Error in reconcilation Function - Job "Reconcile roles and privileges"

Similar Messages

• Export and Import of Roles and Privileges

  Hi,
  We're nearing the end of our development phase and are now preparing for initial load in our QA / Test environment.
  Is there a way to export the Roles and Privilege metadata from one environment to import them into the other. The Staging guide states you need to create them before importing your Identity Stores. I was hoping we didn't need to do this as it's a time consuming task to create them manually.
  Thanks
  Paul

  What I've seen is Business Role Export / Import functionality. It is pretty straight-forward to do, just export the Business Roles in a job (limit what to export in the source SQL) to a CSV-file, then read it back in to different environment in similar job.
  When we were exporting the Business Roles we expored the privilege-references as MSKEYVALUEs not MSKEYs. Note how you have named your repositories in different environments (as you know the name of the MX_PRIVILEGE differs if your ERP repository in development is eg ERP100 and in Q/A ERP200), you may need to convert the privilege names accordingly in export or import.
  One more thing you need to keep in mind is to pay attention whether your data has CR+LFs, which will break the CSV, we tackled this by encrypting/decrypting the data that had line feeds (DESCRIPTION-attribute).

• Role and privilege used by JDBC

  Is there any reqiured role and privilege used by JDBC?
  I use Oracle JDBC9203 for Oracle to connect Oracle8163, when executing certion codes, the JDBC raise a exception as below:
       at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
       at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
       at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:269)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.initCollElemTypeName(OracleTypeCOLLECTION.java:1026)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.getAttributeType(OracleTypeCOLLECTION.java:1056)
       at oracle.jdbc.oracore.OracleNamedType.getFullName(OracleNamedType.java:110)
       at oracle.jdbc.oracore.OracleTypeADT.createStructDescriptor(OracleTypeADT.java:2262)
       at oracle.jdbc.oracore.OracleTypeADT.unpickle81(OracleTypeADT.java:1656)
       at oracle.jdbc.oracore.OracleTypeUPT.unpickle81UPT(OracleTypeUPT.java:466)
       at oracle.jdbc.oracore.OracleTypeUPT.unpickle81rec(OracleTypeUPT.java:416)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.unpickle81_imgBody_elems(OracleTypeCOLLECTION.java:979)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.unpickle81_imgBody(OracleTypeCOLLECTION.java:923)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.unpickle81(OracleTypeCOLLECTION.java:743)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION._unlinearize(OracleTypeCOLLECTION.java:242)
       at oracle.jdbc.oracore.OracleTypeCOLLECTION.unlinearize(OracleTypeCOLLECTION.java:208)
       at oracle.sql.ArrayDescriptor.toJavaArray(ArrayDescriptor.java:963)
  I decompile "OracleTypeCOLLECTION.class", in funtion "initCollElemTypeName", i see a SQL as "select elem_type_name, elem_type_owner from all_coll_types where ....", this sql raise the error.
  Since all_coll_types is a system view of Oracle, i think the user connect to Oracle must have some role and privilege, it has connect role and execution privileges on some user-defined packages, is there any other role and privilege it needs? I don't like to grant DBA role to it for security reason.
  Very thanks for your reply.

  Can you post the code (Java and PL/SQL) that is being executed when this error is thrown? You don't need any particular privilege to execute PL/SQL via JDBC-- just the privileges you'd need to execute it in SQL*Plus or anywhere else.
  Justin
  Distributed Database Consulting, Inc.
  www.ddbcinc.com/askDDBC

• Create new user same as a existing roles and Privileges

  Hi Team,
  I am a junior DBA. New user Joined in Application team. So, Client requested me.....
  Crerate new user with same privileges as like as existing user.
  As of now i am creating user like "create user username identified by "password". Then grant privileges to that user. earliar I never comapare or copied users.
  Please suggest any one how to create new user as like as existing user roles and privileges.
  Thanks,
  Venkat

  For basic cloning:
  select dbms_metadata.get_ddl('USER', '...') FROM DUAL;
  SELECT DBMS_METADATA.GET_GRANTED_DDL('ROLE_GRANT','...') FROM DUAL;
  SELECT DBMS_METADATA.GET_GRANTED_DDL('SYSTEM_GRANT','...') FROM DUAL;
  SELECT DBMS_METADATA.GET_GRANTED_DDL('OBJECT_GRANT','...') FROM DUAL;
  SELECT DBMS_METADATA.GET_granted_DDL(‘TABLESPACE_QUOTA’, ‘...’) FROM dual;
  Then just replace the username with the new one you want to create.

• Role and Privileges for OLAP metadata

  Hi,
  Is there any document which specifies what all roles and privileges are required for creating any OLAP meta data ( Dimension, Cube, Measure and Catalog etc)?
  I think these are impt roles:-
  SELECT_CATALOG_ROLE
  EXECUTE_CATALOG_ROLE
  DELETE_CATALOG_ROLE
  RECOVERY_CATALOG_OWNER
  OLAP_DBA
  OLAP_USER
  Through system/manager I created one user TEST_BI_OLAP and granted CONNECT.
  After login as TEST_BI_OLAP I am able to create dimension. Why it is possible whereas doc says user should have OLAP_USER or OLAP_DBA role associated with it.
  OR only CONNECT is sufficient for creating OLAP metadata!!!!!
  regds
  P

  The difference is in what the end user sees. Say you want to deploy an analytical workspace based off of a ROLAP dimensional cube. Here is how I've been approaching the problem:
  1. Create a new user with the OLAP_USER role to hold the AW (say "AW_USER")
  2. Now log in with a userid that has OLAP_DBA role, and create the AW utilizing the ROLAP cube - but direct the AW to be stored in the AW_USER schema. Note that because it is in a separate schema from the ROLAP cube, you will not need to append characters to the dimension or measure names.
  3. Have end users log in using the AW_USER name. Then they will see the AW information, but they will not have access to the ROLAP cube data.
  Hope this helps,
  Scott

• Roles and Privileges for 10g AWR and ASH reports

  Are there specific roles and privileges are required for one to run AWR and ASH reports for users who don't have DBA roles? If so, I would like to know about them.

  I think sysdba privilege need to run AWR report.
  Also check, how privilege is granted to PERFSTAT user in $ORACLE_HOME/rdbms/admin/spcuser.sql, you might get some clue!!!
  Cheer,
  Virag

• Mapping a user's role and privilege to another

  Hi all,
  Is there a command/way to map the role and privileges of a current user to a new user? I am new to oracle, I did read through the online docs but was not able to figure it out.
  Thank you very much!

  Check this link would help: Check the part where they are copying roles and grants for the users using dbms_metadata. You can limit this to one user you want by adding additional where clause like "where username = <username>
  Copying Oracle Users

• Error in adding Function to the role

  Hi Experts,
  We are on AC-ERM 5.3_10_0. I was trying to create a test role in ERM. When adding a function to the role it's throwing the following error.  Unknown error occurred while performing operation (Cannot assign a java.lang.String object of length 57 to host variable 2 which has JDBC type VARCHAR(50). in method insertOrgLvlsForRole).
  Not able to find out, what's going wrong. Can anyone please guide me in resolving the error.
  Thanks,
  Gurugobinda

  Hi Zaheer,
  Thanks a lot. You are right. I am not facing this error in other functions. Only in for functions like PR91, PR01, HR02 I am getting this error. In fact, when I am adding the function it is showing the error, but when i am coming back  to function TAB, I am finding the function has been added successfully. Can you please tell me how to rectify this error.
  Regards,
  Gurugobinda

• Trying to auto generate roles and privileges

  Greetings All,
  Oracle Enterprise 11g v11.2.0.1.0 on Windows Server 2008
  I have a database with many schemas. One of the schemas is referred to as the CM_MASTER schema in that it has been granted the following: dba, create user, drop user, alter user, create any table, select any table, and a few others, all with the “with admin option” clause.
  We have developers that need select only access to the tables and views of the non-master schemas. My plan was to create a unique ROLE for each schema, then grant select on each table and view in that schema to that unique role. Then grant the appropriate role(s) to each developer hence giving them read only access.
  I can accomplish the above manually while logged on as the CM_MASTER schema.
  I am trying to create a procedure owned and executed only by the CM_MASTER schema that creates a new role and then grants to that role. The procedure accepts a parameter containing the user name of the target schema. The procedure is able to create the role (create role scott_r) successfully.
  However, I am getting an insufficient privileges error (see below) after the role has been created, when trying to issue the “grant select on scott.some_table to scott_r” command via "execute immediate".
  Any ideas what privilege(s) the CM_MASTER user needs in order to be able to issue the grant(s) to the role?
  Error message below:
  exec gen_schema_role('scott');
  Error report:
  ORA-01031: insufficient privileges
  ORA-06512: at "CM_MASTER.GEN_SCHEMA_ROLE", line 30
  ORA-06512: at line 1
  01031. 00000 - "insufficient privileges"
  The procedure code is below:
  The utl_file.put_line commands were added for debugging but nothing gets output.
  When the "execute immediate" lines are commented out, the output from the utl_file.put_line commands displays the correct SQL create and grant statements.
  create or replace
  procedure gen_schema_role(p_db_user in varchar)
  as
  v_role_name varchar2(30);
  v_bat_out utl_file.file_type;
  cursor get_object_names is
  select object_name from dba_objects
  where owner = upper(p_db_user)
  and object_type in ('TABLE','VIEW')
  and status = 'VALID'
  and object_name not like 'DR$%'
  and object_name not like 'XT%';
  begin
  v_bat_out := utl_file.fopen('SR_BACKUP', 'Create_Roles.sql', 'W');
  v_role_name := substr(p_db_user,1,28) || '_r';
  utl_file.put_line(v_bat_out, ' ');
  utl_file.put_line(v_bat_out, 'create role '||v_role_name);
  execute immediate 'create role '||v_role_name; <<-- This seems to work, the role gets created
  for a in get_object_names
  loop
  utl_file.put_line(v_bat_out,' grant select on ' || p_db_user || '.' || a.object_name || ' to ' || v_role_name);
  execute immediate 'grant select on ' || p_db_user || '.' || a.object_name || ' to ' || v_role_name;
  end loop;
  utl_file.fclose(v_bat_out);
  end gen_schema_role;
  Thanks,
  Snyds

  sb92075,
  I just tried, and YES the SQL is able to apply the "grant select" statements to the newly created role.
  I wanted to call this new procedure from the procedure that creates a new user by scheduling a job to perform an IMPDP job to import a base schema (using the remap schema clause).
  Any suggestions how to automate generating this role?
  Thanks,
  Snyds

• Error Message sending a job to compressor and Blu-Ray

  I am having trouble with a job in FCP 7 and sending it to compressor.  it runs and about 20 minutes until completion I get a failed message.  "Failed: Quicktime Error: 0"  on my m2v file.  What could be causing this issue?
  I also get a quicktime error while trying to send my project from Share to blu-ray?
  Any help would be appreciated!

  If I am right, error 0 means that you cannot copy the source onto the destination.
  Sure that you have enough space for your project ? or that your project is not too big for FCP ?
  Just occured to me with a still that was too big ...

• DFD diagram and ER crossmatrix for role definitions and role's privileges on objects

  Hello,
  Having the question on derivative use of combination of DFDs and ER diagrams ( let us be more fixes and focus on Relational model ).
  In DFD there are defined external entities and functions, data flows and data stores that are forming processes.
  Functions represents procedures, transactions, transformations.
  Dataflows presents procedures parameters, intermediate reports, temporary table data, data that is passed , retrieved/written, signals, triggers/events that controle or trigger function...
  Context of my question is focused on external entities.
  External entity suppose to denote the sourced or destinationed system ( for example Archiving system ) or operator, system that is out of scope of the DFD and it is mentioned just as target or destination or source of dataflow or control flow.
  In context of these understandings I am using external entitiy also for types of users of the system:  staff that is triggering functions or schedulers or job managers, or reporting systems ( or components of reporting systems like for example business intelligence extraction processes ).
  What is my problem that on basis of external entity definitions and E/R model also define roles and privilege classes for access to data objects.
  And from those generating ddls for database roles, privileges on entitities to those roles.
  But in privileges granting to role having two different kind of privileges on data objects:
  - privileges that are granted on various schema objects
     For example role1 has grant on tab1, view2, procedure1, package3,
  - the other type of privilega is based on the scope or range of semantically defined scope or semantic area.
  Semantic area is scattered through tables because of normalisation and using semantic area as entity of which primary key is
  partitioning the table data through many semantic areas.
  So this privilege should be granted on basis of the rows in table not column ( more semantically then structurally ...row oriented more than column ).
  Both privileges that are granted to roles are also basis for functional roles
  ( privilege that is granted that functional role has grant to trigger or execute some function or process ).
  My question is?
  How do you handle modeling technology for analysis and design for role privileges and consolidation between database and functional roles ?
  Grateful for any idea, experience and suggestions.

  Hello,
  Guess I was looking for the formal sequence of steps that would bring me to the
  ddls for "create role ..." and "grant privileges to role".
  You can do that.
  1) I assume you have logical model and it's engineered to relational model, also you have data flow diagram created
  2) You need to define information structures for flows connecting "Information store" to primitive process - attribute usage of particular entities should be defined for those "information structures" processed in flows
  3) You need to define create, update and delete operation for flow going from primitive process to store - read is assumed in opposite direction
  4) create a role in Process model and assign primitive processes to it - list of available processes to add depends on current data flow diagram
  5) You need an open physical model for your relational model
  6) Select "transfer process model roles to physical model roles" from context menu of top level DFD - select roles, relational and physical model there - roles with related permissions will be created in physical model
  Entity1 is divided in several subtypes for different business areas.
  And account manager for business_area1 is allowed to work on subtype1 ( view on prime table )...
  Different implementation of entity hierarchies are not processed correctly in that wizard - i.e to get permissions to table corresponding to child entity - that entity should be used in information structure and flow.
  Philip

• Error in formula function (ROUTINE_18) record 1

  Hi All,
  We are loading a flat file in to a DSO. From here we are loading the data from DSO to a cube (using this DSO as a Export datasource). In the export datasource infopackage, we are giving date in the selection screen and loading the data. before it is working fine. Now when we try to load the data, i am facing the error " Error in formula function (ROUTINE_18) record 1" and the data was not moving from the PSA to the infocube.
  Recently we have upgraded the BI system from 7.0 version to 7.3.
  Please let me know the reasong for the failure and how to correct it.
  I have replicated the Export datasource and even i re-generated the DSO as export datasource but no use and getting the same error.
  Thanks,
  jack

  Ok...you have a BW 3.5 flow.
  As you said you have selection at InfoPackage level. Please check whether the InfoPackage without selection works or not.
  If it works then you have the problem in Selection field.
  Also check if there is any problem in Update Rule /Transfer rule
  If you have selection routine written at InfoPackage level, create a new InfoPackage ( Full) and load .
  Anindya
  Edited by: Anindya Bose on Nov 3, 2011 11:01 AM

• AutoPatch error: Unable to find job when restart

  OS is RHEL 5.7, and Oracle ebs R12.1.1 installed with patch applied 6078836, 11072566, 8576725...
  Problem summary: AutoPatch error:Unable to find job when restarting, and FND_INSTALL_PROCESSES table does not exist
  In the NLS patch update with 4 merged patches,
  while 16 workers are running to create rdf files as below, it made my Putty (v0.60) crashed. Below example is succeeded case taken from the log of one worker to let you know which task was on-going...
  Source: /d01/oracle/SID/apps/apps_st/appl/pa/12.0.0/reports/SF/PAXPCTCE.rdf
  Successfully generated report "PAXPCTCE.rdf".
  Generated 1 files successfully.
  Generated 0 files with non-fatal warnings.
  Generated 0 files with fatal errors.
  adrepgen is exiting with status 0
  End of adrepgen session
  Date/time is Wed Sep 07 2011 15:22:44
  Eventually, I had to run adctrl for changing job status <Failed>, and re-run adpatch. Then it ran several assigned jobs completed successfully.
  Then again, it made my Putty crash, and repeated few times like that.
  When there are 69 jobs remaining, autopatch error occurred.
  There are now 69 jobs remaining (current phase=A1001):
  0 running, 69 ready to run and 0 waiting.
  Reading completed jobs from restart file (if any).
  AutoPatch error:
  Unable to find job when restarting.
  When adctrl was checked to see worker status [1],
  Enter your choice [1] : 1
  Error: The FND_INSTALL_PROCESSES table does not exist.
  This table is used for communication with the
  worker processes, and if it does not exist, it
  means that the workers are not running,because
  the ad utility has not started them yet.
  How can this be resolved?
  Can I just re-run the patch as if it runs newly by ignoring the previous session of adpatch when asked the continuation of the previous session at the adpatch?
  Will this help?
  Thanks as always for the help.
  - SH

  Error: The FND_INSTALL_PROCESSES table does not exist.
  This table is used for communication with the
  worker processes, and if it does not exist, it
  means that the workers are not running,because
  the ad utility has not started them yet.
  How can this be resolved? If the table does not exist, then you cannot fix it.
  Can I just re-run the patch as if it runs newly by ignoring the previous session of adpatch when asked the continuation of the previous session at the adpatch?
  Will this help?Correct -- This is the only option you have.
  Thanks,
  Hussein

• RSCOLL00 OS collector job is cancelled and getting TIME_OUT dump

  Hi...
  Am using ECC 5.0 , In our PRD system progaram name RSCOLL00 OS collector job and its getting TIME_OUT dump for the particular job.
  And i've seen that an error SQL error 3997 occuredin that job log.
  And this are the dump following search criteria
  "TIME_OUT" C
  "SAPLSALC" or "LSALCU16"
  "SALC_MT_READ"
  pls do the needful ASAP.
  thanks,
  Gopinath.

  Hi Gopinath,
  If your problem is still pending pls paste the complete dump message in this form so that we can give solution accordingly.
  If you problem has been solved then mentions here complete dump message and solution which is applied by you.
  Anil

• Roles and Security

  I have setup a 11g Oracle database.
  Can I please have some help to create some user accounts (3 levels, eg. Administrator, Power User, and Guest style users) as well as setting up appropriate levels of security implemented via ROLES and PRIVILEGES for Roles.
  Thanks in advance

  996403 wrote:
  I am wanting the Administrator to have control over everything, the Power User to be a User who also has the ability to create tables, triiggers etc, and the Guest to just be able to view data in the database without changing anything.
  Can you correct me if I am wrong with the following suitable roles for the users:
  Administrator
  - All roles
  Power User
  - Connect
  - Resource
  Guest
  - ConnectYou have to get out of this Administrator/Power User/Guest Windows security group paradigm. Windows security groups cannot be directly correlated to Oracle security groups, and that is why you are having so much trouble doing so. I recommend that you:
  -stop comparing Oracle to Windows
  -learn what security rights your database users need
  -fully understand the predefined roles, and then assign users to those roles only if they require every right that those roles grant
  -create your own application roles for any users that have requirements that do not align exactly with the predefined groups
  We are only encouraging you to do things in a manner that follows best practices, and doing so will keep your headaches to a minimum later on down the road.