Authorization Scheme vs. "Authorization Scheme"

Hi,
I've just completed building four Authorization Schemes for my app; is_admin, is_pm, is_user, is_read mapping to my concept of roles for admin, pm, user and read-only. Pretty self-explanatory and I set them up across my app so they could perform their various duties. For example, I have a page that all four roles can view, but each role sees a subset of the entire page. Most of what gets hidden as you go down the line of authorization are buttons to add/edit/delete content and some small regions of specialized content.
Each scheme calls a function which in turns make a query to get the appropriate result. So for my main page there are 24 checks to see if the current user has the rights to view certain things. 24? Wow!
So I started thinking (and searching this blog) to find a better way to do that. I didn't really come up with a "better way" but I did have an idea that I'm sure isn't new. I create four sessions variables and set their values ahead of time using the Authorization Scheme code and I'm good to go! Right?
So, some questions:
1. Do I create these variables as Items on a page 0?
2. Are these region level items or page level items?
3. Is my original way of using the Authorization Schemes the right way to do what I'm doing?
Thanks in advance for any advice here!
Cheers,
Jon

Jon,
I assume you have a 'employee' table which has columns
username varchar2(50);
emp_role varchar2(1);
Take emp_role as say,'A' for admin,'M' for pm,'U' for user etc...So each user will have a role associated to him.
So you can define the authorization schemes in the application's shared components as
AUTH_PM ->scheme type :Exists sql query ->Evaluation point ->once per page view
select 1 from employee where username = lower(:app_user) and emp_role ='M'
AUTH_ADMIN->scheme type :Exists sql query ->Evaluation point ->once per page view
select 1 from employee where username = lower(:app_user) and emp_role ='A'
AUTH_AD_PM->scheme type :Exists sql query ->Evaluation point ->once per page view
select 1 from employee where username = lower(:app_user) and emp_role in ('A','M) ......etc for all the combinations you are looking for.
Now,AUTH_PM on "delete" button will allow only the users with pm roles only to view the delete button.
Similarly,AUTH_AD_PM on a region will make the region visible to the users with pm and admin roles only.
Thanks,
Anandi

Similar Messages

  • Object level authorization for SLT Configuration schema in HANA DB

    Hi All,
    We have connected SLT with HANA DB (& ECC as source system).
    Now for certain users we wanted to restrict the access for certain tables ( tables owned by SLT Schema, i.e schema created in HANA DB with the configuration name provided in the SLT configuration).
    With the SYSTEM user object level authorization's of another schema is not possible hence , an error is thrown when we are trying to provide/control the access of single table for a user.
    Is it ok that we generate a password for SLT schema and try login with schema owner. Is it the best practice or Is there any other way around.
    Regards,
    Kumar

    Hi Santosh,
    You can find more info about SLT Roles and Authorization from below security guide.
    http://help.sap.com/hana/SAP_HANA_Security_Guide_Trigger_Based_Replication_SLT_en.pdf
    Regards,
    V Srinivasan

  • How do I move a table from one schema to another schema on Oracle XE?

    How do I move a table from one schema to another schema on Oracle XE?

    Hi,
    I tried to use the insert/select statement that you had given, it did not work.
    The error is ORA-00913: too many values.
    But finally what I did was, I went into the system schema where the table was and generated the DDL through the utilities and afterwards I imported them into the schema that I am currently working on. It solved the problem!
    However I am still curious to know why the insert/select statement did not work? Do you know any site/tutorial which gives a real time example?
    Thank you
    Skye

  • How do I move a table from one schema to another schema?

    How do I move a table from one schema to another schema?

    Grant access to the table from the source schema to destination schema.
      GRANT SELECT ON <TABLE_NAME> TO  <DESTINATION SCHEMA>A simple way would be to use CREATE Table with select syntax (in destination schema)
      CREATE TABLE <TABLE_NAME> AS SELECT * FROM <SOURCE SCHEMA>.<TABLE_NAME><li>However, you would be in <b><u>trouble when the table has index,constraints and triggers</u></b>.
    So you can better of grab the DDL statement of the table(and any additional components) andd then create the table in the destination schema.You can use SQL developer, Toad or Apex's Object browser for this.
    After the table is created, Insert the records using SELECT.
    INSERT INTO <TABLE_NAME> SELECT * FROM <SOURCE SCHEMA>.<TABLE_NAME>This question is discussed in great detail in this <b>AskTom thread</b>

  • How can i access all the objects of one schema from another schema

    Dear All,
    How can i access all the objects(Tables,Views,Triggers,Procedures,Functions,Packages etc..) and do the modifications of one schema from another schema (Without using synonyms concept).
    Thanks in advance,
    Mahi

    First of all, synonyms only help you easy reference the object. It doesn't have any implication of object privilege.
    As long as you have proper privilege on target object. You can access it with or without synonyms.
    Assuming you have proper privilege of objects, you can use following command to assume schema owner.
    ALTER SESSION SET CURRENT_SCHEMA = Schema_owner

  • Grant access to all the views created in user schema to another schema

    How to grant access for all the views created in own HAGGIS schema to comqdhb schema on the HAGGIS database.
    Oracle Grant Privileges
    ===============
    Object privileges assign the right to perform a particular operation on a specific object
    I read that we can use select 'grant select on' ||view_name||'HAGGIS' user_views where owner='COMQDHB'
    Is this right
    Oracle System Privileges
    ===============
    System privileges should be used in only cases where security isnt important,because a single grant statement could remove all security from the table
    Role based security
    ============
    Role security allows you to gather related grants into a collection-since the role is a predefined collection of privileges that are grouped together.privileges are easier to assign to users.
    [http://www.dba-oracle.com/art_builder_grant_sec.htm]
    can we grant select update to all the views at a time to the other schema.
    Are there any other ways to secure the data other than creating users and assigning roles.
    Thank you
    Edited by: Trooper on Dec 23, 2008 9:24 AM

    I think what was suggested was that you use SQL to generate the grants on each and every view, that is, you use SQL to generate SQL where the SQL being generated is "grant select on view_name to role'"
    If you users to connect to Oracle you have to create usernames for them though if the users only connect via an application the application might run just as one user and access to the application is controled via application security. The control on the application can be via Directory Services such as OID or MS Active Directory. User access to Oracle can also be controlled via OID.
    To connect to Oracle you can use OS authenication (not recommended), usernames with passwords, or via Advanced Security Option which supports single sign-on products like Kebros or Oracle Internet Directory etc....
    Example using SQL to generate SQL
    How do I find out which users have the rights, or privileges, to access a given object ?
    http://www.jlcomp.demon.co.uk/faq/privileges.html
    HTH -- Mark D Powell --

  • Context,Physical schema and Logical schema

    Hi,
    How the context,physical schema,logical schema and agent are interrelated.
    Please explain
    Thanks
    Jack

    Hi Jack,
    Context:
    A context is a set of resources allowing the operation or simulation of one or more data processing applications. Contexts allow the same jobs (Reverse, Data Quality Control, Package, etc) to be executed on different databases and/or schemas.
    Its used to run the object(process) in different database.
    Physical Schema:
    The physical schema is a decomposition of the data server, allowing the Datastores (tables, files, etc) to be classified. Objects stored in data servers with this mode of classification can be accessed by specifying the name of the schema attached to the object name.
    Ex
    Oracle classifies its tables by "schema" (or User). Each table is linked to a schema, thus SCOTT.EMP represents the table EMP in the schema SCOTT.
    Logical schema:
    A logical schema is an alias that allows a unique name to be given to all the physical schemas containing the same datastore structures.
    ->The aim of the logical schema is to ensure the portability of the procedures and models on the different physical schemas. In this way, all developments in ODI Designer are carried out exclusively on logical schemas.
    Thanks
    Madha

  • From schema 1 to schema 2 migration delegated admin problem

    I want migrate from schema 1 to schema 2 the messaging server 6.2 ( jes 2005q1).
    I have install access manager and delegated admin.
    With the commdirmig I migrate the domain and schema , the messaging work correctly.
    I have a problem with the delegated admin web interface.
    The delegated don't view my domain. If I add the sundelegatedorganization objectclass I can view my domain on delegated admin but I can view user and group.
    Any Idea?
    TIA
    Bye Giovanni

    There are two very different products called "deletaged admin". The old iPlanet Delegated Admin (iDA) only works with Schema 1. The current Delegated Admin, that comes with JES3 only works with Schema 2.
    If you're using the old iDA that worked with schema 1, it won't work with schema 2. You have to install the new DA for that.
    It doesn't work with groups/lists, only with users and domains.

  • Cannt execute stored proc of one schema in another schema from java app.

    I am posting my problem in this forum as i i though it could be server-independent.
    I am working on apache tomcat and spring framework with Oracle db (schema/user A)
    We access oracle db from our java application by setting jndi and works fine.We have sqlstatements, stored procs and functions all run fine.
    Now we create a role (DBROLE) with all permissions to that original db schema/user(A) . We created another empty schema B and assigned that role(DBROLE) to that user B.
    (We grant all kind of permissions on tables/packages of schema A to user role DBROLE and also created synonyms)
    Intentions are: to access the schema A though schema B from application and avoiding direct access.
    In our spring application, we replaced database-settings with schema B.
    Things work fine: When its plain SQL statement is run from Java code but Stored proc wont run and we get
    'Wrong num of arguments/data types' error.
    Also all stored procs are in packages.To execute stored proc in java code, we use SimpleJdbcCall.
    I also checked run stored proc from schema B and its works. Only from web app, it doesnt work.
    Please suggest,what should be done to make this working or if there is other alternative.
    Thanks

    Instead of importing a scema in another schema specifiy the schemas in the external-schemaLocation property.
    SAXParser saxParser = new SAXParser();
    saxParser.setProperty("http://apache.org/xml/properties/schema/external-schemaLocation", "xmlschema1.xsd, xmlschema2.xsd");

  • No authorization to change authorization data

    Hello,
    When trying to change an opportunity in our CRM system we get this error message only for one partner.
    "No authorization to change authorization data"
    Our user has SAP_ALL, SAP_NEW and we don't find anything in st01.
    Any idea for this issue? Could it be an HR authorization object missing? Or a CRM one?
    Thanks in advance.
    Best Regards,
    Olivier

    Sometimes error messages are misleading or returned from other users's contexts (rfc, service calls, etc) or even hardcoded in worste cases.
    You will need to debug it and stop on the message number to see where it is coming from and why.
    Cheers,
    Julius

  • Best LKM to move data from with in Oracle from one schema to another Schema

    Hi Gurus,
    What is the best KM to move data from one schema to another schema within same oracle database.
    Thanks in advance

    Dear,
    If your source and target are on the same database server then you dont need LKM.
    You have to 1. create one data server for the database server
    2. Create one physical schema for your source and another physical schema for your target under the above created data server.
    3. Then create models for each above created physical schema
    In this case you just need IKM knowledge module
    Please refer http://oditrainings.blogspot.in/2012/08/odi-interface-source-target-on-same.html
    If your source and target are on different server then you must create two different data servers in topology. You have to use LKM.
    The best LKM to use is LKM oracle to Oracle dblink. But you should have proper grants to use it
    If your source has very few records you can go with LKM SQL to Oracle other wise use LKM oracle to Oracle dblink

  • Creation of star schema from snowflake schem in BMM layer

    hi,
    This is my situation.I have "Fact-table" which has Dim 1 .now Dim 1 is joined to Dim2,Dim3
    Fact
    |
    Dim 1
    |
    | |
    Dim 2 Dim 3
    Now in Bmm Layer how can i make this snowfalke schema to star schema.I heard about making changes in the Logical Table source.And what will be the look of the presentation layer.
    Any help is appricaited Guys.

    In physical layer, you have a join between Dim 1 and Dim 2, Dim1 and DIm3, Fact and Dim1. In BMM for Dim1, in the sources, add Dim2 and Dim3. You may add both these dimensions in one single LTS if the data is not duplicate in the tables. In case the data is duplicated add them as seperate LTS in the sources for Dim1. Refer this post for reference -- Logical Table source source query
    In BMM you need a join between Dim1 and Fact. Basically your Dim1 is sourced from three different tables which are your dimensions. This would transform your snowflake into star. In your presentation layer you will have all the columns from your dimensions (except for the duplicates, lets say you have column A in both dim1 and dim2, you should map this column in column mapping tab so as to enable BI server to pick the most economical source) and facts.
    Hope this clears your question.

  • Star schema or Snowflake schema

    Hi Gurus,
    I have following dimensions and fact table. let me know can I go ahead with star schema and snowflake schema while building the cube.
    1. Country's table
    2. workgroup table --> each country have N number of work groups
    3. user table---> each workgroup have  N number of users.
    4. time table.
    5. fact table.

    This is a similar thread that discusses on the design approach of star vs normalized tables
    https://social.technet.microsoft.com/Forums/sqlserver/en-US/7bf4ca30-a1bc-415d-97e6-ce0ac3137b53/normalized-3nf-vs-denormalizedstar-schema-data-warehouse-?forum=sqldatawarehousing
    In my experience majority of cases I've some across is also star schema for data marts where tables will be more denormalized rather than applying priciples of normalization. And I believe so far as its through SSAS cubes that you exposes the OLAP model
    it would be much easier to implement relationships using a denormalised approach.
    What you may do is to have a normalised datawarehouse if you want and then built the datamarts over it using denormalised tables (star schema) for the cube.
    Please Mark This As Answer if it solved your issue
    Please Vote This As Helpful if it helps to solve your issue
    Visakh
    My Wiki User Page
    My MSDN Page
    My Personal Blog
    My Facebook Page

  • To kill session in one schema from another schema

    Hi Team,
    I got a problem like a table from one of my schema has been locked. I am getting 'ORA-00054: resource busy and acquire with NOWAIT specified' error when trying to delete rows from that table or even when trying to truncate that table.
    Let the table be 'T1' present in schema 'VIEW'
    I tried to kill the session which is active for that schema by below query
    select sid,serial#,status from v$session where username='VIEW' and STATUS = 'ACTIVE';
    alter system kill session '681,2586';
    But i couldn't do the above as i don't have DBA privilege for that. But i have DBA privilege for another schema let it be 'ADMIN'
    Now how can i kill the session in schema 'VIEW' from schema 'ADMIN'
    can any one get me solution.
    Thanks in Advance
    11081985

    I got a problem like a table from one of my schema has been locked. I am getting 'ORA-00054: resource busy and acquire with NOWAIT specified' error when trying to delete rows from that table or even when trying to truncate that table.
    Before you do anything why don't you actually find out WHY that table has been locked.
    You generally should NOT be killing sessions without knowing what is causing the problem to begin with.
    Then you also need to determine if you should use KILL SESSION or instead use DISCONNECT SESSION and well as whether the use of IMMEDIATE is appropriate.
    Each of those choices acts differently. Many people use KILL when they should really use DISCONNECT.
    See DISCONNECT SESSION Clause and KILL SESSION Clause in the ALTER SESSION chapter of the SQL Language doc
    http://docs.oracle.com/cd/E11882_01/server.112/e17118/statements_2014.htm#i2282145

  • I can't authorize or de-authorize my computer from the account. What do I do?

    I can't authorize or de-authorize my computer from the account. What do I do?

    I would make contact with the carrier, since texting and phone calls are their problem.

  • Migrate schema 1 to schema 2 using commdirmig utility

    Hi,
    I am trying to migrate my Directory server 5.2 from schema 1 to schema 2 for Messaging server and Identity server.
    However, I got some java class error when running the commdirmig utility.
    The command I ran and error messages are as follow:
    # ./commdirmig -D "cn=directory manager" -w /var/tmp/passwd -t 1 -X ldap.abc.com -p 389 -b "o=ABC" -r "o=internet" -d "*"
    Exception in thread "main" java.lang.NoSuchMethodError
    at sun.comm.dirmig.commDirectory.domainDnToDomainName(commDirectory.java:826)
    at sun.comm.dirmig.commDomainEntry.<init>(commDomainEntry.java:56)
    at sun.comm.dirmig.commDomainFactory.createObject(commDomainFactory.java:22)
    at sun.comm.dirmig.commDirectory.searchObjects(commDirectory.java:350)
    at sun.comm.dirmig.commDirMig.getDomainList(commDirMig.java:698)
    at sun.comm.dirmig.commDirMig.migrateDirectory(commDirMig.java:162)
    at sun.comm.dirmig.commDirMig.main(commDirMig.java:82)
    Does anyone also have this problem? And does anyone know what's the problem?
    Thank you very much.
    Ken

    I am trying to figure out the best way for me to migrate from 5.2 to JES. I can export/import a single user ldif file, but when I logged into Comm Express, all I saw was calendar/addressbook/options (No mail tab). I would assume I am missing a mail attribute. I can however log into Messenger Express on the new box and send/receive mail. Is there just a comm express attribute that I am missing in my ldif file that I could add, or do I need to run commdirmig after importing the ldif file?

Maybe you are looking for