Fine Grained Access ERROR on INSERT when generating unique keys
I'm using VPD/Fine Grained Access Control (FGAC) to implement security on my 9i backend. I created a security policy function that returns the predicate 'owner = USER'; - each of the tables has an additional column titled OWNER which contains the name of the logged-in user. Every time a user inserts a record, a BEFORE INSERT trigger fires (for every row) and inserts the USER name into the OWNER column. This is fairly straightforward and ensures that users can see only their rows. Using the DBMS_RLS.add_policy procedure, I attached the security policy to several tables and made it effective upon SELECT, UPDATE, INSERT, and DELETE statements.
However, the frontend Java application (custom-made) generates unique IDs (sequences are not used) by selecting max(ID)+1 from the primary key columns of the tables. The problem is that the predicate is appended to the SELECT max(ID)+1 query to limit the max(ID) to only those rows where 'owner = USER'. Therefore, the max(ID) generated is not the largest ID for the entire table, but only the largest among the USER rows.
So unless that USER happens to have the the largest ID in the whole table (and it has worked then), a primary-key violation error will be returned and the INSERT operation will be aborted.
How can I allow every USER to select from AND get the absolute largest ID from the PK column without allowing that user to select records that don't belong to him? If I had developed the application, I would have made use of sequences on the back-end to generate unique primary key IDs. Unfortunately, I don't have this option and must work with the application as is.
NOTE: the front-end Java application understands only the base table names, NOT Views created by me on the server. If the answer to this problem involves views, how can I make use of them on the backend when the front-end code does not recognize them?
Any help is greatly appreciated!
Michael
first you could use default column values, not a trigger, which is more expensive.
if your apps already assumes full access to table to get max id ( another RT ), this is bad. Current RLS can not really help if you can not change the apps because of this flaw logic ( you can store the maxid anywhere, why scanning the whole table to find it )
Similar Messages
-
Fine Grain Access Control gives ORA-02014
Using Fine Grain Access Control on Oracle 8i 8.1.6, when a policy is enabled on a table then queries of the form "select * from table for update nowait" give "ORA-02014 cannot select FOR UPDATE from view with DISTINCT, GROUP BY, etc.".
Similar queries without the "for update nowait" work OK.
Does anyone have a fix or workaround?
nullI ran into this. If you're using a function to add to/add a where clause to your statement, when the where clause gets appended to the end and generates an error. You should be seeing trace files in the udump area of oracle that show you the actual sql line that is being created in error. I modified my function to add the FOR UPDATE NOWAIT in the correct place.
-
Got ORA-00439: feature not enabled: Fine-grained access control
Trying to implement VPD, I've got ORA-00439 when implementing Fine-grained access control. Will this be available on XE?
Hi,
lewisc: Yes. I mean "persistent package variables" and I know this feature is available in any version of Oracle. But, I don't know how It works whith HTMLDB when using "HTMLDB Authentication Scheme".
i.e.: when I connect to an HTMLDB Application, I can see a new session on
V$SESSION with username=ANONYMOUS with SID=xxx and SERIAL#=yyyy.
1.-Will HTMLDB use the same session until User Press "logout" link?
2.-Will this particular Database session be exclusive or shared for any HTMLDB sessions?
3.-If I Logout from HTMLDB App, then Login again, Will HTMLDB reuse the same session?
or will create a new one?
-About VPD.
VPD is a Personal Edition feature too. All features of EE is
available on Personal Edition except RAC and a few others
specials features.
After all:
Maybe with these examples you can see my question.
CREATE OR REPLACE VIEW myviewname
AS
SELECT *
FROM mytablename
WHERE somecolumn = V('Fxxx_HTMLDB_ITEM_NAME')
CREATE OR REPLACE TRIGGER mytriggername
BEFORE
INSERT
ON mytablename
FOR EACH ROW
BEGIN
:new.mycolumn1 := V('Fxxx_HTMLDB_ITEM_NAME');
END;
Can these two examples work? If so, maybe there is something wrong in my applications.
Thanks GaryM for your issues and I already know this can be done that way -
How to pass the context from Portal to Database for fine grain access?
Hi,
I am developing an omniportlet and I need to pass on the context of the logged in user to the database so that when the user tries to access data in the omniportlet, he can see data relevant to him only. Does anyone know how to do that?
I have set up a light weight user scott and also has a schema in the database by the same name (scott)..
what I am trying is when the user logs in as scott in the portal site and runs an omniportlet, he should be dynamically be logged in to scott the schema so that the data visible to him can be restricted. Same should happen for other users as well.
Does anyone know in which table in the PORTAL schema is this connection information stored, so that I can override it using some API..?
Thanks,
AbhiI had tried sending the user_name in the sql and that works fine. but my requirement is that the user should login to his schema and only his schema directly and automatically.. such that even if an omniportlet is created using some default schema, when user logs in he can access only the schema meant for him..
e.g. While running the omniportlet when logged-in as user scott, he should be logged-in to scott schema in the database, so that the fine grain access can be enabled ..
Edited by: user6386347 on Mar 12, 2009 12:15 PM -
제품 : ORACLE SERVER
작성날짜 : 2005-11-24
FINE GRAINED ACCESS CONTROL(FGAC)를 위한 DBMS_RLS.ADD_POLICY의 VERSION별 특징
=======================================================================
PURPOSE
row leve의 security 및 context관리 방법인 FGAC에 대한 간단한 개념 및 사용방법은
<bul 23026>에 제시하였다.
이 문서에는 FGAC를 위한 dbms_rls package의 8i ~ 10g까지의 version별 특징을
정리하며, STATIC_POLICY와 POLCICY_TYPE parameter에 대해서는 예제를 이용하여
자세히 살펴보도록 한다.
Explanation & Examples
dbms_rls.add_policy를 사용할 때 일반적으로 주는 value값의 예제는 다음과 같다.
이중 대부분은 default값을 이용하여, 일반적으로는 앞의 5개의 parameter만
value를 주면 된다.
SQL> exec DBMS_RLS.ADD_POLICY ( -
> object_schema => 'SCOTT', -
> object_name => 'EMP', -
> policy_name => 'POL1', -
> function_schema => 'SYS', -
> policy_function => 'PREDICATE', -
> statement_types => 'SELECT', -
> static_policy => false, -
> policy_type => DBMS_RLS.DYNAMIC
> long_predicate => false);
1. FGAC의 version별 특징
(1) sec_relevant_cols/sec_relevant_cols_opt : 10G
위에 기술한 add_policy procedure의 parameter외에 10g에서 추가된
parameter로 다음 두 parameter가 존재한다.
이 parameter는 해당되는 column이 조회될때만 policy가 작동하게 하기 위한
것으로 metalink.oracle.com site에서 <Note 250795.1> 를 살펴보면 사용 방법
및 예제를 확인 가능하다.
- sec_relevant_cols
- sec_relevant_cols_opt
(2) long_predicate : 10G
default는 false이며, true로 지정하는 경우 predicate이 4000 bytes이상이
될 수 있다.
(3) statement_types : 10G부터 INDEX type추가
9i까지는 SELECT, INSERT, UPDATE, DELETE에 대해서는 FGAC를 적용할 수
있었으나, 10g부터는 INDEX type도 지정 가능하다.
index를 지정하는 경우, function-based index 생성을 제한할 수 있으며,
자세한 예제는 metalink.oracle.com site에서 <Note 315687.1>를 조회하여
확인할 수 있다.
(4) EXEMPT ACCESS POLICY 권한 : 9i
특정 user가 모든 fine-grained access control policy의 영향을 받지
않도록 하려면 exempt access policy권한을 grant하면 되며, 이것은 9i부터
소개되었다.
SQL> grant exempt access policy to scott;
와 같은 방식으로 권한을 부여하면 되며, 이에 대한 자세한 예제는
metalink.oracle.com site에서 <Note 174799.1>를 통해 확인 가능하다.
(5) synonym에 대한 policy설정 : 9.2
synonym에 대해서 VPD (Virtudal Private Database)에 대한 policy를 설정하는
것이 가능해 졌으며 이에 대해서는 metalink.oracle.com에서 <Note 174368.1>를
조회하여 자세한 방법 및 예제를 살펴볼 수 있다.
(6) static_policy : 8.1.7.4
static_policy paramter는 8i에는 없던 것으로 9i에서 도입되면서, 8.1.7.4에도
반영되었다. default값은 false이며, 8173까지는 항상 false인 형태로 동작한다.
즉, policy function이 매번 object를 access할때마다 실행된다.
8.1.7.4부터는 이 parameter를 true로 설정할 수 있는대, 이렇게 되면
해당 session에서 policy function이 한번 실행되고 그 function이 shared pool에
cache되어 있으면 재실행없이 그대로 사용된다.
10g부터는 (7)번에 설명하는 policy_type parameter가 추가되어,
이 parameter에 true로 지정하는 대신, static_type은 false로 두고,
policy_type을 dbms_rls.static 으로 지정하면,
9i와 8174에서 static_policy를 true로 한것과 같은 결과가 나타난다.
(7) policy_type: 10g
다음과 같이 5가지 value가 가능하며, 이 중 default는 dynamic이다.
- STATIC
policy fuction에 포함된 predicate이 runtime환경에 따라 다른 결과를 내지
않는 경우 사용하게 된다. 예를 들어 sysdate의해 다른 결과를 return하는
경우에는 사용하면 사용하면 문제가 될 수 있다.
static을 사용하는 경우 policy function은 한번 실행되어 SGA에 올라온 다음
이후 같은 session에서 같은 object를 사용시에는 재실행 없이 해당 predicate의
결과를 그대로 사용한다.
- SHARD_STATIC
STATIC과 같으나, 이 값은 다른 object에 대해서도 같은 predicate function이
사용되는 경우, 먼저 cache된 predicate을 찾아서 있으면 그 값을 이용한다.
STATIC의 경우는 다른 object 사이에서는 공유하지 않으며 같은 object에
대해서만 cache된 값을 사용한다.
- CONTEXT_SENSITIVE
한 session에서 context가 변경되면 그때 predicate를 재 실행시킨다.
WAS(web application server)를 사용하는 경우 connection pooling방법을
기본적으로 사용하는대, 이 경우 하나의 session을 여러 사용자가 이어서
교대로 사용하는 방식이 된다. 이 경우 middle tier단에서 context를 설정해
주면 context가 변경될때마다 predicate를 새로 실행시켜 변경된 sysdate나
session_user등의 값을 다시 계산하게 되는것이다.
jdbc에서 context설정에 관한 예제는 metalink.oracle.com에서
<Note 110604.1>에서 확인가능하다.
- SHARED_CONTEXT_SENSITIVE
context_sensitive와 동일하며, 단 shared_static과 마찬가지로 여러 object에
대해서 같은 predicate을 사용하는 경우 다른 object에 대한 같은 predicate이
cache되어 있는지를 먼저 살펴본다.
존재하면 session private application context가 변경되기 전까지 그 predicate의
결과를 그대로 사용한다.
- DYNAMIC
이 값이 default값이다. 즉, predicate function이나 시스템이나 환경에
영향을 받는다고 판단하여 statement가 실행될때마다 매번 predicate function을
재 실행하여 환경에 맞는 값을 return하여 준다.
아래에서 sysdate 값에 따라 다른 결과를 return하게 되어 있는
predicate을 이용한 예제를 통해 정확한 메카니즘을 확인한다.
2. static_policy 및 policy_type의 value에 따른 policy function의 작동예제
(a) STATIC_POLICY => TRUE and POLICY_TYPE => NULL
(1) 기존에 pol1 policy가 존재하는 경우 다음과 같이 drop시킨다.
SQL> exec DBMS_RLS.DROP_POLICY ('SCOTT', 'EMP','POL1');
(2) 다음과 같이 predicate function을 scott user로 만들어둔다.
SQL> create or replace function PREDICATE (obj_schema varchar2, obj_name varchar2)
2 return varchar2 is d_predicate varchar2(2000);
3 begin
4 if to_char(sysdate, 'HH24') >= '06' and to_char(sysdate, 'MI')<'05' then
5 d_predicate := 'ename = sys_context (''USERENV'' , ''SESSION'');
6 else d_predicate := 'sal>=3000';
7 end if;
8 return d_predicate;
9 end predicate;
10 /
(3) pol1을 새로 add시킨다.
SQL> exec DBMS_RLS.ADD_POLICY ( -
object_schema => 'SCOTT', -
object_name => 'EMP', -
policy_name => 'POL1', -
function_schema => 'SCOTT', -
policy_function => 'PREDICATE', -
statement_types => 'SELECT', -
static_policy => TRUE, -
policy_type => NULL);
(4) adams user에서 scott.emp를 조회해 본다.
단 다음과 같이 scott.emp에 대한 select권한을 king에게 주어야 한다.
SQL>grant select on emp to king;
SQL>!date
Thu Nov 24 14:01:13 EST 2005
SQL> connect king/king
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7839 KING PRESIDENT 17-NOV-81 5000
10
5분이후가 되어 predicate function의 if조건을 만족하지 않아도,
king user는 같은 값을 emp table에 대해서 return한다.
SQL>!date
Thu Nov 24 14:10:13 EST 2005
SQL> connect king/king
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7839 KING PRESIDENT 17-NOV-81 5000
10
(b) STATIC_POLICY => FALSE and POLICY_TYPE => DBMS_RLS.DYNAMIC
(1) 기존의 policy를 다음과 같이 drop시킨다.
SQL> exec DBMS_RLS.DROP_POLICY ('SCOTT', 'EMP','POL1');
(2) pol1을 새로 add시키는대 이대 static_policy와 policy_type을 다음과 같이
변경한다.
SQL> exec DBMS_RLS.ADD_POLICY ( -
object_schema => 'SCOTT', -
object_name => 'EMP', -
policy_name => 'POL1', -
function_schema => 'SCOTT', -
policy_function => 'PREDICATE', -
statement_types => 'SELECT', -
static_policy => flase, -
policy_type => dbms_rls.dynamic);
(3) king user에서 조회해본다.
predicate function은 위의 2-(a)에서 실행한 것을 그대로 사용한다.
즉 (a)를 실행하지 않은 경우, 조회전에 (a)-(2)번을 실행해야 한다.
SQL>!date
Thu Nov 24 15:01:13 EST 2005
SQL> connect king/king
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7839 KING PRESIDENT 17-NOV-81 5000
10
5분 이후가 되어 다시한번 king user에서 실행해본다.
SQL>!date
Thu Nov 24 15:10:13 EST 2005
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7788 SCOTT ANALYST 7566 19-APR-87 3000
20
7839 KING PRESIDENT 17-NOV-81 5000
10
7902 FORD ANALYST 7566 03-DEC-81 3000
20
RELATED DOCUMENTS
<Note 281970.1> 10g Enhancement on STATIC_POLICY with POLICY_TYPE Behaviors
in DBMS_RLS.ADD_POLICY Procedure
<Note 281829.1> Evolution of Fine Grain Access Control FGAC Feature From 8i
to 10gfirst you could use default column values, not a trigger, which is more expensive.
if your apps already assumes full access to table to get max id ( another RT ), this is bad. Current RLS can not really help if you can not change the apps because of this flaw logic ( you can store the maxid anywhere, why scanning the whole table to find it ) -
Errors/warnings occurred when generating the local proxy dll and VI wrappers for web service
Hello,
I'm new to web services - trying to import a WSDL that was created by an outside vendor and placed on a company server. I imported a previous version successfully. The error I'm getting doesn't make a lot of sense to me, here it is:
The following errors/warnings occurred when generating the local proxy dll and VI wrappers for this web service.
Can't generate files.
Possible reasons are:
1. The output file(s) might be read-only.
Remove the read-only attribute and import the Web service again.
2. A proxy DLL that LabVIEW created under the same file path exists in memory.
Restart LabVIEW and import the Web service again.
I don't see any read-only attributes on the output files and I've tried restarting LabVIEW - no luck. Any help is greatly appreciated.
Thanks,
Al Rauch
Merck & Co., Inc.Aaron,
I was able to successfully import and run the web services from the WSDL file in question in LV2009 on a different computer than the one on which I had the original problem. Unfortunately I am still having the original problem on the project computer and will need to get it working there . . . still looking for a solution to that. Apparently LV2009 is perfectly capable of importing and running this WSDL file, but there is something still in the way on the project PC.
Thanks,
Al -
Error 7 occurred when generating the data transfer program
Hello All ,
In Master Data Load Process Chain , we get error like
1. System Response
Caller 09 contains an error message.
Diagnosis
Error 7 occurred when generating the data transfer program for the requested InfoSource.
System Response
The data transfer is terminated.
Procedure
Check the SAP Support Portal for the appropriate Notes and create a customer message if necessary.
Note : We faced this issue for two days now . Just repeating the load make it success .
If any one faced and fixed this issue . Please let me know .
Thanks in advance .Hi,
. Initially goto transaction SE38, Run the program RSDS_DATASOURCE_ACTIVATE_ALL. Give your Datasource name, and source system and check the check box for "Only Inactive objects".
This will actiavate the given datasource.
2. Replicate the datasource in RSA1.
3. Try to schedule the infopackage for the datasource which you have activated now.
4. IF infopackage runs through, Repeat the process for all datasources ie uncheck the check box, which means it will activate all datasources for the source system.
Also make sure that there will be enough Back Ground Processor available....
Reduce the parallel process
Thanks
BVR -
Hi
restoring error - An error has occurred when generating user security settings
JPCHAPARRO is SAP ALL
UJBR >> Execute Restore >> Background
SM37 >> Execute
Jobs Summary >> BPC_BACKUP_PLSOLLA >> SPOOL
Error restore
security loading data ended in error.
An error has occurred when generating user security settings
SGL1
We found a note, but it appli to a previous version to which it is has
1643183 - BUI Roles are not created when copy environment
Best Regards
Juan PabloHi Ridwansyah
Thanks for de reply!!!
Yes, restore the environment on the same system (SBW), but in new environment Backup à (PLSOLLA) Restore à (PLSOLLA_NIIF)
in ST22 shows the same error that is attached to in the original message
security loading data ended in error.
An error has occurred when generating user security settings
Yes, the user JPCHAPARRO this within a team assigned to a task profile.
another test
was conducted environment backup and ENVIRONMENTSHELL I restore in a new environment. This process went successful.
Best Regards
Juan Pablo -
Error: Internal Erorr when generating the history. Use a different view.
Hello,
When I am trying to open an workbook in BEX. I get the message: Internal Error when generating the history. Use a different view. (production system)
How can I solve this problem? And what could be the reason? In our Development and QAS everything is OK!
Regards,
Boykehi
If nobody have change or write access in prod, then
ensure that everything is OK in QAS,
Execute the workbook and views in QAS.
If it works fine there, some thing is missing in the transported objects.
Ensure everything is transported correctly
Thanks
N Ganesh -
I am trying to add an additional column to a select which will act as an Unique key.
Is there any way I can use a sequence generator to the query.user610910 wrote:
I am trying to add an additional column to a select which will act as an Unique key.
Is there any way I can use a sequence generator to the query.If you are not using ORDER BY, plain ROWNUM will do:
SQL> select rownum,ename from emp
2 /
ROWNUM ENAME
1 SMITH
2 ALLEN
3 WARD
4 JONES
5 MARTIN
6 BLAKE
7 CLARK
8 SCOTT
9 KING
10 TURNER
11 ADAMS
ROWNUM ENAME
12 JAMES
13 FORD
14 MILLER
14 rows selected.
SQL> If you use ORDER BY, you could wrap select:
SQL> select rownum,
2 ename
3 from (
4 select ename
5 from emp
6 order by ename
7 )
8 /
ROWNUM ENAME
1 ADAMS
2 ALLEN
3 BLAKE
4 CLARK
5 FORD
6 JAMES
7 JONES
8 KING
9 MARTIN
10 MILLER
11 SCOTT
ROWNUM ENAME
12 SMITH
13 TURNER
14 WARD
14 rows selected.
SQL> SY. -
I have three tables
1. Grade table where information for each grade is maintained
like basic, increments.
2. graderole - here i have defined roles which can access each
grade
3. userrole users for each role.
eg:
userrole table has one user as ops$ravi who has access to 'MM'
role
graderole table has multiple records for role 'MM' who can
access some grades.
zarine_test table where all grades and its basic and increments
are defined.
I want ops$ravi to access only grades as per graderole table
i.e. JM to MM grade
I have tried this command with three tables.
Some times it does not even allows me to login as ops$ravi
saying that
ERROR: ORA-00604: error occurred at recursive SQL level 1
ORA-01031: insufficient privileges
ORA-06512: at "SYS.DBMS_SESSION", line 58
ORA-06512: at "OPS$PERDBA.CONTEXTPACKAGE", line 8
ORA-06512: at line 2
At one other instance, it allows to login as user but we get a
error like FUNCTION POLICY NOT PROPERLY DEFINED FOR TABLE
These are the steps I have followed:
1. Create context perdba_ctxt
CREATE OR REPLACE CONTEXT perdba_ctxt USING
perdba.contextpackage;
CREATE OR REPLACE PACKAGE contextpackage AS
PROCEDURE setcontext;
END;
2. Create context package
Get login'ed users role from the initial group set for him eg:
ops$ravi will fetch 'MM' group
-- create context package body fg6
CREATE OR REPLACE PACKAGE BODY contextpackage IS
PROCEDURE setcontext IS
l_persons_id varchar2(30);
l_logged_person VARCHAR2(30);
l_user_role VARCHAR2(30);
l_job VARCHAR2(35);
BEGIN
DBMS_SESSION.SET_CONTEXT('PERDBA_CTXT','SETUP','TRUE');
l_logged_person:= SYS_CONTEXT('USERENV','SESSION_USER');
SELECT SUBSTR(initial_rsrc_consumer_group,1,4) INTO
l_user_role FROM dba_users WHERE username = l_logged_person;
IF l_user_role = 'MM' THEN
BEGIN
DBMS_SESSION.SET_CONTEXT
('PERDBA_CTXT','ROLE','MM');
SELECT username INTO l_persons_id
FROM userrole
WHERE userNAME = SYS_CONTEXT
('USERENV','SESSION_USER');
DBMS_SESSION.SET_CONTEXT
('PERDBA_CTXT','PERSONS_ID','L_PERSONS_ID');
EXCEPTION
WHEN NO_DATA_FOUND THEN
DBMS_SESSION.SET_CONTEXT
('PERDBA_CTXT','PERSONS_ID',0);
END;
ELSIF l_user_role = 'CGM' THEN
BEGIN
DBMS_SESSION.SET_CONTEXT
('PERDBA_CTXT','ROLE','CGM');
SELECT username INTO l_persons_id
FROM userrole
WHERE userNAME = SYS_CONTEXT
('USERENV','SESSION_USER');
DBMS_SESSION.SET_CONTEXT
('PERDBA_CTXT','PERSONS_ID','L_PERSONS_ID');
EXCEPTION
WHEN NO_DATA_FOUND THEN
DBMS_SESSION.SET_CONTEXT
('PERDBA_CTXT','PERSONS_ID',0);
END;
END IF;
DBMS_SESSION.SET_CONTEXT('PERDBA_CTXT','SETUP','FALSE');
END SETCONTEXT;
END CONTEXTPACKAGE;
3. create security package
CREATE OR REPLACE PACKAGE securitypackage AS
FUNCTION gradeselectsecurity(OWNER IN VARCHAR2, OBJECT_NAME IN
VARCHAR2)
RETURN VARCHAR2;
END SECURITYPACKAGE;
4. create security package body
Here this condition will get attached to select when user log's
in
CREATE OR REPLACE PACKAGE BODY securitypackage IS
FUNCTION gradeselectsecurity(OWNER IN VARCHAR2, OBJECT_NAME IN
VARCHAR2)
RETURN VARCHAR2 IS
l_predicate VARCHAR2(200);
l_get_role VARCHAR2(20);
BEGIN
l_predicate:='1=2';
l_get_role := SYS_CONTEXT('PERDBA_CTXT','ROLE');
DBMS_OUTPUT.PUT_LINE(L_GET_ROLE);
IF (RTRIM(LTRIM(l_get_role)) = 'MM') THEN
l_predicate := 'grd_id IN (SELECT GRD_ID FROM GRADEROLE
WHERE USERROLE = (SELECT USERROLE FROM
userROLE WHERE USERROLE = ''MM'' AND USERNAME
= ''OPS$PERDBA''))';
--L_GET_ROLE AND
--USERNAME = ''OPS$PERDBA''))';
--SYS_CONTEXT(''PERDBA_CTXT'',''PERSONS_ID'')))';
-This script does not work., thats why i fixed values as MM and
ops$perdba
END IF;
RETURN l_predicate;
END gradeselectsecurity;
END SecurityPackage;
5. create consumer group
BEGIN
DBMS_RESOURCE_MANAGER.CLEAR_PENDING_AREA();
DBMS_RESOURCE_MANAGER.CREATE_PENDING_AREA();
DBMS_RESOURCE_MANAGER.CREATE_CONSUMER_GROUP(CONSUMER_GROUP
=> 'MM', COMMENT => 'GROUP FOR GRADES JM TO MM');
DBMS_RESOURCE_MANAGER.VALIDATE_PENDING_AREA();
DBMS_RESOURCE_MANAGER.SUBMIT_PENDING_AREA();
DBMS_RESOURCE_MANAGER.CLEAR_PENDING_AREA();
END;
6. create users
CREATE USER ops$ravi idetified by ravi
default tablespace pay3_ts
temporary tablespace temp_pay3_ts;
grant connect , resource to ops$ravi;
grant create session to ops$ravi;
grant select on dba_users to ops$ravi;
user ops$cgm also created in the same fashion.
7. Assign initial consumer group
-- assign initial consumer group
BEGIN
DBMS_RESOURCE_MANAGER_PRIVS.GRANT_SWITCH_CONSUMER_GROUP
('OPS$RAVI','MM',TRUE);
DBMS_RESOURCE_MANAGER.SET_INITIAL_CONSUMER_GROUP
('OPS$RAVI','MM');
END;
8. Attach security policy
--attach security policy fg11
BEGIN
DBMS_RLS.ADD_POLICY( 'OPS$PERDBA',
'ZARINE_TEST',
'GRADE_SELECT_POLICY',
'OPS$PERDBA',
'SECURITYPACKAGE.GRADESELECTSECURITY',
'SELECT',
TRUE
END;
12. create context trigger
-- create context trigger fg12
CREATE OR REPLACE TRIGGER PERDBA.setsecuritycontext
AFTER LOGON ON DATABASE
BEGIN
PERDBA.CONTEXTPACKAGE.SETCONTEXT;
--null;
END;you have mistyped the username/schemaname, it is ops$perdba, not perdba
-
Getting MS Access Error Code 1157 when installing ODBC Driver
I am not an Oracle programmer, so please forgive me if this is a simple question. I am trying to access an Oracle database using MS Access 2000. I'm following the step-by-step instructions that our IT department sent to me, but I did not have the Oracle ODBC Driver installed. I downloaded a driver from OTN, but when I try to set-up Access to use the Oracle Driver, I get a dialog box that says the setup routines could not be loaded because of system code error 1157. What does this mean? Is this an Access or Oracle problem? How can I get Access to connect to Oracle? Thanks for any help.
I'm guessing that you don't have the Oracle client installed. If this is the case, you probably want to bother the IT folks for the CD (or a pointer to a local copy of the image). You can download the Oracle client off OTN, but it's a very large download.
If you do have the Oracle client installed, check your PATH environment variable to see whether the %ORACLE_HOME%\bin directory is in your path.
Justin -
Error code RSAR245 when generating transfer rules
Hello all
I'm trying to activate infosource 0DF_IS_DFS_32 but it produces an error:
"Error generating program
Message no. RSAR245
Diagnosis
An error occurred during program generation:
Template: RSTMPL80
Error code: 6
Row: 1.236
Message: The data object "P_S_APPL" does not have a compone
Procedure
Correct the template to remove the problem."
I have followed the note 602318 but the problem persists.
Any idea? Thank you, points will be asigned.It shows now:
"Transfer structure 0DF_IS_DFS_32_AA NOT activated successfully Activate manually".
I tried to activate in SE38, program RS_TRANSTRU_ACTIVATE_ALL but it shows the same error and suggests to activate it manually...but how? Does anybody know any method to activate it manually?
btw, I don't understand the sentence "The data object "P_S_APPL" does not have a component". how can I assign a component to a data object?
Thanks!
Edited by: Andy Smith on Feb 13, 2008 12:33 PM -
Compilation Error for Flynet when generating webservice
Hi,
Can anyone help me verify this error?
Here is the screenshot.
http://i143.photobucket.com/albums/r127/landpork/CompilationError.jpg
Edited by: Polytechnic Ngee Ann on Jul 9, 2009 7:37 AMHello,
The best thing to do is to send an e.mail to us at support at flynetviewer.com
It's difficult from the screenshot to tell what is wrong. If you e.mail us then we can hep you further.
I recommend that you read the getting started guides that are in the SP1>Connectivity>flynet Web Service Generator directory , which should be the same directory as you installed Flynet WSG from.
Best Regards,
Ian Learmonth
[http://www.flynetviewer.com] -
Error vk 894 when generate new info structure
Hello,
I have a problem, when i generate new info structure, the system get me the folowing message : VK 894, and the structure don't generate correctly.Check out the feilds of the infotype ..also post back the feilds of the infotype...looks like there is a problem in fetching the data -inconsistencies in the same.
Delete the same and try at fresh with all the feilds required for the infostructure.
Also check in OMO1 what type of updating you have selected it should be asynchronous updating !!
Maybe you are looking for
-
My photoshop CS5 will not open either from the desktop or from the program list. I can open Bridge but when I then try to view a photo in photoshop I get a message that says Bridge has stopped working and will have to close down.
-
How to integrate BI Appliation with EBS
Hi All, I have installed BI Application 7.9.4 version and Oracle EBS 11.5.10 versions.Want to know the process how we will do the integration of BI Appliaction with EBS. I have do something following the "Oracle® Business Intelligence Applications In
-
Muse auto detecting desktop vs. mobile layout
Hi, In my site which is under development at www.gary-online.com/ncmobile If I view it on my mobile device I see the 'desktop' version of the site. I would expect that Muse would detect that this site has two possible layouts (a desktop and a mobile
-
Calling two transaction in one Zprogram
How to call two transaction (MIGO and MIRO)with each transaction should display two different window simultaneously from one Zprogram.. Pls let me know ...
-
Handover of variable from Webtmeplate to Webtemplate
Hi, I am trying to define via selection in an analysis item a variable and hand it over from this template to the next where a) the same query shall display the previous selected data, togehter with other data b) in teh new template the variable shou