Restrict a user/group to allow access only to specific shared services groups
Hello team,
I have EMP 11.1.2.2. I created different groups) a ' Admin_groupA') b ' App_groupA' c) "App_groupB" under the native directory. I have configured Shared services-> administrator to this 'AdmingroupA '. Those who belong to this group "AdmingroupA" is able to add a new user to the directory of companies to provide access to the group 'App_groupA '. But I don't want the users of 'Admin_groupA' to access 'App_groupB '.
Since I put in service Shared services administrator privelge to this group of "AdmingroupA", "AdmingroupA" users are able to access "App_groupB" also. Can you please let me know how I can limit 'AdmingroupA' to provide access to users to the group "App_groupA".
Thank you for your valuable contributions.
You said, as you have configured administrator privileges of shared services to this 'AdmingroupA '. I don't think that you can restrict the user from this group to provide access to other users.
...
Did you hear about delegate user management? Managing Director can view and manage only those users and groups which they are responsible. Good read on the your hss version Administrator's guide and see if it helps!
See you soon
BP
Tags: Business Intelligence
Similar Questions
-
Allowing access only through a PL/SQL function
What is the technique of letting a user to do something by a PL/SQL function that would normally not have the privilege to do so, without granting the possibility to do outside the PL/SQL function?
I have a need to allow a user to change the global_name of the database, in the resolution of ORA-02082 errors. In short, the product using Oracle (we can not change code) loopback database links, and the only way to drop them (according to the Oracle support) is to temporarily change the global_name, drop the link and change the global_name return.
This happens on a semi-regular basis, so rather than having to involve a DBA, I favor.
My thought was to create a PL/SQL procedure that performs the Rename/move/rename. I don't want the user to be able to change the global_name of DB to what he wants, but I want him to have the possibility to change through the PL/SQL procedure at will.
My question is, how to do this without allowing the user to update on sys.global_name?
Let's see:
(1) create a role (say LOOPBACK_DBLINK_DROPPER)
(2) create a procedure (say LOOPBACK_DBLINK_DROP) makes the Rename/move/rename
(3) grant and then execute the procedure to the role
(4) ??? .. .the I need to give an update on sys.global_name for the role. But if I then assign the role to a user, is not that means he can also update sys.global_name on its own without using the procedure, because it would have the sys.global_name privilege update?Create the schema belonged procedure that has the necessary privileges.
GRANT EXECUTE on LOOPBACK_DBLINK_DROP to NON_PRIV_USERThat's all!
-
Force the user to change password with the authentication of Shared Services
Hello world
is there a way to set a property that the user must change his password when he connect is the first web analytics?
Version is 9.3
Thank you much in advance.
Best regards
noisThey will be able to change a password within the workspace, just inform them of their new password and then they can change in the workspace.
See you soon
John
http://John-Goodwin.blogspot.com/ -
Apply the condition on the page to allow access if Javascript is enabled
Hi, is there a way I can put a condition on the page to allow access allow access only if java script is enabled?
I have a heavy use of Javascript to calculate different values in a page and want to ensure that if Javascript is not enabled in the browser they do not get to use the page.
Using Apex 4.1.1
See you soon.Xrc xarg wrote:
Hi, is there a way I can put a condition on the page to allow access allow access only if java script is enabled?I have a heavy use of Javascript to calculate different values in a page and want to ensure that if Javascript is not enabled in the browser they do not get to use the page.
APEX is JavaScript-dependent, it is unlikely that users will even be able to log in and access this page, unless you already take steps throughout the application to allow it to work with JS disabled.
Also note that for security reasons all depends on the JS in the browser must be verified on the server when the page is sent.
-
How to restrict access to certain pages of a user group
I want to restrict access to certain pages in my application to a set of users only. How can I achieve this.
use the authorization scheme for permission to the users group"
See also follows her
Schema authorization using the APEX authentication scheme
security - authorization roles and user in Oracle Apex? -Stack overflow
How to create the schema for permission for the users group.
Leave.
-
Allow access to the USB Reader under account 'user '.
Hello world
Need help to allow access to the usb ports so that users can use a card reader to download stuff on a web application, we have.
The great way would be able to push on HP device Manager (I v4.5) and Thin Clients are T610 running WES7
Any help is appreciated.
See you soon,.
The local user account is configured to restrict access to the Z:\ only through NoDrives policy. See http://technet.microsoft.com/en-us/library/cc938267.aspx for more details.
To make life easier, there are calculators that you can use to determine what should be this entry of 32 bits, based on drive letters you want hidden. An example is http://www.wisdombay.com/hidedrive/index.php. The default value for Z:\ is only 0x01ffffff (33554431).
-
AAA RADIUS authentication for the only user group
Hello
I use ACS3.1 and tries to use authentication radius for all network switches in my company.
Meet the im problem now is how to restrict only a user group to access the connection/exec switches? It seems that all user IDS in my acs able to telnet (user access) to the switch (using their login credentials).
I would like to limit still from telnet by using their ID except administrator group.
Counsel on how this is possible.
TKS!
The GBA, you need admin users in their own ACS group separated, leaving other users in their own group also.
Change the group that contains the users you don't want to give access to and under the heading of restricted access network (OAN), in "Group defined Network Access Restrictions", check the "Define based on IP access restrictions", choose "Rejected the call point" and enter switches in the table below (put a * in the port and address).
This prevents standard users authentication to switches. You can add all your switches in a group of network devices (NDG) to this, then you have to add that, in the section NAR rather than adding each switch individually.
-
Restrict the metadata field during an update to a specific group of users
Hi all
I have some difficulty to find the best way to restrict permissions to change some fields of metadata for 2 different groups of users.
I have two user groups, A and b. Group A will check in the documents that group B will then review for accuracy and quality. Group B will then update an optionlist field called "State" with "recommended" or "not recommended".
This is not a situation of workflow as the scope requires that all documents are immediately available for research. I currently have a profile CheckIn and search for content to read write access for both groups A and B. The 'Status' field is hidden on the page of CheckIn. Can someone please suggest a good way to limit the 'Status' field on a page to update users to simply "B"? Groups A and B must be able to update all the fields except for the limited B field "Status".
Thank you!
Published by: user6750815 on June 2, 2010 16:11Hey rMac,.
I understand in this way you have a profile for A and B groups of users. On this profile status field is hidden.If this is your problem, you can the two-step approach, while making the rule in order to hide the status field, use the activation of rule condition. Make active only for users with A role. This way even with the only profile some of the user with the role B will be able to see the status field.
Alternatively, you can put a similar code to restrict the link of personalization where you make this hidden field editable and mandatory for users in B.
see you soon,
Sicard -
Create a privilege level which only allows access to view orders
Hello
I would create a level of privilege that would only give access to commands show for some users. What would be the best way to do this?
I should use the privilege mode level level control for all available commands, or is there a better way to do this?
Besides, could we manage this level of privilege to a Radius server.
Thanks for your help
Stéphane
Well, I think that the best way to achieve this is to use GANYMEDE with command authorization feature.
On the RADIUS server configuration (only for the command, read access only)
These commands are required on an IOS router or switch to implement permission to order via an ACS server:
AAA new-model
AAA authorization config-commands
AAA authorization commands 0 default group Ganymede + local
AAA authorization commands 1 default group Ganymede + local
AAA authorization commands 15 default group Ganymede + local
GANYMEDE-server host 10.1.1.1
RADIUS-server key cisco123
These commands are required on ASA/PIX/FWSM to implement permission to order via an ACS server:
authserver Protocol Ganymede + AAA-server
authserver AAA-server 10.1.1.1
AAA authorization command authserver
However, if you strictly want to use radius server then please try the below list attribute for a single user or group.
Service-Type = NAS Prompt
http://www.ietf.org/assignments/RADIUS-types/RADIUS-types.XML#RADIUS-types-4
This may not work for ASSISTANT Deputy Ministers.
HTH
Kind regards
Jousset
The rate of useful messages-
-
ISE - restrict full WiFi access only to authorized devices
Hi all
We have a WLC HA (Code 8.0.100.0) configuration with a pair of ISE (version 1.2), and everything works fine.
Currently, ISE is configured to authenticate users of AD. Our company SSID is configured with WPA2 + AES with authentication 802. 1 x PEAP, so users can connect Wifi to their devices once they put in AD credentials.
Now, we want to limit our network in-house access by WiFi only devices that are allowed as the company issued laptops / tablets etc. For all other devices as personal Smartphones/tablets/computers cell phones users can have Internet access if they are authenticated/authorized to do.
For the rest of devices such as printers, Apple TV etc., we have already a SSID separated which we do via WLC Mac filtering, so none of the browser running less devices would be connected to the Corporate SSID.
Assuming that we have the Mac addresses of all of the company issued portable devices / tablets (which are almost peripheral Apple), what is the best way to go about this using ISE.
Hello Slim-
You can import all mac addresses in ISE and perform filtering with PEAP-user authentication from mac. However, keep in mind that this method is not the most secure because a mac address can be easily be spoofed and is sent in clear text.
That being said, a better solution would be to get a MDM (MobileIron, Airwatch, etc.), integration with ISE and aboard had all peripheral companies.
I hope this helps!
Thank you for evaluating useful messages!
-
Hello
I want to give as open & export to the level of permissions.
How to create user defined groups and users with custom permissions as only open and export in obiee 11 g?
For example, if the group permissions, inturn should reflect on the users.
Please help me.
Thanks in advance,
A.Kavya.
Your question is quite broad and fuzzy then I suggest the security catalog presentation to read documentation: http://docs.oracle.com/middleware/1221/biee/BIESC/mgrgrpsusers.htm#CIHIBJGD
And I think that you mix you two things which are managed in different places:
) an object as read access permissions, write, delete... which control you through the object "Permissions" dialog box
(b) functional privileges controlled through "Manage privileges" under "Administration".
-
Change security groups are allowed access to the project
Hello
We have a project of the Disqualification in our production environment that allows only administrators to view/access it. We now allow access of data analysts. I know that we could just edit the prod Manager access security group, but due to some storage issues related to the postgres DB that uses a Disqualification, we clearly downwards and the redeployment of the Disqualification (and the project) on the prod server every two weeks. This means having to manually modify access groups after each reinstall. To save the duty of our many stop to promote a new project dxi file, is there something that can be added to all config files to allow data analysts access the project? Editing a config in our backup file would be very fast and simple.
See you soon
Jon
Unfortunately, no, no.
I can't imagine a scenario that would require the Disqualification to redeploy completely. If there is a problem of PostgreSQL, the worst case would be a fall and recreate the Pb of results, I would have thought.
-
How to give read access to the users in IOM 10 g only
Hello
I created a new group readonlyaccess in IOM 10 g. I have given-menu item 'Element menu to manage users' group. Dmade a user member of this group. Now when I login with this user, I am able to see the users menu-search item, but when I search users, then no results of the search are displayed. I'm not able to figure out where I am doing wrong or what Miss me.
Please let me know if we can give only read access for end-users to IOM 10 g.
Thank you
Kalpana.Refer to this:
{: identifier of the thread = 2148294}
-Marie
-
How to allow access to all users of the connection on my computer?
How to allow access to all users of the connection on my computer?
Your question is hard to understand. I interpret as:
"How to allow all the users on my computer to access some files or folders?
The answer depends somewhat on the question of whether you have XP Pro or XP Home, but a general answer is found the following article.
"How to use file sharing Simple to share files in Windows XP"
<>http://support.Microsoft.com/kb/304040 >Click on "level 3: files in shared documents available to local users"
HTH,
JW -
Can I block my economy users in the cloud and only allow them to record locally or in our network?
Can I block my economy users in the cloud and only allow them to record locally or in our network? We are preparing to deploy Cloud applications to our users and would block them to save their files in the cloud and would like to save their work only on their own machines or one of our network of readers. Is it possible to do this via the account install or admin?
Hello
Read the following article. It will be useful for you
http://www.Adobe.com/content/dam/Adobe/en/DevNet/creativesuite/PDFs/ControllingSvcAccess.p df
Maybe you are looking for
-
How to detect the keylogger installed?
1.7 GHz Intel Core i7 8 GB 1600 MHz DDR3 I visited a site that has downloaded the unsolicited material. I went in the downloads folder and deleted the downloaded dmg files. Now, I don't make sure that no time recorder key has been installed on my sys
-
in mail msg "cannot send message using the server iCloud. use iCloud for years
-
Pavillion M7: My mouse is spazzing out
For some strange reason my mouse pointer jumps around all over the screen with random clicks and right click. I made 2 different AV controls, 2 controls of various malware, a system restore to before I had problem download a new driver when I disconn
-
I am trying to get information in VB by creating a modest game in VB4 program; running in WIN XP - SP3. (No point in getting something more modern, until I feel more confident with the basics). There is a very persistent bug that comes and goes but w
-
Why I can't find my network wireless on my XP laptop but can connect to my Vista laptop?
So here's my situation. I have a small laptop with Windows Vista Home Premium 64-bit I also have a laptop with Windows XP Service Pack 3 on it We just moved into a new House. In our old House we had DSL with wireless router and two laptops where abl