Restrict access to the administrator on a level of catalog learning
Is there a way to restrict access to administrators at the catalog level? For example, a learner Admistrators should see catalog and another administrator of the learner should see catalogue B.It is all documented in the guide to implementation OLM that you can find on MetaLink and the OLM user guide.
Concerning
Tim
Tags: Oracle Applications
Similar Questions
-
Restrict access to the administration to WLC5500
Hi all
We have configured all our devices in WLC5500 with a service port interface, which helps us to management and monitoring. Given that in our situation, the management interface is accessible from enterprise networks, this means that desktop clients have the ability to achieve the WLC logon screens.Is the only way to restrict access to ports to place an on the management interface access ports, or am I missing a GUI/SSH secret command / button that will allow me to disable or limit the management of devices through the management interface?
In which case I'll have to use an ACL on the WLC management interface, are there any known issues with denying them access to the ports http, https, telnet, ssh and LWAPs trying to connect?
Thank you
LeonYou have hit it on the nose. You must have an ACL that blocks the terminals "non-admin" to http/https/telnet/ssh/snmp on the device. as long as you have the permit ip any at the end of the ACL, you should have no problems, or explicitly allow udp 5246/5247
-
How to restrict access to the drive of Wndows xp sp3?
I have 3 user account on my computer, it is has the administrator rights and the other is a standard user account.
I want to restrict access to all readers for the standard player.I used gpedit.msc to enable the administrative model, but it also limits the account admin and me to access the roadOS: windows XP SP3Please adviceHi Utkarsh.Ranjan,If you want to restrict access to a drive by using the Group Policy Editor, you can not apply for a particular user account. This will change for the user accounts.You can't restrict access to the complete transmission. However, you can resrtict access to folders and files inside a car to a particular user.Refer to the section "set, view, change, or remove special permissions for files and folders" in the following article and follow the steps to remove the authorization of the user access to the file/folder. -
Access to the administration via VPN to 887 after config setup pro
Hi all
Ive just made a three 887w for a client in a few branches, and as this is the first time I have deployed these devices, I decided to go with the GUI (downloaded config pro 2.3) to get the configuration made that I had some constraints of time to get them in place (sometimes I go with the graphical interface first and then look back at the CLI to see what as its been) (, then hand it in Notepad to get a better understanding of the new features of the CLI may be gone and allowed).
One thing I again, that I was going to do face was my first experience of the firewall IOS area type of config...
At this point, I'm still unclear on the config (where why Im posting here I guess!) - but the main problem I have at the moment is with managing access to devices.
Particularly with regard to access to the administration of headquarters inside the IP address of the branch routers.
I should mention that the branch routers are connected to Headquarters by connections IPSec site-to-site VPN and these connections are all very good, all connectivity (PC server, PC, printer, etc.) is very well... I can also send packets (using the inside of the interface as a source) ping from branch routers to servers on the headquarters LAN.
Set up access to administration using config pro to allow access to the router on the subnet headquarters (on its inside interface), as well as the local subnet and also SSH access to a specific host from the internet - the local subnet and the only host on the internet can access the router very well.
I'm not sure if the problem is with the ZBF config or if its something really obvious Im missing! -Ive done routers branch several times previously, so with this being the first config ZBF I did, so I came to the conclusion that there must be something in the absence of my understanding.
Any help greatly appreciated... sanitized config below!
Thanks in advance
Paul
version 15.1
no service button
tcp KeepAlive-component snap-in service
a tcp-KeepAlive-quick service
horodateurs service debug datetime localtime show-timezone msec
Log service timestamps datetime localtime show-timezone msec
encryption password service
sequence numbers service
!
hostname name-model
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
recording console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
!
No aaa new-model
!
iomem 10 memory size
clock timezone PCTime 0
PCTime of summer time clock day March 30, 2003 01:00 October 26, 2003 02:00
Service-module wlan-ap 0 autonomous bootimage
!
Crypto pki trustpoint TP-self-signed-2874941309
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 2874941309
revocation checking no
rsakeypair TP-self-signed-2874941309
!
!
TP-self-signed-2874941309 crypto pki certificate chain
certificate self-signed 01
no ip source route
!
!
DHCP excluded-address IP 10.0.0.1 10.0.0.63
DHCP excluded-address IP 10.0.0.193 10.0.0.254
!
DHCP IP CCP-pool
import all
Network 10.0.0.0 255.255.255.0
default router 10.0.0.1
xxxxxxxxx.com domain name
Server DNS 192.168.xx.20 194.74.xx.68
Rental 2 0
!
!
IP cef
no ip bootp Server
IP domain name xxxxxxx.com
name of the server IP 192.168.XX.20
name of the server IP 194.74.XX.68
No ipv6 cef
!
!
Authenticated MultiLink bundle-name Panelparameter-card type urlfpolicy websense cpwebpara0
Server 192.168.xx.25
source-interface Vlan1
allow mode on
parameter-card type urlf-glob cpaddbnwlocparapermit0
model citrix.xxxxxxxxxxxx.comlicense udi pid xxxxxxxxxxx sn CISCO887MW-GN-E-K9
!
!
username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxx
username privilege 15 secret 5 xxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
synwait-time of tcp IP 10
!
type of class-card inspect correspondence sdm-cls-VPNOutsideToInside-1
game group-access 106
type of class-card inspect entire game SDM_SHELL
match the name of group-access SDM_SHELL
type of class-card inspect entire game SDM_SSH
match the name of group-access SDM_SSH
type of class-card inspect entire game SDM_HTTPS
match the name of group-access SDM_HTTPS
type of class-card inspect all match sdm-mgmt-cls-0
corresponds to the SDM_SHELL class-map
corresponds to the SDM_SSH class-map
corresponds to the SDM_HTTPS class-map
type of class-card inspect entire game SDM_AH
match the name of group-access SDM_AH
type of class-card inspect entire game SDM_ESP
match the name of group-access SDM_ESP
type of class-card inspect entire game SDM_VPN_TRAFFIC
match Protocol isakmp
match Protocol ipsec-msft
corresponds to the SDM_AH class-map
corresponds to the SDM_ESP class-map
type of class-card inspect the correspondence SDM_VPN_PT
game group-access 105
corresponds to the SDM_VPN_TRAFFIC class-map
type of class-card inspect entire game PAC-cls-insp-traffic
match Protocol cuseeme
dns protocol game
ftp protocol game
h323 Protocol game
https protocol game
match icmp Protocol
match the imap Protocol
pop3 Protocol game
netshow Protocol game
Protocol shell game
match Protocol realmedia
match rtsp Protocol
smtp Protocol game
sql-net Protocol game
streamworks Protocol game
tftp Protocol game
vdolive Protocol game
tcp protocol match
udp Protocol game
inspect the class-map match PAC-insp-traffic type
corresponds to the class-map PAC-cls-insp-traffic
type of class-map urlfilter match - all cpaddbnwlocclasspermit0
Server-domain urlf-glob cpaddbnwlocparapermit0 match
type of class-card inspect entire game PAC-cls-icmp-access
match icmp Protocol
tcp protocol match
udp Protocol game
class-map type urlfilter websense match - all cpwebclass0
match any response from the server
type of class-card inspect correspondence ccp-invalid-src
game group-access 100
type of class-card inspect correspondence ccp-icmp-access
corresponds to the class-ccp-cls-icmp-access card
type of class-card inspect sdm-mgmt-cls-ccp-permit-0 correspondence
corresponds to the class-map sdm-mgmt-cls-0
game group-access 103
type of class-card inspect correspondence ccp-Protocol-http
http protocol game
!
!
type of policy-card inspect PCB-permits-icmpreply
class type inspect PCB-icmp-access
inspect
class class by default
Pass
type of policy-card inspect sdm-pol-VPNOutsideToInside-1
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class class by default
drop
type of policy-card inspect urlfilter cppolicymap-1
urlfpolicy websense cpwebpara0 type parameter
class type urlfilter cpaddbnwlocclasspermit0
allow
Journal
class type urlfilter websense cpwebclass0
Server-specified-action
Journal
type of policy-map inspect PCB - inspect
class type inspect PCB-invalid-src
Drop newspaper
class type inspect PCB-Protocol-http
inspect
service-policy urlfilter cppolicymap-1
class type inspect PCB-insp-traffic
inspect
class class by default
drop
type of policy-card inspect PCB-enabled
class type inspect SDM_VPN_PT
Pass
class type inspect sdm-mgmt-cls-ccp-permit-0
inspect
class class by default
drop
!
security of the area outside the area
safety zone-to-zone
zone-pair security PAC-zp-self-out source destination outside zone auto
type of service-strategy inspect PCB-permits-icmpreply
zone-pair security PAC-zp-in-out source in the area of destination outside the area
type of service-strategy inspect PCB - inspect
source of PAC-zp-out-auto security area outside zone destination auto pair
type of service-strategy inspect PCB-enabled
sdm-zp-VPNOutsideToInside-1 zone-pair security source outside the area of destination in the area
type of service-strategy inspect sdm-pol-VPNOutsideToInside-1
!
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
ISAKMP crypto key address 194.105.xxx.xxx xxxxxxxxxxxx
!
!
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
!
map SDM_CMAP_1 1 ipsec-isakmp crypto
Description Tunnel to194.105.xxx.xxx
the value of 194.105.xxx.xxx peer
game of transformation-ESP-3DES-SHA
match address VPN - ACL
!
!
!
!
!
interface BRI0
no ip address
no ip redirection
no ip unreachable
no ip proxy-arp
penetration of the IP stream
encapsulation hdlc
Shutdown
Multidrop ISDN endpoint
!
ATM0 interface
no ip address
no ip redirection
no ip unreachable
no ip proxy-arp
penetration of the IP stream
No atm ilmi-keepalive
!
point-to-point interface ATM0.1
Description $ES_WAN$
no ip redirection
no ip unreachable
no ip proxy-arp
penetration of the IP stream
PVC 0/38
aal5mux encapsulation ppp Dialer
Dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
wlan-ap0 interface
description of the Service interface module to manage the embedded AP
IP unnumbered Vlan1
no ip redirection
no ip unreachable
no ip proxy-arp
penetration of the IP stream
ARP timeout 0
!
interface GigabitEthernet0 Wlan
Description interface connecting to the AP the switch embedded internal
!
interface Vlan1
Description $ETH - SW - LAUNCH, INTF-INFO-HWIC $$ $4ESW $FW_INSIDE$
the IP 10.0.0.1 255.255.255.0
IP access-group 104 to
no ip redirection
no ip unreachable
no ip proxy-arp
penetration of the IP stream
IP nat inside
IP virtual-reassembly
Security members in the box area
IP tcp adjust-mss 1452
!
interface Dialer0
Description $FW_OUTSIDE$
IP address 81.142.xxx.xxx 255.255.xxx.xxx
IP access-group 101 in
no ip redirection
no ip unreachable
no ip proxy-arp
penetration of the IP stream
NAT outside IP
IP virtual-reassembly
outside the area of security of Member's area
encapsulation ppp
Dialer pool 1
Dialer-Group 1
Authentication callin PPP chap Protocol
PPP chap hostname xxxxxxxxxxxxxxxx
PPP chap password 7 xxxxxxxxxxxxxxxxx
No cdp enable
map SDM_CMAP_1 crypto
!
IP forward-Protocol ND
IP http server
23 class IP http access
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
!
!
IP nat inside source overload map route SDM_RMAP_1 interface Dialer0
IP route 0.0.0.0 0.0.0.0 Dialer0
!
SDM_AH extended IP access list
Note the category CCP_ACL = 1
allow a whole ahp
SDM_ESP extended IP access list
Note the category CCP_ACL = 1
allow an esp
SDM_HTTP extended IP access list
Note the category CCP_ACL = 0
permit tcp any any eq www
SDM_HTTPS extended IP access list
Note the category CCP_ACL = 0
permit any any eq 443 tcp
SDM_SHELL extended IP access list
Note the category CCP_ACL = 0
permit tcp any any eq cmd
SDM_SNMP extended IP access list
Note the category CCP_ACL = 0
allow udp any any eq snmp
SDM_SSH extended IP access list
Note the category CCP_ACL = 0
permit tcp any any eq 22
SDM_TELNET extended IP access list
Note the category CCP_ACL = 0
permit tcp any any eq telnet
scope of access to IP-VPN-ACL list
Note ACLs to identify a valuable traffic to bring up the VPN tunnel
Note the category CCP_ACL = 4
Licensing ip 10.0.0.0 0.0.0.255 192.168.xx.0 0.0.0.255
Licensing ip 10.0.0.0 0.0.0.255 10.128.xx.0 0.0.255.255
Licensing ip 10.0.0.0 0.0.0.255 160.69.xx.0 0.0.255.255
!
recording of debug trap
Note category of access list 1 = 2 CCP_ACL
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 23 allow 193.195.xxx.xxx
Note access-list 23 category CCP_ACL = 17
access-list 23 permit 192.168.xx.0 0.0.0.255
access-list 23 allow 10.0.0.0 0.0.0.255
Access-list 100 category CCP_ACL = 128 note
access-list 100 permit ip 255.255.255.255 host everything
access-list 100 permit ip 127.0.0.0 0.255.255.255 everything
access-list 100 permit ip 81.142.xxx.xxx 0.0.0.7 everything
Access-list 101 remark self-generated by SDM management access feature
Note access-list 101 category CCP_ACL = 1
access-list 101 permit tcp host 193.195.xxx.xxx host 81.142.xxx.xxx eq 22
access-list 101 permit tcp host 193.195.xxx.xxx host 81.142.xxx.xxx eq 443
access-list 101 permit tcp host 193.195.xxx.xxx host 81.142.xxx.xxx eq cmd
access-list 101 tcp refuse any host 81.142.xxx.xxx eq telnet
access-list 101 tcp refuse any host 81.142.xxx.xxx eq 22
access-list 101 tcp refuse any host 81.142.xxx.xxx eq www
access-list 101 tcp refuse any host 81.142.xxx.xxx eq 443
access-list 101 tcp refuse any host 81.142.xxx.xxx eq cmd
access-list 101 deny udp any host 81.142.xxx.xxx eq snmp
access-list 101 permit ip 160.69.0.0 0.0.255.255 10.0.0.0 0.0.0.255
access-list 101 permit ip 10.128.0.0 0.0.255.255 10.0.0.0 0.0.0.255
access-list 101 permit ip 192.168.xx.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 permit udp host 194.105.xxx.xxx host 81.142.xxx.xxx eq non500-isakmp
access-list 101 permit udp host 194.105.xxx.xxx host 81.142.xxx.xxx eq isakmp
access-list 101 permit host 194.105.xxx.xxx host 81.142.xxx.xxx esp
access-list 101 permit ahp host 194.105.xxx.xxx host 81.142.xxx.xxx
access list 101 ip allow a whole
Note access-list 102 CCP_ACL category = 1
access-list 102 permit ip 192.168.xx.0 0.0.0.255 everything
access-list 102 permit ip host 193.195.xxx.xxx all
access-list 102 permit ip 10.0.0.0 0.0.0.255 any
Note access-list 103 self-generated by SDM management access feature
Note access-list 103 CCP_ACL category = 1
access-list 103 allow ip host 193.195.xxx.xxx host 81.142.xxx.xxx
Note access-list 104 self-generated by SDM management access feature
Note access-list 104 CCP_ACL category = 1
access-list 104 permit tcp 192.168.xx.0 0.0.0.255 host 10.0.0.1 eq telnet
access-list 104 permit tcp 10.0.0.0 0.0.0.255 host 10.0.0.1 eq telnet
access-list 104 permit tcp 192.168.xx.0 0.0.0.255 eq on host 10.0.0.1 22
access-list 104 permit tcp 10.0.0.0 0.0.0.255 host 10.0.0.1 eq 22
access-list 104 permit tcp 192.168.xx.0 0.0.0.255 host 10.0.0.1 eq www
access-list 104 permit tcp 10.0.0.0 0.0.0.255 eq to host 10.0.0.1 www
access-list 104 permit tcp 192.168.xx.0 0.0.0.255 host 10.0.0.1 eq 443
access-list 104 permit tcp 10.0.0.0 0.0.0.255 host 10.0.0.1 eq 443
access-list 104 permit tcp 192.168.xx.0 0.0.0.255 host 10.0.0.1 eq cmd
access-list 104 permit tcp 10.0.0.0 0.0.0.255 host 10.0.0.1 eq cmd
access-list 104 tcp refuse any host 10.0.0.1 eq telnet
access-list 104 tcp refuse any host 10.0.0.1 eq 22
access-list 104 tcp refuse any host 10.0.0.1 eq www
access-list 104 tcp refuse any host 10.0.0.1 eq 443
access-list 104 tcp refuse any host 10.0.0.1 eq cmd
access-list 104 deny udp any host 10.0.0.1 eq snmp
104 ip access list allow a whole
Note access-list 105 CCP_ACL category = 128
access-list 105 permit ip host 194.105.xxx.xxx all
Note access-list 106 CCP_ACL category = 0
access-list 106 allow ip 192.168.xx.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 106 allow ip 10.128.0.0 0.0.255.255 10.0.0.0 0.0.0.255
access-list 106 allow ip 160.69.0.0 0.0.255.255 10.0.0.0 0.0.0.255
Note category from the list of access-107 = 2 CCP_ACL
access-list 107 deny ip 10.0.0.0 0.0.0.255 160.69.0.0 0.0.255.255
access-list 107 deny ip 10.0.0.0 0.0.0.255 10.128.0.0 0.0.255.255
access-list 107 deny ip 10.0.0.0 0.0.0.255 192.168.xx.0 0.0.0.255
access-list 107 allow ip 10.0.0.0 0.0.0.255 any
Dialer-list 1 ip protocol allow
not run cdp!
!
!
!
allowed SDM_RMAP_1 1 route map
corresponds to the IP 107
!
!
control plan
!
!
Line con 0
local connection
no activation of the modem
line to 0
line 2
no activation-character
No exec
preferred no transport
transport of entry all
line vty 0 4
access-class 102 in
privilege level 15
local connection
transport input telnet ssh
!
Scheduler allocate 4000 1000
Scheduler interval 500
NTP-Calendar Update
130.159.196.118 source Dialer0 preferred NTP server
endHi Paul,.
Here is the relevant configuration:
type of policy-card inspect PCB-enabled
class type inspect sdm-mgmt-cls-ccp-permit-0
inspecttype of class-card inspect sdm-mgmt-cls-ccp-permit-0 correspondence
corresponds to the class-map sdm-mgmt-cls-0
game group-access 103type of class-card inspect all match sdm-mgmt-cls-0
corresponds to the SDM_SHELL class-map
corresponds to the SDM_SSH class-map
corresponds to the SDM_HTTPS class-maptype of class-card inspect entire game SDM_SHELL
match the name of group-access SDM_SHELL
type of class-card inspect entire game SDM_SSH
match the name of group-access SDM_SSH
type of class-card inspect entire game SDM_HTTPS
match the name of group-access SDM_HTTPSSDM_SHELL extended IP access list
Note the category CCP_ACL = 0
permit tcp any any eq cmd
SDM_SSH extended IP access list
Note the category CCP_ACL = 0
permit tcp any any eq 22
SDM_HTTPS extended IP access list
Note the category CCP_ACL = 0
permit any any eq 443 tcpNote access-list 103 self-generated by SDM management access feature
Note access-list 103 CCP_ACL category = 1
access-list 103 allow ip host 193.195.xxx.xxx host 81.142.xxx.xxxThe above configuration will allow you to access the router on the 81.142.xxx.xxx the IP address of the host 193.195.xxx.xxx using HTTPS/SSH/SHELL. To allow network 192.168.16.0/24 access to the router's IP 10.0.0.1, add another entry to the access list 103 as below:
access-list 103 allow ip 192.168.16.0 0.0.0.255 host 10.0.0.1
This should take enable access to this IP address for hosts using ssh and https. Try this out and let me know how it goes.
Thank you and best regards,
Assia
-
How to restrict access to the service web application deployed on weblogic for user group only
I built the web service application in jdevelopler 11.1.1.7. Their security policy applied in the web service of the default Oracle policy which is (policy: Wssp1.2 - 2007-Https-UsernameToken - Plain.xml)
Now all want to access the web service application must provide the name of user and password in the header section of the SOAP request to meet the requirement of the policy.
the following steps I'm trying to restrict access to the application of web service with a specific group of users among users of weblogic:
Connect to the weblogic administration console
Create user or group of users
Click on the links of deployments
Select your web service
Click the Security tab
Click the sub-tab political
Choose your authorization provider in the menu drop-down (looks like by default)
Choose Add Conditions-> Group-> Type in the name of the Group
Finishing
But access is always available for all weblogic users (IE users not in the group specified in the above security configuration). How can I restrict access to only authorized group? Any thing lacking in my approach?
There is nothing wrong with the steps mentioned in the question. In addition, you must do the following
At the time of the application deployment with regard to the security part, there is a list in the title of the question (which security template you want to use with this application?)
You must select (Advanced: use a custom template that you have configured on the page of configuration of the Kingdom) a configuration mentioned in the question will be work
-
SSL certificate for access to the administration of a WSA
Can someone point me to a guide on how to install an ssl certificate for access to the administration of a WSA?
Curiously, all the documents that I could find so far talk of SSL certificate for HTTPS decryption...
Page 367 of this doc. http://www.Cisco.com/c/dam/en/us/TD/docs/security/WSA/wsa8-0/wsa8-0-6/WSA_8-0-6_User_Guide.PDF
-
Political dynamic VPN access and access to the administration
Hi all
I'm testing a scenerio with an ASA 5520 so he could authenticate VPN users against and an environment Active Directory more access to management as well. I created a dynamic access on the ASA policy indicating that, if you are a member of the Active Directory 'Managment' group continue. I have chagned the DefaultAccessPolicy to "Finish." With it, users could not connect VPN because they are not a member of this group, but access to manage the ASA is allowed due to this policy.
Is there a way through the use of dynamic access policies I can afford access to the administration (SSH, AMPS, etc.) by matching to membership in a group and will allow normal users to VPN in successfully, but not give them access to the management of the ASA?
I just try this but it seems that I should be able to swing that?
Thaks in advance.
Hello
You can try to apply the DAP and configure the filter ACL network. allowing only the protocols you want to that they can access.
Kind regards
Anisha
P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.
-
Restrict access from the view of external endpoint
Hello world
I got an interesting question to come today: is it possible to restrict access to the view of physical endpoint? This client does not support BYOD somehow and provided instead of thin laptops HP for their users access to the view since then at home, via a security gateway. I know that you can disable the web interface from view completely, but they seek to block connections to nothing but these thin laptops. Thank you!
Here's a more recent document - https://www.vmware.com/files/pdf/VMware-View-KioskMode-WP-EN.pdf
-
Restrict access to the Page of the user in the relational database
I have a relational database with two tables on a common ID field. The user can access all their entries in the child table with simple SQL queries and then select from a list of correspondence which of its documents records in the child table that they wish to change (i.e. ['ID'] ParentTable, ChildTable ['ID'])). Registration is then displayed using $_GET passed through the URL as parameter "recordID". However, when the user is connected and accessing a folder that matches the query, they can then enter another "RecordID" number in the URL and go to any record in the table child whether they are 'owner' of the record or not.
I tried to put a statement of equivalence in the authorization user code to restrict the access to the child records users since ParentTable ['ID'] == ['ID'] ChildTable only when you are connected the user accesses the records they created previously. (In other words, when a user type a different "RecordID" in the URL, the ParentTable ['ID'] and ChildTable ['ID] are not equivalent.) The code that I entered in the authentication of the user generated by DW is as follows:
If ((isset ($HTTP_SESSION_VARS ["MM_Username"]) & & ($row_ParentTable ['ID'] == ['ID'] $row_ChildTable))) {}
...
Is still not accessible, even if tests show the ParentTable ['ID'] and ChildTable ['ID'] are not equivalent
Any ideas on how to restrict access to the child records "unknown"? I'm sure it's relatively simple, but I'm having trouble to get through this obstacle.
Thank youThank you, Philo. In fact I got it to work by initializing a session variable of tha parent ID of the table and comparing it to the variable ID of child table, then using a header redirect in case of inequality. Part of my problem was where I put the code in the page. Anyway, it works now. It seems that the answer is always just after you have posted the question.
-
How to restrict access to the system.
Hello
I thought it is possible to restrict access to the system during the processing of payroll is. The GI company is currently working to, so is distributed departments in a different location across the country during the payroll run payroll users are still transaction, insert/update of the data in the entry of the item, monthly data on the pay to play.
It is technically possible to restrict access to the system or component during the race entry window? no idea to proceed accordingly?
Thank you
Published by: user10893201 on March 3, 2010 07:27Hi user;
Please check:
Security profile is not limiting access to payroll employees [ID 344649.1]
How install bank account maintenance and security of access to the account in Release 12 [403975.1 ID]
Restrict access to security of payroll is not working correctly on the safety profile of set [244652.1 ID]Also, check search below:
http://forums.Oracle.com/forums/search.jspa?threadID=&q=restrict+access+&objid=f475&DateRange=all&userid=&NumResults=15It may be useful
Respect of
HELIOS -
Restrict access to the Portlet producer
I want to restrict access to the Portlet producer.
I mean, it is supposed that there 5 portlets to the producer.
I want user1 will have access to only 2 portlets and user2 will have access to another 3 portlets.
Could you please suggest how to achieve this type of authorization.
I know everything right and single sign on in WSRP. My hypothesis is to combine these two long I can achieve.
Thank you
BénédicteAh ok
something like that then?
http://eDOCS.BEA.com/WLP/docs102/Federation/chap-entitlements.html -
Restricting access to the CPO?
Hi team,
Currently, we are facing two problems different w.r.t. limiting access to the CPO.
Question 1: User should be added to the Admin group in order to access all the features of CPO.
Description: We have added a new user groups authors definition TEO and TEO operators on one of our servers of CPO. When the user tries to create a new target, under Advanced properties, no option not being listed for the type of default profiles. That when we added the user to the Administrators group of TEO, the user can create the target successfully. Is there anyway that we can restrict the user to not have admin access and still be able to have access to all the functions of developer?
Question 2: In the CPO Windows user
Description: One of our customers noticed that needed to add a windows user to the CPO, the user must be part of the management of the host group and this gives access to this same windows user to windows TEO host as an administrator.
We believe that the above two questions are similar and what steps we can take to limit access to users. It is extremely important that users using our POC environment have access to all the useful features as developers not part of the Admin group.
Appreciate your help.
Thank you
GregTo add users, they must be a part of the Group of Directors TEO. Or you can create your own custom security with create/update for users of the run time.
For users of windows runtime, users must be able to interactively connect with box and must have the log on as a service/connection as batch in local security policy / group.
-
IPSEC RA - activate crossed but restrict access to the web
ASA5520 8.2 (5) 30
Greetings,
I have an IPSEC RA strategy that has implemented to tunnel all traffic (no split tunnel) by the ASA (which ends on the external interface). I need to be able to allow VPN users to access a web page (crossed) thesesame on the external interface.
++++++++++++++++++++++++++++++
Here are the current settings:
Group Policy Admins L internal
attributes of Group Policy L_Admins
value of server WINS 172.16.0.33 172.16.0.9
value of 172.16.0.33 DNS server 172.16.0.9
VPN-idle-timeout 60
VPN-session-timeout 480
VPN-value filter-admin-l
IP 172.30.4.0 allow Access-list l-admin-test-filter extended 255.255.255.252 host 172.16.0.33
IP 172.30.4.0 allow Access-list l-admin-test-filter extended 255.255.255.252 host 172.16.0.9
IP 172.30.4.0 allow Access-list l-admin-test-filter extended 255.255.252.252 172.16.1.4 host
IP 172.30.4.0 allow Access-list l-admin-test-filter extended 255.255.252.252 welcome 172.16.1.2
access-list extended l-admin-test-filter permit ip 172.30.4.0 255.255.252.252 10.24.0.0 255.252.0.0
IP 172.30.4.0 allow Access-list l-admin-test-filter extended 255.255.252.252 the host 172.16.0.233
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelall
value by default-field IHI.local
type tunnel-group L_Admins remote access
attributes global-tunnel-group L_Admins
address ili_global pool
PhoneFactor authentication-server-group
Group Policy - by default-L_Admins
IPSec-attributes tunnel-group L_Admins
pre-shared-key *.
++++++++++++++++++++++
Crossed is not currently enabled, so I guess I have to add:
permit same-security-traffic inter-interface
and (I guess)
mask IP local pool l_admins 172.30.4.1 - 172.30.4.2 255.255.255.252
Global (outside) 1 interface * PAT IP
NAT (outside) 1 mask 172.30.4.1 - 172.30.4.2 255.255.255.252
But from there I don't know how to restrict access to a single external IP on the web on port 80.
Hello
Enter the correct command to permit traffic and the same interface of leave is
permit same-security-traffic intra-interface
The command you posted allow traffic between 2 different interfaces that have the same value of 'security level'
permit same-security-traffic inter-interface
What about PAT Dynamics for Internet traffic
If you have already
Global 1 interface (outside)
Then you will need the command "nat" for the VPN pool
NAT (outside) 1 172.30.4.0 255.255.255.252
In what concerns the control of Internet traffic, should not be able to simply add this destination IP address to the VPN filter ACL you have ever used? I mean the ACL named "l-admin-test-filter".
For example
L-admin-test-filter access list note allow the external server connection
access-list l-admin-filter-test permit tcp 172.30.4.0 255.255.255.252 host eq 80
access-list l-admin-filter-test permit tcp 172.30.4.0 255.255.255.252 host eq 443
access-list l-admin-filter-test permit tcp 172.30.4.0 255.255.255.252 host eq 8080
-Jouni
-
How to restrict access to the particular presentation table in a given area?
My current configuration in the presentation layer is:
Business generic sale-> field
-Sales-> presentation Table measures
-TotalSalesofGoods ->field
-The costs of the measures -> presentation Table
-CostOfGoods ->field
-Customer Dimensions -> presentation Table
-Items-> field
I have two built roles, 'ShouldSeeGenericSalesSubjectArea' and 'ShouldSeeCostFields '.
- Permissions
- "Domain generic sales."
- User authenticated-> no access
- ShouldSeeGenericSalesSubjectArea-> read
- ShouldSeeCostFields-> default
- "Measures of sales."
- User authenticated-read >
- ShouldSeeGenericSalesSubjectArea-> default
- ShouldSeeCostFields-> default
- "Measures of costs".
- User authenticated-> no access
- ShouldSeeGenericSalesSubjectArea-> default
- ShouldSeeCostFields-> read
- "Dimensions of the client".
- User authenticated-read >
- ShouldSeeGenericSalesSubjectArea-> default
- ShouldSeeCostFields-> default
- All fields have permissions to:
- User authenticated-read >
- ShouldSeeGenericSalesSubjectArea-> default
- ShouldSeeCostFields-> default
- "Domain generic sales."
Given two users:
- UserA
- The user has following roles:
- ShouldSeeGenericSalesSubjectArea
- ShouldSeeCostFields
- The user can see everything except the table of fees
- The user has following roles:
- UserB
- The user has following roles:
- ShouldSeeGenericSalesSubjectArea
- The user can see everything except the table of fees
- The user has following roles:
- My ultimate goal is:
- "ShouldSeeGenericSalesSubjectArea" allows access to see the "generic sales subject area", but does not measure cost
- "ShouldSeeCostFields' allows you to see the presentation layer of"measures of cost. "
- Example:
- UserA from above should see everything (including the "cost measures").
- UserB above should see everything, except 'measures of cost. "
I tried several different combinations of levels of authorization without result. From my understanding, Oracle security works by taking the path of any restriction. I do something wrong with my permissions on the presentation layer of "measures of cost? Please let me know if there is anything I can clarify or if you need more information.
I was able to make it work by giving access to role of cost at the level of the subject area. Then each material is no access on the cost, but access if had the other role.
- Permissions
-
Restrict access to the error page
Recently, I created two pages based on the same template within two minutes apart and added access to Server page both behaviors.
Created one page the following code:
"< %@LANGUAGE="JAVASCRIPT "CODEPAGE ="65001"% >
< %
Restrict access to Page: grant or deny access to this page
var MM_authorizedUsers = "Administrators";
"var MM_authFailedURL ="... / index.html ";
var MM_grantAccess = false;
If (String (Session("MM_Username"))! = 'undefined') {}
If (false |) (String (Session("MM_UserAuthorization")) == "") | ((MM_authorizedUsers.indexOf (String (Session("MM_UserAuthorization"))) > = 0)) {
MM_grantAccess = true;
}
}
If (!.) MM_grantAccess) {}
var MM_qsChar = '? ';
If (MM_authFailedURL.indexOf("?") > = 0) MM_qsChar = "&";
var MM_referrer is Request.ServerVariables ("URL");.
If (String (Request.QueryString () .length > 0) MM_referrer = MM_referrer + "?" + String (Request.QueryString ());
MM_authFailedURL = MM_authFailedURL + MM_qsChar + "accessdenied =" + Server.URLEncode (MM_referrer);
Response.Redirect (MM_authFailedURL);
}
% >
---------------------------------------
The second product this code:
"< %@LANGUAGE="JAVASCRIPT "CODEPAGE ="65001"% >
< %
' * Restrict access to Page: grant or deny access to this page
MM_authorizedUsers = "Administrators".
"MM_authFailedURL ="... / index.html.
MM_grantAccess = false
If Session("MM_Username") <>"" then
If (false or CStr (Session("MM_UserAuthorization")) = "") or _
(InStr (1, MM_authorizedUsers, Session("MM_UserAuthorization")) > = 1) Then
MM_grantAccess = true
End If
End If
If not MM_grantAccess then
MM_qsChar = '? '.
If (InStr(1,MM_authFailedURL,"?") (> = 1) then MM_qsChar = "&".
MM_referrer = Request.ServerVariables ("URL")
If (Len (Request.QueryString ()) > 0) then MM_referrer = MM_referrer & "?" & Request.QueryString)
MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied =" & Server.URLEncode (MM_referrer)
Response.Redirect (MM_authFailedURL)
End If
% >
The latter has failed with an error:
Microsoft JScript compilation (0x800A03F7)
Unfinished string constant
/ fEBC/MJ/Odd code/aprecdeleted.asp, line 3, column 64
' * Restrict access to Page: grant or deny access to this page
---------------------------------------------------------------^
Delete and re this coding, even copy the code from the first to the second had little effect.
I deleted the file and repeat the procedure and the correct code has been entered and worked perfectly. It seems strange that in seemingly identical circumstances, CS3 should produce a different code.
Someone else had this problem?
It seems that you have selected the wrong type of page - ASP-javascript rather
that VBScript-ASP.--
Murray - ICQ 71997575
Adobe Community Expert
(If you * MUST * write me, don't don't LAUGH when you do!)
==================
http://www.projectseven.com/go - DW FAQs, tutorials & resources
http://www.dwfaq.com - DW FAQs, tutorials & resources
=================="whatalotofrubbish" wrote in message
News:fjok2f$RCO$1@forums. Macromedia.com...
> I recently created two pages based on the same template in two minutes
> of
> each other and added the restriction of access to page server behavior to
> both.
> A single page created the following code:
>
>< %@LANGUAGE="JAVASCRIPT » CODEPAGE = « 65001 » % > %@language=""> %@LANGUAGE="JAVASCRIPT » CODEPAGE = « 65001 » % >>
> < %=""> < br=""> > / / * restrict access to Page: grant or deny access to this page < br=""> > var MM_authorizedUsers = "Administrators"; "" < br=""> > var MM_authFailedURL = "... index.html";
> var MM_grantAccess = false; < br=""> > if (String (Session("MM_Username"))! = 'undefined') {< br=""> > > if (false |)} (String (Session("MM_UserAuthorization")) == "") | < br=""> > (MM_authorizedUsers.indexOf (String (Session("MM_UserAuthorization"))) > = 0)) < br=""> > {< br=""> > > MM_grantAccess = true;} < br=""> >} < br=""> >} < br=""> > if ( ! MM_grantAccess) {< br=""> > > var MM_qsChar = '? ';} < br=""> > if (MM_authFailedURL.indexOf("?") > = 0) MM_qsChar = "&";. " < br=""> > var MM_referrer = Request.ServerVariables ("URL"); < br=""> > if (String (Request.QueryString () .length > 0) MM_referrer = MM_referrer < br=""> > + < br=""> > "?" + String (Request.QueryString ()); < br=""> > MM_authFailedURL = MM_authFailedURL + MM_qsChar + "accessdenied =" + < br=""> > Server.URLEncode (MM_referrer); < br=""> > Response.Redirect (MM_authFailedURL); < br=""> >} < br=""> > %>
>
> ---------------------------------------
> The second product this code:
>< %@language="JAVASCRIPT » CODEPAGE = « 65001 » % >
> < % < br / > > ' *** restreindre l’accès à la Page : subvention ou refuser l’accès à cette page < br / > > MM_authorizedUsers = « administrateurs » < br / > > MM_authFailedURL = »... /index.html">
> MM_grantAccess = false < br=""> > Session("MM_Username") If <> >"" then < br=""> > if (false or CStr (Session("MM_UserAuthorization")) = "") or _ < br=""> > (InStr (1, MM_authorizedUsers, Session("MM_UserAuthorization")) > = 1) < br=""> > then < br=""> > MM_grantAccess = true < br=""> > End If < br=""> > End If < br=""> > If Not MM_grantAccess then < br=""> > MM_qsChar = '? '. < br=""> > if (InStr(1,MM_authFailedURL,"?") (> = 1) then MM_qsChar = "&" < br=""> > MM_referrer = Request.ServerVariables ("URL") < br=""> > if (Len (Request.QueryString ()) > 0) then MM_referrer = MM_referrer & "?" < br=""> > & < br=""> > Request.QueryString () < br=""> > MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied =" & < br=""> > Server.URLEncode (MM_referrer) < br=""> > Response.Redirect (MM_authFailedURL) < br=""> > End If < br=""> > %>
>
> Last operation failed with an error:
>
> Microsoft JScript compilation (0x800A03F7)
> Unfinished string constant
>/febc/mj/odd code/aprecdeleted.asp, line 3, column 64
> ' * Restrict access to Page: grant or deny access to this page
> ---------------------------------------------------------------^
>
> Remove and re this coding, even copy the code from the first to the
> second have little effect.
> I deleted the file and repeat the procedure and the correct code has been
> inserted
> and worked perfectly. It seems strange that, in what appear to be identical
> circumstances, CS3 should produce a different code.
>
> Anyone else had this problem?
>
>
Maybe you are looking for
-
Apple TV remote is broken and is too Fragile
Somebody else broke their Apple TV remote Siri with the 4th generation unit? This thing is too fragile and needs to be addressed. I was sitting on my couch and pushes, the slippery remote slipped on my couch and on the floor of 2 feet. He completely
-
Explorer and server multimedia applications work on all of my other computers, laptops and devices. But I have a PC running windows 7 Home premium which will not find my wireless router only attached a hard drive with windows Explorer. Never. The PC
-
Can I choose 40 MHz to 5.2 GHz and 20 MHz to 2.4 GHz channels at the same time?
I have a WLC 5508 and 3500 6 LAP at the head office, 2 to another office and 2 to another office. I noticed that even when I specify 5.2 GHz on my (Intel Centrino Advanced-N 6230) wireless adapter it indicates the data rate is 144 Mbit/s. I want to
-
Script Question of calculation tables.
Hello, I'm not sure that it is still possible, but is it possible to have a table from indesign Calculate column B and column C for example. Here's how its implementation.JOB # #up NECESSARY TOTALJOB15500* formula to multiply the B2 - and C2.*JOB232
-
What is the difference between Facelets and JSP XML document?
HelloWhen you create a new page, in the dialog box "Create a JSF Page" it is a choice called 'Type of Document' to select "Facelets" or "the JSP XML".May be he one please tell me what is the difference between them. And what should I choose if I want