Create user with dba privileges

Similar Messages

• Create user with DBA privileges with a restriction to access user data

  Hi
  I need to create a user with all DBA privileges with a restriction to access all user schemas
  Thanks,
  Balaji

  Use Database Vault - http://download.oracle.com/docs/cd/E11882_01/server.112/e16544/toc.htm
  HTH
  Srini

• Using an NT user with DBA privileges does not permit to create schema : why ?

  Hi,
  I use an Oracle 8 on an Windows NT server.
  I have two NT users with DBA privileges.
  But, when I use the migration workbench to create the oracle schema, my users are not granted.
  Why ?
  Regards.
  Pascal

  Please clarify your problem.
  The workbench creates users (which are visible in the oracle model within the tool) with the password oracle .
  I am not sure if you are asking about accessing the database using your OS user identity, or have you found that the users exist but do not have dba privileges.
  Turloch
  Oracle Migration Workbench Team
  null

• Create user with select privilege only one schema

  can someone tell me how i can create user with select priviliges only one schema.
  i don't want the user to have any select privileges with other schema.
  can someone advise me.
  Thansk

  In general, you would do something like
  CREATE ROLE abc_read_only;
  FOR x IN (SELECT * FROM dba_tables WHERE owner='ABC')
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON abc.' || x.table_name || ' TO abc_read_only';
  END LOOP;
  CREATE USER your_user ...;
  GRANT abc_read_only TO your_userYou create a role, grant the role SELECT access to all the tables in the ABC schema (you can extend this to grant access to views, functions, etc depending on the requirements), and then grant that role to your user.
  Justin

• Performance tab not working in Enterprise Manager for user with dba role

  Database: 11g2
  New to Oracle. Don't want share SYS user account among dbas. Tried to create user with dba role to perform all tasks.
  1. Removed DBMS_JOB, DBMS_LOB, UTL_FILE, UTL_HTTP, UTL_SMTP, and UTL_TCP from PUBLIC
  2. Created user dbauser1 with dba role
  3. Log in as dbauser1 in Enterprise Manager
  After click Performance tab, it just went straight to "Database Login" page. No error message.
  Any suggestions or advice will be appreciated.
  piaoma

  Hi Gourav,
  This is the wsdl url:
  http://hostname:8000/sap/bc/srt/wsdl/bndg_E04711310A0E55F1A0E3005056B03D6F/wsdl11/allinone/ws_policy/document?sap-client=450
  Kind Regards,
  Richard

• How to create full new user with all privileges

  how to create full new user with all privileges?
  and how to delete existing users?
  Thanks in advance..

  Common solution is probably to use sudo for privilege elevation, wiki should help

• Problem in creating users with password restrictions

  I have enabled the following option in the Authentication>Enterprise tab of CMC.
  Must contain at least N Characters and specified N as 7
  Enforce mixed-case passwords
  However I am able to create user with password as abcd.
  Please suggest.
  Thanks in Advance

  I might be missing something but the rule applies to users changing their pw not administrators creating accounts. If the administrator sets this rule it would be thought/assumed that they would enforce their own rule when creating accounts. The users however should not be able to select 4 character passwords.
  I'll run some tests and see if I find out anything different.
  Tested this on XIR2 SP4 and XI 3.0 The rules apply to the user not the administrator creating the account.
  So create an account while the 7 character pw is enabled. By default the user logs in with the pw (any amount of characters) and is prompted to change their pw. They cannot choose anything less than 7 characters. So unless an administrator creates an account with a password less than 7 characters AND deselects the option to force a pw change. All new users will be forced to select a 7 character password.
  This is by design. If it forced the administrator to create accounts without a 7 character pw they could simply deselect the options(as administrators) so there is no security in forcing this.
  Regards,
  Tim
  Edited by: Tim Ziemba on Aug 13, 2008 5:28 PM
  Edited by: Tim Ziemba on Aug 13, 2008 5:33 PM

• Creating user with extension mobility on prime provisioning 10.5

  Hi All,
  Does anyone know any document or have any expirenece on creating user with extension mobility on prime provisioning 10.5?
  I'm facing challenges on it, appreciate if you have any document or experience to share with me.
  Thanks,
  Cherry

  What sort of issues are you facing?
  I'm also having problems, but I think it is system related.
  CUCM is LDAP synced.
  When PCP tries to provision Extension Mobility Access, it actually seems to be trying to update the user on CUCM (via AXL) (this fails as it is an LDAP user and the values come from LDAP and cannot be updated)
  I've got a tac case open.
  Bug details are currently hidden - CSCuo11522 - but this one is extension mobility provisioning issue
  There was also mention of another bug related to failures to provision users with directory URI's in their LDAP record. I didn't catch a bug ID for this one though.
  Cheers,
  Tim

• Can't create user with Delegated Administrator Console! Thank you!

  I have installed JES2005Q4 (include Deirectory Server、Access Manager、Web Server、Messaging Server、Calendar Server、Instant Messaging、Communications Express and Delegated Administrator) ,
  i can create domain and user with "commadmin" command, but can't create user with Delegated Administrator console.
  When i checked the logs of the Web Server, found some errors:
  [04/Feb/2006:11:55:25] failure (12015): for host 192.168.182.130 trying to POST /da/wizard/WizardWindow, service-j2ee reports: ApplicationDispatcher[da] WEB2649: Servlet.service() for servlet jsp threw exception
  javax.servlet.ServletException
       at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:536)
       at jsps.com_sun_web_ui._jsp._wizard._WizardWindow_jsp._jspService(_WizardWindow_jsp.java:559)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
       at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
       at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
       at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
       at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
       at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
       at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
       at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
       at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
       at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
       at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
       at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
       at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
  ----- Root Cause -----
  javax.servlet.jsp.JspException
       at com.sun.web.ui.taglib.wizard.CCWizardTag.getWizardPageHTML(CCWizardTag.java:1577)
       at com.sun.web.ui.taglib.wizard.CCWizardTag.appendPageletBodyContentHTML(CCWizardTag.java:668)
       at com.sun.web.ui.taglib.wizard.CCWizardTag.appendWizardBodyHTML(CCW
  [04/Feb/2006:11:55:25] failure (12015): for host 192.168.182.130 trying to POST /da/wizard/WizardWindow, service-j2ee reports: WEB2798: [da] ServletContext.log(): [ERROR] Uncaught application exception
  com.iplanet.jato.NavigationException: Exception encountered during forward
  Root cause = [javax.servlet.jsp.JspException]
       at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
       at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
       at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
       at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
       at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
       at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
       at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
       at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
  Root cause:
  javax.servlet.jsp.JspException
       at com.sun.web.ui.taglib.wizard.CCWizardTag.getWizardPageHTML(CCWizardTag.java:1577)
       at com.sun.web.ui.taglib.wizard.CCWizardTag.appendPageletBodyContentHTML(CCWizardTag.java:668)
       at com.sun.web.ui.taglib.wizard.CCWizardTag.appendWizardBodyHTML(CCWizardTag.java:658)
       at com.sun.web.ui.taglib.wizard.CCWizardTag.getHTMLStringInternal(CCWizardTag.java:469)
       at com.sun.web.ui.taglib.common.CCTagBase.doEndTag(CCTagBase.java:114)
       at jsps.com_sun_web_ui._jsp._wizard._WizardWindow_jsp._jspService(_WizardWindow_jsp.java:260)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
       at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
       at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
       at org.apache.catalina.co
  [04/Feb/2006:11:55:26] failure (12015): for host 192.168.182.130 trying to POST /da/wizard/WizardWindow, service-j2ee reports: StandardWrapperValve[WizardWinServlet]: WEB2792: Servlet.service() for servlet WizardWinServlet threw exception
  javax.servlet.ServletException: Uncaught exception
       at com.iplanet.jato.ApplicationServletBase.onUncaughtException(ApplicationServletBase.java:1415)
       at com.sun.comm.da.WizardWinServlet.onUncaughtException(WizardWinServlet.java:98)
       at com.iplanet.jato.ApplicationServletBase.fireUncaughtException(ApplicationServletBase.java:1164)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:639)
       at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
       at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
  ----- Root Cause -----
  com.iplanet.jato.NavigationException: Exception encountered during forward
  Root cause = [javax.servlet.jsp.JspException]
       at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
       at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
       at com.sun.web.ui.view.wizard.CCWizard.handleNextButtonRequest(CCWizard.java:730)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
       at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
       at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
       at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
       at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
       at com.sun.comm.da.WizardWinServlet.service(WizardWinServlet.java:111)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:128)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain

  Now i want to update the Delegated Administrator with the 119778-09.jar patch, but the error show:
  Unable to open keystore </var/sadm/security/patchadd/trustore> for reading.
  Signature invalid on signed patch <119778-09>.

• Proxy user with limited privileges

  Hi Expert,
  Wanted to know if there is any way to restrict proxy user with certain privileges.
  For an example, If i'm logging in as fnadvi[scott]/password....in this certain circumstances, fnadvi would override all the privileges from SCOTT user.
  And can do insert/update/delete/select whatever under schema SCOTT.
  <quote>
  BANNER
  Oracle Database 11g Release 11.2.0.2.0 - 64bit Production
  PL/SQL Release 11.2.0.2.0 - Production
  CORE 11.2.0.2.0 Production
  TNS for Linux: Version 11.2.0.2.0 - Production
  NLSRTL Version 11.2.0.2.0 - Production
  </quote>
  Is there any way, that I can setup for user:fnadvi to select certain tables, update certain tables and so on?
  The default proxy user can do anything as SCOTT can do.
  Thanks

  Nadvi wrote:
  Hi Expert,
  Wanted to know if there is any way to restrict proxy user with certain privileges.
  For an example, If i'm logging in as fnadvi[scott]/password....in this certain circumstances, fnadvi would override all the privileges from SCOTT user.
  And can do insert/update/delete/select whatever under schema SCOTT.
  <quote>
  BANNER
  Oracle Database 11g Release 11.2.0.2.0 - 64bit Production
  PL/SQL Release 11.2.0.2.0 - Production
  CORE 11.2.0.2.0 Production
  TNS for Linux: Version 11.2.0.2.0 - Production
  NLSRTL Version 11.2.0.2.0 - Production
  </quote>
  Is there any way, that I can setup for user:fnadvi to select certain tables, update certain tables and so on?
  The default proxy user can do anything as SCOTT can do.
  ThanksThe short answer is NO.
  With Oracle everything is prohibited, except that which is explicitly GRANTED.

• Creating portal users with owner privileges?

  Hello,
  I need to let local adminstrators create users in the portal.
  This is based on instance-specific privileges, not global.
  Setting them to 'owners' of the group in the portal should let them add users.
  Once created and I log in as one of them I do not have the privileges of being an
  'owner', eventhough it's visible in the portal that I am an owner.
  Anybody?
  /

  Hi,
  To make the problem a little clearer.
  I want to have "local adminstrators" that can manage portal users i.e; delete, insert and update portal users.
  However I do not want these "local administrators" to be "Full administrators"- too dangerous.
  The "local adminstrators" should belong to the same group as the users they are set to administer. The
  only difference between a "local administrator" and a user of a group is that the "local administrator" have privileges
  to manage the other users of the group. If I have understood the concept right an owner have these privileges.
  I made them owners of the group, but this did not enable them to manage users.
  This must be a rather common approach, to have some users being able to administer other users without being a fullfledge DBA.
  Right now I'm looking into mapping them(the local administrators) to a different database schema with rights to manage users.
  I realize that to map them to another schema, then the checkbox "Use this schema for Portal Users" have to be checked when creating the
  schema. How do I check if this was checked and if it wasn't checked can I alter it now?
  Another thought is to dynamically upon meeting certain conditions making them Full Administrators, then after finishing the task
  reinstating them as normal users.. but this.. well hmm
  Thanks.
  /

• Can I create a User with Root Privileges but without UID Zero?

  Dear all,
  I'm working on this project and this is the task required: Create a user and let this user perform all that the ROOT user can perform but shouldn't have UID 0. I'm sincerely new to this task but I challenged myself and made so many search on Google and this is what I was able to do.
  1. I created a user --- testuser1
  2. I created a role --- advrole
  3. I added the Solaris predefined profile -- Primary Administrator Profile to the role advrole and added this role to the user testuser1.
  4. I logged out from root and login with the newly created user i.e. testuser1.
  5. I ran the command id and the user - testuser1 still has its UID defined by me when I was creating the user account (which is good as far as my task is concern).
  6. In order to perform ROOT tasks when logged in with testuser1, I use su - advrole.
  7. I can now do all that ROOT can do but whenever I run the id command, the advrole shows UID 0 (WHICH IS BAD FOR ME AS PER MY TASK).
  My question is, I need to tell the customer that what they actually want isn't feasible in Solaris and the above is closer to what they want but I need to be sure if it's feasible or not before telling my customer?
  Can anyone tell me if it's feasible and if so, how can it be done? Or if the way I did it is the only way, kindly let me know as well so that I can get back to them with a valid and concrete explanation.
  P. S. The customer requires this because when doing auditing, their auditing software tracks users based on UID so therefore if every user will login and su - root, all will appear as done by the ROOT user because of the UID and a particular will not be held responsible.

  If you use auditreduce and praudit, you can get the information you need. It will show, as in my example below, that I logged in via SSH, and then switched to root after logging in. This information can be easily scripted and I do so every day in my daily report so I can see who logged in and who switched to root.
  Logging in via ssh:
  header,69,2,login - ssh,,MYSYSTEM,2010-06-03 09:15:15.151 -07:00
  subject,myusername,myusername,mygroup,myusername,mygroup,11435,512647774,15097 65558 MyIP
  return,success,0Then switching to root:
  header,94,2,su,,MYSYSTEM,2010-06-03 09:15:21.100 -07:00
  subject,myusername,root,mygroup,myusername,mygroup,11448,512647774,15097 65558 MyIP
  text,success for user root
  return,success,0It also indicates the session ID for the SSH session, so I can monitor when that session ended too.
  A different session logging in and out via SSH -
  header,69,2,login - ssh,,MYSYSTEM,2010-06-03 09:16:19.380 -07:00
  subject,myusername,myusername,mygroup,myusername,mygroup,11451,3474846213,15097 131094 MyIP
  return,success,0
  header,69,2,logout,,MYSYSTEM,2010-06-03 09:16:51.452 -07:00
  subject,myusername,myusername,mygroup,myusername,mygroup,11451,3474846213,15097 131094 MyIP
  return,success,0

• Can a user with Contribute privileges invoke SPFolder.SubFolders.Add(folder) Sharepoint 2010 API in a Webservice?

  We have a Webservice deployed on a Sharepoint 2010 deployment with a method as follows:
  public static string ensureParentFolder(SPWeb parentSite, string destinationUrl)
  destinationUrl = parentSite.GetFile(destinationUrl).Url;
  int index = destinationUrl.LastIndexOf("/");
  string parentFolderUrl = string.Empty;
  if (index > -1)
  parentFolderUrl = destinationUrl.Substring(0, index);
  SPFolder parentFolder
  = parentSite.GetFolder(parentFolderUrl);
  if (!parentFolder.Exists)
  SPFolder currentFolder = parentSite.RootFolder;
  foreach (string folder in parentFolderUrl.Split('/'))
  try
  currentFolder = currentFolder.SubFolders.Add(folder);
  catch (Exception ex)
  FINEOSLogger.Medium(LoggerCategory.FINEOSToSharePointDMS, "User could not create SP folder so elevating permissions");
  SPSecurity.RunWithElevatedPrivileges(delegate()
  currentFolder = currentFolder.SubFolders.Add(folder);
  return parentFolderUrl;
  When invoked by a User with only Contribute rights the SubFolders.Add( ) call appears to fail and the
  SPSecurity.RunWithElevatedPrivileges
  code is invoked, which also fails.
  1. So the first question is should you be able to invoke SubFolders.Add() with only Contribute?  It works with Design privileges for the Customer.  You can add folders on the Sharepoint website as a Contribute user so why not on the API. 
  Customer raising this as a security concern.
  2. Also why would the
  SPSecurity.RunWithElevatedPrivileges
  part fail, is the syntax incorrect for Sharepoint 2010?  We migrated this code from Sharepoint 2007 project.
  The error I get when I try run the code as a Contribute user is
  com.fineos.ta.dms.external.DMSException: The exception [A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".] was caused by the exception [A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".]., Ta Exception info,Exception Class=class com.fineos.ta.dms.external.DMSException,Root cause ID=10,Root cause host=IEL163,Localized message=A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18"
  at com.fineos.integration.dms.internal.thirdparty.GenericDMS.add(GenericDMS.java:149)
  at com.fineos.frontoffice.documentmanager.DocumentManager.saveToThirdPartyDMS(DocumentManager.java:280)
  at com.fineos.frontoffice.documentmanager.fileupload.UploadDocumentWidget.save(UploadDocumentWidget.java:401)
  at org.apache.jsp.sharedpages.documentmanager.fileupload.uploaddocumentpage_jsp._jspService(uploaddocumentpage_jsp.java:77)
  Caused by: com.fineos.integration.dms.external.services.SharePointDmsException: A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".
  at com.fineos.integration.dms.external.services.GenericDMSClient.uploadDocument(GenericDMSClient.java:139)
  at com.fineos.integration.dms.internal.thirdparty.GenericDMS.add(GenericDMS.java:132)
  ... 88 more
  Caused by: org.apache.axis2.AxisFault: Error_occured_sharepoint [Message Details = An Exception occurred in SharePoint; System.UnauthorizedAccessException: <nativehr>0x80070005</nativehr><nativestack></nativestack>Access denied.
  at Microsoft.SharePoint.Library.SPRequest.AddOrDeleteUrl(String bstrUrl, String bstrDirName, Boolean bAdd, UInt32 dwDeleteOp, Int32 iUserId, Guid& pgDeleteTransactionId)
  at Microsoft.SharePoint.SPFolderCollection.AddInternal(String strUrl, Int32 userId)
  at FINEOSIntegration.FINEOSToSharePointDMS.SharePointDMSUtilities.<>c__DisplayClass9.<ensureParentFolder>b__5()
  at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.<RunWithElevatedPrivileges>b__2()
  at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
  at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
  at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
  at FINEOSIntegration.FINEOSToSharePointDMS.SharePointDMSUtilities.ensureParentFolder(SPWeb parentSite, String destinationUrl)
  at FINEOSIntegration.FINEOSToSharePointDMS.FINEOSToSharePointDMS.uploadDocument(String UserName, String FolderPath, String Filename, Byte[] File, DocumentProperties DocumentProperties, Boolean NotifyFINEOS, Boolean NotifyFINEOSSpecified, Boolean OverwriteIfExists, Boolean OverwriteIfExistsSpecified, String& DMSDocType)]
  at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512)
  at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
  at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
  at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
  at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
  at com.fineos.frontoffice.thirdpartydms.operationtypes.ThirdPartyDmsServicesStub.uploadDocument(ThirdPartyDmsServicesStub.java:761)
  at com.fineos.integration.dms.external.services.GenericDMSClient.uploadDocument(GenericDMSClient.java:119)
  ... 89 more
  Note that the user SPWeb being passed into the method is from an impersonated user, don't know if that matters.
  So the webservice payload contains the id of the user who wants to do the Sharepoint work while the webservice is invoked by anonymous or some other service user.  We then impersonate the user specified in the webservice payload like follows and use
  that web SPWeb from then on in the webservice methods:
  userToImpersonate = currentWeb.AllUsers[user];
  site = new SPSite(fileUrl, userToImpersonate.UserToken);
  web = site.OpenWeb();
  Any help appreciated.
  Thanks,
  Ruairi.

  Ideally, a user with Contribute permissions should be able to add folders. Not sure what is the issue there. But I can see that SPSecurity.RunWithElevatedPrivileges is not written properly. You must create a new SPSite object inside the delegate
  because SPSite objects created outside do not have Full Control even when referenced inside the delegate. Use the using keyword to ensure that the object is disposed in the delegate. Example:
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite site = new SPSite(web.Site.ID))
  // implementation details omitted
  });See this for more information about SPSecurity.RunWithElevatedPrivilegeshttps://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges%28v=office.12%29.aspx?f=255&MSPPError=-2147217396
  Blog | SharePoint Learnings CodePlex Tools |
  Export Version History To Excel |
  Autocomplete Lookup Field

• Create schema with all privileges

  hi
  I am creating Schema using following sql commands  with SYSTEM as user
  Create Schema Live2;
  CREATE COLUMN TABLE "Connections" (
  "memberIdFrom" INTEGER NOT NULL,
  "memberIdTo" INTEGER NOT NULL,
  PRIMARY KEY ("memberIdFrom","memberIdTo")
  Then I goto
  Security-->users-->SYSTEM-->object privileges
  there is not schema Live2 there
  When I add LIVE2 then it's privileges are set to CREATE ANY only
  Why this is happening?
  I think by default user should have all privileges.
  If i try to assign privileges then error exception occurs that Granter and Grantee are identical.

  Hi Khalid,
  Ideally when you execute sql 'create schema <schema_name>' then the logged in user is going to default owner of the schema and you should see that under 'object privileges' of that user.
  The user will have 'create any' privileges which means the user has all the privileges on that schema.
  if you want to check who is owner of the schema in the system, please check 'SCHEMAS' under views in SYS.
  Regards,
  Venkat N.

• Trying to  create user with APEX 4.1

  We have recently upgraded to APEX 4.1. This procedure worked in 3.1. I have given the user all necessary privs. I am getting this error when I run the procedure. I will also send procedure.
  The user has APEX_ADMINISTRATOR_ROLE execute on HTMLDB_UTIL,WWV_FLOW_ADMIN_API,WWV_FLOW_ERROR,WWV_FLOW_FND_USER_API,WWV_FLOW_SECURITY select, update,delete, insert on table WWV_FLOW_FND_USER.
  I don't know what other privs to give it. Can you please help me.
  Connecting to the database dwprod.
  ORA-20987: APEX - User requires ADMIN privilege to perform this operation. - Contact your application administrator.
  ORA-06512: at "APEX_040100.WWV_FLOW_ERROR", line 704
  ORA-06512: at "APEX_040100.WWV_FLOW_ERROR", line 1008
  ORA-06512: at "APEX_040100.WWV_FLOW_FND_USER_API", line 76
  ORA-06512: at "APEX_040100.WWV_FLOW_FND_USER_API", line 1198
  ORA-06512: at "APEX_040100.HTMLDB_UTIL", line 1454
  ORA-06512: at "DW_DATA.APEX_ADD_USERS", line 20
  ORA-06512: at line 2
  Process exited.
  Disconnecting from the database dwprod.
  create or replace
  procedure APEX_ADD_USERS
  as
  cursor NEW_USERS is select
  NUL_ID, nup_dsm, nul_date, last_name,
  first_name, email_address, nup_pwd
  from ods_stage.nulfile, dw_data.cd_customer, ods_stage.nupfile
  where nul_id = dw_data.cd_customer.rcn and
  to_number(nul_id) = ods_stage.nupfile.nup_dsm and
  (nul_cng_ty = 'ACTIVATE SERVICE' or
  nul_cng_ty = 'NEW ACTIVATION FREE' or nul_cng_ty = 'PASSWORD UPDATE') order by nul_date, nul_tm;
  BEGIN
  DBMS_OUTPUT.ENABLE(1000000);
  apex_040100.wwv_flow_security.g_security_group_id := 20;
  apex_040100.wwv_flow_security.g_security_group_id := apex_040100.wwv_flow_security.find_security_group_id('bonus_work_area');
  FOR I IN NEW_USERS LOOP
  -- wwv_flow_fnd_user_api.remove_fnd_user
  -- ( p_user_id => i.NUL_ID );
  APEX_UTIL.REMOVE_USER(p_user_id=> i.nup_dsm );
  commit;
  WWV_FLOW_FND_USER_API.create_fnd_user
  ( p_user_id => i.nup_dsm ,
  p_user_name => i.nup_dsm ,
  p_email_address => i.email_address ,
  p_web_password => 'MMM',
  p_default_schema => 'DW_DATA' ,
  -- p_web_password_format => 'CLEAR-TEXT' ,
  p_first_name => i.first_name ,
  p_last_name => i.last_name);
  commit;
  wwv_flow_fnd_user_api.edit_fnd_user
  ( p_user_id => i.nup_dsm ,
  p_user_name => i.nup_dsm ,
  p_email_address => i.email_address ,
  p_web_password => i.nup_pwd ,
  p_new_password => i.nup_pwd ,
  p_default_schema => 'DW_DATA' ,
  p_first_name => i.first_name ,
  p_last_name => i.last_name);
  commit;
  update ods_stage.nulfile set nul_cng_ty = 'PASSWORD UPDATED'
  where nul_id = i.nup_dsm and
  nul_cng_ty = 'PASSWORD UPDATE';
  update ods_stage.nulfile set nul_cng_ty = 'ACTIVATE SUCCESSFUL!'
  where nul_id = i.nup_dsm and (nul_cng_ty = 'ACTIVATE SERVICE' or
  nul_cng_ty = 'NEW ACTIVATION FREE');
  END LOOP;
  COMMIT;
  NULL;
  END;

  I found this example
  http://apex.oracle.com/pls/apex/f?p=36648:13So I tried this code (now I have an extra table GUS_CITY_LOOKUP).
  select case when connect_by_isleaf = 1 then 0
              when level = 1             then 1
              else                           -1
         end as status,
         level,
         name as title,
         null as icon,
         id as value,
         null as tooltip,
         'javascript:popUp2("http://www.oracle.com");' as link
  from (
  SELECT CITY_ID as id,
         null as parent,
         CITY as name,
         NULL,
         NULL,
         NULL
    FROM GUS_CITY_LOOKUP
  UNION ALL
  SELECT CITY_ID||':'||SHOP_ID as id,
         CITY_ID as parent,
         SHOP_NAME as name,
         NULL,
         NULL,
         NULL
    FROM GUS_SHOP_DETAILS
  UNION ALL
  SELECT CITY_ID||':'||SHOP_ID||':'||EMP_ID as id,
         CITY_ID||':'||SHOP_ID as parent,
         LNAME as name,
         NULL,
         NULL,
         NULL
    FROM GUS_EMPLOYEE
  start with parent is null
  connect by prior id = parent
  order siblings by nameIn sql workshop I am getting ORA-01790: expression must have same datatype as corresponding expressio error.
  Gus
  Edited by: Gus C on Jun 26, 2012 1:33 AM
  Edited by: Gus C on Jun 26, 2012 1:33 AM
  Edited by: Gus C on Jun 26, 2012 1:34 AM