1) Restricing specific users and then activating back
===============================
whenever we need to end_date a user for some time then activate it back, we can run the following concurrent programs once we activate the user account, and the user is able to see all his assigned responsibilities then:
- "Sync responsibility role data into the WF table"
- "Synchronize WF LOCAL tables"
- "Workflow Directory Services User/Role Validation"
2) or we can also end date all responsibilities of those users also (because you may get problems with Workflow Notifications where the users were end_dated)
3) Create a copy of apps.conf called apps.conf.closed and for each of the Location entries secure them with Basic Authentication.
ie.
<Location /OA_JAVA/>
Order allow,deny
AuthName "eBusiness Currently Closed"
AuthType Basic
AuthUserFile <appltop>/ebus_access
require valid-user
allow from appsserver1.domain.com
allow from appsserver1
allow from appsserver2.domain.com
allow from appsserver2
...
</Location>
Make sure you have 'allow froms' for each of your ebusiness servers otherwise a number of things stop to work (wfmailer, catalog loads, etc.)
Add entries to the <appltop>/ebus_access file with the $IAS_ORACLE_HOME/Apache/Apache/bin/htpasswd for everyone you want to give access to.
Copy apps.conf to apps.conf.open
copy apps.conf.closed to apps.conf
then bounce apache.
(this is all scripted).
This allows us to lock out our main user base while allowing complete access for our sysadmins and support personell.
read this too >
http://www.ebizviewer.com/page6/page7/page7.html
How Can I Restrict Applications Users To Be Signed In Only Once At Any Time [ID 375403.1]
About the oracle.apps.icx.security.session.created business event [ID 304209.1]
How to restrict access to a specific HTTP server port for an OC4J application? [ID 364455.1]