Workset validation and restricted access to other workset based on first

Similar Messages

• Restrict Access to certain users based on if a variable in the SQL database is set to 1

  Hey guys,
  I am quite new to PHP and MySQL and I have a question concerning access  restriction. For a website project I am experimenting with Dreamweaver's  login and restrict access behavior, which works fine. However, on the  website I would like to restrict access for users that only have a 1 set  in the corresponding MySQL database (which means that e.g. each page has a different variable in the database that can be set to 1, which would allow me to personify access beyond the level of the out-of-the box option, where each user can only have one access level). So it is quite similiar to the  out-of-the-box restrict access to page based on user group, but just  depending on another variable in the database.
  I guess it can be done with an if condition that checks in the database if the logged in user has a 1 in this variable, and if yes give her/him access if not redirect to another page. However, I could not figure out  how to implement that.
  Your help is highly appreciated!
  Thanks in advance!

  Hello guys,
  I spend quite some time on the internet reseaching my wish and redefined my need: I would basically like to have the possibility to assign a user multiple access levels. There would be e.g. 10 pages for each I create an access level. Then a user with e.g. access to pages 2 and 8 can only access these two pages. So my basic question is if and if yes how I can assign a user muliple access levels at a time and store these values in the MySQL database.
  Thanks a lot for your help!!

• .war deployment and restricted access to admin activities

  Hi,
  1.
  Is there a way to configure the iAS7 to pick up the .war, .ear files from a directory and deploy those modules automatically? I am expecting a feature to be similar to that of the Tomcat. In Tomcat, if you copy your .war file in the web-apps directory, it automatically deploys the application.
  2.
  I am planning to restrict access rights to the developers through the web based admin application for iAS7.
  For ex: I only would like to allow the developer (non admin user) to deploy the applications but nothing else (not even restarting the server). Current web based admin interface allows the users to do everything, if logged in with the admin user. I read the documentation that mentions about distributed administration but I did not find any further doc on it.
  Any help on this is greatly appreciated.
  TIA
  Thirupati Panyala

  1. No currently SUN ONE appln server does not have such a facililty.It is planned for the future release.
  2. Distributed administration is not supported by S1AS

• HT1923 I have a Vista Operating system with 2 users.  Somehow I got two different play lists each with one user.  One is too big for the storage and has a vast amount of duplicates.  Can I delete the one that is twice as large and then access the other li

  I have a Vista operating system with 2 users.  Somehow I got two diffent libraries for the users.  How can I delete the one and then access the correct library on the other users profile?

  Use the trackpad to scroll, thats what it was designed for. The scroll bars automatically disappear when not being used and will appear if you scroll up or down using the trackpad.
  This is a user-to-user forum and most people will post on here if they have problems. You very rarely get people posting to say there update went smooth. The fact is the vast majority of Mountain Lion users will not be experiencing any major problems with the OS, or maybe with apps which are not compatible, but thats hardly Apple's fault if developers don't update their apps.

• Cisco ISE - How to map User- Location - Restrict Access to other locations

  Hi,
  i've got a simple question and I hope someone here can help me out with this mess.
  The problem is about WLAN 802.1x Auth with Cisco WLC and a ISE.
  The design goal is the following:
  There are several branch facilities. A user belongs to only ONE facility. This user should not access the WLAN in other facilities.
  The technical design is this:
  Local WLC and/or central vWLC. In the datacenter is one ISE which must handle the auth-requests. The identity source of the users, where I add and manage them, should be the ISE itself for the first time, later I want to AD and LDAP sources.
  Here is the problem:
  I don't understand how I can create a ruleset or something else where I can define that a user of facility A can only login over APs, WLCs,.....in facility A and NOT facility B. Or maybe my design is so bad that I have to start from scratch.
  PLEASE HELP.

  I don't know but may be this is the correct way to validate the user:
  NAS-ID in AP-Groups (One AP-Group per facility) must match "12345" AND Identity-Group must match "12345".
  Iam confused because there is no way to compare these values. 
  In this case to compare the value of "NAS-ID" and die users "IDENTITY-GROUP".
  If they match against each other than "Permit-Access".

• CHARM - Restrict access to other documents

  Dear All,
  When Change manager approves the CR & assign the developer, mail will trigger to developer & he will starts development, thats ok. If the ticket is not assigned to me and if i tried to open the UC, system should not allow me to open that ticket itself. How can we do this ? If my BP number is not assigned in that ticket, system should not allow me to open the ticket, is this possible ?
  regds,
  CB

  Hello Kallumama
  you have two different options to achieve this:
  - first one is playing in CRMBS02 with the authorization codes. As a result, people will have access to tickets according to user status of ticket and not according to who the ticket is assigned to
  - second one (and maybe better for you) is BAdI crm_order_auth_check. Thanks to MF 'CRM_ORDER_READ' you retrieve who is assigned to your ticket, then thank to a specific MF or to a Z evaluation path you ll have to get the BP assigned to SAP User who is trying to access to ticket; after comparaison if first is different from second then write an error message. That will not authorize User access in change mode to ticket !
  Regards,
  Khalil

• Restricted Access in Compensation Workbench based on Security Profile

  Customer does not want the HR Professional to access at other team's data even when using Switch Manager in the below scenario.
  1) 2 CWB Plans (CWB Plan for A, CWB Plan for B) are built based on Supervisor Hierarchy. Each of the CWB plan is for a set of organisations for e.g a plan for Organisation 'A' and another for Organisation 'B'.
  2) HR Professionals have a security Profile which restricts them to view employees in either 'A or 'B' organisation.
  3) Switch Manager is enabled for the 'Compensation Workbench Administrator'
  4) There exists a common manager who manages people from 'A' and from 'B'
  5) When HR Professional (who is in the A organisation) switches as the Manager in point (4), he gets to see the details of the 'CWB Plan for B' along with the 'CWB Plan for A' even though the people in the B plan are not part of the HR Professional's security Profile

  Hi,
  Thanks alot. its working fine
  Can we configure DCL Relation two times in one information filed ??? i should not create not more than fields to this requirement.
  Type -> subtype = DCL already existed
  Now, i want to Create DCL to
  Subtype ---> Security group
  As per my requirement, if i change the security group in checkin form, values should be change in the SubType drop down list.
  Created checkin profile there was DCL relation to " Type and "Sub Type" . now i want to map Relation ( DCL ) for subtype to security group.
  i was trying do for DCL for subtype and security group. but there was already existing DCL created for subtype information field (Relation configuration done for content type). even though i was trying to do for DCL in Security group information field. but, i could not find security group information field in configuration manager.
  Now what should i do ?? how to create DCL to subtype and security group ??
  Help would be appreciated.
  yt

• Need advice for an application that restricts access to other applications using a smart card

  Hello everybody,
  I am developing a system that uses a smart card reader attached to a USB port of a PC.
  What the system should provide is:
  When computer boots up and shows the users login screen, a user, previously registered, can use his smart card to access the system, instead of entering his password
  Once the user is logged in, when he tries to launch an application, which has previously marked as "secured", a dialog box is shown indicating that the user has to present his smart card. If the smart card has access to the application, the application
  is launched, otherwise an error message is shown to the user and the application is not executed.
  I develop in C++ and C#. I have already created a library (in Visual C++) that manages the smart card reader and provides the card presented to it.
  Now I am developing the applicastion (in C#) that will configure the security (assigning cards to users and applications).
  Concerning this, I have 2 questions regarding each point above:
  Is it possible to create the centralized application that lists all users and allows to assign cards to them? Then, when the users login screen is shown, the system must access that data before logging in, so that it can check which card was presented and
  what user it corresponds to. I have seen in laptops, that have embedded fingerprint readers, a user must login to his account first and then he can register his fingerprints. In fact, what I need to do is something similar but with smart card reader instead
  of fingerprint reader. So, perhaps, user must login into his account first and then he will be able to add his card and store that information somewhere (in windows registry maybe).
  How can I launch my application when other application is executed but before its interface is actually shown? this is similar to what antivirus programs do, because they check the executable before it is actually ran. What is the best method to address
  the application? by executable file name? process name? or other? if the best is by process name, how can I know the process name without actually running the application?
  Well, that is all what I need to do. Please advice regarding this subject.
  I look forward to hearing from you,
  Best regards,
  Jaime
  Powered by C++

  > what was the guidance?
  1. Research other software that does similar things (not just exactly the same) as you need. If you like something in their solutions, copy it :)
  The only software I know that does that is an antivirus, but I am unlucky to find some code in c++ that allows to intercept the program execution before actually executing it.
  2. If a kernel driver would fit in your solution, go for it (google for what is available for free, or find a consultant to write it for you).
  There are a lot of information about kernel drivers, but the question is, is that really the solution?
  Otherwise, you can just hide the application from user's reach and substitute the executable in shortcuts, etc. to run your program instead.
  Definetly this is not the way to go
  What is the best method to address the application? by executable file name? process name? or other?
  By executable file name, like in the Windows Applocker, I think. Processes do not have names (they are artifact of Task manager and debugging tools, to represent the processes for user somehow). Or, only by the filename part of the full path.
  I agree with that
  if the best is by process name, how can I know the process name without actually running the application?
  When the user runs the application, the driver will detect this and do its magic.
  I have found this page: http://stackoverflow.com/questions/3556048/how-to-detect-win32-process-creation-termination-in-c. They mention WMI, but I will study it tommorow... it is so late for today :-)
  Regards,
  -- pa
  Regards
  Jaime
  Powered by C++

• How can you create a weblogic ID and restrict access within weblogic?

  for e.g. I would like to create an account 'x' in weblogic and give this user access to only 'security realms' within weblogic and NO other functionality.
  Is this possible?
  Thanks.

  In OBIEE 11g the weblogic roles follow the same type of logic as we all have come to enjoy from role based security.
  There are some default roles in WLS such as Deployer, Administrator, etc. defined by default in web logic.
  You can create a WebLogic user using the DefaultProider, Security Realm > Realm > User >New ...
  and then add that user to a group or directly to a new Policy Role.
  Take a look at the "Administrators" Group for an example of how it relates to the global "Admin" role under the Role & Policies tab.
  Finally, I don't think that you can isolate just the Security Realm for a Web Logic user. Take a look at this document to see what aspects you can provide privileges on,
  http://download.oracle.com/docs/cd/E14571_01/web.1111/e13747/types.htm#i1241945
  Cheers,
  Christian
  http://www.artofbi.com

• Access denied errors in domain logs after configuring Ldap and restricting access to users

  Hi Experts,
  I'm getting access denied errors in my domain logs , this log is written continiously ..Has any one encountered the same issue and fixed this?
  ####<Sep 2, 2014 2:30:07 PM EDT> <Error> <Default> <ftizsldmwapp001.ftdc.cummins.com> <AdminServer> <[ACTIVE] ExecuteThread: '27' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <096a131bdb6c126e:6cecae89:14834848020:-8000-0000000000009bc8> <1409682607304> <J2EE JMX-46335> <MBean attribute access denied.
    MBean: EMDomain:EMTargetType=j2ee_application,name=em,type=EMIntegration,Application=em
    Getter for attribute HostName
    Detail: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[]
  TIA,
  -Karthik

  Hi Experts,
  I'm getting access denied errors in my domain logs , this log is written continiously ..Has any one encountered the same issue and fixed this?
  ####<Sep 2, 2014 2:30:07 PM EDT> <Error> <Default> <ftizsldmwapp001.ftdc.cummins.com> <AdminServer> <[ACTIVE] ExecuteThread: '27' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <096a131bdb6c126e:6cecae89:14834848020:-8000-0000000000009bc8> <1409682607304> <J2EE JMX-46335> <MBean attribute access denied.
    MBean: EMDomain:EMTargetType=j2ee_application,name=em,type=EMIntegration,Application=em
    Getter for attribute HostName
    Detail: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[]
  TIA,
  -Karthik

• Open file for reading and allow access by others

  How can I open a file for reading and still allow others to access (read and write) the file?  I plan to keep this file open for the duration of my program and close it at the end.  However while my program is running another program will need access to the file so it can write to it.  I may be wrong, but I dont think that setting the appropriate permission will solve the problem...  Thank you for your time.
  Cheers!
  CLA, CLED, CTD,CPI, LabVIEW Champion
  Platinum Alliance Partner
  Senior Engineer
  Using LV 2013, 2012
  Don't forget Kudos for Good Answers, and Mark a solution if your problem is solved.

  hi jmcbee,
        I think as long as "readers" open a file as "ReadOnly", then the OS (at least Windows) will allow another process to open and write to the same file without a problem.  It's been a while since I've done this - maybe 7 years - and I may have opened the "writer" first, though doubt it makes a difference.
  Have you tried?
  Cheers!
  "Inside every large program is a small program struggling to get out." (attributed to Tony Hoare)

• TS1702 My App Store shows that I have 9 available updates, but the update screen remains blank. My ios is up to date, I have an active connection and can access every other section of the store.

  I Can't access upgrades that the app stores keeps notifying me about. The update screen is just blank.

  Folks can wait it out or I understand if you go to purchased and your list of apps you will see a little update banner on the ones that need to be updated. YOu can then download them manually.

• I get a message the message " Can not get mail. Not connected to server" Yet I am connected with Wi-fi and can access all other websites. Can you advise? My iPad is only a month old!

  Has any one experienced not being able to send mail and only receiving some? I get the message " can not get mail. No connection to the server! " Yet I get some mail but can not send out any. My iPad is only 1 month old! It worked perfectly for about 10 days.
  Thx
  Agnes

  Hey agnesfromcopenhagen k,
  Thanks for the question. I understand you are experiencing issues with Mail on your iPad. The following resource provides some troubleshooting steps. What kind of account are you using? Some internet providers require that you be connected to your home Wi-Fi (or for work accounts, inside your corporate Wi-Fi/firewall). Also, some email accounts require two-step authentication. For more information, see this resource:
  iOS: Troubleshooting Mail
  http://support.apple.com/kb/TS3899
  Thanks,
  Matt M.

• Restrict access to other WLN clients

  When clients are associated to a Cisco AP, is there away to restrict the clients from sending traffic to other clients associated to the same AP?

  Yes, the feature is called "Public Secure Packet Forwarding".
  This works like protected ports (Private VLAN edge) on switches,
  blocking all layer 2 traffic between clients associated to the same AP.
  On the GUI it's enabled/disabled under Network Interfaces->Radio...->Settings->Public Secure Packet Forwarding
  With the CLI you configure "protected port" for the bridge group.
  <http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/products_configuration_guide_chapter09186a00804e7d2f.html#wp1038494>

• ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

  Hi All,
  I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership.  This has been very difficult, even though I beleive it should be easy.
  The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
  There are two other portals that I would like to restrict access to based on AD group membership.  I have set these up to be selected by URL.
  The biggest problem is, I have no way of knowing how to go about this.  The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
  I can only do an all or nothing scenario.
  It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use.  So how do I go about using them in this scenario?  Turning off the aliases or URLs is not really an option right now.
  Scenario 1 would work the best for me.  Restrict access to profiles/groups based on AD group membership using LDAP.
  Scenario 2 would be an ideal longer term solution.
  Any thoughts, ideas or assitance would be greatly appreciated.
  Cheers

  This is exactly what i was looking for, and Nelson is correct.  When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression.  The guide (ther is a button to access this) is really helpful, with a couple of examples.  This is what i used:
  assert(function()
     if ( (type(aaa.ldap.distinguishedName) == "string") and
          (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
  then
         return true
     end
     return false
  end)()
  from the debug dap you can see what Users relates to;
  DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
  My admin account fails to get me in to the same profile:
  DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
  Thanks
  Andrew