User Privilege Clarification

Similar Messages

• How to find out user privilege using JPDK

  Hi All,
  How can I find out what type of user-privilege that a user has inside the renderBody method of the subclass of the BaseManagedRenderer class? e.g: whether the user has the Administer privilege.
  I looked through the ProviderUser object which can be obtained from the pr.getUser() (PortletRenderRequest.getUser()) and it does not seem to provide the method to get the user's privilege.
  Any insight is greatly appreciated!
  Thanks,
  Vince

  Vince,
  How did you figure out calling the is_user_in_group or other
  similar function calls in the WWSEC_API?
  I tried making a regular SQL Statement by doing the following.
  CallableStatement callablestatement = conn.prepareCall
  ("begin ? := wwsec_api.is_user_in_group(?,?); end;");
  callablestatement.registerOutParameter(1, 12);
  callablestatement.setInt(2, 17);
  callablestatement.setInt(3, 0);
  callablestatement.execute();
  boolean s2 = callablestatement.getBoolean(1);
  callablestatement.close();
  but it fails with the following exception in the JSP...
  java.sql.SQLException: ORA-06550: line 1, column 13: PLS-00382:
  expression is of wrong type ORA-06550: line 1, column 7: PL/SQL:
  Statement ignored
  Can you shed some light on the problem?
  Thanks,
  Niket Parikh

• OBIEE11g: Set user privileges to  Open RPD in Read Only mode.

  Hi All,
  Can some one help me , how to set user privileges to open RPD in read only mode.
  1) If a user ( xxxx) logs into the RPD then the rpd should open in Read Only Mode for xxxx user.
  2) If other user (YYYY) logs in online mode then it should open in online mode for other user (YYYY).
  How to set the security to achieve this.

  863866 wrote:
  Hi All,
  Can some one help me , how to set user privileges to open RPD in read only mode.
  1) If a user ( xxxx) logs into the RPD then the rpd should open in Read Only Mode for xxxx user.
  2) If other user (YYYY) logs in online mode then it should open in online mode for other user (YYYY).
  How to set the security to achieve this.Hi,
  I don't think it's possible, can go with metadata dictionary option which is also help to analysis RPD.
  refer section,
  http://docs.oracle.com/cd/E23943_01/bi.1111/e10540/utilitiesexprbldr.htm#BIEMG325
  Thanks
  Deva

• Run with user privileges but write to restricted folder

  In Windows Server 2008 R2 (and in an Active Directory domain), the login and logoff scripts are run with user privileges.
  Suppose that I run script1.ps1, when user1 logs in; I need that script1.ps1 is associated to user1, because it will write some informations about that user: it modifies a log file in a folder. Anyway, script1.ps1 will be run with user1 privileges.
  I obviously made that file and that folder accessible (readable/writable) to user1: but I actually don't want the user to modify that log file. I would like that
  only the script could do it.
  Is there a way to work around this problem? Maybe should I run script1.ps1 in a different way?

  Henry.  You can add a subscription to a server that subscribes t event log entries on user computers.  Subscribe to the logon/logoff events. Now you have a central repository of logon and  logoff events.
  There is no way to accomplish what you are asking to do.  Any file that can be written to in logon script or during a user session can be changed by the user.
  Bil is suggesting a "startup" script that runs when the user logs on and not when the computer starts.  A user startup script runs as the user and not system.
  Another method is to schedule a script that run at logon.  This can run as system and write to a file that the user cannot change.
  ¯\_(ツ)_/¯

• LDAP User Privileges

  Dears,
  wanna do integration CUCM 9.1 with Active Directory and what i know that the user should have "Read" Only privileges to do the integration
  BUT:
  1- I tried to do it with user has only Read privilges i got error login failure to ldap
  2- I change the user privilege to be Admin then i could integrate with call manager
  CUCM 9,1 Administration Documents Says:
  LDAP Manager Distinguished Name
  Enter the user ID (up to 128 characters) of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory in question.
  CUCM 9.1 SRND Says (Page 809):
  Design Considerations for LDAP Synchronization
  Observe the following design and implementation best practices when deploying LDAP synchronization
  with Cisco Unified CM:
  • Use a specific account within the corporate directory to allow the Unified CM synchronization
  agreement to connect and authenticate to it. Cisco recommends that you use an account dedicated
  to Unified CM, with minimum permissions set to "read" all user objects within the desired search
  base and with a password set never to expire. The password for this account in the directory must
  be kept in synchronization with the password configuration of the account in Unified CM. If the
  service account password changes in the directory, be sure to update the account configuration in
  Unified CM.
  What exactly the right privileges for the user ??

  Can you provide the distinguished user string and the search base string? Perhaps the user is outside of the search base hence requires admin rights to read it.
  Chris

• How to create an user privileges in java

  Hello, I need help! I'm now creating a system based in Java which I need to create a user privilege for security purposes. I need to create 3 kinds of users, 1st is the administrator and the 2nd is a viewer access which can only view the software but can't edit anything and the last 1 is the encoder view. Please help!!! If there is a website which teach me about this, please post the website. Thanks!

  java programs can not run without a jvm. there may be some compiliers that can compile down to native code but i haven't heard of any good ones. your best bet is to download installanywhere, there is a freeware version, and it will wrap up your program along with a jvm and generate an .exe file. Keep in mind that the exe that it generates just starts up the jvm and your program but it will appear to be like any exe.

• Impossible to set up a TC with admin and users privileges

  Hi,
  Sorry for my english first. I'm not an english speaker...
  That's one week I'm playing with my Tc to try to set it up with admin and users privileges and and doesn't succeed to find a good way to do it....
  What I want to do: set up my Tc so that I'm an admin and can do whatever I want in the folders of each user. I want the user to have access to one folder with their name. Let's say I would like to user my TC like a usual network drive or NAS.
  What I discover: if I enable file sharing with accounts on my TC and define two users user1 and user2 with Read write privileges, user1 can see a folder user1 and put whatever he wants in it and there's a share folder for user1 and user2. BUT I cannot be admin on the TC when account filesharing is on. It means I cannot put anything in user1 folder beacuse I don't see user1 folder. It is just like if you have user accounts on TC you can just change the privileges but not defined an administrator. I'm able to see user1 folder for instance solely changing the filesharing back to secure shared disks "with time capsule password". If i do so I can see all the folders on the TC.
  But it's very annoying because it means that each time I want to put a file inside the folder of one of my user, I have to restart my TC "with time capsule password", put the file, set it up back to user account and restart again the TC.... Not really practical!
  Anyone got an idea how to use the Tc with user accounts (one admin and others users...)

  I forgot to mention that I tried also another method: giving guest access to TC to my two users but there are several problems here: first they can only read (if not they would have the same privileges as me) what means they can put any document in the TC. Second, they see all the folders on the TC and the idea is that they can only see the shared one....

• How to set user privilege

  i want to NEW USER excute procedure which
  is other schema!
  i want not to use prefix for execute procedure!
  how to set NEW user privilege?
  null

  Hi
  I create a user in a Database using SQL developer,
  so it is a Database User.
  Now I want to give this user access to some table in
  read , write mode and just let it to read some other
  tables.
  how i can do this ? SQL*Developer currently doesn't support security admininstration through the GUI, but you can use sqlworksheet to issue grant statements.
  grant select on mytable to otheruser1;
  grant select,insert,update,delete on mytable to otheruser2;
  It looks like that when we create a use SQL developer
  create a schema for that user , how i can make more
  users without creating Schema for each of them ?
  A schema is the collection of objects owned by a user. A user can exist without owning any objects.
  If you are using XE, you might be better off using the XE GUI to manage this.

• Oracle Security - Controlling the 'alter user' privilege

  Hi,
  1. DB 10.1.0.5 and 10.2.0.3
  2. "Admin User" needs to be able to change some users passwords in database.
  3. Create user adminuser - grant alter user to adminuser.
  4. DBAs will grant "approle" role to list of required users. DBAs will maintain control of who gets this role.
  4. Create system trigger on alter database - will prevent "adminuser" from changing passwords for accounts not authorized - Script does not fire for DBAs and anyone changing their own password.
  The trigger works as intended - the "adminuser" account can only change the specific set of users.
  Question: We've discovered that the "adminuser" can also use the "alter user" privilege to change default tablespace and tablespace quota. User should only be able to change password.
  Anyone have ideas on adding to the trigger to make sure the "adminuser" is only altering the password?
  I am playing with the ora_is_alter_column system event, thinking that maybe the password column in user$ would be changed but so far I can't get this to work: Here is my trigger --
  CREATE OR REPLACE TRIGGER SYS.PASSWORD_CONTROL AFTER ALTER ON DATABASE
  DECLARE
  DBACHK varchar2(50);
  USRCHK varchar2(50);
  BEGIN
  BEGIN
  -- Ensure users can change their own passwords --
  IF
  ora_login_user = ora_dict_obj_name
  THEN
  RETURN;
  ELSE
  -- Do not apply trigger to DBA group --
  select grantee into DBACHK from dba_role_privs where granted_role='DBA'
  and grantee = ora_login_user;
  IF
  DBACHK = ora_login_user
  THEN
  RETURN;
  END IF;
  END IF;
  EXCEPTION
  WHEN NO_DATA_FOUND
  THEN
  NULL;
  END;
  BEGIN
  select grantee into USRCHK from dba_role_privs where
  granted_role='DISCUSR' and grantee = ora_dict_obj_name;
  IF
  ora_dict_obj_type = 'USER'
  and ora_dict_obj_name = USRCHK
  ---- Need to check that only the password is being change -- the line below does not work
  and ora_is_alter_column('PASSWORD') = TRUE
  THEN
  RETURN;
  ELSE
  RAISE_APPLICATION_ERROR(-20003,
  'You are not allowed to alter user.');
  END IF;
  EXCEPTION
  WHEN NO_DATA_FOUND
  THEN
  RAISE_APPLICATION_ERROR(-20003,
  'You are not allowed to alter user.');
  END;
  END;

  user602453 wrote:
  Ed, thank you for your reply. But, let me explain in more detail.
  More detail is always helpful. ;-)
  >
  A specific user has been assigned as the application administrator. This admininstrator is responsible for reseting application user passwords. The DBA (me) recognizes the DB security issues so I am trying to craft a solution that will allow the application administrator the ability to change only the password of the application users.
  I see that this may be out your hands, but I'd still question the wisdom of having an apps administrator being the one to change user passwords. Especially if that were a model where the users couldn't change their own passwords. I might accept it if the app admin were acting more of a helper to a clueless user.
  Since the only way to change user passwords is to grant the 'alter user' privilege I need a system trigger to keep the user from changing non-application user passwords. Also, because I support nearly 100 production databases that support about 35 different applications I need a solution that can apply to multiple databases. I've been assured that there will only be one administrator charged with resetting passwords.
  So,
  Given those requirements, I have this trigger that will allow the the specific administrator to change the password of a specific set of user while not impacting DBAs or people wanting to change their own password. The way I've implemented this is to create a "dummy" role and assigning the role to the application user. The trigger will allow the administrator to change the password only if the user has the role assigned. The role has no privileges, it is just a way to "mark" the user as an application user. The administrator cannot grant this "dummy" role, only the DBA can.
  Hope that clears things up.I still see another problem in that it still comes back to the dba to create the apps user in the first place, and to assign that dummy role to the user. Also, I'd hope that this proposed apps admin user is a role assigned to a real user. If not, as I mentioned before, you have no real accountability to who is using that account. Simply saying "it shall not be shared", even if written in corporate policy, won't secure it, and you won't be able to trace it. Well, you could turn on auditing and capture the OS userid in the audit log.

• How to create user privileges in java

  Hello, I need help! I'm now creating a system based in Java which I need to create a user privilege for security purposes. I need to create 3 kinds of users, 1st is the administrator and the 2nd is a viewer access which can only view the software but can't edit anything and the last 1 is the encoder view. Please help!!! If there is a website which teach me about this, please post the website. Thanks!

  What do you mean by swing application? Well, it is just an application, not web based. After I finished the application, I'm thinking of networking the application but unfortunately, I think MS access don't support networking but it is an added feature. I'm using MS Access for my database because that is the only databse they have. I want to create an user privileges for security purposes but I don't know how to do it. Thanks for your reply!

• Unable to enter to user Privilege EXEC Mode with catalyst 1900

  Hello
  I am setting up some lab network . I have 10  Cisco 1900 series switches . But when i try to power up it shows the below message. I am not able to get into user privilege mode.
  Catalyst 1900 Management Console
  Copyright (c) Cisco Systems, Inc.  1993-1997
  All rights reserved.
  Ethernet address: 00-C0-1D-81-43-65
  1 user(s) now active on Management Console.
  Enter password:
  Catalyst 1900 - Main Menu
       [C] Console Password
       [S] System
       [N] Network Management
       [P] Port Configuration
       [A] Port Addressing
       [D] Port Statistics Detail
       [M] Monitoring
       [V] Virtual LAN
       [R] Multicast Registration
       [F] Firmware
       [I] RS-232 Interface
       [U] Usage Summaries
       [H] Help
       [X] Exit Management Console
  Enter Selection:
  could you pls tell me how can i get into the user mode such as 
  Switch1#
  Thanks
  Navaz

  There were two versions of software for the 1900 series switches, one that purely menu based configuration and management and the Enterprise version, which had an option to exit the menu and get access to a CLI. Note though that this is not Cisco IOS.
  There's a post, Catalyst 1900 Enterprise software, on the forum from 2002 that will give you some more details. As indicated in that post there's an option to upgrade to the Enterprise edition, but you obviously need to acquire the software.
  As per the reponses from Richard and Leo, these are very old switches and depending upon what you're trying to do with them, may not serve your purpose.
  Regards

• Activating "Check user privileges​" causes TestStand to not start properly.

  Recently we checked the box "Check User Privileges" under Station Options->User Manager.
  Now when we try to start the Teststand Sequence editor it opens but with all functionality grayed out so that no action whatsoever can be taken.
  If we make an attempt to use File-Login no new box appears but the GUI flickers for a millisecond as if a dialog was open and closed at almost the same time.
  If we try to start a sequence file directly from windows explorer it replies with an error message : "Could not open the sequence file(s).... Error code: -18360, User does not have required privilege".
  What has happened and does anyone have any good ideas about how to remedy this?

  Hi GiangV,
  You can change the "Check User Privileges" setting back to the default by modifying the TestExec.ini file, located by default at (C:\ProgramData\National Instruments\TestStand 2010\Cfg)
  With TestStand closed, change the line CheckUserPrivileges = False to CheckUserPrivileges = True
  Also, the login dialog issue can occur if the loginlogout sequence becomes corrupted (this would explain the flickering behavior).  To restore this sequence to its default state, you can do the following:
  Move the FrontendCallbacks.Seq file to a different location (such as my documents), located by default at (for TestStand 2010):
  C:\Program Files\National Instruments\TestStand 2010\Components\Callbacks\FrontEnd\FrontEndCallbac​ks.seq
   Run a repair install of TestStand to recreate the default version of the file
  Hope this helps!
  Al B.
  Staff Software Engineer - TestStand
  CTA/CLD

• Session require user privileges

  I am learning PL/SQ, might as well, learn it in a real environment, even tho at home I created a TEST environment too using Ubuntu 10G Express and Oracle Developer (runs on Ubuntu too)... anyways, when I press the ladybug, I get these errors, I am thinking that the DBA needs to grant me access, here is the error:
  I need to write a Rationale for access, and I don't want to sound like an idiot, what are these objects ? Are there any security concerns that a company would have to think about before granting me access ? I need to go through the right channels first!
  Thanks!
  Connecting to the database XXX.
  Executing PL/SQL: ALTER SESSION SET PLSQL_DEBUG=TRUE
  Executing PL/SQL: CALL DBMS_DEBUG_JDWP.CONNECT_TCP( 'X.X.X.X', '3819' )
  ORA-01031: insufficient privileges
  ORA-06512: at "SYS.DBMS_DEBUG_JDWP", line 68
  ORA-06512: at line 1
  This session requires DEBUG CONNECT SESSION and DEBUG ANY PROCEDURE user privileges.
  Process exited.
  Disconnecting from the database XXX.

  GRANT ALL ON TABLENAME TO USER;

• How to hide and show Omniportlet based on user privileges

  hi all
  I am trying to hide or show an Omniportlet based on user privileges, which means accessc control on portlet-level for Omniportlet. But I couldnt find out how to do it.
  According to Portal Developer's Guide:
  You can hide and show portlets built with Web Clipping and OmniPortlet on portal pages dynamically by using security managers. Although Web Clipping and OmniPortlet do not expose security managers through the user interface, you can apply them by editing their XML provider definition file.
  Question is: where can I find that XML file? Is this file accessible and configurable somewhere through Portal Enterprise Mgr?

  Hi,
  I don't think you can edit this file through Enterprise Manager. Atleast as far as I know. But its available on the server. I have a NT installation and I found it under:
  D:\oracle\Mid_tier\j2ee\OC4J_Portal\applications\portalTools\omniPortlet\WEB-INF\providers\omniPortlet
  You might want to restart the Portal application through OEM after you change this file.
  Hope this helps,

• Export schema's user privileges

  How to find the export schema's user privileges in originating database?

  If you have acces to the database where export has been taken, you can use dba_user_privs view to find out.
  Else, use imp with indexfile option to write the imp output to the file and look for it.
  Jaffar
  OCP DBA