Doubt About Security Levels

Similar Messages

• Doubtful about security of oracle's Wrap code!

  Dears
  I am little bit doubtful about security of oracle's own Wrap code like package "sys.utl_smtp" .
  Someone can easily Unwrap it without source code?
  How it possible? whats your opinion about this? please can anybody clear me.
  Regards
  Abdul Halim
  Edited by: Abdul Halim on May 31, 2013 8:14 PM

  Halm, you are operating under the mistaken belief that your code deserves hiding from the customer and competitors to begin with. Why? All you are doing in the code is performing DML. It is not like your application is the only one in the world that performs its function.
  If someone really wanted to they could figure out what your code is basically doing just by looking at the table and file data before and after running the code. By careful manipulation of the data and studying the results they can figure out what is being done and then develop their own specific of the how it is done. One can also look at Oracle's internals as the code is being processed both using Oracle provided views and direct peaking at Oracle's shared memory. Then there are tools like sql trace which will captute the SQL, waits, and binds for the process.
  But all of this is kind of mute in that most shops do not have the talent to write their own unwrapper nor has the shop purchased an unwrapper so if you wrap the code it is going to be secured from most users and competitiors. I would just recommend that potential customers not purchase your product becuase the customer is going to need access to the code either for debugging (bugs will exist in the code) or tuning. Likely both.
  IMHO -- Mark D Powell --

• Basic Doubt about security

  Dear All,
  I am trying to implement following functionality. Can you suggest how i should go about implementing this in actual code.
  I have an J2EE application consisting of swing client and server components deployed on J2EE complient server. Now whenever a client tries to log in to system the username and password info is transmitted to server for authentication. Here i need to introduce a functionality by which password and may be user name is encrypted to before it is sent to app server and then app serve at it's end will decrypt before authenticating the user.
  Now theoritically i am planning to do following : using public/private key encryption. Client will encrypt the required string using public key and send it to server. Server will now decrypt using the private key which is available at it's end. The client and the app server aer on physical different machines. Does this make sense ? And is it correct ?
  Now my questions :
  Is my mechenism correct ?
  How to generate public/private keys ? is it using keytool but what are steps?
  How should transfer of these key take place ?
  If keys are generated using API rather then keytool how to transmit these keys to server?
  If keys are generated using keytool still how to distribute these keys and use the same in the program while doing encyrption/decryption ?
  Kindly reply soon. This is urgent. Thank you in advance
  Sachin

  I would suggest making an SSL connection to the server which verifies the password (and if it is not too computationally intensive, then for data as well). Java 1.4 has SSL functionality built-in (you just need to do some key management on the server end -- if you get a certificate from a provider that is preloaded).

• Doubt About GPO - Security Zones

  I have Windows Server 2008 R2 and GPOXX with settings about Security Zones and run normally.
  I need create another GPOYY with settings about Security Zones different than GPOXX.
  My doubt is: When I create GPOYY and my settings won't occur conflict in my GPOXX? I don't can problem in my environment production in my GPOXX.
  Thanks a bunch!

  Hi,
  >>My doubt is: When I create GPOYY and my settings won't occur conflict in my GPOXX?
  As long as the settings we configure don't conflict with each other, there won't be conflict between GPOs. If the setting in GPOYY and GPOXX conflict with each other, saying we enable a setting in the former GPO and disable the same setting in the latter
  GPO, then there will be conflict and the GPO processed at last will be the winning GPO for applying the setting.
  Regarding group policy precedence, the following article can be referred to for more information.
  Group Policy processing and precedence
  http://technet.microsoft.com/en-us/library/cc785665(v=ws.10).aspx
  Best regards,
  Frank Shen

• The security level is set to High

  Windows 2008R2 terminal Server
  Office 2013
  Adobe Acrobat XI update 9
  When trying to create a PDF from a word document (have not tried other files yet), Adobe hangs for about 2 mins and then gives the following message
  The Security Level is set to High
  Please run the application which created this document, in the "Security Warning" dialog select the check box "Always trust macros from this source" and enable macro's created by Adobe Systems inc
  No 1. There is absolutely no need for an apostrophe in the second instance of the word macros
  Have deployed the Adobe Acrobat Administrative template and enabled the following setting
  'Automatically Trust Sites for Win OS Security Zones' (Elevates the trusted sites list in Internet Explorer to privileged locations so that they may bypass enhanced security restrictions. When enabled, the trust list is a union of IE's trust list and Acrobat's privileged locations list. GUI mapping: Edit > Preferences > Security (Enhanced) > Automatically trust sites for my Win OS security zones)
  - not a fix
  Have exported every digital signature from the pdf office dlls and imported to the computer certificate store - not a fix
  Have disabled every office macro and security setting - not a fix
  Does not matter if the file being converted is on a UNC path, mapped drive, or local drive
  Have added all file locations containing office docs to trusted folders in Word and Adobe - not a fix
  R-Click context menus for combining and conversion work fine however I understand that this uses the Adobe PDF Printer and not the office addons
  Opening a file in Word and converting to a PDF using the Addon is fine as is printing to the PDF Printer
  This issue only occurs from within the Adobe Acrobat Application 'Create file from PDF' and currently only seems to affect Office documents
  I cannot see how to give Adobe any more trust

  Solved
  I was running Office in a 'RunVirtual' environment. This man explains it best
    http://ppe.blogs.technet.com/b/gladiatormsft/archive/2014/02/05/app-v-5-on-run-virtual-rds -run-virtual-virtualizable-ext…
  Essentially Office and Acrobat are installed Natively however all Office Apps are configured to run in a Virtual environment so that Office Addins which are true AppV applications can be linked into Office.
  My 'Empty' 'RunVirtual Office package did not have 'Com Integration' enabled
  Adobe Acrobat makes use of a Com Addin for Office, so Office was unable to expose that to Adobe Acrobat until the 'Empty' 'RunVirtual Office package was updated accordingly

• Assist , how do i allow hosts in inside segment to reach out segment and vice versa taking into account the security levels

  ASA Version 7.0(8)
  hostname BUJ-IT-ASA-LAN-2
  domain-name leo.bi
  enable password MgKXXPviZgW4zhKc encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  dns-guard
  interface Ethernet0/0
  description connects ucom lan
  nameif inside
  security-level 100
  ip address 192.168.0.13 255.255.248.0
  interface Ethernet0/1
  description out interface
  nameif outside
  security-level 0
  ip address 192.168.254.1 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif   
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  shutdown
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  pager lines 24
  logging asdm informational
  mtu management 1500
  mtu inside 1500
  mtu outside 1500
  no failover
  asdm image disk0:/asdm-508.bin
  no asdm history enable
  arp timeout 14400
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
  timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  username UcomIT password Tx95VR7l4gIiavnh encrypted
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.168.0.0 255.255.248.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh 192.168.0.0 255.255.248.0 inside
  ssh timeout 5
  ssh version 2
  console timeout 0
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd lease 3600
  dhcpd ping_timeout 50
  dhcpd enable management
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect icmp
  service-policy global_policy global
  Cryptochecksum:ba068a6f85d256ce9351d903c60873e5
  : end

  Hi,
  Its success really depends on the rest of the network that I dont know about.
  If you hosts that you are using to PING/ICMP through the ASA are connected to the same network as the ASAs interface then you will have to make sure that the hosts both have routes towards the other network.
  Also if on the "outside" of the ASA there are additional networking devices then you have to configure default route on the ASA also as mentioned in the other discussion.
  route outside 0.0.0.0 0.0.0.0
  The above replys ACL was just an example of the configuration format. If you wanted to allow ICMP then you would also have to allow ICMP
  access-list OUTSIDE-IN permit icmp 192.168.254.0 255.255.255.0 192.168.0.0 255.255.248.0 echo
  I dont see anything else wrong with the ASA configuration related to ICMP other than possibly the lacking of default route and allowing the ICMP from the "outside" with the ACL "OUTSIDE-IN".
  Go through the network setup from one host to the other. On each step confirm that that device has route towards both of the networks. Otherwise the devices will naturally not be able to forward the ICMP messages from end to end.
  - Jouni

• What about security in adf faces application ?

  It seem that the documentation has a little bit changed about security for adf faces application.
  SRDemo J2EE sample application only implemented the security at the web container and may be for the session beans (don't remember) by using security-role and security-constraint in web.xml configuration file.
  It seem that the documentation recommand now to implement adf security and didn't find anymore the reference to the standard j2ee security implementation.
  We found also that the security constraints checked by the web container was sometimes ignored and the container didn't ask us to login before displaying a page.
  Is ADF security a clear Oracle recommandation for ADF Faces application ?
  What about j2ee security for this type of application (why it is not recommended to use it) ?

  Hi,
  there is no single recommedation about security because security ideally is applied on several levels to implement security in depth. Container managed security with J2EE is a good option to secure page access and - if using EJB - to propagate the user identity for method level access control.
  Using ADF Security, which is security added to the binding layer based on JAAS, a second layer of the security onion becomes available that allows you to define which user is allowed to perform which operation on an iterator or attribute binding. This goes beyond of what container managed security can do for you.
  The thrid layer is business layer security and eventually database security.
  For Oracle Open World we will have a developmengt track and one of the presentation I am giving with Ric Smith from our team is about end-to-end application security for ADF Faces, ADF, ADF BCor TopLink/EJB and the Oracle database.
  The plan is to also write this up in a paper, but this would come late because of other priorities I have on my plate. So attending OOW probably is the best option for you to get the big picture
  Frank

• Security Level Medium is not working for PO initial version

  Hi ,
      We have maintained security level as Medium in Purchaser user personalization. In order to restart the PO SAVED event workflow only there is a value changed while the PO is awaiting for approval..  Here is the scenario and how the start condition maintained for PO - WS 14000145 - SAVED event.
  Start condition maintained for event SAVED for WF template WS14000145 as below
  &_EVT_OBJECT.POTotalValue& GE 0.00
  Security level(BBP_WFL_SECURITY) maintained as Medium in personalization of SU01.
  my requirement is when the PO create first time ( Initial Version ) and route for approval. Three level approval is determined for the PO and first approval approved. while the PO is awainiting for second level of approval the purchaser changed the quantity. based on above start condition my expectation is , the PO has to restart and route from beginning. but that is not happening. when i see the approval preview the approval path shows the workitem is waiting in second level of approval.
  I tried the below start conditions also
  &_EVT_OBJECT.SimpleListOfChanges&CE TOTAL_VAL, but no result..
  What is the Medium functionality?
  here is the help i found from help.sap.com, but i am not clear about this..
  MEDIUM It is possible to change the document The system evaluates the workflow start conditions and starts the approval workflow again if the change necessitates a new approval If this is not the case, the approval workflow continues.
  Regards,
  John

  Hi John,
  The security level works differently for PO's.                                                                               
  In the function 'BBP_PDH_WFL_CHECK_RESTART is a desription how the    
  system should work:                                                                               
  The workflow will be RESTARTED in the following cases: 
  a) One has a standard workflow with the usual type of approval (not a 
     'back&forth' one). It will always be restarted independent on the  
     authorization levels of the user and whether the user is a PO      
     creator or not;               
  b) One has the 'back&forth' type of approval but the user reordering  
     the PO is not the PO creator (this could be another purchaser from 
     the same purchasing group);    
  c) It is the 'back&forth' type of approval and the user reordering the
     PO is the PO creator but he has the authorization levels that are  
     less then 2, i.e '0'(not defined') or '1' (no changes allowed);    
  That means the security level must be below '2' to force a restart.   
  I hope that this clarifies how the system is working.
  Kind regards,
  Siobhan

• Port forwarding & security level

  [was orig sent to fios internetforum in error- I'm on a dsl line]
  I've set up port forwarding for various services (mIRC, ftp, etc) on my Versalink gateway (Westell 327W router/modem). Ports are OK, Still, I can't access these when my firewall is set to "Typical Security" - I have to go down to Minimum for anything to get through. Is this the way it's supposed to work? I thought that port forwarding opened my selected ports in the firewall without compromising security otherwise. If I have to choose min. security, what's the point of port forwarding? Thanks for any feedback - ed

  At this time I can't tell you about the Security Level setting, but I can answer this question
  eda wrote:
  What's the point of port forwarding?
  I point to the info at
  grc.com's pure CSS menu (Research -> Recent -> NAT Router Security)
  Direct URL: http://www.grc.com/nat/nat.htm
  But, it gets kind of weird.
  For example, I point to the info at
  DSLR (dslreports.com) ->  FAQs -> Verizon Online FiOS FAQ -> Troubleshooting -> What is the NAT Table problem in the Actiontec?
  Direct URL: http://www.dslreports.com/faq/16233
  ^^^
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• Ms word95 to pdf - "security level too high"?

  I'm a brand new user of Acrobat 9.0 (on XP system) - all kinds of problems (including major file crash and loss during 9.0  installation - more on that later). for now, I need to get started immediately on converting some MS Word doc files to pdfs - What I get from 9.0 is the message that "The Security Level is Too High".   If it's referring to the MS word docs, they are unprotected (I've checked and tried several - Word shows they are not protected, and as far as I know, never have been).  They were originally created on a mac with macWord - but were not protected and converted to windows with MacDrive7.  They show in MS Word in good condition and unprotected.  What do I need to do to get them into acrobat and into pdf format? I've also check the knowledge base here and elswhere without any clues except one chap who seemed to be having similar problems (along with serious crashes) using 8.1. Other than that, I'm mistified.
  I've also tried using the context menu 'covert to pdf' method and also creating a new pdf (blank) and inserting them.  In both cases the security message aborted the process.  Need to do this right away. I'm not technically skilled, so if someone can give me some clear instructions I'd be grateful.  - red

  Thank you all for responding so quickly. First, I'll mention the serious message and a warning. DO NOT INSTALL ACROBAT 9.0 IN AN ENVIRONMENT WITH WORD 7.0 (or any old(er) MS Word version before 2k).  The consequences are ghastly, including the deletion of half or more of your program files (including your email clients, av software and other primary programs), the corruption of your browser, registry (including restore points) and other not so nice events - worse than most bad viruses.  That's a problem Adobe and I will probably be taking a look at next week. Mean time, they indicate that they are going to add the matter to their KB and elswhere so that users have a heads-up on the issue.
  As for the conversion problem from Word 7.0 .doc to .pdf - Bill, you just about nailed it. It was, indeed, a problem that could be circumvented by going to the printer dialog and setting the printer to  'Adobe pdf file' (something a novice wouldn't think of, nor line tech-support for that matter.).  As far as Word/pdf 'printer' is concerned you're just printing the file. However, as I understand things, that's how Adobe attaches the Word documents - It does it through the printer interface. Once that setting is changed to 'Adobe pdf printer' the file is simply picked from the print queue (or before) and loaded into A9. Save it from A9, and the job is done.  So, Bill, If Adobe hadn't found the answer, I do believe you would have been telling me exactly how to do it after a few more posts. The credit, though, goes to Neo Johnson, tech-support supervisor in New Delhi.  The last two days (almost 9 hours of phone time) were spent with various tech-support agents at Adobe; but,  he was the one who finely thought about the interaction between A9 and Word and figured it out.
  Ok -that's the brief.  The rest is a little history/background for whomever is interested (skip, otherwise - not important).  The problem begins with failure to install - first, setup can't find the msi file - it was there, and I browsed it, so that was solved. Then 'invalid licensing - process stopped' messages appear. That was a little tougher and http://kb2.adobe.com/cps/405/kb405970.html  and some other articles had me doing repair, reinstall, and other complex (for me) procedures. One of the problems was that flexnet had failed to install, which was a stumper for me (I couldn't find it to download separately - barely knew what it was/did - and finally understood that Adobe was supposed to install it. After that,  I did several uninstalls, to no effect. Finally I did a few moderate and then deep uninstalls (with Revo) and several reinstalls. Things got progressively worse.  On one reboot, my desktop came up and all the program icons were broken links.  I examined targets and such and then went to my 'program files' directory. To my horror, nearly all my primary program (including thunderbird email client, AVG etc.)  files had disappeared. The folders were simply empty.  Firefox still loaded, but the tabs were non functional.  Several checks and some light disc analysis indicated the files vanished. No trace. However, my document folders and data were intact (also backed-up). I went to restore and found that all the old restore points (including the one's Revo sets before uninstalling) were gone.  If it had been a virus, it couldn't have done a better job at making a mess of things.  At that point, I knew the registry had been toasted and I was facing a complete OS reinstall.  Instead, I opted for reinstalling some of the critical programs (and because the document files appeared to be intact).  After the first few - thunderbird, firefox etc.  - I was relieve to find that they were picking up on the old settings and restoring themselves to their previous states. I still have a number of these to do - and a few must be re-configured. But that's going ok. 
  Then the saga of Adobe, several phone calls; several times the phone connection was cut off and I had to call again and start over from the beginning with a new person. The matter always had to be esculated to the next tier - more time, more cues, no solutions.  They went over the firefox settings, the adobe settings. They were puzzled about the broken links.  Attempts to open doc files (after a fresh install of winword) were resulting in 'invalid win32 application'. All kinds of problems made progress difficult.  We cleared up the 'invalid....' messages by reparing the file associations (in XP folder options) and then opening the docs in Word and resaving them as something else.  It was a labor.  Finally, there was simply no answer except, like the post here, Word 7 is simply too old and uses different scripting. The only solution was to either buy (ugh, ouch!) Word 2007 (and hope that it would load them and save them in A9 useable form) or, try installing Word2k (which I have) and processing them through that; and, then using Acrobat 8.x to load those and save the pdfs for A9 to use.  However, when Adobe said they could not provide me with a free (even trial) version of 8.x to do the job - licensing problems etc. -- It seemed like a really ugly solution.  Finally, I'm begging Adobe to give me a free copy of 8.x and in steps Neo.  He can't provide the free copy, but he asks a few questions himself.  We go to Adobe and reset some of the security settings (something other agents didn't know or think of). No dice - still can't load the docs.  But then he says, Open up Word. Ok.  load the file and then hit 'print' - ok, the print dialog comes up. 'Now,' he says, 'open the properties and see what printers are listed.'  Ok I do that, and I'll be... 'Adobe pdf printer' is among them.  "Just what I thought," he said, Adobe was hooking up with word, but didn't have its printer to attach." So we set 'Adobe pdf' as the printer and lo and behold, the docs loaded into Adobe as pdfs.  End of that story. (so bill, you had it too - wish you had answered the phone in the first place!)
  Clean up.  So, there's a few simple solutions, I think (though i'm no techie and you folks will certainly have better ideas). First, I don't buy the story that early versions of Word are either 1) unsupported by MS or, 2) nobody uses them, as valid reasons why not to fix the problem of the "unloadable" docs.  I figure there are at least a couple of aproaches and easy patches that will correct the matter. One is from the Word  side - to is to set the current printer setting to use 'Adobe printer', get the file and then reset the printer back to what it was - default.   The other is to patch A9 to detect legacy source applications and bypass things that would normally make the file unloadable, unless, of course, they were actually protected or, read only files. In that case, Adobe could simply inform the user to 'unprotect' them, the same as it now does with its   'Security Setting too High' message for later versions.  I'm sure there are even better ways. But, that would fix things as far as file loading and conversion.
  As to the installation and crash problems - those need to be addressed. Even if its only a few dozen people that might have the same problem, it needs 1) to be given as a noticable warning and keyword in Adobe documents (which now simply indicate that it can process .doc files);  2) it needs to be examined to  insure systems that have Word 7.x or older can install without problem, and certainly without harming their system.  Adobe has a good reputation and does a good job. That's worth protecting with all customers, even if Marketing can't quite see why and the bean counters can't find much profit in the task.  It's what I expect from professionals and to do less certainly subtracts from Adobe's standing. That should be worth a great deal, I would imagine.
  Anyway, thanks folks - got to get some sleept, and then get those pdfs done and sent to people who are waiting for them. - best to you all, red.

• NOKIA 2730c - Security Level

  I've just bought this phone. I've never used a Nokia, and so I am not familiar with the interface. I've had a play around though and have figured out most of it. Regarding security, I have done the following:
  - Reset PIN and phone now asks for it at start-up;
  - Reset security code;
  - Turned on automatic keyguard, but left it so it does not ask for security code.
  I'm unsure though about the Security Level setting (Menu>Settings>Security>Security_Level).
  It gives 2 options, Memory or Phone. If someone could explain what this setting is for, it would be much appreciated.
  Is it also possible to lock the phone to only use my sim?
  Regarding the PIN at start-up, is it attached to the sim or the phone? In other words, if I change the sim, will the phone still ask for and require the same PIN?
  Thank you in advance for any response. : )

  here is answer from nokia web site (i underline answer)
  (http://www.nokia.co.uk/support/product-support/2720-fold/faq#08 )
  How do I set the security level on my Nokia device?
  Select Menu > Settings > Security (or Security settings) > Security level. Enter your security code and select OK.
  Select Phone, and the phone will request the security code whenever a new Subscriber Identity Module (SIM) card is inserted into the phone.
  Select Memory, and the phone will request the security code when the SIM card memory is selected and you want to change the memory in use.
  hope this helps
  cheers!

• What does setting the internet zone security level to high actually do?

  I was asked to set the Internet zone security level to high via a GPO, this has been done for a test group of users. The setting has been confirmed, but as far as I can see it has not actually done anything.
  Can anyone tell me what changes I should see to the behavior and/or access of websites now the security level is set to high?

  Hi,
  Setting the internet zone security level to high might prevent harmful content with maximum safeguards and less secure features are disabled.
  When you visit some sites with script pop up, the script will be disabled if you set the security level to the high level. For more information about
  the internet zone security level, please refer to this:
  http://blogs.technet.com/b/steriley/archive/2008/09/16/internet-explorer-security-levels-compared.aspx
  Regards.

• Doubts about use of REPORTS_SERVERMAP with Forms11g HA

  Hi,
  I'm configuring a Linux 64bits Forms/Reports 11g HA environment, the point is that i have two nodes, each one with its Forms and Reports servers, let's say FormsA and ReportsA for the first node and FormsB and ReportsB for the seconde node.
  i want FormsA to be able to call reports from ReportsB and FormsB to be able to call reports from ReportsA.
  I've been reading about REPORT_SERVERMAP
  http://docs.oracle.com/cd/E12839_01/bi.1111/b32121/pbr_conf003.htm#autoId5
  But i have some doubts about its use:
  1. I will not use a shared cluster file system or any way of cache solution, i will only have my rdf files on each node, and i'm wondering if just by configuring this parameter i will be able to get the effect mentioned above ??
  2. The link provided says "Using RUN_REPORT_OBJECT. If the call specifies a Reports Server cluster name instead of a Reports Server name, the REPORTS_SERVERMAP environment variable must be set in the Oracle Forms Services default.env file"
  In fact i'm using RUN_REPORT_OBJECT but
  what is the Reports Server cluster name ?? and where do i find that name ??
  3. Is this configuration well defined:
  REPORTS_SERVERMAP=clusterReports:ReportsA;clusterReports:ReportsB
  4. At forms applications when using RUN_REPORT_OBJECT, can i assume that the report server name will be the cluster name specified at the REPORTS_SERVERMAP ??
  5. Which files should i modify rwservlet.properties or default.env ??
  Hope you can help me :)
  Regards
  Carlos

  Hi,
  1. I will not use a shared cluster file system or any way of cache solution, i will only have my rdf files on each node, and i'm wondering if just by configuring this parameter i will be able to get the effect mentioned above ??
  --> In such case what could go wrong is
  Suppose Run_report_object executed jobs successfully to ReportsA
  But web.show_document command for getjobid failed ( as ReportsA went down by this time)
  --> You will not get the output shown ( though job was successful)
  If shared cache was enabled, then Even if ReportsA is down, other cluster member ( say ReportsB)
  will respond back to web.show_document.
  Point 2,
  --> Under HA is it highly recommended to use web.show_document ( a servlet call) to execute reports. This is to help use all HA features at the HTTP , Webcache or load balancer level.
  However if there is migrated code or Run_report_object is must, then the recommendations as you see in the pointed document is must.
  REPORTS_SERVERMAP setting needs to be configured in rwservlet.properties file and also in default.env Forms configuration file to map the Reports Server cluster name to the Reports Server running on the mid-tier where the Load Balancer forwarded the report request.
  For example FormsA, ReportsA, cluster name say rep_cluster
  default.env file
  REPORTS_SERVERMAP=rep_cluster:ReportsA
  Where "rep_cluster" is the Reports Server cluster name and "ReportsA" is the name of the Reports Server running on the same machine as FormsA
  rwservlet.properties file
  <reports_servermap>rep_cluster:ReportsA</reports_servermap>
  At default.env this is not a valid entry
  REPORTS_SERVERMAP=clusterReports:ReportsA;clusterReports:ReportsB
  what is the Reports Server cluster name ?? and where do i find that name ??
  --> This is created via EM on the report server side.
  Would recommend to refer following documents at the myoracle support repository
       How to Setup Reports HA (High Availability - Clusters) in Reports 11g [ID 853436.1]
       REP-52251 and REP-56033 Errors When Calling Reports From Forms With RUN_REPORT_OBJECT Against a Reports Cluster in 11g. [ID 1074804.1]
  Thanks

• Doubt about Role and Policy

  Hi everyone,
  I have a doubt about role and policy,
  I'm using OBIEE11.1.1.5, I try to creating role R1 by creating like BIConsumer.
  then I go to policies interface,Edit 'BIConsumer' policy,
  I find only one role 'BIConsumer' under grantee.
  so I'd like to ask why 'R1' is not under policy 'BIConsumer' while R1 has permission like role BIConsumer ???
  thanks in advance!

  Application policies are sets of java permissions that are associated with a principal which is BIConsumer role in this case which grants permissions necessary to use, or to consume, content created by other users.
  So when you try to create like BIConsumer, you are not modifying the existing BIConsumer principal policy( which you should never do) but instead trying to create one similar grants like it.
  Usually as long as you are not dealing with BI Publisher, Financial Reporting and Real-Time Decisions application security permissions restriction, you would not have to modify any of these policies and use the default ones.
  Hope this helps. Pls mark if it does.
  Thanks,
  SVS

• Doubt about Component binding....

  I have a doubt about component binding because I am also using component binding in my application, in my application each page has more than 20 components and each page is session scope, at one point I am getting message like perm space(this is because of lack of memory, actually I have 4gb ram). So my is
  "does the jsf creates new object for every reload, because of that my jvm filling with all the objects?".
  Another question is "what is the difference between value binding and component bindings?, and drawbacks of each other" please tell me the differences between them up to the very low level(up to memory usage for each approach).
  Please clarify this doubt...........

  JNaveen wrote:
  I have a doubt about component binding because I am also using component binding in my application, in my application each page has more than 20 components and each page is session scope, at one point I am getting message like perm space(this is because of lack of memory, actually I have 4gb ram). So my is
  "does the jsf creates new object for every reload, because of that my jvm filling with all the objects?".This is regardless of the component binding. JSF creates a component tree and stores it in the session. With component binding you can link between the backing bean and the component without the need for UIViewRoot#findComponent().
  Think your problem lies somewhere else. Use a profiler.
  Another question is "what is the difference between value binding and component bindings?, and drawbacks of each other" please tell me the differences between them up to the very low level(up to memory usage for each approach).With the component binding you can get hold of the whole component from the tree in the backing bean. Useful if you want to do a bit more than only holding the component's value, with which you usually do with the value binding.