Application-defined resources for MDBs

Similar Messages

• Define resource for Anonymous user in OES

  Hi all,,
  I am using wls-ssm.
  By default, OES protect all resources from our application.
  how to define some resources for anonymous user?
  With Regards,
  WP

  You can either define an OES policy to GRANT allusers group which includes anonymous or you can look at deploying this custom authenticator which will exclude WLS resources that typically rely on anonymous user:
  https://oes-sspi-providers.samplecode.oracle.com/

• "Could not get needed resources for application to be launched (id=-669)"

  I keep getting this message
  Setup Resourses Status
  Could not get needed resources for application [App name. edir path] to
  be launched (id=-669).
  Problem: Unable to connect to server [server name]
  I am able to browse to the server no problem as well as map a drive
  directly to it?
  I am not sure why I am getting this ?

  This is under the "Environment" portion of the "Run Tab"
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Support Forums Volunteer Sysop
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared either Novell or any rational human.
  <[email protected]> wrote in message
  news:[email protected]...
  > Craig where do I to determine that? I know it has to run as admin but I
  > am not sure if it is set like that...
  >
  >> Is the application configured to run "Normal", "Secure System User", or
  >> "Unsecure System User".
  >>
  >> Methods #2 and #3 require the workstation not the user to have rights
  > and
  >> require the use of UNC instead of a mapped drive.
  >>
  >> --
  >> Craig Wilson - MCNE, MCSE, CCNA
  >> Novell Support Forums Volunteer Sysop
  >>
  >> Novell does not officially monitor these forums.
  >>
  >> Suggestions/Opinions/Statements made by me are solely my own.
  >> These thoughts may not be shared either Novell or any rational human.
  >>
  >> <[email protected]> wrote in message
  >> news:[email protected]...
  >> > It is associated with the user and I can get access to the exe via
  > their
  >> > PC using their login
  >> >
  >> >> ,
  >> >> > Could not get needed resources for application [App name. edir
  > path]
  >> > to
  >> >> > be launched (id=-669).
  >> >> >
  >> >> > Problem: Unable to connect to server [server name]
  >> >> >
  >> >> > I am able to browse to the server no problem as well as map a drive
  >> >> > directly to it?
  >> >> >
  >> >> -669 is "wrong password" IIRC. Is this app associated to user or WS,
  > ie
  >> > is
  >> >> t trying to access that path wth the User's or Workstation's
  >> > credentials?
  >> >>
  >> >> - Anders Gustafsson, Engineer, CNE6, ASE
  >> >> NSC Volunteer Sysop
  >> >> Pedago, The Aaland Islands (N60 E20)
  >> >>
  >> >> Novell does not monitor these forums officially.
  >> >> Enhancement requests for all Novell products may be made at
  >> >> http://support.novell.com/enhancement
  >> >>
  >> >> Using VA 5.51 build 315 on Windows 2000 build 2600
  >> >>
  >> >
  >>
  >>
  >

• How 2 define alias for WD Component / Application

  Hi all,
  There are methods in IWDDeployableObject to get WD Component / Application (WDDeploableObjectPart) by alias.
  But how to define alias for them? Where should definition be placed and what is the format? Could anyone share working example or point to related documentation?
  VS

  Noufal & Bharathwaj,
  Probably there is a confusion here: HTTP aliases are related only to corresponding service, and affects how URL is composed / interpreted.
  On other hand, aliases I mentioned are related to  deployment service (in this case: lookup deployable object part by alias). By the way, they cover both WD applications and <b>components</b> (probably component interfaces and more).
  Valery Silaev
  EPAM Systems
  http://www.netweaverteam.com/

• Regarding Define Server for Resources for ESS

  Hi all:
          whening Define Server for Resources for ESS, it askes me input  the technical name of a server where you store resource objects. in the case, the server should Portal , right?  what's else,  can you please tell me  where find the  the technical name of Portal?   is it what we register in ECC's SLD ?  can you please give me a hint
  thank you very much .
  Edited by: jingying Sony on May 10, 2010 5:31 AM

  the Portal Url only has the Portal host name, maybe it is not the technical name ?  in the view of " define server" , the field is call Server Key, which can also be called as technical name of the server.
  could you please give hint  ?
  Edited by: jingying Sony on May 10, 2010 6:52 AM

• Problem about user-defined resource in RAC

  i do what doc says ,to create user-defined resource ,
  [oracle@rac1 ~]$ crs_profile -create network1 -t application -a /opt/ora/product/10.2.0/crs_1/bin/usrvip -o oi=eth0,ov=192.168.40.221,on=255.255.255.0
  [oracle@rac1 ~]$ crs_register network1
  [root@rac1 bin]# ./crs_setperm network1 -o root
  [root@rac1 bin]# ./crs_setperm network1 -u user:oracle:r-x
  [oracle@rac1 ~]$ crs_start network1
  Attempting to start `network1` on member `rac2`
  Start of `network1` on member `rac2` succeeded.
  $ crs_profile -create chk_slp -t application -B /opt/action_chkslp -d "test for crs" -r
  network1 -l application2 -a /opt/chkslp.scr -o ci=5,ft=2,fi=12,ra=2
  the command do not create /opt/chkslp.scr file ,so when i run crs_register chk_slp ,it will fail
  [oracle@rac1 admin]$ crs_register chk_slp
  Action Script `/opt/chkslp.scr` does not exist!
  CRS-0213: Could not register resource 'chk_slp'.
  i do not know why,anyone can help

  Hi Jigar,
  when you have selected a project and a subproject your first screen
  will be the personal menu of the LSMW. You will find here a step-by-step-wizard
  which you have to execute in sequence. If a step is executed the cursor is automatically positioned on the next step.
  Choose 'Maintain field mapping and conversion rules'.
  If the mapping is displayed set the cursor on the field you want to edit.
  Press the button 'Rule' on the button bar above the mapping.
  You will get a Popup where you can select 'User-defined routine (reusable)' (that is the last radio button).
  Regards,
  Ralf
  > But how to map input parameter  of sub routine with
  > source field.

• How to defining mimetypes for project?

  Which is the way to define mimetypes for a project?

  Stephen,
  Now I know that setting this signal is not possible for this resource.
  But I always thought that the less threads in process are the less CPU consumption is, which means that not all cpu-shares are used?
  So if I have the case that application server has a control loop which
  is responsible for finding the optimal size of thread pool, then it can rely on SIGXRES which indicates that cpu-shares threshold is exeeded and size of thread pool shouldn't be increased.
  Anyway if signals are not supported threre is a possibility to analyze syslog messages which for me is unconfortable.
  I appreciate your help!
  marcin

• Defining resource allocation

  Standard use of the tool would be when it's not clear exactly who is going to be doing a piece of work, use a role allocation - when it IS clear, use the specific resource.
  Is there any way of defining resource allocations a little further to say - 'we think it's going to be Jim, but it's not been agreed yet'
  Resource managers will be using the Web interface for P6 release 6.1 - which AFAIK is not customisable in terms of adding colums to the resource views that are avaialble, so we can't create a user defined code there.
  the problem is quite simple - people not following process and going over resource manager's heads to source their own resource. Presumably we could turn off the ability to assign resources to activiites, but i'd be interested in other options / suggestions, however simple or clever.
  David

  glad i could help. just to be on the safe side.. look up resource security in the application help (desktop/ web clients) for details. quite different from user security profiles for global & project data.
  basicly, resource security restricts user access to a resource node (such as a dept, team, etc) and all resources (individuals) underneath for direct assignment. it is off by default for new users. if you so choose, by activating it (the checkbox) for any/all users without assigning them access to any resource node, they can no longer assign resources onto their project activities (just roles).
  if user discipline is a serious issue, you may want to re-check global profiles and deny certain privileges on global data as well.
  best of luck
  btw, you should really consider upgrading at least to P6v7. i remember even 6.2.1 had a few nice new features and bugs fixed compared to 6.1. not to mention P6v7 (with or without SP1 or 2). as you probably know current version is now 8.1. this is even more relevant for you as web-based collaboration features have picked up pace after 6.1 and you seem to need and use them.
  Edited by: Tibi on Jun 2, 2011 6:13 PM

• Re: Running the same (Forte) application multiple times -for different

  Hi
  We had the same problem - how to deploy a number of identical applications, using each their own db.
  (for training).
  The solution we used is to wrap the entire application into different applications by using a very small
  module called KURSUS01, KURSUS02 etc, that did nothing but call the start procedure of the main app.
  Then in the dbsession connect, we made a call appname to get the application name, and appended the
  first 8 chars to the dbname. Thus our dbnames now points to logicals name: rdbdataKURSUS01, rdbdataKURSUS02 etc.
  All this allows us to deploy the identical apps in the same env, or change one version, and run both the old
  and new program on the same pc and server at the same time (eg. KURSUS01 and KURSUS02).
  I also think this is a kludge - but it works nicely!
  Jens Chr
  KAD/Denmark
  -----Original Message-----
  From: Haben, Dirk <[email protected]>
  To: 'Soapbox Forte Users' <[email protected]>
  Date: 15. januar 1999 09:41
  Subject: Running the same (Forte) application multiple times - for different business clients.
  Hi All
  We have a number of different business clients all willing to use our
  application.
  The (forte) application is to run on our machines etc for these (business)
  clients.
  All (business) clients will have their data kept in separate Oracle DBs
  (instance).
  The problem now is that the entire (forte) application is written using
  DBSessions.
  Now, depending on what business client needs to be serviced (so to speak) we
  need to attach to the right DB - or use the "right" SO.
  The two options we can think of are:
  Option1:
  Programatic change to somehow "know" what (business) client (DB) I'm talking
  about and then use the right DB.
  Pro:
  Only one forte environment to maintain
  Can run multiple (business) clients on same PC at the same time
  Con:
  Requires many program changes
  bending O-O rules(?)
  can't dynamically name SOs so can it be done at all? (ResourceMGRs maybe?)
  Option2:
  Use separate environments! One for each business client.
  Pro:
  More defined separation of app and data,
  SLA-easy
  Con:
  Maintain "n" number of environments
  Can only run the application for one environment (business client) at a time
  on one PC - Big Negative here!
  Not knowing any feasible solution to option 1 (without much code changes and
  developer moaning) I would go for option two; as I have already worked on
  multi-environment setups on VMS back at the Hydro (hi guys).
  I would appreciate any comments from anyone who has solved this problem.
  How, Why Pro Con etc.
  TIA,
  Dirk Haben
  Perth, WA
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

  Hi
  We had the same problem - how to deploy a number of identical applications, using each their own db.
  (for training).
  The solution we used is to wrap the entire application into different applications by using a very small
  module called KURSUS01, KURSUS02 etc, that did nothing but call the start procedure of the main app.
  Then in the dbsession connect, we made a call appname to get the application name, and appended the
  first 8 chars to the dbname. Thus our dbnames now points to logicals name: rdbdataKURSUS01, rdbdataKURSUS02 etc.
  All this allows us to deploy the identical apps in the same env, or change one version, and run both the old
  and new program on the same pc and server at the same time (eg. KURSUS01 and KURSUS02).
  I also think this is a kludge - but it works nicely!
  Jens Chr
  KAD/Denmark
  -----Original Message-----
  From: Haben, Dirk <[email protected]>
  To: 'Soapbox Forte Users' <[email protected]>
  Date: 15. januar 1999 09:41
  Subject: Running the same (Forte) application multiple times - for different business clients.
  Hi All
  We have a number of different business clients all willing to use our
  application.
  The (forte) application is to run on our machines etc for these (business)
  clients.
  All (business) clients will have their data kept in separate Oracle DBs
  (instance).
  The problem now is that the entire (forte) application is written using
  DBSessions.
  Now, depending on what business client needs to be serviced (so to speak) we
  need to attach to the right DB - or use the "right" SO.
  The two options we can think of are:
  Option1:
  Programatic change to somehow "know" what (business) client (DB) I'm talking
  about and then use the right DB.
  Pro:
  Only one forte environment to maintain
  Can run multiple (business) clients on same PC at the same time
  Con:
  Requires many program changes
  bending O-O rules(?)
  can't dynamically name SOs so can it be done at all? (ResourceMGRs maybe?)
  Option2:
  Use separate environments! One for each business client.
  Pro:
  More defined separation of app and data,
  SLA-easy
  Con:
  Maintain "n" number of environments
  Can only run the application for one environment (business client) at a time
  on one PC - Big Negative here!
  Not knowing any feasible solution to option 1 (without much code changes and
  developer moaning) I would go for option two; as I have already worked on
  multi-environment setups on VMS back at the Hydro (hi guys).
  I would appreciate any comments from anyone who has solved this problem.
  How, Why Pro Con etc.
  TIA,
  Dirk Haben
  Perth, WA
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

• Schedule parallel activities on different resources for the same period

  Hi,
  I am trying to create a PPM where I need to define parallel activities on different resources for the same time period.
  For example:
  Input prod: P1
  Output prod: O1
  Now I define a dummy activity A1 to define this consumption i.e. 1 PC of P1 gives 1 PC of O1.
  Now I have got 3 resources R1, R2, R3.
  I define 3 activities A2, A3, A4 for these resources.
  Now I have to arrange activities A2, A3, A4 such that they start simultaneouly after activity A1 and also end simultaneouly.
  The Fixed duration for all the resources is 1 week.
  My requirement is that out of these resources system should plan for demand considering the resource with minimum capacity
  i.e. kind of bottleneck resource.
  I am using CTM engine for planning.
  I have defined A1 as predecessor for all the 3 activities A2, A3, A4 and after completion all the activities have a dummy successor activity  S.
  But this setting is not working and PPM is not getting exploded, If I use a normal linear relationship between activities it works fine but my requirement is not getting satisfied.
  Can anyone please help me in this case or suggest some alternate method.
  Thanks & Regards,
  Sanjog Mishrikotkar

  Hi,
  You cannot use the old solman key as systems are on different server.
  I think you have to delete the old Dev system and then generate new solman key.
  Thanks
  Sunny

• FAQ: What are the best resources for Premiere Pro CS6?

  Here are high quality resources for troubleshooting and tutorials related to Premiere Pro CS6.
  Premiere Pro CS6 troubleshooting articles
  Issue: I'm having trouble downloading and installing Premiere Pro CS6. What do I do?Answer: See troubleshooting documents, post in the appropriate forum, or contact support.
  More info: http://blogs.adobe.com/aftereffects/2013/09/troubleshooting-issues-with-downloading-and-in stalling-after-effects.html
  Issue: What are the system requirements for Premiere Pro CS6?See this article: http://helpx.adobe.com/premiere-pro/system-requirements.html#Adobe%20Premiere%20Pro%20CS6% 20system%20requirements
  Issue: Why won't Premiere Pro CS6 play back AVCHD media?Answer: Update to Premiere Pro CS6 (6.0.5). Previous versions of CS6 had this issue.
  More info: http://blogs.adobe.com/premierepro/2013/08/premiere-pro-cs6-6-0-4-update.html
  Issue: Does Premiere Pro CS6 work with OS X 10.9 (Mavericks)?Answer: Yes, make sure you update to Premiere Pro CS6 (6.0.5)
  More info: http://blogs.adobe.com/premierepro/2013/10/premiere-pro-and-mac-os-x-10-9-mavericks.html
  Issue: Is there a trial available for Premiere Pro CS6?Answer: Yes, subscribe to the free version of Creative Cloud, then download the trial.
  Issue: I'm having unexpected behavior in Premiere Pro CS6 and want to trash preferences. How do I do that?Answer: See this blog post: http://blogs.adobe.com/genesisproject/2011/02/premiere-pro-cs5-maintenance-two-great-tips. html#more-537
  Issue: I'm getting errors related to QuickTime. What do I do?Answer: See this blog post for troubleshooting items related to QuickTime: http://blogs.adobe.com/aftereffects/2011/02/troubleshooting-quicktime-errors-with-after-ef fects.html
  Premiere Pro CS6 tutorials
  Issue: I'm new to Premiere Pro CS6. How do I get started?Answer: See this blog post: http://blogs.adobe.com/kevinmonahan/2011/05/20/getting-started-with-adobe-premiere-pro-cs4 -cs5-cs5-5/
  Issue: I'm switching to Premiere Pro CS6 from Final Cut Pro 7. Are there any tips for me?Answer: See this article by Scott Simmons on Pro Video Coalition: http://provideocoalition.com/ssimmons/story/105_adobe_premiere_pro_cs6_questions_answered
  Issue: I just switched to Premiere Pro CS6 from Final Cut Pro 7. Are there any missing features between the applications?Answer: See this article: http://provideocoalition.com/ssimmons/story/10_fcp_things_fcp_editors_might_be_missing_in_ adobe_premiere_pro_cs6
  Issue: Are there any good, free Premiere Pro CS6 tutorials available?Answer: See these tutorials: http://library.creativecow.net/series/Premiere-Pro-Basics-CS6--above-with-Andrew-Devis
  Issue: How do I optimize Premiere Pro CS6 for best performance?Answer: See this article: https://www.video2brain.com/en/courses/after-effects-premiere-pro-performance-workshop
  Issue: How do I operate the multicam function in Premiere Pro CS6?See this article: http://provideocoalition.com/ssimmons/story/working_with_multicam_in_adobe_premiere_pro_cs 6

  Hi ..
  GO to website www.Apache.org
  down load Apache tomcat server .
  install it ...
  Go to sun site
  c and download jsp tutorials ...
  Go to
  (www.coreservlets.com)download book core servlets
  u can find lots of nice books supported by sun on sunwebsite ...
  Now u r equipped ....
  start doing everything (R &D) on server ..
  Join This JSP forum and ask any thing u didnt got ..or learn or get confused..
  I thing once u go through this ..it will do all what u want
  Hope it helps
  Best of Luck :)
  regds & take care

• "Missing signed entry in resource" for only some users

  Hi,
  I have recently updated my .jnlp file and .jar file and added some extra jar resources in the new jnlp.
  Since this new version, some users receive an error saying
  "Missing signed entry in resource:" for one particular resource.
  While for other users it works fine.
  I have signed the jar with jarsigner.
  Does anyone have an idea what could be the problem here?
  Thanks very much in advance,
  Best regards,
  Stein Aerts,
  University of Leuven, Belgium

  I remember hearing something like this, and had to do with :
  1.) what version of jarsigner was used to sign the jar, and
  2.) what version of JRE was used to validate the signed jar file on the client.
  (including US only vs. International version of JRE)
  For the jar that gets this error:
  Does it have any empty directories in it., or does it have entries with non-english characters in the resource names ?
  What version of the JDK was used to run jarsigner to sign this jar, and what jre is the application running on ?

• Define Actions for Document Output - Activate / link std. Interactive Forms

  Hello,
  The transactions 'Actions for Document Output' help tells me the following:
  If the processing type External Communication is used for document output using SAP Interactive Forms, the following configuration needs to be done:
  SRM Document (Action Profile)      Form Name            Format
  Purchase Order (BBP_PD_PO)      BBP_PO_ADB       BBP_PO_ADB_PRN
  The interactive forms are available in our SRM system. Still up on searching the forms for f.e. the Purchase Order definition it can not be found. Only smartforms are listed. How come?
  Has the setting in transaction 'PDF-based Forms for SAP ERP' -> 'Activate PDF-Based Forms' got anything to do with this?
  Kind regards,
  Tim

  Hi Jay,
  I tried searching for it where you should link the form with the BUS object.
  Following path (PO): Cross-Application Basic Settings -> Set Output Actions and Output Format ->  Define Actions for Document Output -> Action Profile: BBP_PD_PO -> Tab: Processing Types -> Smart Forms Print -> Search for Form doesn't include the Interactive forms.
  I just realised: I need to add a new entry 'External Communication', would this entry be applicable for all communication methods? Thus fax + print + e-mail? And how did you go about setting it up, i suppose adding an 'external communication' entry next to the smartform entries in the std. SAP BBP_PO would be double (system wouldn't know which 1 to choose).
  Kind regards,
  Tim

• " Server Error [2009]: Failed to allocate resources for results data" IR Error

  Hi,
  We recently moved form 9.3.3. to 11.1.2.3 and we run only IR and SQR reports. When we run few IR reports we get the below error.
  "Script(x):uncaught exception:  Server Error [2009]: Failed to allocate resources for results data."
  Any thought on what could be the cause. I changed the DSA setting, HTTP config settings for timeouts. I followed a oracle Knowledge base document to make sure I'm setting the right parameters still it doesn't work.
  Any advise will be appreciated.
  Thank you.

  Hi,
  Can you please try to increase the timeout settings for workspace and check the issue.
  You can refer following KM article for more information :
  Hyperion Interactive Reporting (IR) When Processing a BQY in Web Client and iHTML Error: "Server Error [2009] Failed To Allocate Resources To Results Data" [ID 1089121.1]
  To try in 11.1.2.x check these settings in workspace :
  Please go to Navigate -> Administer -> Reporting and Analysis -> Web Applications -> Right click on RA_FRAMEWORK_LWA and select Properties. A
  Window pops up. In that, go to Applications tab and then go to Data Access Servlet. There are two values there
  i) Hyperion Intelligence Client Polling Time(seconds) => Set this to zero
  ii) DAS Response Timeout => Set this to 3600
  Restart the R&A services and WebApp after this change.
  Hope this information helps.
  regards,
  Harish.

• Setting Application Context Attributes for Enterprise Users Based on Roles

  Hello,
  We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
  I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
  -- For each record in my RoleSitePrivileges table, set
  --   an attribute named 'SITE_PRIVILEGE_<SiteID>'.
  --   If the current user has been assigned a role matching
  --   the value in the 'RoleName' field, set the corresponding
  --   attribute to 'Y'... otherwise, set it to 'N'.
  FOR iPrivRec IN (SELECT RoleName, SiteID
                     FROM RoleSitePrivileges
                     ORDER BY SiteID)
     LOOP
        SELECT COUNT(*)
          INTO roleExists
          FROM dba_role_privs
          WHERE granted_role = UPPER(iPrivRec.RoleName)
            AND grantee = USER;
        IF roleExists > 0 THEN
           DBMS_SESSION.set_context(
                       namespace   => 'my_ctx',
                       attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                       value       => 'Y');
        ELSE
           DBMS_SESSION.set_context(
                       namespace   => 'my_ctx',
                       attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                       value       => 'N');
        END IF;
     END LOOP;To finish things off, I created a security policy function for the table which returns the following:
  RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
                       FROM session_context
                       WHERE attribute LIKE ''SITE_PRIVILEGE_%''
                          AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
  I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
  I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
  So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
  Thank you!

  Hello,
  We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
  I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
  -- For each record in my RoleSitePrivileges table, set
  --   an attribute named 'SITE_PRIVILEGE_<SiteID>'.
  --   If the current user has been assigned a role matching
  --   the value in the 'RoleName' field, set the corresponding
  --   attribute to 'Y'... otherwise, set it to 'N'.
  FOR iPrivRec IN (SELECT RoleName, SiteID
                     FROM RoleSitePrivileges
                     ORDER BY SiteID)
     LOOP
        SELECT COUNT(*)
          INTO roleExists
          FROM dba_role_privs
          WHERE granted_role = UPPER(iPrivRec.RoleName)
            AND grantee = USER;
        IF roleExists > 0 THEN
           DBMS_SESSION.set_context(
                       namespace   => 'my_ctx',
                       attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                       value       => 'Y');
        ELSE
           DBMS_SESSION.set_context(
                       namespace   => 'my_ctx',
                       attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                       value       => 'N');
        END IF;
     END LOOP;To finish things off, I created a security policy function for the table which returns the following:
  RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
                       FROM session_context
                       WHERE attribute LIKE ''SITE_PRIVILEGE_%''
                          AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
  I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
  I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
  So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
  Thank you!