Developer role to the application user
Hi All,
We have developed an application, for which we are storing users with different roles in database table.
What I am trying to achieve:
If the user with admin role logs into our application, the Apex developer toolbar should get visible to him/her for editing the page. (In other words, Our Application Admin user should be treated as Apex developer).
Can someone explain how can this be achieved?
Thanks,
Pooja
Note: Our application is Oracle SSO protected.
Application Express 3.1.1.00.09
Database : 11g
Pooja - The developer toolbar will appear only if a developer has already authenticated to the apex development environment in the same browser process in which the application is being accessed and then only if the authenticated username in the application matches that used to access the apex development environment and then only if the application being accessed belongs to the same workspace as the workspace to which the developer authenticated.
So there is no way to do what you described.
Scott
Similar Messages
-
How to assign single responsibity to all the applications user?
how to assign single responsibity to all the applications user?
Thanks in advanceUse FND_USER_PKG.AddResp
How to use FND_USER_PKG.AddResp
Re: How to use FND_USER_PKG.AddResp
single responsibility to all users
Re: single responsibility to all users -
Query to find the application user
Hi,
what is the query to find the application user in sql command?
I tried the below query
select app_user from dual;
app_user invalid identifierthanks.Use bind variable notation:
select :app_user from dualThis is a reduced example, right? Can't see any reason to run such a query instead of using one of the documented methods of referencing built-in substitution values.
Please try to use the documentation to answer such basic questions. -
How do you hide Excluded Roles from the End User (8.1) ?
We have 2 Buisness Roles: Employee and Contractor. They are excluded from each other, meaning if you have one of the roles, you cannot be assigned the other role.
When a user logs into 8.1 to the OOTB "Update My Roles" WF, they see their Available Roles for selection.
These available roles listing includes the excluded roles.
So when a user with the Contractor role logs in, they see the Employee role as an available role.
If the Contractor user tries to add the Employee role, they will get an error due to the role exclusion.
I know it is possible to hide the excluded roles from the end user, but don't know how.
Does anyone know how to hide the excluded roles from users?
Thanks.Hi
I may have misread your first comment but I totally agree with your response.
If the user has capabilities over multiple organizations it will show all roles, whether exclusion or not. (Been confirmed that this is how it is designed to work)
What could be done is when selecting a user is a specific organization, you could have a rule that only shows up the Business roles that are associated with that organization. So although you have the capabilities over all organizations you only see the roles that are available to the organization where the user is your are updating.
An idea anyway
Ian -
SSRS How to grant BROWSE permission for reports for all the application users?
Hello,
Problem Statement
I need to allow all of my application users to browse the SSRS reports via logging onto the Report Manager and to some other I even want them to use Report Builder to modify & upload the report.
How could I achieve this.
Environment & Current implementation
We use SQL Server 2012 reporting services.
Custom authentication has been implemented using IAuthenticationExtension Interface. For more details, please refer
this msdn link.
Currently, for each new user created in the application, the admin has to manually give BROWSER role to the username to enable that newly created user to browse the reports.
Is there any way in which we can give "everyone" the BROWSE permission and get rid of this manual permission granting process?
Please feel free to ask for any additional information you need to help me on this issue.
Thanks!
-Vinay Pugalia
If a post answers your question, please click "Mark As Answer" on that post or
"Vote as Helpful".
Web : Inkey Solutions
Blog : My Blog
Email : Vinay PugaliaHi vinaypugalia,
According to your description, you want to grant permissions for users to access report server in a batch, right?
In your scenario, you can use
script files( AddItemSecurity.rss and ConfigureSystemProperties.rss )with the Reporting Services SOAP API to assign permissions. It’s better that you add those users to a user group then run those script.
Similar thread for your reference:
SQL script to grant user permissions for SQL Server Reporting Services
Programmatically adding users to SSRS?
If you have any question, please feel free to ask.
Best regards,
Qiuyun Yu
Qiuyun Yu
TechNet Community Support -
Hi,
I have posted this in another large thread under the "Windows 8 General" group but have not had any appropriate feedback from MS.
After hours of testing and working with other users I have managed to isolate a simple situation that breaks all metro ui applications within Windows 8 for all users on the machine. Here are my exact steps and notes.
Before continuing if you are running Avast then your solution may be to turn of the behaviour shield functionality as this also breaks metro apps. This is NOT the problem we are having!
I have performed 3 cleans installs after isolating the problem and am able to reproduce the issue every time using the same steps on two different machines.
First thing to say is that for us it has nothing to do with simply joining the domain, domain/group policies nor does it appear to have anything to do with the software we installed, the problem here is much more simple but the result is pretty terrible.
Here are my exact steps of what I did to reproduce our problem:
Complete format of HDD in preperation for a clean install
Clean install performed
Set up the machine initially with a local account
Test metro apps - all working fine
Open control panel from the desktop, click on System, change the system to join the domain, click reboot
Log into the system using my domain account
Test metro apps - all working fine
Here's were the problem starts. I need my domain account to have admin rights on the local machine so I can install programs without the IT men having to come over and enter their password every 5 mins.
I go to control panel via the desktop and click on User Accounts. From with here I then click on "Manage User Accounts". This requires the IT guys to enter their details to give me access to such functionality. This is fine
In the dialog box that opens I can only see the local user that was initially created during setup. The "Group" for this local account shows as "Administrators" - Image included below (important to note that metro apps are working at this point)
I click add and then add my domain account - also giving it administrator access
Sign off or reboot to ensure the new security is applied
Sign back in to the domain account
Test metro - ALL BROKEN
Sign out
Sign in as local account
Test Metro - NOW ALL BROKEN FOR THIS USER ALSO
So as soon as I add my domain account to the local user accounts and set it as admin it breaks all metro apps for all users. This is on a totally clean install with nothing at all installed other than the OS.
Annoyingly if I go back and change the domain account to a standard user or if I totally remove the domain account from the local account management system the problem does not go away for either user. basically it is now permanently broken. The only fix I
could fathom was a full re install and not giving the domain user admin access to the local machine.
Screen one - this is the local user accounts window AFTER joining the domain and logging in with my domain account (All metro apps working at this point)
Screen 2: User accounts AFTER joining the domain and AFTER adding domain account to local user management (METRO BROKEN)
I have isolated my machine from all group policies so nothing like that is affecting me. Users I have spoken to in different companies have policies that automatically add users to the local user management. This means that metro apps break as
soon as they join the domain which leads them to wrongly think it is group policies causing the error. Once they isolate themselves from this they can reproduce following my steps.
ThanksHi Juke,
Thank you for the response and apologies for the delay in getting back to you. My machine was running a long task so I couldn't try your suggested solution.
I had already tried running the registry merge suggested at the top of the thread to no avail. I had not tried deleting the OLE key totally so I did that and the problem still exists. I will post all the errors I see in event viewer below. For
your info, since posting my initial comment I have sent out my steps to 7 different people and we can all reproduce the problem. This comes to 10 different machines (3 of them mine then the other guys) in 3 different businesses / domains. We see the same errors
in event viewer.
Under "Windows Logs" --> "Application" : I get two separate error events the first reads "Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional
information." The second arrives in the log about 15 seconds after the first and reads "App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time."
Under "Windows Logs" --> "System" : I get one error that reads "The server Windows.Store did not register with DCOM within the required timeout."
Under "Applications And Services Logs" --> "Microsoft" --> "Windows" --> "Apps" --> "Microsoft-Windows-TWinUI/Operational" : I get one error that reads "Activation of the app winstore_cw5n1h2txyewy!Windows.Store for the
Windows.Launch contract failed with error: The app didn't start."
If you require any further information just let me know and I will provide as much as I can.
Thanks -
Oracle 10g - Database does not respond to the application users
Hi all,
I am using ORACLE 10g database with 75 users connections 50 local and 20 remote users using ADSL and dial up modem. Operating system on server is
Windows 2003.
All of a sudden users making the entry get disconnected getting the error as
ORA-12516: TNS:listener could not find available handler with matching protocol stack
Other case users when using the appliaction get their PC hanged and connection
to oracle fails again. they cannot login to the application that time, the error is
ORA-04031: unable to allocate %s bytes of shared memory ("%s","%s","%s","%s")
Twice a day the users trying to login cannot access the database server.
Front end application is in VB using exe file. When the users cannot logon
to the database. I manually stop the ORACLE services(including DB console) and
then stop the listener.
This practice is going on since last two months.
Server Scenario
After Installing Oracle Standard Edition 10g.
System tablespace utilization is 98.5% which is 465 MB out of total 470 MB.
There is only one Rollback Segment named as SYSTEM.
when we install 9i 4 rollback segments as RO1, RO2, RO3, RO4 are created
by default.
Do I need to add the datafile to SYSTEM table space as its current usage is 99.15% and its auto extend is ticked on using auto extent as 10 MB. I tried adding another datafile during weekend downtime. when I resumed on saturday morning I found it did not add any datafile which I had put on thursday eveninig as system02.dbf.
Do I need to add a new datafile to the SYSTEM tablespace ?
Do I need to create new rollback segments apart from SYSTEM rollback segment ?
My current schema size 15360Mb with its usage as 9.32% (1432.25 Mb).
Please reply !!!Hi Paul
My Server configuration is
Compaq ML 370
3.4 Ghz Processor
3.5 GB RAM
SQL> show sga
Total System Global Area 171966464 bytes
Fixed Size 787988 bytes
Variable Size 145488364 bytes
Database Buffers 25165824 bytes
Redo Buffers 524288 bytes
SQL> select * from v$sgastat;
POOL NAME BYTES
fixed_sga 787988
buffer_cache 25165824
log_buffer 524288
shared pool subheap 55600
shared pool KQR L SO 218160
shared pool KQR M PO 1329244
shared pool KQR M SO 605364
shared pool KQR S PO 164156
shared pool KQR S SO 6144
shared pool KTI-UNDO 1235304
shared pool sql area 5368208
shared pool KGLS heap 1597560
shared pool joxs heap 6004
shared pool row cache 3707272
shared pool parameters 17520
shared pool repository 19396
shared pool ASH buffers 4194304
shared pool free memory 16586072
shared pool PL/SQL DIANA 679456
shared pool KSPD key heap 4220
shared pool PL/SQL MPCODE 1167992
shared pool library cache 11368964
shared pool miscellaneous 25942980
shared pool pl/sql source 88
shared pool PLS non-lib hp 29816
shared pool XDB Schema Cac 3594144
shared pool alert threshol 3460
shared pool joxlod exec hp 355820
shared pool table definiti 5880
shared pool temporary tabl 4932
shared pool trigger defini 12848
shared pool trigger inform 1892
shared pool type object de 20256
shared pool private strands 1198080
shared pool event statistics per sess 4384640
shared pool fixed allocation callback 304
large pool free memory 8388608
java pool joxs heap 233856
java pool free memory 44743296
java pool joxlod exec hp 5354496
40 rows selected.
SQL> select segment_name, owner, status
2 from dba_rollback_segs;
SEGMENT_NAME OWNER STATUS
SYSTEM SYS ONLINE
_SYSSMU1$ PUBLIC ONLINE
_SYSSMU2$ PUBLIC ONLINE
_SYSSMU3$ PUBLIC ONLINE
_SYSSMU4$ PUBLIC ONLINE
_SYSSMU5$ PUBLIC ONLINE
_SYSSMU6$ PUBLIC ONLINE
_SYSSMU7$ PUBLIC ONLINE
_SYSSMU8$ PUBLIC ONLINE
_SYSSMU9$ PUBLIC ONLINE
_SYSSMU10$ PUBLIC ONLINE
SEGMENT_NAME OWNER STATUS
_SYSSMU11$ PUBLIC ONLINE
_SYSSMU12$ PUBLIC ONLINE
_SYSSMU13$ PUBLIC ONLINE
_SYSSMU14$ PUBLIC ONLINE
_SYSSMU15$ PUBLIC OFFLINE
_SYSSMU16$ PUBLIC OFFLINE
_SYSSMU17$ PUBLIC OFFLINE
_SYSSMU18$ PUBLIC OFFLINE
_SYSSMU19$ PUBLIC OFFLINE
_SYSSMU20$ PUBLIC OFFLINE
_SYSSMU21$ PUBLIC OFFLINE
SEGMENT_NAME OWNER STATUS
_SYSSMU22$ PUBLIC OFFLINE
_SYSSMU23$ PUBLIC OFFLINE
_SYSSMU24$ PUBLIC OFFLINE
_SYSSMU25$ PUBLIC OFFLINE
_SYSSMU26$ PUBLIC OFFLINE
27 rows selected.
Currently AUTOEXTEND is ticked as on for SYSTEM tablespace and its size is showing as 99.16% (466.06 mb) used which is very much nearing to its full capacity of 470 mb.
Currently 75 users - 50 Local users and 20 Remote Users are connected to the server. Is there any limit that Server should have limited connections.
Server has Windows 2003 Standard Edition. Has Windows 2003 anything to do
with the no. of users getting connected ? -
Hi All,
Currently, I am working on AII 5.1 Slap and Ship Outbound scenario and got the document from the service marketplace under http://service.sap.com/rfid -> SAP AII 2007.
Under Activating HTTP Services(Page no: 9 - 9th step) section , we have to provide the System user. May I know what all roles we have to assign for that user?
Regards
SaraHi Sara,
We need to use a System/Communications User in there. Though there is no clear thought on what authorizations are required for the same.
You can ask your basis guys to give a Systems user for restrictive access. This might be based on the policy of the basis team of what auths are generally given for a System user for a restricted use. You can use the same.
If this causes problems you can assign the user, the AIN related admin roles mentioned in the same document. This will work.
I have created a user called ALEREMOTE which is of the type Communications data with profile assigned SAP_ALL. This works for me perfectly.Though if you want you can give in a restricted access to as i have already mentioned. -
Concurent Manager: who is the application user, responsibility
Hi,
I want to create a conc. Manager, but i dont know which passwort + Application+ Application user+ Responsibilty must i give to be able to test the connection.
Do anyone know about the credentials.
Thanks
mandiHi Mandi
The view has an error below, it was updated internally (I'll get it refershed), you should use the APPS schema/user and its password. It is possible to setup other database users, but I think its a fairly complex process. The responsibility is one of the respective Apps responsibilities, for example the demo simply uses the priv SYSTEM_ADMINISTRATOR.
http://www.oracle.com/technology/products/warehouse/htdocs/concmgr/owbconcurrentmanager_viewlet_swf.html
Cheers
David -
Create User Activity: How to add Roles to the new user
Hi all,
My Problem is Using LC Workbench I have created one process it is having Create User Activity. I am able to creating the new user with this process.
But I dont have idea how to add roles to that new user? Please anybody can help me out
Thanks in advance.Hi,
I used Built-in Componets till now, Please help me out What are the steps needed to implement a custom componet.
Thanks in advance -
What Roles should the gwconnector user have in CRM
Hi Guys,
I have setup GWConnector etc and have assigned GWConnector user with full admin rights on the CRM system.
I cannot find any document that tells me what roles this user must have etc?
Could one of you guys either tell me what they should be - or point me to the right documentation as itu2019s not in the groupware setup guide only the AD stuff?
ThanksHoneslty, that is up to you. I have customers that start off WLC and AP all in the same subnet, but it is not necessary. I also have customers that put the WLC mgmt in the 'server' VLAN, and the AP in their own.
IMHO, I like the WLC to be in 'server' or 'secured' VLAN, then I put the AP in their own VLAN that is locked down to only getting DHCP and talking to the WLC. that way if someone unplugs an AP and connects something they can't get anywhere.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Question About Roles for the viewonly user
Hi I am trying to configure user with viewonly permissions to WLI 10.3 worklistconsole (worklist console-> view tasks). i did add the following groups to the user.
Monitors
Operators
Integration Monitors
Integration Operators
Integration users
i am able to start/stop servers (Admin Server,ms1 and ms2) but unable to view worklist console tasks.
Any help will be appriciate
Thanks
Ksr
Edited by: ksr11 on May 24, 2010 3:01 PMRecycle domain fix the problem
-
Oracle Security - Controlling the 'alter user' privilege
Hi,
1. DB 10.1.0.5 and 10.2.0.3
2. "Admin User" needs to be able to change some users passwords in database.
3. Create user adminuser - grant alter user to adminuser.
4. DBAs will grant "approle" role to list of required users. DBAs will maintain control of who gets this role.
4. Create system trigger on alter database - will prevent "adminuser" from changing passwords for accounts not authorized - Script does not fire for DBAs and anyone changing their own password.
The trigger works as intended - the "adminuser" account can only change the specific set of users.
Question: We've discovered that the "adminuser" can also use the "alter user" privilege to change default tablespace and tablespace quota. User should only be able to change password.
Anyone have ideas on adding to the trigger to make sure the "adminuser" is only altering the password?
I am playing with the ora_is_alter_column system event, thinking that maybe the password column in user$ would be changed but so far I can't get this to work: Here is my trigger --
CREATE OR REPLACE TRIGGER SYS.PASSWORD_CONTROL AFTER ALTER ON DATABASE
DECLARE
DBACHK varchar2(50);
USRCHK varchar2(50);
BEGIN
BEGIN
-- Ensure users can change their own passwords --
IF
ora_login_user = ora_dict_obj_name
THEN
RETURN;
ELSE
-- Do not apply trigger to DBA group --
select grantee into DBACHK from dba_role_privs where granted_role='DBA'
and grantee = ora_login_user;
IF
DBACHK = ora_login_user
THEN
RETURN;
END IF;
END IF;
EXCEPTION
WHEN NO_DATA_FOUND
THEN
NULL;
END;
BEGIN
select grantee into USRCHK from dba_role_privs where
granted_role='DISCUSR' and grantee = ora_dict_obj_name;
IF
ora_dict_obj_type = 'USER'
and ora_dict_obj_name = USRCHK
---- Need to check that only the password is being change -- the line below does not work
and ora_is_alter_column('PASSWORD') = TRUE
THEN
RETURN;
ELSE
RAISE_APPLICATION_ERROR(-20003,
'You are not allowed to alter user.');
END IF;
EXCEPTION
WHEN NO_DATA_FOUND
THEN
RAISE_APPLICATION_ERROR(-20003,
'You are not allowed to alter user.');
END;
END;user602453 wrote:
Ed, thank you for your reply. But, let me explain in more detail.
More detail is always helpful. ;-)
>
A specific user has been assigned as the application administrator. This admininstrator is responsible for reseting application user passwords. The DBA (me) recognizes the DB security issues so I am trying to craft a solution that will allow the application administrator the ability to change only the password of the application users.
I see that this may be out your hands, but I'd still question the wisdom of having an apps administrator being the one to change user passwords. Especially if that were a model where the users couldn't change their own passwords. I might accept it if the app admin were acting more of a helper to a clueless user.
Since the only way to change user passwords is to grant the 'alter user' privilege I need a system trigger to keep the user from changing non-application user passwords. Also, because I support nearly 100 production databases that support about 35 different applications I need a solution that can apply to multiple databases. I've been assured that there will only be one administrator charged with resetting passwords.
So,
Given those requirements, I have this trigger that will allow the the specific administrator to change the password of a specific set of user while not impacting DBAs or people wanting to change their own password. The way I've implemented this is to create a "dummy" role and assigning the role to the application user. The trigger will allow the administrator to change the password only if the user has the role assigned. The role has no privileges, it is just a way to "mark" the user as an application user. The administrator cannot grant this "dummy" role, only the DBA can.
Hope that clears things up.I still see another problem in that it still comes back to the dba to create the apps user in the first place, and to assign that dummy role to the user. Also, I'd hope that this proposed apps admin user is a role assigned to a real user. If not, as I mentioned before, you have no real accountability to who is using that account. Simply saying "it shall not be shared", even if written in corporate policy, won't secure it, and you won't be able to trace it. Well, you could turn on auditing and capture the OS userid in the audit log. -
Propagating users/Groups/Roles into partner application
I am very newbee to portal development. I have a following need.
I want to use Single SingOn feature of Portal. Once the user logged in to the portal via SSo, there may be several applications(within the portal) to which S/He may have access to. Based on who S/He is, may have different level of authorization to what S/He can do into different applications within the portal. How I can make use of user entered for Single Signon, propagate to the application level inside the portal.
My understanding so far with the portal is that you can develop a portal which has web clipping portlets, external/internal applications, items etc. When we create the users and groups and assign roles to the users, it is limited to the portal front page that we publish to public.
My problem is further down, into different applications which I expose with the help of portlet or by any other means. And have control over in that particular application(individual), which portion of the application users should be able to see or take any action.
Your help is highly appreciated.Any one has a clue?
-
How to access the mapping of Groups and Roles in the JAVA Application
We have mapped the EJB roles with the groups through the Visual Administrator. We have developed the SSO. We have developed the application through which we are creating the user and role and mapping that role with the created user. The created role is saved in some LDAP directory. The second application in which ejb methods are mapped with some security roles.The LDAP roles we are getting in Netweaver as groups and we can perform the mapping of the deployed ejb roles with the group.Now for the logged in user we want to get the roles mapped with it so that we can give/deny the access to the methods from EJB as per the role of that user .How we will get the access to the mappings of the roles with the group in the application, if I know the LDAP roles mapped with the user (since these roles are accessible as groups in the NetWeaver)
For e.g. From application created the user with the role as "manager". This role is stored in iPlanet directory.
This directory is mapped in the Netweaver.The manager role is displayed as the group in the Netweaver.
Created the EJB application with the method "displayTheAccountDetails() with the role as "ManagerRole"
This role is mapped with the manager group. Now we are having the details about the logged in user and the LDAP roles mapped to it (maneger role). How I will get the access to the details that for this group which ejb role is mapped in the application. So depending on that I can allow/deny the access to the ""displayTheAccountDetails()" method to the logged in user.Do you, guys, work together?
See the last answer in this thread: How database works in UCM?
Maybe you are looking for
-
Error while changing the UoM in material master
Hi experts.... I am not able change the UoM in the material master. Even if, all the PR , PO and reservations are cancelled . It still gives me error message " Manual Reservations already exists " Thanx Ganesh
-
Not able to display the Node context attributes to table
Hi Friends, Issue: Currently i am reading the Node parameters and assigning the parameters to the Context of the mainView. Then displaying the attributes into table here i am using a iterator to fetch the attributes. But its reading only one record t
-
It *****, iTunes 11.1.2 always autostarts and plays music after a while. killall iTunes helps. For about 5 minutes or so. Magic Trackpad stops. Mouse pointer hangs. The only way is to disconnecting and reconnecting the Pad. I think there are Bluetoot
-
Aggregating SD and Project Systems data
Hi, We are using Project systems and SD in R3 and I have 0PS_C04 activated for standard PS reporting. I now need to combine the PS orders and also the SD orders and report on the orders, costs and all create a common report. Also, this report needs t
-
How to change file content in JAR
I'm deploying a Java application using Webstart based on different jars. One of the jars contains a 'config' file. The config file contains paths to databases. The idea is that the user can change these paths (or other settings) using the application