CreTime_t = -496601312
  validity: 216000, difference: 1693027952.000.
  proxy_cache.c(969): No CacheRoot, so no caching. Declining.
  proxy_http.c(586): Content-Type: (null)
  ======================================================
  It seems like there isn’t the date in the ticket issued by SAP R/3. However, I tried to configure sso between the same R/3 server and an EP and worked fine.
  I also tried to decrypt the ticket issued by R/3 but I get a segmentation fault.
  Does anyone can help me?
  Thanks in advance.
  Roger Allué i Vall

  Here's a excerpt of a strace of the httpd processes when receive the http request:
  13863 accept(16,  <unfinished ...>
  13864 accept(16,  <unfinished ...>
  13865 accept(16,  <unfinished ...>
  13866 accept(16,  <unfinished ...>
  13867 accept(16,  <unfinished ...>
  13868 accept(16,  <unfinished ...>
  13872 accept(16,  <unfinished ...>
  13863 <... accept resumed> {sa_family=AF_INET, sin_port=htons(2476), sin_addr=inet_addr("10.80.183.46")}, [16]) = 3
  13863 rt_sigaction(SIGUSR1, , {0x805fd50, [], SA_INTERRUPT}, 8) = 0
  13863 fcntl64(3, F_SETFD, FD_CLOEXEC)   = 0
  13863 getsockname(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("10.41.235.48")}, [16]) = 0
  13863 setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
  13863 read(3, "GET /Silicon/loginPasarela.jsp?accion=urgencias&icu=0010000694%20&nhc=0000147810 HTTP/1.1\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /\r\nAccept-Language: ca\r\nsap-mysapsso: 200711291818281ppOT/XT2eKtb8Unh0aexQAjQxMDIBABgAUgBBAEwATABVAEUAIAAgACAAIAAgACACAAYAMQAwADADABAAUgBIAEkAIAAgACAAIAAgBAAYADIAMAAwADcAMQAxADIAOQAxADcAMQA4BQAEAAAAPAkAAgBj/wFQMIIBTAYJKoZIhvcNAQcCoIIBPTCCATkCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCARgwggEUAgEBMBMwDjEMMAoGA1UEAxMDUkhJAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMjkxNzE4MjhaMCMGCSqGSIb3DQEJBDEWBBRNZ7rlzxjw9r4UNi4m/MBvHYXK0TANBgkqhkiG9w0BAQEFAASBgNeYexwxhY7cUDZG7mGKmaljgqt2NBdlV!WA/4FUSFVpIewDtMQDtLjcAcVRsH2QMWxPs0!QSvlqlJHdm7VIvMe9pWMvs6ld8/U!lOTSQqtNyI!am770SgRMR60eiV3Ir8q8wfR8VXnO9acHHePnVN4O24!jwCOPxm6XAQuKMUAS\r\nsap-mysapred: http://sapwhi01.argos.gencat.intranet/Silicon/loginPasarela.jsp?accion=urgencias&icu=0010000694 &nhc=0000147810\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)\r\nC", 4096) = 1260
  13863 rt_sigaction(SIGUSR1, , , 8) = 0
  13863 time(NULL)                        = 1196356708
  13863 read(3, "ookie: MYSAPSSO2=AjQxMDIBABgAUgBBAEwATABVAEUAIAAgACAAIAAgACACAAYAMQAwADADABAAUgBIAEkAIAAgACAAIAAgBAAYADIAMAAwADcAMQAxADIAOQAxADcAMQA4BQAEAAAAPAkAAgBj%2fwFQMIIBTAYJKoZIhvcNAQcCoIIBPTCCATkCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCARgwggEUAgEBMBMwDjEMMAoGA1UEAxMDUkhJAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzExMjkxNzE4MjhaMCMGCSqGSIb3DQEJBDEWBBRNZ7rlzxjw9r4UNi4m%2fMBvHYXK0TANBgkqhkiG9w0BAQEFAASBgNeYexwxhY7cUDZG7mGKmaljgqt2NBdlV%21WA%2f4FUSFVpIewDtMQDtLjcAcVRsH2QMWxPs0%21QSvlqlJHdm7VIvMe9pWMvs6ld8%2fU%21lOTSQqtNyI%21am770SgRMR60eiV3Ir8q8wfR8VXnO9acHHePnVN4O24%21jwCOPxm6XAQuKMUAS; JSESSIONID=50B5570A234B89887690DF50A993477D\r\nConnection: Keep-Alive\r\nHost: sapwhi01.argos.gencat.intranet\r\n\r\n", 4096) = 730
  13863 time(NULL)                        = 1196356708
  13863 write(2, "Thu Nov 29 18:18:28 2007\n", 25) = 25
  13863 write(2, "Ticket is AjQxMDIBABgAUgBBAEwATABVAEUAIA... \n", 45) = 45
  13863 time(NULL)                        = 1196356708
  13863 write(5, "\nChecking validity...\n", 22) = 22
  13863 time(NULL)                        = 1196356708
  13863 write(2, "Got date              from ticket.\n", 35) = 35
  13863 time(NULL)                        = 1196356708
  13863 time(NULL)                        = 1196356708
  13863 write(2, "Cur time = 200711291718.\n", 25) = 25
  13863 time(NULL)                        = 1196356708
  13863 write(2, "Computing validity in hours.\n", 29) = 29
  13863 time(NULL)                        = 1196356708
  13863 write(2, "Computing validity in minutes.\n", 31) = 31
  13863 time(NULL)                        = 1196356708
  13863 write(2, "CurTime_t = 1196443080, CreTime_t = -496601312 \n", 48) = 48
  13863 time(NULL)                        = 1196356708
  13863 write(2, "validity: 216000, difference: 1693044392.000.\n", 46) = 46
  13863 time(NULL)                        = 1196356708
  13863 write(5, "Ticket Validation Error: expired.\n", 34) = 34
  13863 time(NULL)                        = 1196356708
  and so on.

• How to create a Filter based on 2 or more columns

  Hi Folks,
  We have a requirement to filter based on 1 column, 2 columns and 3 columns values to an analysis with measures.
  So my question is whether we can acheive this in OBIEE, If so then what would be the best way to implement it.
  Thanks,
  Vj

  Hi Vj,
  This we can leverage using BINS,But i have never tried that.
  Check this
  http://www.onyxtraining.com/blog/bid/92181/Multiple-Conditions-and-Filtering-in-OBIEE
  Mark if helps.
  Thanks,

• CRM 2011: Can you control which form is used based not security roles, but on a field value?

  I see that you can control which form is used based on security roles, but can you control it based on other field values?  I'd like a new record to use a different form until a given status is updated.  I have a status of draft and active. So
  it would be nice if I could use form1 for those in draft, form2 for those that are active.  But I only see where you can control that via the security roles.
  I can code all of this via JavaScript, but having the ability to use two separate forms would be nice.  Is that even possible.
  Best regards,
  Jon Gregory Rothlander

  Hello,
  Recheck following article - http://gonzaloruizcrm.blogspot.com/2014/11/avoiding-form-reload-when-switching-crm.html
  Dynamics CRM MVP/ Technical Evangelist at SlickData LLC
  My blog

• How to create LDAP filter-based rule to check Group membership in OAM

  Hi folks,
  I'm having hard time creating an authorization rule to verify ldap group membership. I've followed "Configure User Authorization" article from Oracle website (http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/b32420/v2authz.htm#BABHBFEJI) and created an Authorization scheme w ldap_attribute_name as User Parameter and ruleExpression as Required Parameter. Then, inside my policy I created an Authorization Rule based on my Authz scheme w Allow Access attrib filter-based Rule which looks like this:
  ldap://ldap_server:port/ou=People,o=Company,c=US??sub?(ldap_attribute_name=ldap_attribute_value)
  This works fine.
  Now, I've added another filter-based rule under the same Authz Rule/Allow Access:
  ldap://ldap_server:port/ou=Groups,o=Company,c=US?uniqueMember?sub?(&(objectClass=groupOfUniqueNames)(cn=ldap_group_name))
  While query looks somewhat correct and works as a command-line argument (slightly modified format), it does not work in OAM (meaning people w out req-d group membership can still login).
  Can someone steer me to the right direction as to what do I need to do:
  1. Change/fix the ldap query
  2. Create new Authz scheme with uniqueMember userParameter; create new Authz rule based on new authz scheme; create new Allow Access filter rule with the ldap query I have
  3. Do smth else
  Any help is greatly appreciated.
  Thank you, Roman

  You can create two authorization rules
  First for user with attribute
  and second for group
  and then in authorization expression you can have AND of these two.
  Regarding your query...
  First ... If your requirement is to give access to all the members of a particular group then you don't require any ldap filters
  All you have to do is in the authorization rule -> Allow access -> Select People (here you have to select group so click on the group tab, its little hard to see but its there in light blue color on dark blue tab) -> select the group you want to give access
  Second.. If your requirement is such that you want to give access to a member of a group which has certain attribute lets say group with status active ( In this case you are not aware of the name of the group because user can be a member of any group but you want to give access only to the group with specific attribute.) then you have to write custom authorization plugin.
  If the option is second let me know i can give you a solution which will work for a single domain without any effort of developing a major plugin.
  Hope this helps,
  Sagar

• App store icon gone missing/Web Content Filter - Apple Configurator

  I am using Apple Configurator to manage the iPads at my school. I changed the settings on my school's profile, within Apple Configurator, so that the App store was not available. The App store icon disappeared and all was good. I decided to change the settings back, to allow the App store, saved the settings and refreshed a group of iPads. The App store icon is still missing and it doesn't appear that my new settings have been applied. I quit Configurator and tried again, but no success. I am running Configurator 1.5 and the ipads are running iOS 7.1.
  Also, I have unchecked the "Allow use of You Tube" button because I want You Tube disabled, but Configurator still allows the use of You Tube through Safari. Is there any way to disable the use of You Tube without using the ridiculous "Web Content Filter", that when activated, limits adult content (good), which seems to include a lot of valuable educational sites (bad)? To me the only other option available seems to be to tick "Specific Websites Only" and spend the next year typing in all the possible sites that might have educational merit, ergo, my use of the word 'ridiculous'. Is there something I am missing?

  Locate it in the Apps folder and drag it to the dock.

• Restricting values of a dropdown based on user roles

  Hi,
  Is it possible to restrict the values of a custom metadata dropdown based on the user roles (assuming only 1 role is assigned to each user)? Say, based on the role assigned to a user, he/she should see only 3-4 values out of 10 values in a dropdown on the checkin page. Please suggest.
  Thanks.

  You can get pretty close out of the box using some configuration manager applet voodoo
  1)First off create a Table that will contain the options for your list. Create the columns e.g. label and id and then also create a column called dSecurityGroup
  2)Add a view based on the table you just created, choose the Security tab and select "Use standard document security"
  3)Add some values to your view - make sure that you populate the dSecurityGroup column with real values of security groups
  4)Once it is all published, have a look at the checkin and search screens. You should find that UCM will evaluate the options in the same way it would documents - based on the dSecurityGroup value you applied to the row - e.g. you will see an option on the search screen if you have at least R permissions, you will see an option on a checkin screen if you have at least RW permission
  Try it out :-)

• Cannot get URL web part filter to pass Parameter to List web part

  How do I wire an out-of-the-box URL web part filter to a SharePoint 2013 list (or "app" as renamed in 2013) web part when the list has a parameter?
  My SharePoint list uses a parameter because it needs a Contains filter, as in
       <Where>
        <Contains>
         <FieldRef Name="MyFieldName"/>
         <Value Type="Note">{MyParam}</Value>
        </Contains>
       </Where>
  The ParameterBinding is defined simply.
  <ParameterBinding Name="CohortParam" DefaultValue=""/>
  It has had Location="None" in the past, but another forum entry that I read suggested removing that.
  When I add the list (or "app" in SharePoint 2013) to a web part page and also add a URL Filter web part, the URL filter cannot see the parameter. The menu chain Connection >> Send Filter Values To >> [My List web part name] shows
  the dialogue. On the "Choose Connection" tab, I choose "Get Parameter Values From". Clicking the "Configure" button results in the "Configure Connection" tab having the message "The Consumer Web Part did not
  provide schema information".

  Hi Randy,
  You need to change the "MyParam" to "CohortParam", for parameterbinding element we need to add the location attribute as below codeline, then when we use the QueryString "CohortParam" with value in url, it will directly
  filter the list web part items without adding URL Filter web part.
  <ParameterBinding Name="CohortParam" Location="QueryString(CohortParam)" DefaultValue=""/>
  I attached my resutls as below image (also "MyParam" can be changed to "CohortParam" if you want), you can take a look.
  Thanks,
  Daniel Yang
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Daniel Yang
  TechNet Community Support

• Filter based group - viewing contents

  Hi,
  I'm trying to figure out how to see if a filter defined group on a Sun One 5.2 Directory server is getting the objects required.
  The filter group was defined by someone else. I've got several LDAP search tools available to me, but can't get results that I expect.
  The group is defined as:
  objectClass: top
  objectClass: groupofuniquenames
  objectClass: groupofurls
  memberURL: ldap:///ou=People,dc=app,dc=sample,dc=com??sub?(&(objectclass=person)(uid=*)(ntuserdomaindi=*sample*))
  cn=Employees
  The group is defined in the tree as:
  cn=Employees,ou=Groups,dc=app,dc=sample,dc=com
  My expectation, using ldp, ldapsearch, or Softerra's LDAP Browser, is that when I attempt to open the tree looking at the 'Employees' group, I would see a list of the objects that the filter selected. I Don't see any thing.
  Am I looking this in a WRONG way, or is my query not working?
  TIA, Scott

  That's correct, senderbase reputation filtering occurs very early on. At the IP/TCP level of a connection. To get more info on this, check out the user guide on HAT Overview.
  Since senderbase reputation filtering occurs early on, even before the mail-from/rcpt-to/subject information are obtained, it is too late to enforce LDAP settings.
  However, what you can do with ldap is verify if the sender or recipient are a member of a certain group and then disable anti-spam/anti-virus/content filtering from their email. You would use ldap-from-group in conjunction with incoming or outgoing mail policies.
  To make an email immune from senderbase reputation filtering, you would need to know the IP/hostname/partial hostname of where their message is coming from and add that info to the whitelist sendergroup in the HAT overview.
  Is it possible to completely disable the reputation filter based on whether the recipient is in a certain LDAP group?
  I'm currently thinking no as LDAP groups are assigned a message filter and by this point in the pipeline the reputation filter has already been applied.
  Perhaps someone more experienced can confirm/disprove this for me?

• Filter based on another analysis need to run as a seperate query obiee 11g

  Hi,
  I have a main report which has a filter condition that depends on the another request(Created through Filter based on another analysis).The Filter based on another analysis report query comes as a embedded query along with the main query (making a subquery).As it has a subquery it is taking more time to fetch data.
  Is there any possiblity of running the Filter based on another analysis report as a seperate query.
  Please suggest.
  Thanks,
  Soukath

  Hi,
  Make sure one thing,u have eanble check box and submit sql button in the bottom of Advanced tab then save it and try again it will work.
  refer:
  http://tipsonobiee.blogspot.com/2009/06/step-by-step-to-bypass-all-caches.html
  Thanks
  Deva
  Edited by: Devarasu on Dec 19, 2011 11:59 AM