Granting role to user error

Similar Messages

• How to grant role to user

  How can use Oracle Developer2000 Form6 to grant priveledge and role to user in database (oracle 8i) from Trigger of Form6. Is there any built-in about this statement?

  PL/SQL doesn't allow you to issue DDL commands directly, but it does provide a utility package called DBMS_SQL. This allows you to create dynamic SQL statements at runtime and execute them. The code you would need are as follows:
  In declaration section -
  v_sql varchar2(200);
  v_cursor number;
  v_result number;
  In the code body -
  v_sql := 'GRANT <ROLES> TO <USER>';
  v_cursor := dbms_sql.open_cursor;
  dbms_sql.parse(v_cursor, v_sql, dbms_sql.native);
  v_result := dbms_sql.execute(v_cursor);
  You can ignore the value of v_result as it is not a DML statement. Also you could build your SQL string up dynamically using variables from your form ie:
  v_sql := 'GRANT '||:FORM.ROLE||' TO '||:FORM.USER;
  Hope that helps!
  Ian

• Grant role to user in form 6i

  Dear all,
  I have a role called ets_manager. How can i grant it to my user steve in forms 6i? I mean what is the script? I have a button when button pressed i want the role be granted to a user
  Thanks in advance.
  regards

  Try out FORMS_DDL Built-in
  http://www.oracle.com/webapps/online-help/forms/10g?topic=formsddl_html

• Who granted role to user and when

  In Oracle 11g, is it possible to find out who granted a particular role to a user and when? Like maybe from logs?

  SELECT log_mode
    FROM v$databasewill tell you whether the database is running in ARCHIVELOG mode or not. You'd need for the database to be running in ARCHIVELOG mode and to have the archived logs back to the point in time that the role was granted in order to use LogMiner.
  I don't suppose there is any chance that you had enabled auditing of GRANTs prior to the role being granted, is there? That would be the appropriate way to capture that information going forward.
  Justin

• In 11i CRM add the role 'csi normal user error

  Hi,
  i am trying to add the role 'csi normal user' , for that i have some procedure below
  To add this role to a user, you need CRM HTML Administration responsibility:
  1. In the Navigator, click the CRM HTML Administration responsibility.
  2. Under “Setup : Users : Registration”, click User Maintenance
  3. Enter full or partial username and click Go.
  4. Select the applicable username from the list
  5. Click Roles
  6. Select the CSI Normal User role from the left pane.
  7. Click Move to put it in the right pane.
  8. Click Update.
  i have already added crm html administrator to myself,i have sysadmin privilege,i have crm html administrator under that i have user maintanence
  if i click that its showing error that i dont have privilege to view that page
  error says i dont have the privilege
  Please let me know ,

  Hi,
  Have a look at the following documents.
  Note: 261174.1 - Insufficient Privileges to Access the User Maintenance Page
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=261174.1
  Note: 232373.1 - Insufficient Privileges when Accessing User Maintenance
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=232373.1
  Note: 299795.1 - Error In Granting Any Roles To A User - "Error granting role"
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=299795.1
  Note: 299186.1 - Administration Privilege Is Required To Access This Page
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=299186.1
  Regards,
  Hussein

• Forms Authentication Error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed

  I created a custom security extension following the steps listed in the Readme_Security Extension Sample. It works fine if I login as the user that is specified AdminConfiguration section of the rsreportserver.config file but if I
  log in as another user, I get this error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.  I've added the user to both System Administrator
  and System User roles to try to get it to work but still no luck.
  Does anyone know how to fix this?
  Thanks.

  Hi MetronM,
  The issue is due to that user have no permission to access the report server. In report manager, Reporting Services includes predefined roles that we can assign to users and groups to provide immediate access to a report server. Each role defines a collection
  of related tasks.
  You can refer to the following steps to assign corresponding role to the user.
  Open report manager.
  Click “Folder Setting” button. 
  Click “New Role Assignment” icon.
  Type the user name and select the corresponding role.
  There is an article about Granting Permissions on a Native Mode Report Server, you can refer to it.
  http://technet.microsoft.com/en-us/library/ms156014.aspx
  Regards,
  Alisa Tang
  Alisa Tang
  TechNet Community Support

• Error Message = 3205: '~WF_ADHOC-1446' is not a valid role or user name

  Hi,
  I have an Item attribute of type 'Role' ('CREDIT_COMMITTEE_MEMBERS') and I am using that attribute as performer for two notification activities.
  For first notification, I create an adhoc role and assign it to the attribute and the notification goes successfully.
  I want to send reminder to the people who have not responded to the first notification.
  So I used the following query:
  SELECT recipient_role
  FROM wf_notifications
  WHERE (message_name = 'MSG_TO_CREDIT_COMM_NEED_APPR' or message_name = 'MSG_REMINDER_CREDIT_COMM')
  AND item_key = itemkey
  AND status = 'OPEN';
  The following code was used to update the Item attribute of type "Role"
  FOR rec_cc_role_names IN cur_cc_role_names
  LOOP
  IF l_role_count = 0 THEN
  l_role_users := rec_cc_role_names.recipient_role;
  ELSE
  l_role_users := l_role_users || ' ' || rec_cc_role_names.recipient_role;
  END IF;
  l_role_count := l_role_count + 1;
  END LOOP;
  wf_directory.createadhocrole
  ( role_name => l_role_name,
  role_display_name => l_role_display_name,
  notification_preference => 'MAILTEXT',
  role_users => l_role_users,
  expiration_date => NULL);
  wf_engine.setitemattrtext
  ( itemtype => 'XXCCVOTP',
  itemkey => itemkey,
  aname => 'CREDIT_COMMITTEE_MEMBERS',
  avalue => l_role_name);
  The second notification activity is throwing the below error
  Error Name = WFNTF_ROLE
  Error Message = 3205: '~WF_ADHOC-1446' is not a valid role or user name.
  Error Stack =
  Wf_Notification.SendGroup(~WF_ADHOC-1446, XXCCVOTP,
  MSG_REMINDER_CREDIT_COMM, 07-APR-10, WF_ENGINE.CB)
  Wf_Engine_Util.Notification_Send(XXCCVOTP, 154009, 186344,
  XXCCVOTP:MSG_REMINDER_CREDIT_COMM)
  Wf_Engine_Util.Notification(XXCCVOTP, 154009, 186344, RUN)
  Kindly help.
  Thanks,
  Amit

  The users list was null for the role, which was causing the error. The query populating the user list was not returning any row.

• Sales Agreement workflow errored on 3205: is not a valid role or user name.

  Hi experts,
  We're currently on EBS R12.1.2 We're running into an issue that seems like a very general issue that other businesses would have encountered before. We have a business user who creates most of sales agreements. When this business user left the company, we set active end date on the particular userid. Now, when we go into these sales agreements originally created by this particular userid, and put in the expiration date to expire these sales agreement. We're seeing the sales agreement workflow erroring out in the pre-notification workflow email with error 3205: is not a valid role or user name.
  It seems to be this is a very typical business scenario. If you have encountered this problem, please share how you resolved this issue within your oracle apps environment.
  Thank you in advance for your help,
  Jennifer

  Hello,
  We have the same problem in 11.5.10.2. If we want use this blanket sales agreement I have to skipped this notification by sysadmin and after this I can extend end date and another user can use this BSA.
  Look at Extend The Expiration Date For Closed Non-Active Expired BSA Blanket Sales Agreement [ID 1394888.1]     
  Regards,
  Luko

• Revoke roles from users

  I want to revoke a number of roles from users. What I found is if one or more roles were not granted to the user before, then the whole 'revoke' statement will fail, i.e. the granted roles will not be revoked from the user. Is there a way to let the statement revoke the granted roles even though there may be some roles were not granted. For example;
  REVOKE role1,role2,role3 from user;
  I want to revoke role1 and role2 even though role3 were not granted to the user.

  Why don't you test this yourself?
  satyaki>
  satyaki>select * from v$Version;
  BANNER
  Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Prod
  PL/SQL Release 10.2.0.3.0 - Production
  CORE    10.2.0.3.0      Production
  TNS for 32-bit Windows: Version 10.2.0.3.0 - Production
  NLSRTL Version 10.2.0.3.0 - Production
  Elapsed: 00:00:00.98
  satyaki>
  satyaki>
  satyaki>
  satyaki>
  satyaki>create role r1;
  Role created.
  Elapsed: 00:00:01.80
  satyaki>
  satyaki>
  satyaki>GRANT select  ON emp   TO r1;
  Grant succeeded.
  Elapsed: 00:00:00.51
  satyaki>
  satyaki>
  satyaki>create role r2;
  Role created.
  Elapsed: 00:00:00.02
  satyaki>
  satyaki>grant update on emp to r2;
  Grant succeeded.
  Elapsed: 00:00:00.05
  satyaki>
  satyaki>
  satyaki>grant r1 to hr;
  Grant succeeded.
  Elapsed: 00:00:00.17
  satyaki>
  satyaki>grant r2 to titan;
  Grant succeeded.
  Elapsed: 00:00:00.07
  satyaki>
  satyaki>
  satyaki>revoke r2 from hr;
  revoke r2 from hr
  ERROR at line 1:
  ORA-01951: ROLE 'R2' not granted to 'HR'
  Elapsed: 00:00:00.12
  satyaki>
  satyaki>Regards.
  Satyaki De.

• Granting roles permission to run packages created by somone else

  Hi there,
  I'm using Oracle 9i and I've written a package that has several functions that need to be run by a role other than the owner. I have 2 roles I granted execute permission on the package itself but when I log in to our app as another user with one of those granted roles, I get the 'insufficient privilege' error.
  My DBA mentioned something about doing a pl/sql wrapper. I did a search under wrap in the oracle index and came up with a wrap utility. If this is what he meant, I don't understand how that helps with permissions if the wrap util just encrypts my package. How do the roles get permission to run it then?
  Thanks
  Evita

  If you call the stored procedure from a PL/SQL block, there will be a problem that PL/SQL does not, by default, recognize privileges granted through a role. You can either make a direct grant or you can change the PL/SQL block to specify authid current_user.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• How can I see which roles or users have access to a table?

  How can I see which roles or users have access to a table?
  For a given table, how can I see the grants, who and what?
  Many thanks

  dba_tab_privs.
  Grantee can be a role or an user, as roles are fake users.
  Sybrand Bakker
  Senior Oracle DBA

• Assigning roles to users programmatically

  Hi,
  I want to programmatically create roles, assign roles to users etc.
  I saw at this thread
  ADF Security Policy Store
  the folowing scriptlet by Frank Nimphius
  try {
  IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore();
  try {
  UserManager userManager = idstore.getUserManager();
  RoleManager roleManager = idstore.getRoleManager();
  Role adminRole = idstore.searchRole(Role.SCOPE_APPLICATION,"admin");
  // create user
  //TODO check for empty username and password
  User newUser = userManager.createUser(this.username,this.password.toCharArray());
  roleManager.grantRole(adminRole,newUser.getPrincipal());
  } catch (IMException e) {
  // TODO
  } catch (JpsException e) {
  // TODO
  return null;
  this is a TP3 scriptlet, is it still working on the 11g production?
  I try it and i get a JpsException
  oracle.security.jps.JpsException
       at oracle.security.jps.internal.common.util.JpsCommonUtil.getValidIdStore(JpsCommonUtil.java:1004)
  do I have to replace "idstore.xml.provider" with something else depending on my configuration?
  thanks
  Tilemahos

  Hi Frank thanks for the answer,
  I check this functionality at WLS embeded LDAP and I shaw your "How-to configure OID for authentication in WebLogic Server" post.
  I manage to add users and assign them roles that i created at my application.
  But what if I want to have a super user that can create new roles and assign them member roles?
  eg.
  Developer created roles (policy store):
  accessPage1 ( granted all the necesery principals to access page1 )
  accessPage2 ( granted all the necesery principals to access page2 )
  Super user created roles
  Role1 member roles :accessPage1,accessPage2
  If i want my application to have that functionallity i must create roles programmatically wont I?
  If there another way?
  By the way I followed the advices at the following useful links
  Chris Muir: http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html
  Frank Nimphius's How-to configure OID for authentication in WebLogic Server
  Edwin Biemond's Using OpenLDAP as security provider in WebLogic
  Andrejus Baranovskis: Practical ADF Security Deployment on WebLogic Server
  And I manage to add users of the Microsoft LDAP at the WLS
  but I could't mekae them group members of my application groups (roles)
  is this possible?
  Thanks

• SECATT for assigning roles to users

  Hi All,
  How do we make the ECATT to work for the below scenario:
  Users already have roles assigned to them. We need to add a new roles to the users which can vary in number based on the users job.
  A simple ECATT script that was developed to add a single role to a new user does not work in the above case and gives an error of invalid batch input. How do I create a ECATT to assign role to user who already has a set of roles assigned (number of roles assigned to users differ, so I cannot assume to train the ECATT to assign a role on line X). Is there something I am missing while the ECATT script creation?
  We are doing this from a CUA and its very difficult to assume how many roles a user could have.
  Thanks,
  Jay

  Thanks Alex for the insight. For some reason SU10 is slow in the CUA environment and I wanted to avoid it but yes I finally had to use SU10. Talking to one of our ABAPer I came to know that even in their BDC recordings they get the error which I receeived, but he changes his program to skip all the lines with data and then fill the empty line.
  In CUA environment, how do we create ECATT to delete a role from many users?
  Thanks,
  Jay

• How to Create BP in a new role - Internet User

  Hi Guru's,
  I have a requirement where I need to create BP in role Internet User (BP005) from WEBUI without using the BP Role Assignment block. The condition is, There is a marketing attribute(a checkbox)  in BP_HEAD Account Detials View which when checked should automatically try to create BP in role Internet User on Save.
  I tried using the ON_SAVE method in BP_HEAD_ACCOUNTDETAILS_IMPL and called BAPI_BP_ROLE_ADD_2 and passed all the values but it gives me an error message saying the BP is locked by me, which makes sense because I am actually editing the same BP.
  I am trying to trigger this using an existing relation, but not able to figure out what relation it is or how & where can I code that. Please help...
  Surprisingly I could not find any posts similar to my requirement in this forum.
  Thanks,
  Kumar

  Hi Frederick,
  That was very helpful, I am able to trigger the creation of the role but it is not saving in backend for some reason. When I change the BP again and save it , this time it says the BP is already created in that role except I don't see that in backend. I can see it has been created somehow in tables but in Tx: BP in Gui the Contact is not in that role. I am guessing it is something to do with authorizations from the WEBUI for on save event. But I got an initial start. Can you tell me if you had to assign any specific roles to WEBUI user or any special authorizations?
  Thanks,
  Sunil

• Unable to grant sysdba to user

  Hi,
  On my PC i am using Redhat 5. when I grant sysdba privilege to user hr it gives an error.
  SQL> grant sysdba to hr;
  grant sysdba to hr
  ERROR at line 1:
  ORA-01994: GRANT failed: password file missing or disabled
  I check the password file is in place in the folder HOME/dbs. what can be the problem.
  Plz help
  Thanx

  It works for me.
  bcm@bcm-laptop:~$ sqlplus
  SQL*Plus: Release 11.2.0.1.0 Production on Mon Nov 1 10:39:30 2010
  Copyright (c) 1982, 2009, Oracle.  All rights reserved.
  Enter user-name: / as sysdba
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> grant sysdba to hr;
  Grant succeeded.Either you are mistaken or Oracle is.
  Either you have an error of omission or error of commission, but without knowing what you have & what you do, no advice is possible.
  Is COPY & PASTE broken for you?
  Post results of
  SELECT * from v$version;