DBA role and privacy problem

Similar Messages

• DBA role and system privileges

  I created a new user (PIPPO) with the default dba role in my db.
  I know that the dba_role has the SELECT ANY TABLE and INSERT ANY TABLE system privileges.
  I expeperienced that if I select a table of another schema on a simple sqlplus session everything is OK, but if I select the same table on the same manner in a PL/SQL procedure or in the creation of a wiew, both owned by PIPPO, the error message is that the table not exists...
  So I have to grant SELECT and INSERT on the tables I want to my user PIPPO.
  Does anyone tell me if this is normal or strange?
  Thanks

  This is normal. To access other schema's table you need to have direct grant not through roles. DBA is a role.

• DBA role dropped

  Hi,
  I recently saw that the DBA role is missing from one of our databases and the connect privileges are revoked from almost all schemas in the database. I tried investing about how this. Initially I went to check the dba_audit_trail,unfortunately it's empty. Secondly I tried using log miner to analyse redo logs for last 5 days in short intervals. Analysing from V$LOGMNR_CONTENTS using a "DROP" filter on operation column,but still couldn't get anything. Can anyone suggest any other way to investigate this.

  If you had access to a database of the same version you could use the scripts from Pete Finnigan (http://www.petefinnigan.com/tools.htm) to see what privileges are given to the DBA role and re-create the role.
  On metalink there is Note: 1068678.6 How to Recreate DBA Role if Dropped. Last revision is 26-Nov-2002 and only mentions version 8.X.

• Problem with Roles and Triggers

  I'm having a strange problem with Roles and Triggers in Oracle. It's a little difficult to describe, so bear with me...
  I'm trying to create a trigger that inserts records into a table belonging to a different user/owner. Of course, the owner of this trigger needs rights to insert records into this other table. I find that if I add these rights directly to the owner of the trigger, everything works okay and the trigger compiles successfully.
  However, if I first create a Role and grant the "insert" rights to it, and then assign this role to the owner of the trigger, the trigger does not compile successfully.
  To illustrate this, here's an example script. I'm using Oracle 10g Release 2...
  -- Clean up...
  DROP TABLE TestUser.TrigTable;
  DROP TABLE TestUser2.TestTable;
  DROP ROLE TestRole;
  DROP TRIGGER TestUser.TestTrigger;
  DROP USER TestUser CASCADE;
  DROP USER TestUser2 CASCADE;
  -- Create Users...
  CREATE USER TestUser IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
  CREATE USER TestUser2 IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
  CREATE TABLE TestUser.TrigTable (TestColumn VARCHAR2(40));
  CREATE TABLE TestUser2.TestTable (TestColumn VARCHAR2(40));
  -- Grant Insert rights on TestTable to TestRole...
  CREATE ROLE TestRole NOT IDENTIFIED;
  GRANT INSERT ON TestUser2.TestTable TO TestRole;
  -- Add TestRole to TestUser. TestUser should now have rights to INSERT on TestTable
  GRANT TestRole TO TestUser;
  ALTER USER TestUser DEFAULT ROLE ALL;
  -- Now, create the trigger. This compiles unsuccessfully...
  CREATE TRIGGER TestUser.TestTrigger AFTER INSERT ON TestUser.TrigTable
  BEGIN
  INSERT INTO TestUser2.TestTable (TestColumn) VALUES ('Test');
  END;
  When I do a "SHOW ERRORS;" after this, I get:
  SQL> show errors;
  Errors for TRIGGER TESTUSER.TESTTRIGGER:
  LINE/COL ERROR
  2/3 PL/SQL: SQL Statement ignored
  2/25 PL/SQL: ORA-00942: table or view does not exist
  SQL>
  As I said above, if I just add the Insert rights directly to TestUser, the trigger compiles perfectly. Does anyone know why this is happening?
  Thanks!
  Adrian

  Hi Raghu,
  If the insert rights exist only on TestRole, and TestRole is assigned to TestUser, I can do the INSERT statement you suggest with no problems if I just execute it from SQLPlus (logged in as TestUser).
  The question is, why does the same INSERT fail when it's inside the trigger?

• Problems with roles and ldapgroups in IDM 8

  Hello Guys,
  I'm facing a problem. I have to put users in ldap groups and i using roles. I have create an IT role and a Business role.
  I use the IT Role to add users in ldap groups through a rule and the business role to assign groups to a user. The business contains the IT Role.
  Normally, when i put a list of two groups in the rule, i must have user put in the two groups and if i remove one of this group in the rule, user must be removed from the choosen group. Unfortunatly, the second scenario doesn't work. I always have the two. And i can't removed the users from all groups.
  Is there something that i'm missing?
  I'm using IDM 8.A patch 2 and Sun Directory Server 6.3.
  The definition of my IT Role is :
  <?xml version='1.0' encoding='UTF-8'?>
  <!DOCTYPE Role PUBLIC 'waveset.dtd' 'waveset.dtd'>
  <Role authType='ITRole' name='My Groups'>
    <ResetLimit count='0'>
        </ResetLimit>
    <Services>
      <ObjectRef type='Resource' name='RESSOURCE LDAP'/>
    </Services>
    <ContainedRoles>
    </ContainedRoles>
    <RoleAttributes>
      <RoleAttribute name='My Groups:#ID#RESSOURCE LDAP:groups'>
        <Comment>Auto generated by Role Mes Groupes</Comment>
        <AttributeName>groups</AttributeName>
        <AttributeValueRef>
          <ObjectRef type='Rule' id='#ID#RuleListeUserGroups' name='Rule Liste User Groups'/>
        </AttributeValueRef>
        <Requirement>Authoritative merge with value, clear existing</Requirement>
        <ResourceRef>
          <ObjectRef type='Resource' id='#ID#RESSOURCE LDAP' name='RESSOURCE LDAP'/>
        </ResourceRef>
      </RoleAttribute>
    </RoleAttributes>
    <MemberObjectGroups>
      <ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
    </MemberObjectGroups>
  </Role>Thanks All!

  i have it role mapped to ldap groups implemented successfully with the following...
  1. Instead of a rule adding to groups, you should have a resource attribute mapping ... this is described in the ldap resource adapter references....
  <AccountAttributeType id='101' name='ldapGroups' syntax='string' mapName='ldapGroups' mapType='string' multi='true' />2. Now have your IT ROLE to have the group population like the following
  <RoleAttribute name='MYROLE:RESOURCE-NAME:ldapGroups'>
        <AttributeName>ldapGroups</AttributeName>
        <AttributeValueString>
          <List>
            <String>cn=Wirelessaccess,ou=Groups,dc=example,dc=com</String>
          </List>
        </AttributeValueString>
        <Requirement>Authoritative merge with value</Requirement>
        <ResourceRef>
          <ObjectRef type='Resource' name='RESOURCE-NAME'/>
        </ResourceRef>
      </RoleAttribute>

• Outgoing audio. Was not going on Skype after ios7 download.went to settings--privacy--microphone--on--and the problem was resolved.

  Outgoing audio. Was not going on Skype after ios7 download.went to settings--privacy--microphone--on--and the problem was resolved.

  Hello:>
  I created a function "APEX_030200.wwv_flow_epg_include_mod_local" as a sys user, then I dropped it.>
  You can't have 'created' this function ! The function is installed by the APEX installer. This function needs to exist in the database for APEX to function correctly. Install the function described below into your database
  CREATE OR REPLACE function APEX_030200.wwv_flow_epg_include_mod_local(
      procedure_name in varchar2)
  return boolean
  is
  begin
      return false; -- remove this statement when you modify this function
      -- Administrator note: the procedure_name input parameter may be in the format:
      --    procedure
      --    schema.procedure
      --    package.procedure
      --    schema.package.procedure
      -- If the expected input parameter is a procedure name only, the IN list code shown below
      -- can be modified to itemize the expected procedure names. Otherwise you must parse the
      -- procedure_name parameter and replace the simple code below with code that will evaluate
      -- all of the cases listed above.
      if upper(procedure_name) in (
            '') then
          return TRUE;
      else
          return FALSE;
      end if;
  end wwv_flow_epg_include_mod_local;
  /Varad

• Roles and responsiblities of oracle dba in development team

  What should be the roles and responsiblities of oracle dba in development team?
  Does Application dba should have oracle user credentials on db box?

  Hi, Application DBA work as like production DBA, while resolving issue SLA would not apply for them . Apart from this developement team pressure will be there.
  These are points remembered.
  Creating test Db for testing environment,
  Schema Replication of POC
  replication the DB for interface setup .
  User , Space management.
  Roles and Security management
  Space Forecasting -this will be useful when you are estimating for storage
  need to give application set up to Production DBA with proper specification.
  maintaining the schema changes
  Ensure that right script shas to provide the Production DBA team .
  Deployment of the application.
  performance tuning..
  All environment memory /CPU statistisc need to check by regular interval.If any issues need to escalte to INFRASTRUCTURE team
  HTC
  tippu

• BP Role and status in CRM problem

  Hello everybody ,
       i am new in CRM and i have to read the Business partner value,role as sold to party and its status(here Blocking reason is the field)in transaction BP and i have to use this status value in other transaction here i am seeing this bp value and status is the structure field,so can any one tell me database table
  where the BP number, role and status field(here Blocking reason is the field) is being stored.
  Thanx. your reply is valuable for me and eagerly waiting.
  Regards
  Prince

  Hi Prince,
  I guess the Field Status as a attribute of BP,As you told BP is nothing but Sold-To-Party.Then Sold-To-Party is refrenced character or 0Customer.So that you can check the Status field in 0customer attributes, or Sold-To-Party attributes.
  Then the table you can get is the Master Data Table of 0Customer.Go to /BI0/MCUSTOMER
  Hope this helps
  Regards
  Happy Tony
  <b>Points == Thanks</b>

• PDB_DBA has DBA role, but no quota on tablespace

  Hi all,
  I have weird situation and I can't find in doco why is that:
  I have created PDB with role DBA for admin user, I can see that PDB_DBA role has DBA role. I can  create table in admin user schema, but can't insert rows there, as there are no quota on tablespace. If I grant DBA to admin user directly- I can insert rows - so, I got "quota unlimited" as part of DBA role:
  SQL> conn / as sysdba
  Connected.
  SQL> create pluggable database P1 admin user a identified by a roles=(dba);
  Pluggable database created.
  SQL> alter session set container=P1;
  Session altered.
  SQL> alter pluggable database P1 open;
  Pluggable database altered.
  SQL> create table a.t(id integer);
  Table created.
  SQL> insert into a.t values(1);
  insert into a.t values(1)
  ERROR at line 1:
  ORA-01950: no privileges on tablespace 'SYSTEM'
  SQL> select * from dba_role_privs where grantee = 'A';
  GRANTEE
  GRANTED_ROLE ADM DEL DEF COM
  A
  PDB_DBA YES NO  YES NO
  SQL> select granted_role from dba_role_privs where grantee = 'PDB_DBA';
  GRANTED_ROLE
  DBA
  SQL>
  SQL> grant dba to a;
  Grant succeeded.
  SQL> insert into a.t values(1);
  1 row created.
  SQL> revoke dba from a;
  Revoke succeeded.
  SQL> insert into a.t values(1);
  1 row created.
  SQL>

  What is the full version of Oracle 12c that you are using?
  That does seem odd. Especially since revoking the direct grant leaves the privilege intact which could only come from the role.
  What happens if you bounce the DB after the initial INSERT failure? Does it continue to fail if the direct grant isn't made?
  Also - did you specify FILE_NAME_CONVERT as an init parameter?
  If you have a MOS account I suggest you search to see if there are any bugs related to PDB privileges.
  There have been some known issues with the whole PDB metadata link thing. System tables only exist in the root and the PDBs only have metadata links to the actual system entries. It's possible that the metadata link didn't get created or propagated properly after the PDB was created.
  That is why I ask if you can try bouncing the database to see if the problem still persists.
  The other, related, test to try is to first create the PDB (no other action at all such as grants, users, or anything). Then open the PDB and then shut it all down.
  When you restart the entire DB and open the PDB then perform your test and see if you get the same results. The intent of that test is to see if the metadata entries are properly created and propogated AFTER the PDB actually exists.
  Unfortunately (for you at least for now) there are so many nuances to the whole multitenant thing in the way privileges (among other things) work it will be a while until they all get sorted out.
  Many of those are the management of privileges (roles, grants, etc) for PDBs given that some PDBs aren't open at the time the privilege change is made. If a PDB isn't open and you modify a common privilege there won't be any replication to that PDB and you will later have to update that PDBs privileges manually.

• CONNECT ROLE and CREATE SESSION

  Oracle 8.1.7.4.1 Enterprise RDBMS
  User has CONNECT role but receives ORA-1045 when trying to log in. Problem resolved after explicitly granting CREATE SESSION. This should not have been necessary. Has any one else had this problem? What would cause such behavior?

  Verify that CREATE SESSION is in the role. (Yes, it should be, but ...)
  Verify that nothing has revoked CREATE SESSION from the user.
  Besides, it is probably is good idea to get out of the 'CONNECT', 'RESOURCE' and 'DBA' role habit.

• LG Ally text message and gps problems

  hello. ive been with verizon for about 10 years maybe. ive been overall happy with the service and customer service. but the prices should be alot lower.lol. i started out with the motorolas then switched to the lg phones. only problem with the motorola was the speakers. not loud enough. could never hear the phone ring. the lgs usually suffer from the same problem.
  i had a few phone problems but nothing like this lg ally. im on my second one and about to be my 3rd one in about 3 months. 1st phone i had every problem under the sun. this phone i am suffering from text message problems and gps problems. i suffer from what everyone else has problems with. the messages wont send. they will eventually lock up. it will show the envelope with the red explanation point ( i think thats the graphic). then usually everytime when i sent a text the texts will close. it will send then bounce back and show up as a draft and i have to resend it and wait for it to go thru. finally the last problem with the texts. when i send a text a phone number from my contacts shows up and freezes on the screen. its in white text with a black background. its the same number every time. it stays on the screen until i restart or pull my battery out.
  gps. when i open up google gps that comes with the phone i make sure the gps is on... when the directions are found and the map pops up 9 out of 10 times it just keeps saying searching for gps. the turn by turn never is found. the 1 time it does it takes a good 10 minutes to be found. atleast on my first one ally the gps did work 8 out of 10 times. it just took a good 5-10 minutes for gps to be found and show turn by turn.
  anyone else have these problems? where you able to fix them or did you need to get a new phone? the 2.1 update was supposed to fix problems. i think they just made it worse. the ally is supposed to have 2.2 froyo. where is it. is it ever going to get it. i got this phone because i like the lgs and the keyboard. also the sales representative on the phone was giving the lg ally rave reviews. why couldnt he say dont buy this go with a motorola droid. this phone is the biggest junk ever made

  I do apologize you are having trouble with your device I looked in our information system on the LG Ally in reguards to issues you are having it states if you have the Free Droid Security anti virus protection application down loaded it will cause the phone to lock up or freeze. Check and make sure you do not have the application on your device. Check you GPS settings and make sure correct. Go to Settings; Location & Security; make sure GPS is on wireless network. If this does not fix issue you can try doing a Master Reset on your device. Make sure your contacts are saved in your G-mail account or through Back Up Assistance.
  Master Reset/Soft Reset:
  Factory Reset option 1
  From the main screen, touch menu tab
  Touch Settings
  Touch Privacy
  Touch Factory Data reset
  Touch Reset Phone
  Warning: This will erase all data from your phone, including:
  Your Google account
  System and application data and settings
  Downloaded Applications
  It will not erase: Current System software and bundled applications; SD Card files, such as music or Photos
  Factory Reset option 2  - Warning this will reset device back to original factory settings.
  Turn off the phone
  Press and hold "home" + "end" + "volume up or down" keys together for a few seconds when the device is power off
  Once device displays boot information, release keys.
  Soft Reset
  Press the Power key.
  Touch Power off.
  Touch OK.
  Press the Power key to power on the device.
  or
  Remove battery cover, remove battery and reinstall.Also there is a new update for LG Ally it will be the Froyo 2.2 but there is not release date available at this time it will post on your device when available. Hope this Helps. Leslie

• Is there a way to create a role like DBA role?

  is there a way to create a role just like DBA role?

  Karl wrote:
  thanks for the reply.
  yes, i know the command. but i still have concerns.
  DBA role come with oracle product, and it is very powerful. our client wants to have a role just like DBA role, but with the following excluded from it
  DELETE_CATALOG_ROLE
  GRANT ANY ROLEThen simply do NOT issue those two GRANT

• Itunes not workin and the problem displays - m signature:   Problem Event Name:     BEX   Application Name:     iTunes.exe   Application Version:     10.5.3.3   Application Timestamp:     4f14cc3d   Fault Module Name:     QuickTime.qts_unloaded   Fault Mo

  i tunes not working and the problem its displaying is
    m signature:
    Problem Event Name:    BEX
    Application Name:    iTunes.exe
    Application Version:    10.5.3.3
    Application Timestamp:    4f14cc3d
    Fault Module Name:    QuickTime.qts_unloaded
    Fault Module Version:    0.0.0.0
    Fault Module Timestamp:    4cf45322
    Exception Offset:    706e1040
    Exception Code:    c0000005
    Exception Data:    00000008
    OS Version:    6.1.7601.2.1.0.256.1
    Locale ID:    1033
    Additional Information 1:    0a9e
    Additional Information 2:    0a9e372d3b4ad19135b953a78882e789
    Additional Information 3:    0a9e
    Additional Information 4:    0a9e372d3b4ad19135b953a78882e789
  Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
  If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt
    please help.

  im having this problem to ive uninstalled and installed but this still comes up!!
  Problem signature:
    Problem Event Name:    BEX
    Application Name:    iTunes.exe
    Application Version:    10.7.0.21
    Application Timestamp:    504d85d9
    Fault Module Name:    StackHash_0a9e
    Fault Module Version:    0.0.0.0
    Fault Module Timestamp:    00000000
    Exception Offset:    00000000
    Exception Code:    c0000005
    Exception Data:    00000008
    OS Version:    6.1.7601.2.1.0.768.3
    Locale ID:    5129
    Additional Information 1:    0a9e
    Additional Information 2:    0a9e372d3b4ad19135b953a78882e789
    Additional Information 3:    0a9e
    Additional Information 4:    0a9e372d3b4ad19135b953a78882e789

• Performance tab not working in Enterprise Manager for user with dba role

  Database: 11g2
  New to Oracle. Don't want share SYS user account among dbas. Tried to create user with dba role to perform all tasks.
  1. Removed DBMS_JOB, DBMS_LOB, UTL_FILE, UTL_HTTP, UTL_SMTP, and UTL_TCP from PUBLIC
  2. Created user dbauser1 with dba role
  3. Log in as dbauser1 in Enterprise Manager
  After click Performance tab, it just went straight to "Database Login" page. No error message.
  Any suggestions or advice will be appreciated.
  piaoma

  Hi Gourav,
  This is the wsdl url:
  http://hostname:8000/sap/bc/srt/wsdl/bndg_E04711310A0E55F1A0E3005056B03D6F/wsdl11/allinone/ws_policy/document?sap-client=450
  Kind Regards,
  Richard

• Role Based Access problem in forms

  This would be a long reading.
  I'm having a problem with forms Role Based Access.
  We have two databases, one in London and one in Zurich. We have installed
  application server and oracle forms on London database. We have implemented
  Role Based Access to forms. For this we have created a database role (say ZUR_USER)
  in both databases. The view FRM50_ENABLED_ROLES which is used by forms role based access control
  is also created in both databases with a 'grant select to public'.
  Our form system has a menu and forms under that menu. Both menu and the underlying forms have been
  assigned Menu Security/Item Roles to the above mentioned ZUR_USER role and the role is assigned
  to various users.
  Now a Zurich user is trying to login to Zurich database using the URL for forms installation
  in London server. He can login successfully and can see the menu heading in the main screen but
  when he clicks the menu he doesn't see the underlying forms list.
  When we try the same user id and database from London (using the same URL) we see all the forms.
  Any idea what are we missing. The Menu Security is setup at menu level as well as the form level under
  that menu. User can see the menu but not the form under that menu from Zurich. No such problem while
  login from London.

  I'm using the Forms 10g
  and yes the only difference is between login from Zurich and London.
  Problem definitely is due to Role Based Access setup.
  The user in Zurich can see the Menu but not the items under that menu.
  I have set the security set up at both menu and menu item(i.e. form name) level.