Deleting roles, expiring users and locking them

Similar Messages

• Differences between Roles, Schemas, Users and Logins.

  I need differences between Roles, Schemas, Users and Logins. Can anyone help me. Thanks in advance

  Roles:
  I think of creating roles in the database to group users of like
  function.  Roles are granted certain permissions in the database.  You
  should become familiar with the fixed database roles since these will be
  utilized once you start creating users within the database.  Also, once
  you see the type of permissions that are granted to each role, is makes
  more sense.
  Schema: there can be several schemas in a database,
  which will house different types of objects such as tables, indexes,
  stored procedures, functions,  etc.  Users own schemas.  Looking into
  the AdventureWorks database illustrates this concept, with several
  schemas like HR, Production, etc.
  Login: Think about login as
  gaining access to the SQL Server instance.  If a user account is not
  granted any permissions within the instance, you basically just were
  able to unlock the door and enter the room, by creating a user you then
  grant access to the database objects or principals, and can begin to
  work with them. 
  Users:  Users own schemas, and as such will be
  able to manipulate the objects they own.  Some of the manunipulations
  are very permissive, such as creating tables, indexes, stored
  procedures, functions, etc.  These are developers and administrators.
  Users
  are created and granted permissions for application use, which will
  have select, update, insert, and delete and execute permissions  to a
  finite set of objects in the schema, for which the application will need
  to function properly.
  In a client server database, as an
  example, of the structure.  Roles were defined which provides the
  permissions to the database objects in the database, which only has one
  schema 'dbo'. One SQL server login was created with the same username,
  and dbo is the assigned default schema, and the roles assigned to that
  username. 
  In the application, each specific user is given there own
  "application" login which is mapped to the one defined sql server
  login.
  Ahsan Kabir Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread. http://www.aktechforum.blogspot.com/

• Unable to delete Role from User ID in SAP SOLMAN production system but able to from DEV with the same authorization, pls suggest

  unable to delete Role from User ID in SAP SOLMAN production system but able to from DEV with the same authorization, pls suggest

  Hi,
  For SU01 role removal, you do not need S_USER_AGR with 02, and as you mentioned both authorizations available in production, if so trace should not show you the S_USER_AGR with 02 with RC=04.
  I would recommend to do role comparison for the user performing the activity. and then check if you have the S_USER_AGR with 02 in user buffer SU56.
  But ideally it should not ask you S_USER_AGR for 02 through SU01, so please take help of abaper to debug it.
  Also put trace in non-prd to see if S_USER_AGR is getting checked with 02 for removal through SU01.
  BR,
  Mangesh

• Assignment pfcg-role to user and assignment pfcg-role to business role

  Hello, Gurus!
  What is the difference between direct assignment pfcg-role to user and assignment pfcg-role to business role? What is the effect from assignment pfcg-role to business role?
  As  I see authrizations from pfcg-role assigned to business role have no effect to user...
  Best regards,
  Artuк Litvinov.

  Artur,
  The business role assignment does not give a user that PFCG role.  Instead it is just a mapping table and does nothing more. 
  Therefore that UIU_COMP auth object must exist in the PFCG roles assigned to the user in order for them to use the webclient.  In your scenario let's do the following:
  You have pfcg roles:
  RA
  RB
  You a have business role
  B1
  You have users:
  Joe
  Jack
  Business Role B1 is assigned to role RA which contains UIU_COMP.
  User Joe gets business role B1 and roles RB which does not have UIU_COMP.  This will not let him use the webclient.
  User Jack gets business role B1 and pfcg role RA.  This will work because everything is there.
  This means you need both the correct PFCG plus business role setup to make it work properly.
  Take care,
  Stephen

• Assigning Roles to Users and Groups

  Hi,
  We have installed EP 5.0 SP4...with Content Management...we configured the LDAP to Portal......all the users are maintained through LDAP only...the problem is assigning the Role's to user..here in portal how to assign the roles to the users...we are not getting the Role assignment option under Portal Admin TAB..is there any way to configure the roles to User's are Group's.....
  it is an urgent assignment for me..help can be appreciated...
  sudhir

  Sudhir,
  You can assign the roles to users and groups as below.
  1. Select the System Administration in the top level navigtion
  2. Select user administration
  3. You can search for a specific user or a group from this iView.
  4. Use the edit button to edit the profie of the user or group.
  5. Search for the role in the search iView.
  6. Add the role to the user of group and save.

• How to create mass users and map them to existing  hrms users

  Hi,
  Im running oracle ebusiness suite 12i . I want to create mass users , and map them to existing hrms users.
  The users I want to create exist in an excel spreadsheet with the columns employee id, user name. They will all be granted the same responsibility. I want to map them to existing hrms users using the employee id key.
  I have read about the package FND_USER_PKG.CREATEUSER and I can loop over it by using sql loader to create a temporary table, but I m lost on how to automatically map them to hrms users as part of the script.
  Any help.
  dula

  Thanks a lot Omka,
  I managed to create the users by running the script:
  declare
  Cursor C1 is
  select d.product_code,b.responsibility_key from FND_USER_RESP_GROUPS_ALL a,fnd_responsibility b,fnd_user c,fnd_application d
  where a.user_id = c.user_id
  and a.responsibility_id = b.responsibility_id
  and b.application_id = d.application_id
  and c.user_name ='JOCHIENG';
  Cursor employee is
  SELECT EMPLOYEE_ID,EMPLOYEE_NAME from eldoret_final;
  BEGIN
  for e in employee loop
  fnd_user_pkg.createuser
  x_user_name => e.EMPLOYEE_NAME
  *,x_owner => ''*
  *,x_unencrypted_password => 'welcome123'*
  *,x_start_date => SYSDATE - 10*
  *,x_end_date => NULL*
  *,x_description => 'CBK Employee'*
  *,X_EMPLOYEE_ID => e.EMPLOYEE_ID*
  fnd_user_pkg.addresp(upper (e.EMPLOYEE_NAME),'PER', 'CBK_EMPLOYEE_DIRECT_ACCESS','STANDARD', 'DESCRIPTION', sysdate, null);
  end loop;
  commit;
  end;
  I had first created the user JOCHIENG and assigned it the responsibility for Self service. So the script just assigns the responsibilities by copying from the one assgined to this user.
  Everything seems ok. However, when trying to log in as the new user, the login error: Login failed. Please verify your login information or contact the system administrator.
  is returned. But I can reset the password using the forms under Security > Define. Even with the correct password, the login doesn't go through.
  Any idea?
  dula

• I am creating a request for proposal form and I need to add a commission structure field.  I created a table using the ranking field and now I need to delete the "dots/buttons" and turn them into text fields, is this possible?

    I created a table using the ranking field and now I need to delete the "dots/buttons" and turn them into text fields, is this possible?

  It sounds like what you are trying to do is edit the choices in a likert field to something other than the default radio button. This is not something that you can do in Formscentral at this time.
  Andrew

• I accidentally deleted the admin user and it wiped out everything, luckily it wasn't much, but is my computer going to be completely overloaded with data from the last user? for example, i had to redownload microsoft 2011 do i have little space now?

  i accidentally deleted the admin user and it wiped out everything, luckily it wasn't much, but is my computer going to be completely overloaded with data from the last user? for example, i had to redownload microsoft 2011 do i have little space now?

  i accidentally deleted the admin user and it wiped out everything, luckily it wasn't much, but is my computer going to be completely overloaded with data from the last user? for example, i had to redownload microsoft 2011 do i have little space now?

• HT201365 What if the device that has been stolen or lost is not connected to wifi? Can we still track them and lock them up?

  What if the device that has been stolen or lost is not connected to wifi? Can we still track them and lock them up?

  Frozen or unresponsive iPad
  Resolve these most common issues:
      •    Display remains black or blank
      •    Touch screen not responding
      •    Application unexpectedly closes or freezes
  http://www.apple.com/support/ipad/assistant/ipad/
  iPad Frozen? How to Force Quit an App, Reset or Restart Your iPad
  http://ipadacademy.com/2010/11/ipad-frozen-how-to-force-quit-an-app-reset-or-res tart-your-ipad
  What to Do When Your iPad Won't Turn On
  http://ipad.about.com/od/iPad_Troubleshooting/ss/What-To-Do-When-Your-Ipad-Wo-No t-Turn-On.htm
  iOS: Not responding or does not turn on
  http://support.apple.com/kb/TS3281
  iPad: Basic troubleshooting
  http://support.apple.com/kb/TS3274
   Cheers, Tom

• Create users and assigning them security on the Entity dimension

  Hi All,
  I’m working with Hyperion ESSBASE 11.1.1.3 and Hyperion Planning 11.1.1.3 and I have a problem related to create new users (without admin permissions) and assigning them security on the Entity dimension.
  When I access with these users to a Dataform in Planning appears these message:
  “Security and/or filtering has resulted in a required dimension not being represented on this data form”
  I have followed these steps:
  - I have created new users (Native Directory) and provision them against essbase and the planning application in Shared Services.
  - I have expanded the essbase server > security > refresh security from shared services > all users.
  - I have assigned security roles in all members of Entity dimension in Planning.
  - I have refreshed database and security filters in Planning.
  Please help
  Thanks a lot in advance

  Hi,
  You will have to apply security to all the standard dimensions and not just entity, so that will be account, entity, scenario and version.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• View chat history for all users and prevent them f...

  "I need to be able to view chat history for all users in the organization and prevent them from deleting their chat history.  This needs to be done form a centralized admin portal and not on each workstation. I don’t see that as possible with Skype for Business.  If it is please let me know. That is a must-have. The rest I can work around. "
  Can anyone please provide documents that confirm if its possible or not.
  Thank you

  You can reset a VIs rev history using VI Server to load the vi and a method to reset. See attached (LV 8.6)
  Now is the right time to use %^<%Y-%m-%dT%H:%M:%S%3uZ>T
  If you don't hate time zones, you're not a real programmer.
  "You are what you don't automate"
  Inplaceness is synonymous with insidiousness
  Attachments:
  Reset VI History.vi ‏9 KB

• How can i delete messages on iMessage and have them STAY GONE?

  How can I delete messages from my iPhone and have them STAY GONE and not have them show up on my computer or iPad? Same thing, how can I delete from any of these and have them NOT show up on the other devices? If I delete on one, it stays on the other. It's a constant circle of deleting messages? I want them gone when deleted.  Maverick. iPad4th iPhone 5
  Thanks.
  Sandy

  Hi,
  First off.
  The "Sync" as Apple calls it is only "Display on all Devices" and nothing more.
  Deleting it on one device will not delete it on another.
  On the Mac the iMessages are stored in ~/Library/Messages in file called chat.db with a couple of supporting database items alongside.
  If you "close"  or remove the chat in the list in the Messages window (the x when you mouse over the name and pic) then the iMessage will "return" as an "Aid Memoire" to the previous conversation.
  This is local on your Mac and is nothing to do with any 'sync' over the iMessages servers.
  The longest time I have experienced was using my iPhone on a hotel WiFi on a Friday evening away form home and picking up those same iMessage on Sunday evening when I turned my Mac on.
  The iMessages servers "push" the iMessages to the devices it thinks are Registered.
  However this only happens once.  When the device has the iMessages the servers stop sending it.
  This is to stop what you seem to describe - the endless attempt to delete the same iMessages.
  It is more likely you are talking about the "history" feature.
  9:56 pm      Friday; February 7, 2014
    iMac 2.5Ghz 5i 2011 (Mavericks 10.9)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
   Couple of iPhones and an iPad

• I have just had my iPad stolen. I by mistake pressed delete rather than find and lock. It has not been activated. Can I remove delete and get it set to locate and lock now.

  Please can somebody help me. I have just had my iPad stolen. Used I could to try to locate it buy pressed delete by mistake. Any e
  Way to reverse this and then use locate and lock instead.

  What To Do If Your iDevice Is Lost Or Stolen
  If you activated Find My Phone before it was lost or stolen, you can track it only if Wi-Fi is enabled on the device. What you cannot do is track your device using a serial number or other identifying number. You cannot expect Apple or anyone else to find your device for you. You cannot recover your loss unless you insure your device for such loss. It is not covered by your warranty.
  If your iPhone, iPod, iPod Touch, or iPad is lost or stolen what do you do? There are things you should have done in advance - before you lost it or it was stolen - and some things to do after the fact. Here are some suggestions:
  This link, Re: Help! I misplaced / lost my iPhone 5 today morning in delta Chelsea hotel downtown an I am not able to track it. Please help!, has some good advice regarding your options when your iDevice is lost or stolen.
    1. Reporting a lost or stolen Apple product
    2. Find my lost iPod Touch
    3. AT&T. Sprint, and Verizon can block stolen phones/tablets
    4. What-To-Do-When-Iphone-Is-Stolen
    5. What to do if your iOS device is lost or stolen
    6. 6 Ways to Track and Recover Your Lost/Stolen iPhone
    7. Find My iPhone
    8. Report Stolen iPad | Stolen Lost Found Online
  It pays to be proactive by following the advice on using Find My Phone before you lose your device:
    1. Find My iPhone
    2. Setup your iDevice on iCloud
    3. OS X Lion/Mountain Lion- About Find My Mac
    4. How To Set Up Free Find Your iPhone (Even on Unsupported Devices)

• Creating users and adding them to groups programmatically in Portal 902

  What is the correct process and code needed to create a user and add it to a group programmatically in Portal 9.0.2 and how is it different from what it used to be in 309.
  If anyone has an answer, please let me know and all contributions are really appreciated.
  Thanks

  You can use these procedures.
  procedure Create_User(first_name IN VARCHAR2
  ,last_name IN VARCHAR2
  ,password IN VARCHAR2
  ,email IN VARCHAR2
  ,employeenumber IN VARCHAR2
  ,description IN VARCHAR2
  is
  retval PLS_INTEGER;
  emp_session DBMS_LDAP.session;
  emp_dn VARCHAR2(256);
  emp_rdn VARCHAR2(256);
  emp_array DBMS_LDAP.MOD_ARRAY;
  emp_vals DBMS_LDAP.STRING_COLLECTION ;
  ldap_host VARCHAR2(256);
  ldap_port VARCHAR2(256);
  ldap_user VARCHAR2(256);
  ldap_passwd VARCHAR2(256);
  ldap_base VARCHAR2(256);
  BEGIN
  retval := -1;
  ldap_host := '<you_host>';
  ldap_port := '4032';
  ldap_user := 'cn=orcladmin';
  ldap_passwd:= '<orcladmin_password>';
  ldap_base := 'cn=users,dc=<your_compani_name>,dc=com';
  DBMS_LDAP.USE_EXCEPTION := TRUE;
  emp_session := DBMS_LDAP.init(ldap_host, ldap_port);
  -- Bind to the directory
  retval := DBMS_LDAP.simple_bind_s(emp_session,ldap_user, ldap_passwd);
  emp_array := DBMS_LDAP.create_mod_array(14);
  emp_vals(1) := first_name;
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'cn',emp_vals);
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'givenname',emp_vals);
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'uid',emp_vals);
  emp_vals(1) := last_name;
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'sn',emp_vals);
  emp_vals(1) := employeenumber;
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'employeenumber',emp_vals);
  emp_vals(1) := description;
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'description',emp_vals);
  emp_vals(1) := 'top';
  emp_vals(2) := 'person';
  emp_vals(3) := 'organizationalPerson';
  emp_vals(4) := 'inetOrgPerson';
  emp_vals(5) := 'orcluser';
  emp_vals(6) := 'orcluserv2';
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'objectclass',emp_vals);
  emp_vals.DELETE;
  emp_vals(1) := email;
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'mail',emp_vals);
  emp_vals(1) := password;
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'userPassword',emp_vals);
  emp_dn := 'cn=' || first_name || ',' || ldap_base ;
  retval := DBMS_LDAP.add_s(emp_session,emp_dn,emp_array);
  DBMS_LDAP.free_mod_array(emp_array);
  retval := DBMS_LDAP.unbind_s(emp_session);
  -- Handle Exceptions
  EXCEPTION
  WHEN OTHERS THEN
  DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
  DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
  DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
  end Create_User;
  create or replace
  procedure Add_User_To_Group(user_name IN VARCHAR2
  ,group_name IN VARCHAR2
  is
  retval PLS_INTEGER;
  ldap_host VARCHAR2(256);
  ldap_port VARCHAR2(256);
  ldap_user VARCHAR2(256);
  ldap_passwd VARCHAR2(256);
  ldap_base VARCHAR2(256);
  my_session DBMS_LDAP.session;
  my_message DBMS_LDAP.message;
  my_entry DBMS_LDAP.message;
  my_array DBMS_LDAP.MOD_ARRAY;
  my_vals DBMS_LDAP.STRING_COLLECTION ;
  group_dn VARCHAR2(256);
  user_dn VARCHAR2(256);
  BEGIN
  retval := -1;
  ldap_host := '<you_host>';
  ldap_port := '4032';
  ldap_user := 'cn=orcladmin';
  ldap_passwd:= '<orcladmin_password>';
  ldap_base := 'cn=users,dc=<your_compani_name>,dc=com';
  DBMS_LDAP.USE_EXCEPTION := TRUE;
  my_session := DBMS_LDAP.init(ldap_host, ldap_port);
  -- Bind to the directory
  retval := DBMS_LDAP.simple_bind_s(my_session,ldap_user, ldap_passwd);
  --Find the user
  my_vals(1) := '1.1';
  retval := DBMS_LDAP.search_s(my_session,
  ldap_base,
  DBMS_LDAP.SCOPE_SUBTREE,
  '(&(objectClass=person)(cn=' || user_name || '))',
  my_vals,
  0,
  my_message);
  my_entry := DBMS_LDAP.first_entry(my_session, my_message);
  IF my_entry IS NOT NULL THEN
  user_dn := DBMS_LDAP.get_dn(my_session, my_entry);
  retval := DBMS_LDAP.search_s(my_session,
  ldap_base,
  DBMS_LDAP.SCOPE_SUBTREE,
  '(&(objectClass=orclGroup)(cn=' || group_name ||'))',
  my_vals,
  0,
  my_message);
  my_entry := DBMS_LDAP.first_entry(my_session, my_message);
  IF my_entry IS NOT NULL THEN
  group_dn := DBMS_LDAP.get_dn(my_session, my_entry);
  my_array := DBMS_LDAP.create_mod_array(1);
  my_vals(1) := user_dn;
  DBMS_LDAP.populate_mod_array(my_array, DBMS_LDAP.MOD_ADD, 'uniqueMember', my_vals);
  retval := DBMS_LDAP.modify_s(my_session, group_dn, my_array);
  DBMS_OUTPUT.PUT_LINE(RPAD('modify_s Returns ',25,' ') || ': '|| TO_CHAR(retval));
  DBMS_LDAP.free_mod_array(my_array);
  END IF;
  END IF;
  my_vals.DELETE;
  retval := DBMS_LDAP.unbind_s(my_session);
  -- Handle Exceptions
  EXCEPTION
  WHEN OTHERS THEN
  DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
  DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
  DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
  end Add_User_To_Group;

• Who granted role to user and when

  In Oracle 11g, is it possible to find out who granted a particular role to a user and when? Like maybe from logs?

  SELECT log_mode
    FROM v$databasewill tell you whether the database is running in ARCHIVELOG mode or not. You'd need for the database to be running in ARCHIVELOG mode and to have the archived logs back to the point in time that the role was granted in order to use LogMiner.
  I don't suppose there is any chance that you had enabled auditing of GRANTs prior to the role being granted, is there? That would be the appropriate way to capture that information going forward.
  Justin