Creating portal users with owner privileges?

Similar Messages

• Can I create a User with Root Privileges but without UID Zero?

  Dear all,
  I'm working on this project and this is the task required: Create a user and let this user perform all that the ROOT user can perform but shouldn't have UID 0. I'm sincerely new to this task but I challenged myself and made so many search on Google and this is what I was able to do.
  1. I created a user --- testuser1
  2. I created a role --- advrole
  3. I added the Solaris predefined profile -- Primary Administrator Profile to the role advrole and added this role to the user testuser1.
  4. I logged out from root and login with the newly created user i.e. testuser1.
  5. I ran the command id and the user - testuser1 still has its UID defined by me when I was creating the user account (which is good as far as my task is concern).
  6. In order to perform ROOT tasks when logged in with testuser1, I use su - advrole.
  7. I can now do all that ROOT can do but whenever I run the id command, the advrole shows UID 0 (WHICH IS BAD FOR ME AS PER MY TASK).
  My question is, I need to tell the customer that what they actually want isn't feasible in Solaris and the above is closer to what they want but I need to be sure if it's feasible or not before telling my customer?
  Can anyone tell me if it's feasible and if so, how can it be done? Or if the way I did it is the only way, kindly let me know as well so that I can get back to them with a valid and concrete explanation.
  P. S. The customer requires this because when doing auditing, their auditing software tracks users based on UID so therefore if every user will login and su - root, all will appear as done by the ROOT user because of the UID and a particular will not be held responsible.

  If you use auditreduce and praudit, you can get the information you need. It will show, as in my example below, that I logged in via SSH, and then switched to root after logging in. This information can be easily scripted and I do so every day in my daily report so I can see who logged in and who switched to root.
  Logging in via ssh:
  header,69,2,login - ssh,,MYSYSTEM,2010-06-03 09:15:15.151 -07:00
  subject,myusername,myusername,mygroup,myusername,mygroup,11435,512647774,15097 65558 MyIP
  return,success,0Then switching to root:
  header,94,2,su,,MYSYSTEM,2010-06-03 09:15:21.100 -07:00
  subject,myusername,root,mygroup,myusername,mygroup,11448,512647774,15097 65558 MyIP
  text,success for user root
  return,success,0It also indicates the session ID for the SSH session, so I can monitor when that session ended too.
  A different session logging in and out via SSH -
  header,69,2,login - ssh,,MYSYSTEM,2010-06-03 09:16:19.380 -07:00
  subject,myusername,myusername,mygroup,myusername,mygroup,11451,3474846213,15097 131094 MyIP
  return,success,0
  header,69,2,logout,,MYSYSTEM,2010-06-03 09:16:51.452 -07:00
  subject,myusername,myusername,mygroup,myusername,mygroup,11451,3474846213,15097 131094 MyIP
  return,success,0

• Create user with dba privileges

  How do I create a user with DBA privileges in Oracle? The user should be able to create, insert, delete, truncate and other functions without any limits. Do I have to issue GRANT statements?

  Hi,
  I don't believe there's any way to create a user and grant privileges in one command.
  First, create the user:
  CREATE USER  foo  IDENTIFIED BY  bar;Then grant the privileges. There's a pre-defined role called DBA that has all the privileges you mentioned.
  GRANT  dba  TO  foo;It's easy to write a script to do these two commands together, so you could say
  @CREATE_USER  foo  bar  dba

• Create user with DBA privileges with a restriction to access user data

  Hi
  I need to create a user with all DBA privileges with a restriction to access all user schemas
  Thanks,
  Balaji

  Use Database Vault - http://download.oracle.com/docs/cd/E11882_01/server.112/e16544/toc.htm
  HTH
  Srini

• How to create portal user and integrate with external appl login

  How to create portal user and integrate the user with external application for single sign-on ?
  I want to access my external application thru portal user ..?
  Shyam

  Hi Jithin,
  The link that you've shared talks about a different scenario.
  In my case, I want to pass the portal user id when the user clicks on the Help Link present in the header area.
  I am trying to pass it along with the Help Link Url property of a masthead iview but it is not getting passed to the target Url.
  I would like to know if it is possible to pass the Portal User Id in this way or not.
  Though if we create a appintegrator iview and pass the user id <User.UserID> along with the target Url, it reaches there.
  Thanks & Regards,
  Anurag

• How to create full new user with all privileges

  how to create full new user with all privileges?
  and how to delete existing users?
  Thanks in advance..

  Common solution is probably to use sudo for privilege elevation, wiki should help

• Using an NT user with DBA privileges does not permit to create schema : why ?

  Hi,
  I use an Oracle 8 on an Windows NT server.
  I have two NT users with DBA privileges.
  But, when I use the migration workbench to create the oracle schema, my users are not granted.
  Why ?
  Regards.
  Pascal

  Please clarify your problem.
  The workbench creates users (which are visible in the oracle model within the tool) with the password oracle .
  I am not sure if you are asking about accessing the database using your OS user identity, or have you found that the users exist but do not have dba privileges.
  Turloch
  Oracle Migration Workbench Team
  null

• How can I create a user with rights to install packages on a publish instance?

  Hi,
  I am trying to create a user with the rights to upload and install content packages on a CQ publish instance and I do not wish to use the admin user.  Simply adding a new user to the administrators group does not seem to be enough.
  I tried adding a rep:GrantACE node through crx de/explorer but it reported the node as locked.  I was able to upload a content package that removed the rep:DenyACE jcr:read for everyone, but this is not safe it seems.
  Is there some special privilege that I need to add to my user/group that will allow them to access the /etc/packages tree or do I just need to add some permission somewhere within the tree.
  Regards,
  Chris

  With some help from David Collie, Alex Klimetschek & Jörg Hoh I have a better idea of what is going on and we've found a solution. 
  It seems that the admin account always works in these scenarios as it has special privileges in the CRX security system; admin can do anything it likes.
  Instead of creating the rep:GrantACE nodes directly, I was able to add a new ACL entry for the administrators group to /etc/packages via the Access Control Editor (http://localhost:4502/crx/explorer/ui/aceditor.jsp?ck=1373027669916&Name=acEditor&Path=%2F etc%2Fpackages&_charset_=utf-8). 
  Strangely, the administrators account already had some inherited rights on this directory that were overridden by the deny|everyone|jcr:read ACL entry on /etc/packages node.  Adding allow:administrators|jcr:read gives any member of that group access to read and write to the /etc/packages. directory.
  Now that I have setup this user we can setup a deploy step in out CI build that does not rely on using the admin account.
  Thanks
  Chris

• Mapping between multiple portal user with single R/3 user

  Hi,
      It is possible to map  multiple portal user to the single R/3 user? If yes, than what is procedure to achieve it? It is possible to logon same time more than one portal user which is mapped with same R/3 user in production system?
  Thanks,
  Kundan

  you can always do that using user mapping in user admin->identity management
  where for each user details you get a tab  called user mapping.
  you have to create a R3 system in system admin and a give a system alias to it
  Use this system alias in user mapping /
  You can map multiple portal users with a single R3 user and can work parallelly.
  But make sure that you have proper license in doing that.
  Raghu

• Create New user with ...

  Hi all
  I need to create new user with the following privileges :
  1- access any table data (read only)
  2- access the tables structure (read only)
  3- access the tables relations (read only)
  thanx in advance

  Hi,
  giggs11 wrote:
  I did the following :
  create user youruser identified by yourpassword;
  grant connect to youruser;
  grant SELECT_CATALOG_ROLE to username;
  but I cann't see my tables
  there is no erroExample :-
  Step 1:-
  sql> Conn system/manager@orcl;
  connected.
  step 2:-
  SQL> create user trial identified by trial;
  User created.
  Step 3:-
  SQL> grant connect to trial;
  Grant succeeded.
  SQL>grant SELECT_CATALOG_ROLE to trial;
  Grant succeeded.
  SQL> grant select any table to trial;
  Grant succeeded.
  Step 4:
  SQL> conn trial/trial@orcl;
  Connected.
  SQL> select * from tab;
  no rows selected
  Step 5:
  SQL> select * from scott.dept;
  DEPTNO DNAME LOC
  10 ACCOUNTING NEW YORK
  20 RESEARCH DALLAS
  30 SALES CHICAGO
  40 OPERATIONS BOSTON
  Step 6:
  SQL> desc scott.dept;
  Name Null? Type
  DEPTNO NOT NULL NUMBER(2)
  DNAME VARCHAR2(14)
  LOC VARCHAR2(13)
  you must read about privileges..
  http://download.oracle.com/docs/cd/B10501_01/server.920/a96521/privs.htm
  Regards
  S.Azar
  DBA
  "Question is Unquestionable"
  Edited by: azarmohds on Aug 15, 2009 6:28 AM
  Edited by: azarmohds on Aug 15, 2009 6:32 AM

• What is the default password after creating a user with wwsec_api.add_portal_user ?

  Hi,
  I created 850 Portal users with the WWSEC_API calls in PORTAL30 and PORTAL30_SSO. I can logon with an account if manually reset the password for a specific user. But what is the default password of a user after creating it with the API calls ? I tried "password" and the username, but that didn't work.

  The WWSEC_API should not be used to create the user account in the SSO schema. As you noted the WWSEC_API calls do not set the password - these are intended to be used only for setting up Portal profile information. For creating the user that can log in, use the Login Server APIs - in sso/ssoumgt.pks:
  WWSSO_APP_USER_ADMIN.CREATE_USER.

• How to create a user with read only access for ESB / BPEL Console

  I need to create a user with read only access to ESB Console & BPEL Console. I have created a user
  (esbreadonly) and assigned ascontrol_monitor role but user is still able to
  delete services from ESB systems (such as DefaultSystem). Is there any way to
  create a user that has strickly read only access to ESB Console & BPEL
  Console
  Thanks
  Dinesh Patel

  Check out this post.. I'm in the process of testing.
  http://chintanblog.blogspot.com/2007/12/i-saw-numerous-people-asking-about-bpel_290.html

• Business Management Error: You are attempting to create a user with a domain logon that does not exist. Select another domain logon and try again.

  Hello,
  Suddenly the working CRM is being stopped for some group of users.
  I drilled down to the issue and have checked that the users from Domain in which CRM is installed are having CRM access.
  But for other domain user having problem to access CRM.
  I tried to add a user from a domain which is not of CRM domain then it gives following error.
  "Business Management Error: You are attempting to create a user with a domain logon that does not exist. Select another domain logon and try again.
  <Message>LookupAccountNameW failed with error</Message> "
  The change is made - AD group have upgraded Activer Directory server to 2012 R2
  Please help as the Production CRM is not working for other domain user.

  We have Activer Directory Structure like below.
  One Root Domain says A
  and there are multiple child domain like B,C,D etc...
  B,C and D are all in same level,they are child of A domain.
  There are two way transitive trusts between A and all the child Domain.
  But there is no trust in between B and C and so on.
  Our CRM server is in B domain and B domain's user can access CRM but users of Domain C,D and so on can not access CRM.
  If this post answers your question, please click &quot;Mark As Answer&quot; on the post and &quot;Mark as Helpful&quot;

• How does one create a user with a null password in iManager?

  I'm setting up LDAP authentication and need to create a user with a null password.
  If you do not put a password in the password field when creating the user in iManager, a message pops up stating, No password has been defined for this user.
  You are given a choice of:
  Allow user to log in without a password
  - or -
  Do not allow user to log in without a password
  If you choose Do not allow user to log in without a password, there are no complaints.
  When I look at the properties of the newly-created user, however, I note that the "Require a password" checkbox is not filled in.
  That would imply that the answer to the question posed during the user's creation is moot; either answer produces a user that can log in without a password.
  I can then assign the Common Proxy password policy to the user, which does not dictate a minimum length for a password.
  From that point forward, any attempts to leave the password field blank in iManager results in another pop-up message stating:
  "Failure to enter a password will allow the user to login without a password."
  That implies that no password exists for the user, as opposed to a null password.
  Is that correct or are the public and private key for the user object still generated?

  If you do not specify a password, which is what happens when you select
  the 'Do not allow user to log in without a password' option initially, the
  user cannot login. A user with no password (meaning no password exists at
  all, similar to a 'null' in programming) cannot login with a password
  because, of course, they do not have a password.
  If you specify a zero-length string as the password you are effectively
  (and usually) creating a proxy user, for example to be used for the LDAP
  service in eDirectory, and this user can login typing in a password (since
  typing would imply one or more characters) but nevertheless there IS a
  password, but it happens that it is zero-length, so typing nothing for the
  password IS submitting the correct password. This is the option carried
  out by eDirectory when you choose, 'Allow user to log in without a
  password' (the prompt is a little misleading with its "without a password"
  phrase).
  Once you assign a UP policy you are telling the system that there SHOULD
  be a password on the user (and with common proxy there definitely should
  be, probably a strong one at that) so the only option now is whether or
  not the password is zero-length or longer. Obviously longer is the
  correct option for security reasons.
  Good luck.
  If you find this post helpful and are logged into the web interface,
  show your appreciation and click on the star below...

• How to create new user with more than one default folder

  hi
  A new user created in OCS has only one default folder(Inbox).
  I want to create new user with customized default folder.
  for example:
  a new user has more than one default folder(Inbox,Outbox,Draft,Dustbin...)
  And also I want to automaticly enable the functions:
  When sending messages, place a copy in Outbox
  Keep message drafts in Draft
  Move deleted messages to Dustbin
  who know that?
  thanks

  The same reason that Apple and 3rd Party vendors put multi-size templates in one file I expect. I am trying to construct an in-house standard template for use in our company, and it is easier to manage if there is only one file to send to people rather than many - both initially and for subsequent edits / updates to the template.
  Of course it would be possible to create several templates (one for each size). But since it is clear that templates can be combined, it appears sensible to do this - unless the doing of it is horridly complicated