DAC user access to Siebel tables

Similar Messages

• User Access to all tables of a database

  Hi,
  Is it possible to create a user that has access to all tables in a particular database?  I know I can grant permissions on individual tables, but I would like to create a user that can add, delete, and insert data into any table in the database.  This is easy in MSSQL, but not so easy with MaxDB
  Thanks and Kind Regards,
  Diana Hoppe

  It's not so easy, because it's a nonsense requirement!
  While it may be convenient to be able to just access data and db-objects during development, this becomes a nightmare on production.
  It's far easier and usually better to create schemas to put the database objects in and roles that have the required permissions.
  Then you can grant the roles to the users that need them.
  This way you've cleanly separated the naming (schemas) from the permission (roles/users/grants) aspect.
  A common approach for this is:
  - SYSDBA user (e.g. SUPERDBA) owns the application schemas and can create/alter the objects in it
  - SYDBA also owns the roles and users.
  One step more secure would be to have a specific user own the application schemas - just like it is the case for NetWeaver databases.
  With this, you can have your DBAs have their superuser access to the database and still not the super-easy option to look at the data.
  regards,
  Lars

• How can I see which roles or users have access to a table?

  How can I see which roles or users have access to a table?
  For a given table, how can I see the grants, who and what?
  Many thanks

  dba_tab_privs.
  Grantee can be a role or an user, as roles are fake users.
  Sybrand Bakker
  Senior Oracle DBA

• How to provide access to  v$tables in oracle 10g to user

  Hi,
  can any one suggest me how to provide access to v$tables in oracle 10g to user .
  its requried for auditor.
  PLease help me.
  regards

  user12009184 wrote:
  HI have to provide access to all V$ tables
  it required for configuration of new tool.
  ThanksYou can grant it the select catalog role to the user. It should provide all the required access to the general v$* & dba_* views.
  GRANT SELECT_CATALOG_ROLE TO USER;
  Let me know if this helps.
  Regards,
  Rizwan

• Give user Read-Only access to one table in a database.

  Does anyone know how to give a user account Read-only access to 1 table within a SQL Server Database using SQL Server Management Studio? I don't want the account to be able to access any other tables in the database, just the one table. I'm not a sql programmer,
  so if there is a way to do it in Sql Server Managment Studio settings that would be the best.

  Using Management Studio, I assume you already have a login and user for that person. If not,
  How to: Create a SQL Server Login http://msdn.microsoft.com/en-us/library/aa337562.aspx
  How to: Create a Database User
  http://msdn.microsoft.com/en-us/library/aa337545.aspx
  1. Then, in Object Explorer, expand the Database, expand
  Tables, right-click the table you want, and then click
  Properties. 
  2. On the Permissions page, under Users or Roles, click
  Search, then Browse, etc, until you find the user. Click
  OK until you are back to the Permissions page.
  3. In the Permission for <user>section, find the
  SELECT (that's the read permission) and click the Grant
  box. Then click OK.
  Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

• How to Restrict a user to a access a particular table

  HI ,
  how to restrict an user to a one particular table and he should have only dispaly authorization for that , can anyone suggest me how to do this.

  Hi,
  Is it a standard table ? S_TABU_DIS (Client Dependant) and S_TABU_CLI (Cross client) are the the authorization objects that controls table maintenance. With Authorization group and activity 03, you can give user access only to Display.
  You can look at table TDDAT to find the authorization group of the table. If it is a custom table for which original t-code is SM30 ( You can look at SU24 to verify that) and it does not have authorization group assigned to it, then you can ask your developer to assign authorization group to the table using t-code SE54. then again make use of S_tabu_dis with activity 03 and Auth group as designed to restrict access.
  Also something to look for is Note 1481950 - New authorization check for generic table access using new auth object S_TABU_NAM. Remember Bernhard talking about it.
  Edited by: Nishant Sourabh on Oct 1, 2010 8:13 PM

• Security based on the position and responsibility of Siebel tables.

  Hi Forum,
  We have a requirement to show some reports based on OLTP (Siebel Base tables with S_) tables. so we have created a repository and created few reports in OBIEE.
  Now we want to implement security based on these tables. Like siebel users will be accessing these reports, So how do we implement security based on the position and responsibility of Siebel tables.
  I request to share any links or docs pertaining to above mentioned implementation.
  Thanks

  Could be interference
  AirPort and Bluetooth: Potential sources of wireless interference
  Try:
  - Reseting the BT headset
  - Reset the iOS device. Nothing will be lost
  Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
  least ten seconds, until the Apple logo appears.
  - Reset network settings: Settings>General>Reset>Reset Network Settings. You will have to rejoin all wifi networs and re-pair all BT devices

• How to trace an user access

  Even if I've got no DBA permission (for example I don't see the v$session table), have I got any way to trace the users accessing the DB? How can I do? I was told about trace but can someone tell me more? I'd like to know the user accessing the DB and the operation that he's launching. Is it possible?
  Thanks!

  Anything is possible if you have the correct privileges. But then you probably don't have those privileges, and probably for a reason, as you probably also don't have the DBA role for a reason.
  If you are to enable trace in a different session, you would need execute access on an Oracle provided package, which differs by version, and of course you assume Oracle never changes, and there is only one version out there: yours.
  For a DBA it would be the easiest to grant you the select_catalog_role and the execute_catalog_role.
  But then again one would ask why you think you should spy on him, and why you don't cooperate with him and/or try to convince him.
  Sybrand Bakker
  Senior Oracle DBA

• How to create a user in SQL database table for FBA in SharePoint 2013

  Hi,
  I am trying to configure Form Based Authentication on my SharePoint Dev machine. The purpose is to add an external user to a table (using a registration page).The provider used is SQLMembershipProvider.The dev machine is also configured as domain controller
  so all users created locally are AD users.
  Reference articles that i checked are
  Either adding users to the database as a windows user (i.e. under users section in the database). But on my machine, windows user would be same as adding a AD user.
  Or by creating a dedicated IIS site for .Net users (after creating a FBA DB using aspnet_sql tool). Right now i have implemented FBA using this method.
  Is it possible to add user details in a table of choice and then access that user using people picker? (without any third party tools).
  Thanks,
  Thomas

  Hi,
  We can use CreateUserWizard control to achieve it.
  Here is a blog for your reference:
  Adding Users With SharePoint Forms Based Authentication
  http://psterpe.wordpress.com/2009/05/24/adding-users-with-sharepoint-forms-based-authentication/
  Best Regards
  Dennis Guo
  TechNet Community Support

• Fetch-Xml based report (to count User Access in the last 6 months ) for Microsoft Dynamics CRM Online

  Hi,
  I have created a User Access report for CRM on-premise using SQl query in the following format. One row corresponds to one user in organization. Currently, I am using Microsoft Dynamics CRM Online trial version and have two users in my organization.
  I want to the same report for CRM Online environment. Only Fetch-Xml based custom reports are supported by CRM online environment hence this SQL query cannot be used.
  I have already written fetch-xml query to retrieve user access records ("audit" entity records) in "last-x-months" (where x = 1,2,3,4,5,6) as below.
  I am able to retrieve the records with "last-x-months" condition at a time, for example, the last-2-months  in my fetch-xml query only.
  For, example, when I retrieve the records in the last-2-months, it also includes the records in the last month. I want to count the records in the 2nd month only that is the difference between these two. The difference will be my 2nd column.
  Similarly, I want the other columns.  
  For the case in the above example, I have created the two separate datasets to get the record-count for the last month and last-2-months. But, I am not able to use the two datasets in the same table in my report and hence not able to calculate the difference.
  Is there any way to solve this problem?

  Hi,
  I have modified my Fetch-XML query to retrieve all the required User Access records and removed aggregation and counting and grouping from the query as well. Did grouping and counting in SSRS. Now the report works fine as shown in the above picture.

• Access to sybase tables/views

  Hi!
  I am trying to get access to a sybase database through a JDBC connection. When we does a test in the JDBC test page with the user, we can see all the views and tables. But when we are trying to make a datasource based on this source system I get the message in the left lower corner "No values fir this Selection".
  can this be related to that the user I have been given just have read access to these tables/views. In Oracle the user has to own the view/tables to make a datasource work..
  If anyone can give me any answer, please let me know.

  Hi!
  We have solved this problem by using an existing database that we get the rest of the data from.
  This database makes a view and a connection that extract the data we needs

• No read access to system tables

  Hi
  i try to migrate access db to oracle and when testing connection it gives me error message says "no read access to system tables modify access db before retrying"
  what to do?
  thanks in advance.

  Access tab
  For a connection to a Microsoft Access database, click Browse and find the database (.mdb) file. However, to be able to use the connection, you must first ensure that the system tables in the database file are readable by SQL Developer, as follows:
  Open the database (.mdb) file in Microsoft Access.
  Click Tools, then Options, and on the View tab ensure that System Objects are shown.
  Click Tools, then Security, and, if necessary, modify the user and group permissions as follows: select all tables whose names start with Msys, and give the Admin user at least Read Design and Read Data permission on these tables. Save changes and close the Access database file.
  Create and test the connection in SQL Developer.

• Best Practice - Securing Schema from User Access

  Scenario:
  User A requires access to schema called BLAH.
  User A is a developer that built an application using this schema in a separate development environment, although has the same privileges mirrored to production (same roles etc - required for operation of the application built).
  This means that the User has roles that grant Select, Update etc rights for the schema / table in order to use (and maintain) the applications.
  How can we restrict access to the BLAH schema in PRODUCTION, enforcing it to only be accessible via middle tier / application (proxy authentication?)?
  We've looked at using proxy authentication, however, it's not possible to grant roles and rights to the proxy account and NOT have them granted to the user (so they can dive straight in using development tooling and hit prod etc)>
  We've tried granting it on a session basis using proxy authentication (i.e. user a connects via proxy, an we ENABLE a disabled role on the user based on this connection), however, it causes performance issues.
  Are we tackling this the wrong way? What's the best practice for securing oracle schemas (and objects in general) for user access where the users actually get oracle user account (or even use SSO) for day to day business as usual.
  To me this feels like a common scenario, especially where SSO comes into play ...

  What about situations where we have Legacy Oracle Forms stuff? In these cases the user must be granted select etc rights to particular objects, as this can't connect via a middle tier.
  The problem we have is that our existing middle tier implementation is built expecting the user credentials to be passed to it during initial authentication and does not use a proxy, or super user style account.  We have, historically, been 100% reliant on Oracle rights and controls to validate and restrict access to our underlying data.  From what you are saying, we should start to look at using proxy or super user access and move this control process further up - i.e. into Code or Packages ?  If so, does this mean that there is no specific way to restrict schema access to given proxy accounts and then grant normal user accounts to connect through these to get access (kind of a delegated access scenario), without using disabled roles?

• Accessing large partitioned tables over a database link - any gotchas?

  Hi,
  We are in the middle of a corporate acquisition and I have a question about using database links to efficiently access large tables. There are two geographically distinct database instances, both on Oracle 10.2.0.5 sitting on Linux boxes.
  The primary instance (PSHR) contains a PeopleSoft HR and Payroll system and sits in our data centre.
  The secondary instance (HGPAY) runs a home grown payroll application and sits in a different data centre to PSHR.
  The requirement is to allow PeopleSoft (PSHR) to display targeted (one employee at a time) payroll data from the secondary instance.
  For example in HGPAY
  CREATE TABLE MY_PAY_DATA AS
  SELECT TO_CHAR(A.RN, '00000000') "EMP" -- This is an 8 digit leading 0 unique identifier
  , '20110' || to_char(B.RN) "PAY_PRD" -- This is a format of fiscal year plus fortnight in year (01-27)
  , C.SOME_KEY -- This is the pay element being considered - effectively random
  , 'XXXXXXXXXXXXXXXXX' "FILLER1"
  , 'XXXXXXXXXXXXXXXXX' "FILLER2"
  , 'XXXXXXXXXXXXXXXXX' "FILLER3"
  FROM ( SELECT ROWNUM "RN" FROM DUAL CONNECT BY LEVEL <= 300) A
  , (SELECT ROWNUM "RN" FROM DUAL CONNECT BY LEVEL <= 3) B
  , (SELECT TRUNC(ABS(DBMS_RANDOM.RANDOM())) "SOME_KEY" FROM DUAL CONNECT BY LEVEL <= 300) C
  ORDER BY PAY_PRD, EMP
  HGPAY.MY_PAY_DATA is Range Partitioned on EMP (approx 300 employees per partition) and List Sub-Partitioned on PAY_PRD (3 pay periods per sub-partition). I have limited the create statement above to represent one sub-paritition of data.
  On average each employee generates 300 rows in this table each pay period. The table has approx 180 million rows and growing every fortnight.
  In PSHR
  CREATE VIEW PS_HG_PAY_DATA (EMP, PAY_PRD, SOME_KEY, FILLER1, FILLER2, FILLER3)
  AS SELECT EMP, PAY_PRD, SOME_KEY, FILLER1, FILLER2, FILLER3 FROM MY_PAY_DATA@HGPAY
  PeopleSoft would then generate SQL along the lines of
  SELECT * FROM PS_HG_PAY_DATA WHERE EMP = ‘00002561’ AND PAY_PRD = ‘201025’
  The link between the data centres where PSHR and HGPAY sit is not the best in the world, but I am expecting tens of access requests per day rather than thousands, so I believe the link should have sufficient bandwidth to meet the requirements.
  I have tried a quick test on two production sized test instances and it works in that it presents the data, when I look at the explain plan I can see that the remote database is only presenting the relevant sub-partition over to PSHR rather than the whole table. Before I pat myself on the back with a "job well done" - is there a gotcha that I am missing in using dblink to access partitioned big tables?

  Yes, that's about right. A lot of this depends on exactly what happens in various "oops" scenarios-- are you, for example, just burning some extra CPU until someone comes to the DBA and says "my query is slow" or does saturating the network have some knock-on effect on critical apps or random long-running queries prevent some partition maintenance operations.
  In my mind, the simplest possible solution (assuming you are using a fixed username in the database link) would be to create a profile on HGPAY for the user that is defined for the database link that set a LOGICAL_READS_PER_CALL value that was large enough to handle any "reasonable" request and low enough to quickly kill any session that tried to do something "stupid". Obviously, you'd need to define "stupid" in your environment particularly where the scope of a "simple reconciliation report" is undefined. If there are no political issues and you can adjust the profile values over time as you encounter new reports that slowly increase what is deemed "reasonable" this is likely the simplest approach. If you've got to put in a change request to change the setting that has to be reviewed by the change control board at its next quarterly meeting with the outsourced DBA vendor, on the other hand, you could turn a 30 minute report into 30 hours of work spread over 30 days. In the ideal world, though, that's where I'd start.
  Getting more complex, you can use Resource Manager to kill queries that run too long on the wall clock. Since the network is almost certainly going to be the bottleneck, it's probably unlikely that the CPU throttling is going to do much good-- you can probably saturate the network with a very small amount of CPU. Network throttling in my mind is an extra step up in complexity again depending on the specifics of your particular situation and what you're competing with.
  Justin

• Setting up a Role to Restrict SQVI by user (on field BUKRS table KNC3)

  Hi Everyone!
  I am trying to get my basis team to give me access to SQVI - but they want to restrict the financial data I have access to by company code (9000 in our company). The authorisation checking for SQVI is not straightforward apparently. It depends on the data source of the view created. If it is logical database, then the authorisation follows the access required for the database (e.g. system will check for vendor access if data source is the logical database “Vendor Database”). But if the source is table or table join, then system will check for table access right, which, in our environment, is unristricted.
  So, in essensce, we do not restrict access rights by table and I will be using SQVI to directly query many tables... which will include tables that store data other than info relating to my company code
  I have tried applying a role in our Q&A, where in Authorizations (change authorization data) I pass in a variable on the field and table (field name BUKRS '9000' - master table KNC3) for a role assigned to a test user (zSQVI) but this is not restricting the data I can access via SQVI when logged in as zSQVI.
  Has anyone had this problem before? Does anyone know how to restrict SQVI access by a field variable using roles?
  Kind Regards,
  Gavin

  It's not possible to restrict SQVI to this level as it doesn't contain authorisation checks at the organisational level.  You can achieve this by using Infoset Query / Ad-hoc query where you have the option to apply your own code to the query, thus allowing you to check the company code.