Block traffic using security groups.

Similar Questions

• Commissioning of Applications using security groups - by application, or several apps by group?

  I was curious how most was assigning applications.  Would you recommend the creation of a group by the application or by using a group for several applications.  The reason that I ask is that we have a group called "Basic Thinapp" which includes standard applications for all users, such as adobe reader, mozilla, flash, quicktime and some others so that all members of Thinapp Base gets our basic fixed package of applications.

  The problem is that we want to install adobe reader locally on our virtual desktops because of the slow launch time and unable to show online them PDFs with IE.  We use thinreg so when Adobe Reader icon is removed from the directory of our icon and when they the logoff and log back in, Adobe leaves behind a non-working icon that useless and users would have to remove it manually if they wanted to get rid of it.  This does not seem the best approach.

  I know that the best way to remove the app is to remove the users outside the group, ask them to logoff and log in again for the app to disappear.  However, users would lose all basic applications.  We could then put back them in the Group and forced to logoff and log back in again and they would get the base once again.  That seems a lot to ask of users.

  Creating a group by application seems to be more directors as well as all users will need to be placed in each groups.

  Is there a better way to do this?

  We mainly use the Application - approach of a group, but have a few groups with multiple applications.

  With your case, I would do the following:

  1. create a new group and put there also: all users in your group of basic thinapp

  2 rebuild the thinapp adobe so that it uses this group

  3. After all users have logged off at least once from step 2, replace your thinapp with the newly rebuilt thinapp

  4. now, the Adobe Reader software works on his own group, you can delete users from this group, and after their next log off / log icon should disappear, because they are no longer allowed.

  The only problem is that you need the thinapp riffle proberly file, so the thinapp must be in the file system until all users are connected at least once. And with the local profiles, connected only once on each computer with a profile of them.

  Andreas

• Sync phone to PC Client/Server applications use what security group to access the files on PC Win 7

  Programs of client server that connects to the computer from a phone and store data on the PC as the synchronization programs have what user ID and are able to write to the disk by security group file permissions. Users authenticated Internet Explorer, system, administrators, customer ID current user appears on the phone and must be enabled (admin) and the password entered to connect.  If the customer is logged as administrator? How can there be two users with the same user id?  One by the PC and the other on the phone.  If the phone connects the PC as a user in this group what id permissions?

  Question 2: If I agree a technician to fix it to my PC and fix it, what is it connected as? and what group permissions is using?  How to protect against the connection later?

  Thank you

  This issue is beyond the scope of this site and must be placed on Technet or MSDN
  http://social.technet.Microsoft.com/forums/en-us/home
  http://social.msdn.Microsoft.com/forums/en-us/home

• A security group can be used as a reviewer?

  Hello

  A security group can be used as a (approvingly) examiner?

  Thank you

  Hello

  No, you can select individual users of Eloqua as examiners.

  edynamic expert Eloqua

• ORA-20001: unauthorized access (package for the undefined security group variable).

  I'm creating an application that uses the authentication of the APEX and characteristics (work) registration and forgot password forms (does not work).
  
  My I forgot the password is public (requires authentication). The user provides the user name and a secret answer, which are validated and then provides the new password. I try to use htmldb_util.reset_pw to reset the password of the user, but it does not work.
  
  I have a process on the new password page call a PL/SQL anonymous block that looks like this (see below), where username = P16_ITEM1 and P18_ITEM1 = new password.
  
  BEGIN
  apex_040000.htmldb_util.reset_pw (V ('P16_ITEM1'), V ('P18_ITEM1'));
  END;
  
  I don't know how to send a message of success/failure of such PL/SQL block to the APEX, but that's a separate issue, I guess.
  
  In any case, during the trial through SQL Developer as the user with APEX_ADMINISTRATOR_ROLE, I get the following error:
  
  ORA-20001: unauthorized access (package for the undefined security group variable).
  ORA-06512: at "APEX_040000.WWV_FLOW_FND_USER_API", line 22
  ORA-06512: at "APEX_040000.WWV_FLOW_FND_USER_API", line 1220
  ORA-06512: at "APEX_040000.HTMLDB_UTIL", line 1253
  ORA-06512: at line 8 level
  
  I've searched previous discussions and tried different suggestions with no luck.
  
  I'm on Oracle DB 11g XE and APEX 4.x.
  
  Any help will be appreciated. Thank you
  
  Alex.

  In any case, during the trial through SQL Developer as the user with APEX_ADMINISTRATOR_ROLE, I get the following error:

  ORA-20001: unauthorized access (package for the undefined security group variable).

  When executing code outside the Apex which depends on the security defined Apex group, perform the following steps before your own code:

  wwv_flow_api.set_security_group_id(apex_util.find_security_group_id('YOUR_SCHEMA_NAME'));
  

  Google "wwv_flow_api.set_security_group_id" for more details, like this blog:

  http://www.easyapex.com/index.php?p=502

  -Morten

  http://ORA-00001.blogspot.com

• Cisco Unity Connection (CUC) - import LDAP user based on the security group and then assign a model

  Need to CUC automatically import users and assign a certain user or role model if they are added to a specific security group. (These are the help desk users).  Username admin accounts they will use to sign in CUC differs from that there windows account that is linked to their profile of voicemail.

  Current - now we must import new recruits and assign the correct model

  Want - when a user is added to a security group in AD, so when CUC doing his nightly sync, it automatically import user and assign a preconfigured for the account and all user model is automatic and I have never import it back these users.

  At the present time the course help desk users are already imported via LDAP and have the role that was.

  Suggestions?

  Not something that the UCA can do out of the box.

  The UCC does not offer, is to do the LDAP synchronization and once they are in CUC, to import, choose the model.

• The combination of several AD ACS 4.2 security groups

  Hello

  Our ACS is used for AAA for the wireless, the IOS CLI access and access to the unix server. For net admins and administrators unix, there are two levels, so indeed, we have 5 groups of individual devices that a user can be granted access.

  User groups are defined in Active Directory.

  I am looking for a way to combine information from several AD security groups to determine what a user can access. For example, a net administrator may or may not be a unix admin as well.

  Is it possible to do other than to have to have a large number of ad groups with one for each combination of authorization privileges?

  Thank you

  Luke

  HI Luke,.

  Definition of mapping of the hybrid is the best way to achieve this.

  Kind regards

  ~ JG

  Note the useful messages

• using the group name and password group in client anyconnect

  Hello. Is it possible to use the group name/password of the legacy in customer cisco anyconnect vpn client? I checked the AnyConnect Administrator's Guide ' VPN XML Reference"and found nothing on this subject.

  It's true.

  AnyConnect Secure Mobility Client (VPN Module) can be used to connect to both types of VPN remote access:

  1. full SSL VPN tunnel

  2 IKEv2 VPN IPsec.

  The legacy VPN client is used only with the old IKEv1 IPsec VPN and you cannot use this type of VPN client AnyConnect.

• Setting up authentication by using ad group mappings

  Hello

  I recently installed ACS 5.3 and I try to configure as follows:

  (1) devices are separated in places and device types.

  (2) ACS performs authentication by using AD.

  (3) the user must be in the specific ad group in order to access a device specific type/location.

  I'm testing my setup with WCS. The server has been added to the list of network devices and placed in the appropriate place/device type.

  Under the rules of access, I have set up a named (NAAS-WCS) Access Service that has an identity and mapping group structure.defined as follows:

  * Identity: Condition (NDG:Device Type-> in all Types of devices: WC), results (identity store: AD1).

  * Mapping group: (Condition: AD1:ExternalGroups), results (identity group: all groups: SBD-SEC-ENG).

  What I'm trying to implement is the following rule:

  If (device in device type WC) and (the user in the Group G-CRP-SEC-ENG) then allow access otherwise block.

  I added the groups in the AD of the server configuration and used this group in the definition of the rules. The error I get from Ganymede when I try to open a session is attached in jpeg format.

  Anyone know where I am going wrong? It's the first time I used the new ACS system.

  Thank you

  Sami Abunasser

  I had a similar problem, since any request came as CHAP/MD5, which is not the same as MS-CHAP v1 and v2 that we chose the GBA.

  How do you try to authenticate users? Web page or dot1x? If it's a web page, choose PAP as authentication and you should be fine.

• Access control and security group

  Hi all

  I need to know about the access control and what data are suitable for the security group and roles if I have the script like this:

  i. There are 2 different app namely ARA (96 branches with different types of reports) and TRACS400 (6 branches with different types of reports)

  II al ' ARA, users of Branch01 can NOT check Branch02.

  III. different report type is measured by Branch01 and Branch02 are different.

  IV. in Branch01, there are some reports are Read (Cannot download) only and some reports are read and write (downloadable).

  My questions are:

  1. from the above scenario, do I need create all the 96 security group and assign it to different leadership roles?

  2. How can I control read and write access, as I have tested the READ access the user is still able to download the report.

  3. How can I control to branch 01, report Type A is a read and report Type B read and write access?

  4. I noticed that if I use the account, the security group can be used be limited to 50 only security groups. Is this good? I may be an application later in the future. These 2 request for test only. But if I do not use the account, there are any number of security groups that can be used?

  Appreciate for your help.

  Hi aziela

  As mentioned by the friends of the forum, it is advisable to have the minimum security group given that its impact on the scalability of the application (rule). Accounts provide the best security solution of dimension view group.

  Security group corresponds to the role, role is mapped to the users. The permissions are obtained at the level of role-SG.

  Accounts are mapped directly to users. So you can have a precise control at the level of the user (eliminating the abstraction of the role).

  All these aspects are impacting performance where rule of thumb is mentioned in the documentation. In general, if a user belongs to many groups and accounts then it will take more time to process the request of content for this user.

  w.r.t. prohibiting the read-only users so that they will not be able to download content, there is a setting, please try option mentioned in this link http://docs.oracle.com/cd/E14571_01/doc.1111/e10792/e01_interface001.htm#CACCFHHA

  WRT performance calculation, see http://docs.oracle.com/cd/E14571_01/doc.1111/e10792/c03_security003.htm#CSMSP143

  Hope this helps

• Change security groups are allowed access to the project

  Hello

  We have a project of the Disqualification in our production environment that allows only administrators to view/access it. We now allow access of data analysts. I know that we could just edit the prod Manager access security group, but due to some storage issues related to the postgres DB that uses a Disqualification, we clearly downwards and the redeployment of the Disqualification (and the project) on the prod server every two weeks. This means having to manually modify access groups after each reinstall. To save the duty of our many stop to promote a new project dxi file, is there something that can be added to all config files to allow data analysts access the project? Editing a config in our backup file would be very fast and simple.

  See you soon

  Jon

  Unfortunately, no, no.

  I can't imagine a scenario that would require the Disqualification to redeploy completely. If there is a problem of PostgreSQL, the worst case would be a fall and recreate the Pb of results, I would have thought.

• Has anyone created new security groups... and how did you do

  We have problems with giving people the opportunity to view and modify other emails/forms/etc.   Anyone who sets up security to pull away, specifically, groups the possibility to remove or modify?  Not everyone who uses our system needs to change or remove, so I wasn't sure if someone had created security groups that pulls this ability of some specific users...

  Thank you!

  When I told our CSM, she said you have to contact support and they can do it on a case-by-case basis.  But we seek to implement the same thing, it would be interesting if you managed to get this Setup.

• WebLogic security groups problem

  Hello

  Here's the thing. I am the security configuration of a portal application that I created on JDev. First, I created a group on Weblogic, namely "SecureGroup" (duh), as well as a few users to test, "user1" and "User2" and affected users as members of the "SecureGroup".

  On JDev, I created a business role, "SecureGroup" and it is mapped to an application role, also newly created, called "SecureGroupAR". It is now time to assign resources.

  I created a simple workflow with a view (*.jsff) just to display a text label. This taskflow was granted the application, "SecureGroupAR" role. When I ran the taskflow application of portal was not found. As I begin troubleshooting, I checked first to the Weblogic console by going to the home page >summary of the areas of security >myrealm >users and groups >user1 > and checked the group including user1 belongs to. strangely, there was no group assigned to this user!

  Knowing that I saved my changes, and when the 'Activate changes' button in the upper left pane on the console of WL (view changes and restarts), I also clicked it to save any changes, if they have not already been registered. Problem is, the group shuttle keeps emptying on each others times I restart my app portal.

  Can someone tell me what is happening?

  Happy and grateful.

  JDeveloper 11.1.1.7

  WebLogic 10.3

  Problem solved. In other words:

  1. on your app, whether an ADF or a portal application, you create an application role and grant the necessary resources for this role (or roles, if you have several roles/groups)

  2. this application role is mapped to a business role, which is in fact the group you created on WLS.

  3. of JDev, you can choose to use policies, groups, users, etc., that you have created within JDev, or to use those already defined in WLS, simply by application--> the properties of the application-->, and then choose security options NOT TO migrate groups and users of JDEV, but instead, take those that are defined on a WLS.

  
  

  I hope it helps someone as beginning in the ADF security!
  

  See you soon,.

• Commissioning of AD security groups

  Hey all,.

  I tried to use strategies to access available to users with AD security groups, but realized recently that I can not available if the account has been reconciled. Now, I'm looking to get an idea of how this could be achieved. I have additional difficulties with just a couple basic provisioning:

  (1) how to do a search in the table / tolerable for a client's staff.

  (2) how service groups, if the user changes his 'role' (role1-> groups: ABC;-> role2 (revokeABC, provisionDEF))

  Would appreciate any thoughts/ideas!

  Thank you

  Philipp

  The code in relation to IOM 9.x are present at the following ADDRESS:

  http://blog-OIM.blogspot.in/2010/11/OIM-API-usage.html

  The codes above, which you can change with 11g API and breeds write your code.

  In addition, if you want to set a sequence of jobs, then you can do so using the dependent task or on success (C) the response of the task

  . Please take a look at the IOM doc. http://docs.Oracle.com/CD/E14899_01/doc.9102/e14763/about.htm

  ~ J

• Shared Services 11.1.2 cannot remove affected user to a security group

  Shared Services 11.1.2 - trying to remove a user from the list of assigned users to a security group. Initially, I am able to delete the user and assigned users total decreases by one - but when I restart the properties of group - this user is still there? The change is not licensed. Any suggestion would be appreciated - thanks,
  
  Paul

  How about a quick restart HSS, see if this is useful and if not then:
  What is a MSAD user or a native user?
  It's happening with one user in all groups?
  This is what is happening with more then one user/group?

  See you soon... !!
  Rahul S.