Definer rights VS. invoker rights (same old story...)

Similar Messages

• RH9: Same old story; can't get image bullets to display

  Using TCS3, FM10, RH9 in Windows XP.
  I have custom bullets that I would like to use for my bulleted lists.  No matter what I do in the CSS, I still get the standard black bullets. (I know I should be grateful for any bullets at all, but I would really like my blue bullets.) My blue bullets are in my project as both images and baggage files.
  Here's what my CSS looks like for one of my bullets:
  P.Bullet2 {
  font-family: Tahoma;
  margin-top: 7pt;
  margin-bottom: 7pt;
  font-size: 11pt;
  margin-left: 0.5pt;
  color: #000000;
  list-style: url(hollow_blue_bullet.png);
  LI.p-Bullet2 {
  font-family: Tahoma;
  font-size: 11pt;
  color: #000000;
  list-style: url(hollow_blue_bullet.png);
  I have created a test project and linked it with a CSS where I have stripped out the Bullet2 tags.  I thought if I stripped it out, I could rebuild it.  I also deleted the Bullet2 style in RH. So I no longer have a FM Bullet2style mapped to a RH Bullet2 style.
  I then created a Bullet2 style in RH with the formatting including my blue bullet.  However, I don't have the Bullet2 RH style to map to anymore.
  Here are my question:
  How do I get a new style to become available to map to?
  How do I get my unordered lists to have image bullets?
  Thanks in advance!

  I felt I owed it to all of my followers to let everyone know that I finally got my customized bullets.  I worked with someone who had far more experience than I do in CSS and even he was baffled by how RH chose to interpret the CSS.
  Here is the workaround that we came up with to get customized solid blue bullets for a first level indent ( fondly known as Bullet1):
  For all of you newbies, like me, the following just formats the text of the bullet, not the bullet itself. The margin-left has to do with the amount of space between the text and the bullet.
  P.Bullet1 {
  font-family: Tahoma;
  margin-top: 7pt;
  margin-bottom: 7pt;
  font-size: 11pt;
  margin-left: 5pt;
  LI{
  list-style-image: url(new_blue_bullet.png);
  list-style-position: outside;
  margin-left: -15pt;
  Note: LI above refers to the bullet itself (LI means list item).  This is saying when there is only a list item, give it a bullet that is blue, place the bullet outside of the text and indent the bullet -15pts from the left margin.
  The following formats the second bullet level, also affectionately known as Bullet2. Again, this is just formatting the text of the bullet. Since they are similar, I supposed you could group Bullet1 and Bullet2 together, but I wasn't about to bring all this crashing down after so much work:
  P.Bullet2 {
  font-family: Tahoma;
  margin-top: 7pt;
  margin-bottom: 7pt;
  font-size: 11pt;
  margin-left: 5pt;
  The following means (read it from right to left) a list item in an unordered list that is contained in another unordered list. This will format all instances where that hierarchy occurs.
  UL LI UL LI{
  font-family: Tahoma;
  font-size: 11pt;
  font-style: normal;
  list-style-image: url(new_hollow_bullet.png);
  list-style-position: outside;
  margin-left: 5pt;
  The next bit of CSS means a list item in an unordered list that is contained in an ordered list, for example, a bulleted list for a step. This will format all instances where this happens:
  OL UL LI{
  font-family: Tahoma;
  font-size: 11pt;
  font-style: normal;
  list-style-image: url(new_hollow_bullet.png);
  list-style-position: outside;
  margin-left: 5pt;
  Again, many thanks to all of you who laughed, cried, and stood on the ledge with me during this excruciating process.  I sure hope the Adobe folks were following this thread.  A heck of a lot of you looked at it.
  If I could, I would give myself a star for this one as the correct answer.
  Mary

• Same same old story regarding Speeds

  Pay for and am supposed to get Infinity 2.
  Have had 3 engineer visits in recent months - each time resetting my Profile and restoring the kind of speeds I was assured I would get when I signed up. Yet for the 4th time I now find my download speeds deteriorating drastically from day to day - at any time.
  Here are my HH5 settings and the further diagnostics from the BT Wholesale test. Test was done of course both wirelessly/via Ethernet with virtually no noticeable differences.
  Am at a total loss to understand why this cycle of poor speeds keeps recurring soon after each Engineers visit!! Why? My noise levels are as can be seen fairly low and I have tried the quiet line test with no appreciable noise hiss or whatever. I have had all 3 visits kindly arranged through the Moderators but am now seriously wondering what the point of all this is. My upload speed as I had said is not too bad and bizarrely I can get uploads of around 17 mbps even when my download falls ( as it often does ) to as low as 3mbps - on infinity 2 ! How can BT get away with this nonsense!?
  Thanks for any ideas ....

  Am now expecting an Engineer's visit very soon - it will be my FOURTH in a short time. But must remain sceptical anything will be permanently sorted.
  Just out of curiosity can anyone give me a sensible explanation as to why my upload speeds are Significantly better than my downloads? Usually the other way around of course. A mystery.
  These two latest tests were done with wired Ethernet connection. Really appalling are these download figures for Infinity2.
  Thank-you.

• Package with invoker or definer rights

  Hi,
  would you give me the syntax for creating package with invoker or definer rights??
  Thanks in adavance.
  Regards
  Ravikumar.A

  i am looking for syntax.Document has it. From the doc.
  CREATE [OR REPLACE] PACKAGE package_name
     [AUTHID {CURRENT_USER | DEFINER}]
     {IS | AS}
     [PRAGMA SERIALLY_REUSABLE;]
     [collection_type_definition ...]
     [record_type_definition ...]
     [subtype_definition ...]
     [collection_declaration ...]
     [constant_declaration ...]
     [exception_declaration ...]
     [object_declaration ...]
     [record_declaration ...]
     [variable_declaration ...]
     [cursor_spec ...]
     [function_spec ...]
     [procedure_spec ...]
     [call_spec ...]
     [PRAGMA RESTRICT_REFERENCES(assertions) ...]
  END [package_name];
  [CREATE [OR REPLACE] PACKAGE BODY package_name {IS | AS}
     [PRAGMA SERIALLY_REUSABLE;]
     [collection_type_definition ...]
     [record_type_definition ...]
     [subtype_definition ...]
     [collection_declaration ...]
     [constant_declaration ...]
     [exception_declaration ...]
     [object_declaration ...]
     [record_declaration ...]
     [variable_declaration ...]
     [cursor_body ...]
     [function_spec ...]
     [procedure_spec ...]
     [call_spec ...]
  [BEGIN
     sequence_of_statements]
  END [package_name];]

• ORA-22285 Loadclobfromfile and definer rights

  I've create a directory D in schema A.
  Schema A has read permissions on the directory.
  Created a stored procedure X that reads a clob from a file in this directory.
  Running the procedure as user A works ok.
  Granted execute rights on procedure X to user B
  When user B tries to run procedure X I get error: ORA-22285: non-existent directory or file for FILEOPEN operation.
  It turns out I have to grant B read permission on the directory D.
  I don't understand why this is necessary. Procedure X runs with definer rights by default.
  Maybe someone can shed a bit of light on this ?

  // ACEs where r u ?!Oh don't Re: Needs another simple fix ! (Its been over 24hrs, nobody tried! Strange) Alex, I thought you were one of the good guys.
  Anyway, I expect a lot of the Aces are in the air right now, heading for 'Frisco.
  To your question:
  which one of the two above is the best one?It depends. Is John a developer or a user? If John is a developer then the DBA should grant him privileges explicitly. If John is a user then it is appropriate to use a role for his privileges and thus use the AUTHID CURRENT_USER approach.
  Note, I think this example is flawed because I would not expect a user to have a procedure which dynamically creates a table. Certainly I wouldn't expect John as a user to be creating procedures or to know about invoker rights. But the same model applies if the privilege is say SELECT access on another user's tables.
  the question that emerges is why do we have roles anyway if we can't truly rely on them (?)In my view ROLES are intended for managing users rather than developers. Generally I think this means granting table privileges to roles but not system privileges (although CREATE SESSION is an obvious exception). We should not use Roles for managing the privileges of developers, or for application owner accounts come to that. If the account has a schema it probably should have individually granted system privileges; as with most generalisations there is a grey area.
  Cheers, APC
  Message was edited by: inserting the crucial NOT that makes the sentence make sense
  APC

• Definer rights vs. user rights

  I must be having a senior moment .... ;-)
  Trying to demo definer rights vs. user rights on execution of a procedure.. With apologies to Daniel, I created this test, and then in trying to find the answer to my question I found his nearly identical example at psoug.
  SQL> --
  SQL> conn system/halftrack@vmora01
  Connected.
  SQL> drop user bert cascade;
  User dropped.
  SQL> drop user ernie cascade;
  User dropped.
  SQL> drop role ernies_role;
  Role dropped.
  SQL> --
  SQL> create user bert identified by bert
    2  default tablespace users
    3  temporary tablespace temp
    4  quota 10m on users;
  User created.
  SQL> --
  SQL> grant create session, create table, create procedure to bert;
  Grant succeeded.
  SQL> --
  SQL> create table bert.berts_table (empid varchar2(15));
  Table created.
  SQL> --
  SQL> CREATE OR REPLACE PROCEDURE bert.user_test  AUTHID current_user IS
    2  v_empcnt number;
    3  BEGIN
    4   select count(*)
    5   into v_empcnt
    6   from bert.berts_table;
    7  END user_test;
    8  /
  Procedure created.
  SQL> --
  SQL> CREATE OR REPLACE PROCEDURE bert.definer_test  AUTHID DEFINER IS
    2  v_empcnt number;
    3  BEGIN
    4   select count(*)
    5   into v_empcnt
    6   from bert.berts_table;
    7  END definer_test;
    8  /
  Procedure created.
  SQL> --
  SQL> create user ernie identified by ernie
    2  default tablespace users
    3  temporary tablespace temp
    4  quota 10m on users;
  User created.
  SQL> --
  SQL> create role ernies_role;
  Role created.
  SQL> --
  SQL> grant create session to ernies_role;
  Grant succeeded.
  SQL> grant select on bert.berts_table to ernies_role;
  Grant succeeded.
  SQL> grant execute on bert.definer_test to ernies_role;
  Grant succeeded.
  SQL> grant execute on bert.user_test to ernies_role;
  Grant succeeded.
  SQL> grant ernies_role to ernie;
  Grant succeeded.
  SQL> --
  SQL> conn ernie/ernie@vmora01
  Connected.
  SQL> --
  SQL> -- this should succeed
  SQL> --
  SQL> execute bert.user_test;
  PL/SQL procedure successfully completed.
  SQL> --
  SQL> -- this should fail --
  SQL> --
  SQL> execute bert.definer_test;
  PL/SQL procedure successfully completed.
  SQL> spo offOk, the only rights ernie has are via ernies_role. So I would expect his execution of bert.definer_test to fail, but it didn't.

  mbobak wrote:
  Hi Ed,
  In the definer rights case, as long as ernie can execute the procedure owned by bert, he'll be able to successfully execute it, cause definer rights mean that the object (owned/defined by bert) executes w/ bert's rights, and the only object access in the procedure is on bert's objects. So, no problem there.
  In the invoker rights case, it works cause even though the proc is owned by bert, ernie is executing and so, rights have to be granted to ernie, and they are.
  I don't see a problem in either case. Am I missing something?
  My guess is, what you're overlooking is the fact that, in the case of invokers rights, it's ok for necessary privileges to be granted via a role. The restriction against roles, is only on a definers rights procedure.
  -Mark
  PS See here for more info:
  http://download.oracle.com/docs/cd/E11882_01/network.112/e10574/authorization.htm#DBSEG50010
  Ok, as I read the explanation in the linked reference, that makes sense. So now I'm having a hard time imagining the situation where inheriting privs via a role comes into play as a problem in dealing with pl/sql blocks.

• Explain me Auth_id  and definer rights in detail with example.

  Explain me Auth_id and definer rights in detail with example.

  ibney wrote:
  Explain me Auth_id and definer rights in detail with example.How do I ask a question on the forums?
  SQL and PL/SQL FAQ
  unwilling or incapable to Read The Fine Manual yourself?
  http://docs.oracle.com/cd/E11882_01/server.112/e25789/toc.htm

• Hi there i am having a problem here i had an old id when i created my account but my credit card expired and i had put a new info but after that i have changed my apple id as well but now whenever i open anything the same old email id popped up how can i

  Hi there i am having a great problem here i had an old id when i first made my apple id but at that time my credit card info was different and now i have chaged my credit card info because it got expired.my problem is that even though i have changed my apple id the same old one always pops up and ask for a password and i ont hat id anymore how can i change my id on the main icloud setting page please slove my problem it is bothering me alot and my icloud is not backing up anymore how can i replace my new apple id to an old one please help me.
  Thanks
  Ayesha

  OK ..... Did you sign into your new ID in Settings>iTunes and App Stores>Apple ID. Tap your old ID and sign out and then sign in with the new ID.

• HT204053 I previously use an apple id , I have tried to reset and even changed the id on the settings on my phone but each time I try to update an apple apps , I keep getting the same old ID on my phone. What do I do?

  I previously use an apple id called *** @hotmail.co.uk, I have tried to reset and even changed the id on the settings on my phone but each time I try to update an apple apps , I keep getting the same old ID on my phone. What do I do?
  <Email Edited by Host>

  Is the same true for using the App Store with a desktop machine? Someone installed a program on my machine (the IT department) and I would like to install the updates but it was installed under a different Apple ID. This anyone know how to change, or work around this particular issue?
  Any thoughts or suggestions are greatly appreciated.
  Cheers

• Same old message - no solution! "this iphone cannot be used because the apple mobile device service is not started"

  Hello all,
  This driving me crazy - I have done it all - read through every forum and post - inculding all here. None of them resolves my issue...
  The details:
  Iphone - 4 - with IOS 5.0.1 (not the 4S)
  itunes version 10.5.2 64bit
  Laptop - running Windows 7 home premium 64bit
  (and just in case) - running Norton 360 with firewall settings for all iphone programs set to 'allways' I assume this is better than auto (yes I tried both)
  I've done the lot - reset the services , start / stopped them, automatic etc etc. no joy - as soon as i plug the phone in via USB the same old message:
  "this iphone cannot be used because the apple mobile device service is not started" driving me mad.
  Itunes will not recognize it as a device etc. nothing - PLEASE HELP....

  If the issue continues after restarting AMDS, then you'll need to remove and reinstall AMDS and iTunes.
  Completely uninstall AMDS, iTunes, and all Apple software. Click the appropriate links below for steps:
  Windows XP
  Windows Vista or Windows 7
  Restart the computer.
  Download and install (or reinstall) the latest version of iTunes from www.apple.com/itunes. Installing iTunes will also install AMDS.
  Restart the computer.
  Start iTunes and connect the device. It should be recognized properly in Windows.

• When I save an e-mail as a file, it opens (seems stuck) to the same old one saved earlier. How do I unstick it?

  I use a MAC desktop and Thunderbird with latest update. Recently, when I've tried to open an e-mail that I saved earlier as a file with the .eml suffix, what opens is always the same unrelated e-mail that I saved earlier to an unrelated file. It seems stuck on that same unrelated e-mail, no matter what the file or what e-mail I intended to save. For example, I save (i.e., drop-down menu: Save As - File) an e-mail that I received regarding Topic A; then I go to the folder or file to which I saved it and locate the e-mail under the correct name in which I saved it; I double click and then click on Open; what always opens is an e-mail of a few months ago that I received from Bernie. It doesn't happen on my MAC Air laptop.

  Until recently, I've been able to save e-mails to files and folders by clicking "Save As" on the dropdown File menu. In the last few weeks, whenever I open any one of the many e-mails that I've saved over time as files, it doesn't open the e-mail that I'm trying to open. Instead, what opens up is always the same old email of a couple of months ago that has no relationship to the one I'm trying to open. Somehow, it's stuck on that same old e-mail. So, yes, your response is technically correct: (a) I open the message, and (b) I see what's in there. But what I always see is the same old unrelated e-mail message. My question is how do I get past that e-mail that it's stuck on to the e-mail that I saved but won't open up? Sorry to be such a pest.

• Fed up with The same OLD APPS in App store.

  I have been staring at the same old Apps in App store since july 11th. Please developers give us some more Apps. I have read that Old jailbroken Iphones have 1000's of Apps. We have a few hundred.

  You also need to be aware that it isn't just the developer...Apple has to approve the apps before they will permit them on the iPhone. That process takes time. Only Apple approved apps are then added to the app store.
  Second, you will never see all the apps that are available on jailbroken phones because the SDK does not permit access to the phone features themselves -- if you look at those jailbroken apps, you will see all kinds of apps that access the iPod feature, the video features, the camera features. You will find bad MMS apps, you will find all kinds of things that will never be approved by Apple for the iPhone and won't end up in the official Apple App Store.
  Be patient, more applications will come, but you have to be realistic about what will and what will not be available.

• Linkification (any version) does not work with FF9.0.1. Here we go again! Same old problem. Why don't you guys develop a permanent fix??!!! Don

  Here we go again. Same old problem with FF updates. FF9.x.x will not allow clickable internet links. They are dead when typed. ALL IE versions have clickable links BUILT IN! Why can't you do it??? Don't blame it on "third party add on incompatiblity." It's not their fault. It is YOUR fault for not including it. Do not blame users either.
  xpi files are not compatible with FF9.x.x even when dragged on to it

  '''''Linkification''''' was not developed by Mozilla.
  *The third party developer appears to have abandoned the Add-on (no longer updates it).
  *The last update available on the Mozilla Firefox Add-ons site ( https://addons.mozilla.org/en-US/firefox/addon/linkification/ ) was made compatible only through Firefox 3.6.x
  *The developer posted version 1.3.9 on his/her own site which was made compatible through Firefox 4
  *'''''Read the comments section on the Add-ons page for suggestions.'''''
  **I would NOT download from another site as you do not know what you might be getting.
  **You can install the following and force compatibility in Add-ons > Extensions
  ***https://addons.mozilla.org/en-US/firefox/addon/add-on-compatibility-reporter/?src=ss
  **Under "Reviews", click "See all ###user reviews". The suggestion ''by marwn098 on November 11, 2011'' is the only one that I would recommend.
  ***Link to that suggestion --> https://addons.mozilla.org/en-US/firefox/addon/linkification/reviews/321220/
  '''If this reply solves your problem, please click "Solved It" next to this reply when <u>signed-in</u> to the forum.'''
  Not related to your question, but...
  You may need to update some plug-ins. Check your plug-ins and update as necessary:
  *Plug-in check --> http://www.mozilla.org/en-US/plugincheck/
  *'''''Adobe Shockwave for Director Netscape plug-in''''': [https://support.mozilla.org/en-US/kb/Using%20the%20Shockwave%20plugin%20with%20Firefox#w_installing-shockwave Installing ('''''or Updating''''') the Shockwave plugin with Firefox]
  *Adobe PDF Plug-In For Firefox and Netscape: [https://support.mozilla.org/en-US/kb/Using%20the%20Adobe%20Reader%20plugin%20with%20Firefox#w_installing-and-updating-adobe-reader Installing/Updating Adobe Reader in Firefox]
  *Shockwave Flash (Adobe Flash or Flash): [https://support.mozilla.org/en-US/kb/Managing%20the%20Flash%20plugin#w_updating-flash Updating Flash in Firefox]
  *'''''Next Generation Java Plug-in for Mozilla browsers''''': [https://support.mozilla.org/en-US/kb/Using%20the%20Java%20plugin%20with%20Firefox#w_installing-or-updating-java Installing or Updating Java in Firefox]

• TS2998 Same old problem, Apple vs. Cox

  Same old problem with Mountain Lion using Cox server. Can receive email in MAC MAIL but not connect to send. Fix?
  All settings are per Cox support information.

  Please help with sorting out the issues with the Cox email services?   Sorry; I'm just not that powerful. 
  If you're set up per the published specs (and those aren't easy to find), then Cox (mail or doc or the Cox network) is probably broken.  What's posted at various of the Cox support sites indicates that the SMTP send path is either TCP 587 with SSL/TLS enabled or TCP port 465 with SSL/TLS enabled.  Cox does appear to use different SMTP mail servers, depending on your service class and your particular geographic location.  Cox also appears to use POP and not IMAP, and specifically uses POP3 Port 995 on pop.cox.net; that's the SSL/TLS port for POP3.
  What to do?  Work with someone that you can share your credentials with, verify the error, and (if it can't be resolved) contact Cox and work through this error with them.
  Or as an alternative, don't use Cox for your mail.  I deliberately chose a mail hosting provider, and not the ISP I work with, for mail services.  That mail hosting move was easily very affordable, and the mail provider quickly answers the (few) support tickets I've needed very promptly.   In other words, the ISP deals with the network wiring, and the mail hosting provider deals with the mail servers.  And mail works.
  Or yes, you can use Google or another (free) mail provider, but - and with the providers of any of the free services in general - getting support when something goes weird is far from certain.

• My Time Capsule has just failed, 2 months after the end of 12m warranty. same old known power supply issue, "just unlucky" says my local Apple service center. ***?

  i bought a 2TB Time Capsule in Sep 2010. its just failed last week, less than 2 months after the expiry of the 12month warranty.
  and 3 months after the end of Apple's offer to replace all the many Time Capsules that have failed previously due to this same fault.
  nice timing guys.
  "yeah, its dead. same old known power supply issue", says my local Apple service center, "just unlucky".
  huh? "unlucky"? you sell products with known defects, and when it fails i'm "unlucky". nice.
  "OK, anyway, how much to fix it ?", i ask.
  "you can't fix them, its closed", is the reply, "you have to buy another one".
  "hmpf. OK, how do I get my backed-up data off it ?"
  "you can't. we could try break it open and recover the hard disk i guess, but no guarantees we'd get it, and you'd have to pay for us to do that, whether it works or not of course".
  "er.... is there a hidden camera in here? are we on TV? you can't be serious ? ..and this piece of garbage is what i've been using for a secure backup of my precious, irreplaceable, priceless personal data  ???"

  ceeb28744.  Welcome to the Apple Users Support Community.  Sorry to hear your TC died!  You said it was a 2TB so I would guess it be the model A1355/MB997LL/A or MC344LL/A.  Believe it or not all users of these time capsules will eventually experience this problem like you have.  There is a 99.5% (or better) chance that the only thing that is wrong with it is the internal power supply.  If you will go to this site.... https://sites.google.com/site/lapastenague/a-deconstruction-of-routers-and-modem s/apple-time-capsule-repair  and once there look over at the left side and you will find:
  Apple Time Capsule Repairers    and from that list you will be able to choose from a list of individuals that could repair your TC and have it returned to you fully operational again.  The individuals on the list are hardware technicians and they can save you a lot of money and time.
  Larry