Account role, privileges

Similar Messages

• Java Database User Role Privileges Framework

  Hello
  I am looking Java Framework which automatic generates Java Code for
  Database User Role Privileges Administration.
  Like in database we have a table of Users
  Now we have table of Author, Book etc. (Related to Library)
  Now i want to give insert permission to user1
  update and delete permission to user2 etc.
  Is there any framework related
  Remeber i do not need User Role Privileges in database.
  I need a framework to do this job.
  Thanks in Advance.

  There are tables created under the SAPSR3DB or SAP<SID>DB schema with extension .UME, such as SAPSR3DB.UME.ACL_ACL or SAPSR3DB.UME_ACL_ACLENTRY for AS-JAVA.
  There are other tables with the UME extension too.
  Regards,
  Anwar

• View Specific Account Roles

  Hello,
  I'm wondering as an admin if there is an easy way to view the application as if I were under a different and specific account role, similar to a ghost user. I basically want to see whatever the end user would see when they log into the system, including the contacts/accounts they will have access to. I would like to test several of the territory rules, book management, and user management that are enabled to ensure that the correct account information is being forwarded onto the users. Thank you, Mitch

  Hello,
  The Ghost functionality was requested at the last CAB meeting but this has not made it into R17 im sorry. I believe something similar has been put on the roadmap but currently i cannot tell you when this will be deployed.
  I understand your issues here as you would have to change alot of default values to see what they see at the moment there is no quick fix.

• Right role/privileges for KVM Access only in UCS

  Hi
  I am making some locally Authenticated Users for some people at work.
  They only need to access KVM and do things there.
  What role/privileges do I need to set on the user?

  Thank you for your answer.
  I have looked into the thread, and was thinking about method #4.
  I have created a user under Locally Authenticated Users and if I set the role Operations I get this message after pressing launch under KVM launch manager.
  If I type the same username and password, I get login failed.
  If I add the role Server-profile to the user, I can login with no issue. But then I am afraid that I give to much privileges to the user.
  I'm using a Management IP Pool, so I don't know if the other methods works better. I think it is difficult to know the IP address, and maybe the adress can change.
  The best is, when I add a server to UCS, the user can find the server KVM by himself, and I don't need to find the IP address and give it to him.
  Maybe I am way off here, so please help me:)

• Provision Unix accounts/roles/groups to Directory server using OIM

  Hi,
  I have a requirement to integrated large number of Unix servers with LDAP (OID or Sun Directory Server) for Centralized Authentication and Authorization and to provision Unix accounts/roles/groups to Directory server using OIM, I have following queries.
  1. If using PAM_LDAP then what are the schema changes required in ldap to support it ?
  2. Does OIM's out of box connector for OID or Sun Directory Server supports Unix accounts/roles/groups provisioning to Directory server ? If not, can it be extend ? or do I need to write a custom connector ?
  3. If I use Oracle Authentication Services for OS for centralized unix account management then OIM provisioning is same as #2 or different ?
  Thanks
  Nitin

  yes. iPlanet connector support for multivalued attribute. Go through the connector doc. It will let you know how to extend its functionality.
  --nayan                                                                                                                                                                                                                                                                                                               

• Roles/Privileges

  I am creating a new repository for OEM on 8i. I first created a sysdba user to manage the repository. When attempting to use the configuration assistant I run into the error that the user I created for the repository does not have the roles or privileges necessary to create the oem repository. Can anyone please tell me what roles/privileges the sysdba user is lacking to create this repository? Thank you.

  select * from dba_sys_privs where grantee='ROLENAME';
  select * from dba_role_privs where grantee='ROLENAME';
  select * from dba_tab_privs where grantee='ROLENAME';

• Can't inherit role privileges to user accounts in targets.

  Hello,
  We have the role MXGR0001 and it has a privilege associated (PRIV:GROUP:AD:CN=UMonterrey,OU=Security,OU=Groups,OU=Monterrey,OU=Mexico,DC=mabenet,DC=corpmabe,DC=com)
  as is indicated on u201CMember Privilegesu201D tab. When we see the privilege properties, it says the role is a member from this privilege.
  In the u201CTasksu201D tab of the privilege, we have associated a task in the part of u201CProvisioning Tasku201D, our task is u201CCreateADSUseru201D, the reason of this association was because at the moment of the assignation of the role, the task associated to the privilege could be executed and the privilege could be associated to the user.
  Note: The Active Directory user has static values just to see the association with the privilege.
  For example, we wanted to associate the user 1000611 with the role MXGR0001, it works fine, but when I look for the created user in Active Directory in the tab "Member of" of my user, the privilege is not associated. Do you know why this is happening? or do you know how to associate privilege to an Active Directory User from the Identity Center, which are the fields or tasks that I need to change into the Privilege or Role?
  I hope you could help me with this!
  Regards!
  Edited by: Andrés Alavez on Nov 8, 2011 11:13 PM

  That's a bit unusual, and perhaps if you start the computer from the OS X
  Install disc and run Disk Utility's first-aid from that version on the booted
  install disc; have it 'repair disk' and also 'repair disk permissions.'
  Sometimes, just starting in SafeBoot, then 'repair disk permissions' from
  Disk Utility in the Utilities/Applications folder (see Go in Finder menu,
  choose Utilities folder; find Disk Utility; launch) and when it is done,
  quit Disk Utility and restart and allow the computer to boot normally.
  This may resolve the user account issue; or it may not.
  See various instructions (can be used outside of context)
  "Resolve startup issues and perform disk maintenance
  with Disk Utility and fsck" - http://support.apple.com/kb/TS1417
  In a worse-case scenario, an "archive & install" and update may be
  required, if an issue cannot be resolved through other means. More
  would need to be known about the machine, its use & status before
  suggesting any one course of action. There may be something else
  behind the symptom you described.
  Good luck & happy computing!

• Role/privileges to make alter another user's account !

  Dear Friends ,
  I am using Oracle10g R2 database . In oracle , I want to give a special permission which is
  "alter user username account unlock"to a normal user . i.e., a normal user of oracle database has the right to alter all other user's account unlock permission if necessary .
  For this reason , which permission/privileges I need to give that user , is it possible to do ?
  Edited by: shipon_97 on Oct 21, 2009 9:35 AM
  Edited by: shipon_97 on Oct 21, 2009 9:36 AM

  It's been already discussed in other threads but with a focus on changing users' passwords. Same applies to account lock status.
  In short, with user sys or system, create a procedure that inputs an account name and unlocks the account. Grant execute on this procedure to your designated user.

• General Questions about Oracle Roles/Privileges

  Hi,
  I have a few questions I'm hoping to get clarification on:
  1 - Is there a view similar to DBA_SYS_PRIVS/DBA_TAB_PRIVS that shows which system privileges have been assigned to users/accounts ONLY, filtering out roles? If not, how would one go about obtaining this list?
  2 - Is there a view similar to DBA_ROLE_PRIVS that shows also just shows which users have been assigned to which roles ONLY, again filtering out roles? If not, how would one go about obtaining this list? I assume some type of recursion has to be done here to flatten out the roles.
  My end goal is this:
  - List of all users and directly assigned system privileges only
  - List of all users and directly assigned table/object privileges only
  - List of all users and all roles (if role X contains role Y, this list should show user has role X and Y)
  Many thanks!

  1 - Is there a view similar to DBA_SYS_PRIVS/DBA_TAB_PRIVS that shows which system privileges have been assigned to users/accounts ONLY, filtering out roles? If not, how would one go about obtaining this list?
  it's simple:
  select grantee, privilege from dba_sys_privs where grantee in (select username from dba_users);
  select grantee, owner, table_name, privilege from dba_tab_privs where grantee in (select username from dba_users);
  2 - Is there a view similar to DBA_ROLE_PRIVS that shows also just shows which users have been assigned to which roles ONLY, again filtering out roles? If not, how would one go about obtaining this list? I assume some type of recursion has to be done here to flatten out the roles.
  select grantee, granted_role from dba_role_privs where grantee in (select username from dba_users);
  select grantee, granted_role from dba_role_privs where grantee in (select role from dba_roles);Hope this helps...

• Reconciliation account role in vendor master

  Please provide the detail about role of reconciliation a/c in vendor master

  Reconciliation account in typical accounting terms would " Control account ".
  Means the creditors account in which you want to show the outstanding .
  like Creditors for Materials or Creditors for services or Creditors for other purchase etc.
  So let say you are posting any invoice of expense then system would pass the entry like this :
  Expense A/c Dr. 100
  To, Creditors materials A/c 100 .
  So in sundry creditors it would show as Rs 100 outstanding and in subledger that is vendor account you will see that 100 Rs. as open item .
  Cheers ,
  Dewang

• Possible values of an account role are missing

  Dear SAP Collegues, I'm working with CRM 7 and I have a problem updating some fields of the account.
  In GUI we can change the role of the BP, now in UI at the ROLE assignment block I can't see the possible values to assign to the bp as a valid role.  The configuration in SPRO is ok and I can see the values in the GUI but no in the UI. The role field doesn't show a match code.
  Thanks in advance by your help.

  Thanks for your answer Christophe. I read the note but the same does not apply since I'm not using the functionality of the life cycle of the account. There are currently no set group exclusion. The problem appear when I'm trying to assign a new role. In Accounts at the assignment block named ROLE  I can see the current role but I can't  add a new one since the values ​​are not showed  and the match code is not visible too.
  In SAP GUI BP transaction the behavior is the expected. 
  I am working on CRM 7.0
  Edited by: Jorge Anzola on Sep 2, 2011 2:39 PM

• SQL query won't compile based on DB role privileges

  Can someone give me an explanation why the SQL query in a report won't compile if an object is owned by another schema and the parsing schema is given privileges to the table via a role grant?
  Or to phrase it another way, why do we have to make direct grants on tables to the parsing schema for reports based on SQL queries that access tables in other schemas?
  Thanks in advance,
  Paul

  Paul - In Oracle, roles are not enabled during the execution of definer's rights stored procedures which is the environment in which all Application Express application code is parsed/executed. There are scads of posts about this topic in this forum.
  Scott

• Workflow on accounts role

  hi,
  can we creat workflow sent to the Account Team or to particular people on the account team based on roles
  regards

  Same problem. Any solution found?
  in2brain

• Roles/Privileges provisioning to unrelated systems

  Hello IDM Gurus,
  I set up an IDC config and connected it to 3 SAP target systems, say A, B and C. Each of the repositories/target systems have linked up to default provisioning/deprovisioning/modify tasks from the SAP provisioning framework. I have imported privileges from each of these systems; I have contained a basic user privilege from each target system within its own simple role through the role members section of each privilege. Provisioning the role related to a specific system should ideally provision to only the related system; instead I'm encountering the weird error of provisioning Role A (containing privilege A) to a user but instead of just provisioning to system A, the user gets provisioned to systems A, B and C. This made absolutely no sense to me, so I went through and checked to see if there were any rogue links between the other privileges and roles, but there were none. I tried to simplify things and tried provisioning just the privilege directly to the user and it did the same thing; provisioning privilege A to a user ends up automatically provisioning the user to system A, B and C.
  Are the repositories messed up? Should they be created from scratch?
  I'm stumped; any ideas/suggestions?
  i would appreciate any help with the issue! Thanks in advance!
  Best regards,
  Sandeep

  Thanks a lot for your quick response Paul!
  I checked the privileges as well as the initial load jobs and the privileges are set to Inherited/None for Provision and Deprovision and already set to None for the Modify task; this is happening as you suggested through our initial load jobs which set the Modify Task to -1. Unfortunately, adding a privilege still seems to be triggering the other systems' provisioning tasks as well; add the privilege for system A and the "Group System Provisioning" task kicks off and fires all 3 systems provisioning tasks.
  Is there any other property on the privileges or repository that I should be checking or fixing in order to prevent this behavior? Or is there anything else that I haven't thought of checking that could be causing this behavior?
  I would really appreciate any ideas/suggestions.
  Thanks much for your time and help!
  Cheers!
  Sandeep

• Roles privileges question

  Version Info: Oracle version 11gR2 running on windows server 2008.
  I have a question on something that i didnt understand with regards to a role.
  I have a table called abc owned by a schema called MainSchema. I created a role in this schema called updateweb which has an update privilege granted to abc table.
  grant update on MainSchema.abc to updateweb; I granted the update privilege on the above role to another schema called webusers.
  grant updateweb to webusers; However when i run an update statement on behalf of the schema webusers on the table abc, from an asp.net webpage, i get an ora-1031 insufficient privileges.
  However if i directly grant like this
  grant update on mainschema.abc to webusers;         (from mainschema) it works.
  Why doesnt it work if used from a role???
  Thanks.

  I don't understand why almost everyone here
  - refuses to read documentation
  - refuses to use Google
  - refuses to use the 'Search' link
  - doesn't read about the Etiquette in this Forum, which includes you should consult documentation prior to posting
  Assuming the context of your unknown update statement is a stored procedure
  this question has been asked a gazillion times by people as equally lazy as you.
  It has also been answered a gazillion times by people called 'volunteers'.
  The answer has always been the same
  As roles are volatile, they are disabled during compilation of stored procedures etc.
  What works is
  - the stored procedure is in the same schema as the affected table, execute privilege can be given to a role
  - the procedure is created with 'authid current_user'
  - the worst solution: access is granted directly
  What is so special about you you think you are the only one with this non-issue?
  Sybrand Bakker
  Senior Oracle DBA