Fine grained control of sessions
Hello,
at the moment I'm developing a web application for my company using JSP for the presentation tier. The main pupose of the site is to inform customers about our products, but it should contain some kind of shopping cart, too.
My problem is:
Because of of various reasons I don't want a session object (and a session id) to be created as long as the client just visits pages with static content. But as soon as he orders something, a session should be triggered and should persist as long as necessary. I would like to control this behaviour with a parameter or so.
I found a solution, but it is not very smart:
On every JSP I add the following code at the beginning:
<c:if test="${param['nosession']==1}" >
<!-- Delete session! -->
<% session.invalidate(); %>
</c:if>This prevents the URL-encoding of the page links. The problem is, that every time a page is requested, a new session will be created (and send as a HTTP parameter to the customer) only to be invalidated during processing of the JSP later. Are there better solutions?
Thanx in advance.
Dieter
you do not invalidate the session, but the session object is
unavailable only on that page.That is my understanding of how this works.
In effect it removes the implicit call to request.getSession(true) that every jsp makes to populate the variable "session"
If I use the <c:url> tag on page 2 using a cookieless browser the link
is still encoded with the session? Sorry, don't know that one.
The <url> tag will still call response.encodeURL() of course.
I'm not sure if it would pick up the presence of the sessionid or not though.
The session is definitely still there.
The cookie (if present) is obviously still there.
The sessionId is sent as part of the request.
Theoretically it SHOULD pick it up and encode it still if present. I've never tried it myself though.
Good luck,
evnafets
Similar Messages
-
Fine-grained control with Magic Trackpad?
One thing I find difficult with the Magic Trackpad is making very small adjustments to slider controls in apps such as image and audio editors. I'm referring to the sort of sliders that are sensitive to mouse scroll wheels.
Aside from keeping a mouse connected to operate these controls, or going back and forth to System Preferences to change the tracking speed, are there any ways to do this more easily with a trackpad? For example, a utility that lets you switch to fine-grained movement with the trackpad when you hold down a certain key?you do not invalidate the session, but the session object is
unavailable only on that page.That is my understanding of how this works.
In effect it removes the implicit call to request.getSession(true) that every jsp makes to populate the variable "session"
If I use the <c:url> tag on page 2 using a cookieless browser the link
is still encoded with the session? Sorry, don't know that one.
The <url> tag will still call response.encodeURL() of course.
I'm not sure if it would pick up the presence of the sessionid or not though.
The session is definitely still there.
The cookie (if present) is obviously still there.
The sessionId is sent as part of the request.
Theoretically it SHOULD pick it up and encode it still if present. I've never tried it myself though.
Good luck,
evnafets -
Fine-grained control of colors in a bar chart
Hello,
Short version: How do I control the colors of the bars in a bar chart in Keynote, so that each bar, representing a particular entity, retains its color no matter its position relative to the other bars after updating the chart?
Detailed version: I am using iWork '09. In Keynote I have a 3D bar chart showing an indicator for different companies (industry comparison). The companies are sorted in ascending order by revenue, so that the lowest bar (company with smallest revenue) is to the far left and the tallest - to the far right. I update the chart regularly. I have the following problem: each bar, representing a company, is in a particular color. When I update the chart, if the the order of the companies changes, the colors of the bars do not change, so that in the new chart the order of the colors is the same, although some or all of the bars now represent different companies. In other words: if in version 1 company A is in red and comes before company B which is in blue, if in the next version company A comes after company B, I want its bar to still be red. In the current situation, if company A comes after company B its bar will be blue and comapny B's will be red, i.e. red still comes before blue.I have to give up the beautiful colors of the automatic chart and only use the restricted number of colors from the color well.
There is no restricion in the choice of colour, the colour depth on a Mac has over 16 million to choose from.
Further, the fill type has options for; colour, gradient, image and tint -
Fine grained control of page generation
I'm using UIX generated pages. In the tableGroup.jut template am I correct in assuming that $TABLE_ITEMS$ and $TABLE_SELECTION$ are replaced by the JAG and therefore any changes to the actual table rows and <tableSelection> element would have to be done post generation ?
Are there plans to allow for a more detailed level of control over page generation in future ?
ThanksYes we do have plans for more finegrained control. The next major release (so not the maintainance release due next month but the one where we will align with JDeveloper 10.1.3 and ADF Faces) we will try to have as much generation logic reside in (customizable) templates as possible. Item-level templates are first on our list, but we plan to take it much further. Ultimately, we would like to have no implementation code (meaning xml/jsf/html, not Java code as we don't generate Java code to begin with) 'black-box generated' out of our generator any more (especially for the UI).
This is the ultimate goal and I can't promise we'll reach it in one go, but we really like the template/token-driven generator idea and will create our entire generator architecture around it in the next major release (which we have not started coding but have been brainstorming a lot about).
Kind regards,
Peter Ebell
JHeadstart Team -
제품 : ORACLE SERVER
작성날짜 : 2005-11-24
FINE GRAINED ACCESS CONTROL(FGAC)를 위한 DBMS_RLS.ADD_POLICY의 VERSION별 특징
=======================================================================
PURPOSE
row leve의 security 및 context관리 방법인 FGAC에 대한 간단한 개념 및 사용방법은
<bul 23026>에 제시하였다.
이 문서에는 FGAC를 위한 dbms_rls package의 8i ~ 10g까지의 version별 특징을
정리하며, STATIC_POLICY와 POLCICY_TYPE parameter에 대해서는 예제를 이용하여
자세히 살펴보도록 한다.
Explanation & Examples
dbms_rls.add_policy를 사용할 때 일반적으로 주는 value값의 예제는 다음과 같다.
이중 대부분은 default값을 이용하여, 일반적으로는 앞의 5개의 parameter만
value를 주면 된다.
SQL> exec DBMS_RLS.ADD_POLICY ( -
> object_schema => 'SCOTT', -
> object_name => 'EMP', -
> policy_name => 'POL1', -
> function_schema => 'SYS', -
> policy_function => 'PREDICATE', -
> statement_types => 'SELECT', -
> static_policy => false, -
> policy_type => DBMS_RLS.DYNAMIC
> long_predicate => false);
1. FGAC의 version별 특징
(1) sec_relevant_cols/sec_relevant_cols_opt : 10G
위에 기술한 add_policy procedure의 parameter외에 10g에서 추가된
parameter로 다음 두 parameter가 존재한다.
이 parameter는 해당되는 column이 조회될때만 policy가 작동하게 하기 위한
것으로 metalink.oracle.com site에서 <Note 250795.1> 를 살펴보면 사용 방법
및 예제를 확인 가능하다.
- sec_relevant_cols
- sec_relevant_cols_opt
(2) long_predicate : 10G
default는 false이며, true로 지정하는 경우 predicate이 4000 bytes이상이
될 수 있다.
(3) statement_types : 10G부터 INDEX type추가
9i까지는 SELECT, INSERT, UPDATE, DELETE에 대해서는 FGAC를 적용할 수
있었으나, 10g부터는 INDEX type도 지정 가능하다.
index를 지정하는 경우, function-based index 생성을 제한할 수 있으며,
자세한 예제는 metalink.oracle.com site에서 <Note 315687.1>를 조회하여
확인할 수 있다.
(4) EXEMPT ACCESS POLICY 권한 : 9i
특정 user가 모든 fine-grained access control policy의 영향을 받지
않도록 하려면 exempt access policy권한을 grant하면 되며, 이것은 9i부터
소개되었다.
SQL> grant exempt access policy to scott;
와 같은 방식으로 권한을 부여하면 되며, 이에 대한 자세한 예제는
metalink.oracle.com site에서 <Note 174799.1>를 통해 확인 가능하다.
(5) synonym에 대한 policy설정 : 9.2
synonym에 대해서 VPD (Virtudal Private Database)에 대한 policy를 설정하는
것이 가능해 졌으며 이에 대해서는 metalink.oracle.com에서 <Note 174368.1>를
조회하여 자세한 방법 및 예제를 살펴볼 수 있다.
(6) static_policy : 8.1.7.4
static_policy paramter는 8i에는 없던 것으로 9i에서 도입되면서, 8.1.7.4에도
반영되었다. default값은 false이며, 8173까지는 항상 false인 형태로 동작한다.
즉, policy function이 매번 object를 access할때마다 실행된다.
8.1.7.4부터는 이 parameter를 true로 설정할 수 있는대, 이렇게 되면
해당 session에서 policy function이 한번 실행되고 그 function이 shared pool에
cache되어 있으면 재실행없이 그대로 사용된다.
10g부터는 (7)번에 설명하는 policy_type parameter가 추가되어,
이 parameter에 true로 지정하는 대신, static_type은 false로 두고,
policy_type을 dbms_rls.static 으로 지정하면,
9i와 8174에서 static_policy를 true로 한것과 같은 결과가 나타난다.
(7) policy_type: 10g
다음과 같이 5가지 value가 가능하며, 이 중 default는 dynamic이다.
- STATIC
policy fuction에 포함된 predicate이 runtime환경에 따라 다른 결과를 내지
않는 경우 사용하게 된다. 예를 들어 sysdate의해 다른 결과를 return하는
경우에는 사용하면 사용하면 문제가 될 수 있다.
static을 사용하는 경우 policy function은 한번 실행되어 SGA에 올라온 다음
이후 같은 session에서 같은 object를 사용시에는 재실행 없이 해당 predicate의
결과를 그대로 사용한다.
- SHARD_STATIC
STATIC과 같으나, 이 값은 다른 object에 대해서도 같은 predicate function이
사용되는 경우, 먼저 cache된 predicate을 찾아서 있으면 그 값을 이용한다.
STATIC의 경우는 다른 object 사이에서는 공유하지 않으며 같은 object에
대해서만 cache된 값을 사용한다.
- CONTEXT_SENSITIVE
한 session에서 context가 변경되면 그때 predicate를 재 실행시킨다.
WAS(web application server)를 사용하는 경우 connection pooling방법을
기본적으로 사용하는대, 이 경우 하나의 session을 여러 사용자가 이어서
교대로 사용하는 방식이 된다. 이 경우 middle tier단에서 context를 설정해
주면 context가 변경될때마다 predicate를 새로 실행시켜 변경된 sysdate나
session_user등의 값을 다시 계산하게 되는것이다.
jdbc에서 context설정에 관한 예제는 metalink.oracle.com에서
<Note 110604.1>에서 확인가능하다.
- SHARED_CONTEXT_SENSITIVE
context_sensitive와 동일하며, 단 shared_static과 마찬가지로 여러 object에
대해서 같은 predicate을 사용하는 경우 다른 object에 대한 같은 predicate이
cache되어 있는지를 먼저 살펴본다.
존재하면 session private application context가 변경되기 전까지 그 predicate의
결과를 그대로 사용한다.
- DYNAMIC
이 값이 default값이다. 즉, predicate function이나 시스템이나 환경에
영향을 받는다고 판단하여 statement가 실행될때마다 매번 predicate function을
재 실행하여 환경에 맞는 값을 return하여 준다.
아래에서 sysdate 값에 따라 다른 결과를 return하게 되어 있는
predicate을 이용한 예제를 통해 정확한 메카니즘을 확인한다.
2. static_policy 및 policy_type의 value에 따른 policy function의 작동예제
(a) STATIC_POLICY => TRUE and POLICY_TYPE => NULL
(1) 기존에 pol1 policy가 존재하는 경우 다음과 같이 drop시킨다.
SQL> exec DBMS_RLS.DROP_POLICY ('SCOTT', 'EMP','POL1');
(2) 다음과 같이 predicate function을 scott user로 만들어둔다.
SQL> create or replace function PREDICATE (obj_schema varchar2, obj_name varchar2)
2 return varchar2 is d_predicate varchar2(2000);
3 begin
4 if to_char(sysdate, 'HH24') >= '06' and to_char(sysdate, 'MI')<'05' then
5 d_predicate := 'ename = sys_context (''USERENV'' , ''SESSION'');
6 else d_predicate := 'sal>=3000';
7 end if;
8 return d_predicate;
9 end predicate;
10 /
(3) pol1을 새로 add시킨다.
SQL> exec DBMS_RLS.ADD_POLICY ( -
object_schema => 'SCOTT', -
object_name => 'EMP', -
policy_name => 'POL1', -
function_schema => 'SCOTT', -
policy_function => 'PREDICATE', -
statement_types => 'SELECT', -
static_policy => TRUE, -
policy_type => NULL);
(4) adams user에서 scott.emp를 조회해 본다.
단 다음과 같이 scott.emp에 대한 select권한을 king에게 주어야 한다.
SQL>grant select on emp to king;
SQL>!date
Thu Nov 24 14:01:13 EST 2005
SQL> connect king/king
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7839 KING PRESIDENT 17-NOV-81 5000
10
5분이후가 되어 predicate function의 if조건을 만족하지 않아도,
king user는 같은 값을 emp table에 대해서 return한다.
SQL>!date
Thu Nov 24 14:10:13 EST 2005
SQL> connect king/king
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7839 KING PRESIDENT 17-NOV-81 5000
10
(b) STATIC_POLICY => FALSE and POLICY_TYPE => DBMS_RLS.DYNAMIC
(1) 기존의 policy를 다음과 같이 drop시킨다.
SQL> exec DBMS_RLS.DROP_POLICY ('SCOTT', 'EMP','POL1');
(2) pol1을 새로 add시키는대 이대 static_policy와 policy_type을 다음과 같이
변경한다.
SQL> exec DBMS_RLS.ADD_POLICY ( -
object_schema => 'SCOTT', -
object_name => 'EMP', -
policy_name => 'POL1', -
function_schema => 'SCOTT', -
policy_function => 'PREDICATE', -
statement_types => 'SELECT', -
static_policy => flase, -
policy_type => dbms_rls.dynamic);
(3) king user에서 조회해본다.
predicate function은 위의 2-(a)에서 실행한 것을 그대로 사용한다.
즉 (a)를 실행하지 않은 경우, 조회전에 (a)-(2)번을 실행해야 한다.
SQL>!date
Thu Nov 24 15:01:13 EST 2005
SQL> connect king/king
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7839 KING PRESIDENT 17-NOV-81 5000
10
5분 이후가 되어 다시한번 king user에서 실행해본다.
SQL>!date
Thu Nov 24 15:10:13 EST 2005
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7788 SCOTT ANALYST 7566 19-APR-87 3000
20
7839 KING PRESIDENT 17-NOV-81 5000
10
7902 FORD ANALYST 7566 03-DEC-81 3000
20
RELATED DOCUMENTS
<Note 281970.1> 10g Enhancement on STATIC_POLICY with POLICY_TYPE Behaviors
in DBMS_RLS.ADD_POLICY Procedure
<Note 281829.1> Evolution of Fine Grain Access Control FGAC Feature From 8i
to 10gfirst you could use default column values, not a trigger, which is more expensive.
if your apps already assumes full access to table to get max id ( another RT ), this is bad. Current RLS can not really help if you can not change the apps because of this flaw logic ( you can store the maxid anywhere, why scanning the whole table to find it ) -
Got ORA-00439: feature not enabled: Fine-grained access control
Trying to implement VPD, I've got ORA-00439 when implementing Fine-grained access control. Will this be available on XE?
Hi,
lewisc: Yes. I mean "persistent package variables" and I know this feature is available in any version of Oracle. But, I don't know how It works whith HTMLDB when using "HTMLDB Authentication Scheme".
i.e.: when I connect to an HTMLDB Application, I can see a new session on
V$SESSION with username=ANONYMOUS with SID=xxx and SERIAL#=yyyy.
1.-Will HTMLDB use the same session until User Press "logout" link?
2.-Will this particular Database session be exclusive or shared for any HTMLDB sessions?
3.-If I Logout from HTMLDB App, then Login again, Will HTMLDB reuse the same session?
or will create a new one?
-About VPD.
VPD is a Personal Edition feature too. All features of EE is
available on Personal Edition except RAC and a few others
specials features.
After all:
Maybe with these examples you can see my question.
CREATE OR REPLACE VIEW myviewname
AS
SELECT *
FROM mytablename
WHERE somecolumn = V('Fxxx_HTMLDB_ITEM_NAME')
CREATE OR REPLACE TRIGGER mytriggername
BEFORE
INSERT
ON mytablename
FOR EACH ROW
BEGIN
:new.mycolumn1 := V('Fxxx_HTMLDB_ITEM_NAME');
END;
Can these two examples work? If so, maybe there is something wrong in my applications.
Thanks GaryM for your issues and I already know this can be done that way -
I'm endlessly frustrated with iTunes Cloud syncing, something that was supposed to make lenjoying my music easier. I routinely find that, though itunes and podcasts have been split, iTunes arbitrairily removes music files or in progress podcast in favor of 'new' podcasts. The settings are just not fine-grained enough to allow true user control and so we are instead subjected to 'Apple knows best' protocols. I understand and appreciate the level of exacting control Apple excercises over their ecosystem, however, more and more often I see them tightening control over things that should be user control while dropping the ball on aesthetic desisions made in producing their own software (see the hideous pull down tab for iTunes to access Podcast, TV shows, Music, etc.
I would like to see features like those in Mail and the Podcasting apps implemented in iTunes afor the management of content on mobile devices, for instance it would be great to swipe to delete files that you know longer want on your device, at both the album and song level. Another issues is the new pushiness of iRadio and iTunes Store, the app now seems to default to the iRadio page (versus the last page Albums, songs, etc. that the user was navigating, or in the instance of the iTunes Store push, if I doon't have all the tracks of an album i own on my mobile device 'complete my album' takes you to iTunes store rather than showing the 'cloud' download icon next to missing tracks. These are the tactics I expect from Google, not Apple (pushing commerce over quality user experience).
Fix these things Apple, please. -
Fine Grain Access Control gives ORA-02014
Using Fine Grain Access Control on Oracle 8i 8.1.6, when a policy is enabled on a table then queries of the form "select * from table for update nowait" give "ORA-02014 cannot select FOR UPDATE from view with DISTINCT, GROUP BY, etc.".
Similar queries without the "for update nowait" work OK.
Does anyone have a fix or workaround?
nullI ran into this. If you're using a function to add to/add a where clause to your statement, when the where clause gets appended to the end and generates an error. You should be seeing trace files in the udump area of oracle that show you the actual sql line that is being created in error. I modified my function to add the FOR UPDATE NOWAIT in the correct place.
-
Function-based index error due to fine-grained security
Hi, i'm working on Oracle version 9.2.0.5.
I'm trying to create a function-based index but i'm getting an error due to fine-grained security. I checked resource_view but if i'm not wrong I should have all necessary roles. I also added xdbadmin to this user to be sure.
I tried also to alter my session but it didn't worked.
Connected to Oracle9i Enterprise Edition Release 9.2.0.5.0
Connected as test_ste
SQL>
SQL> create index fbidx_schede_xml
2 on schede_progetti_xml p
3 (p.PROGETTO.extract('/Project/Elenco_unita/Unita/Responsabile/Cognome/text()').getStringVal());
create index fbidx_schede_xml
on schede_progetti_xml p
(p.PROGETTO.extract('/Project/Elenco_unita/Unita/Responsabile/Cognome/text()').getStringVal())
ORA-28133: full table access is restricted by fine-grained security
ORA-06512: at "SYS.XMLTYPE", line 0
ORA-06512: at line 1
SQL>
SQL> alter session set query_rewrite_enabled = true;
Session altered
SQL> alter session set query_rewrite_integrity = trusted;
Session altered
SQL> create index fbidx_schede_xml
2 on schede_progetti_xml p
3 (p.PROGETTO.extract('/Project/Elenco_unita/Unita/Responsabile/Cognome/text()').getStringVal());
create index fbidx_schede_xml
on schede_progetti_xml p
(p.PROGETTO.extract('/Project/Elenco_unita/Unita/Responsabile/Cognome/text()').getStringVal())
ORA-28133: full table access is restricted by fine-grained security
ORA-06512: at "SYS.XMLTYPE", line 0
ORA-06512: at line 1
SQL> select * from user_role_privs;
USERNAME GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE OS_GRANTED
TEST_STE CONNECT NO YES NO
TEST_STE CTXAPP NO YES NO
TEST_STE RESOURCE NO YES NO
TEST_STE XDBADMIN NO YES NO
SQL> This are ACL on my schema:
<ACL>
<acl description="Private:All privileges to OWNER only and not accessible to others" xmlns="http://xmlns.oracle.com/xdb/acl.xsd" xmlns:dav="DAV:"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/xdb/acl.xsd http://xmlns.oracle.com/xdb/acl.xsd">
<ace>
<principal>dav:owner</principal>
<grant>true</grant>
<privilege>
<all/>
</privilege>
</ace>
</acl>
</ACL>I tried to create a similar function-based index on Oracle 10.2.0.3 without any problem and without touching any ACL, is an Oracle 9.2.0.5 problem?
Thanks for your attention.I didn't really (production wise)work yet with VPD. I know a lot is based on DBMS_RLS and I guess (IF it is VPD related) it should be to hard to find in the doc's how you could check what is beyond your privileges. As a DBA I noticed that even the dba account SYSTEM isn't always allow to export the full content for the tables anymore.
There is a privilege that grants you all access that you need, despite the fact that you are not allowed to read certain rows from a table. Look it up.
In all, as I said, it looks like account is not allowed to see all data from a table. In that respect it sounds logical that you also are, in that case, not allowed to build a function based index on that data -
Fine-Grained Password Policy problem
Hi All,
I'm testing a Fine-Grained Password Policy for a group of users.
I created a test PSO using ASDI Edit and applied the PSO to a global security group.
Test user has been added to this group.
The PSO settings include "Enforce password history: 5"
The user has changed the password.
After 24h when I logged in as the user and changed the password - for example: Password1.
After another 24 hours I changed the password to Password2.
One day later I've been asked to change the password again.
In theory I shouldn't be able to use any of the 5 previous passwords (password history = 5) but when I entered Password1 it was accepted.
Do you know where can be the problem ?
System info: Windows Server 2008 R2 (forest/domain level is also 2008)
Regards,
MarcinThis is very interesting. I don't have any lab to repro though... So I can't look at it closer.
From an LDAP perspective, when you change your password on AD, you have to comply with the password history policy. This requirement is send by the server to the client thanks to the supported control: LDAP_SERVER_POLICY_HINTS_OID that you can see just by
looking at the RootDSE of one of your DC (http://msdn.microsoft.com/en-us/library/cc223320.aspx Used with an LDAP operation to enforce password history policies during password set). I am
aware of issues with AD-LDS not honoring it, but not AD... I am not sure if the situation described with FIM here matches your issue:
http://support.microsoft.com/kb/2443871 in this article:
"The "Enforce password history" and "Minimum password age" Group Policy settings do not work when you reset the password for a Windows Server 2008 R2-based or a Windows Server 2008-based computer."
But it would mean that it also affects users not having a FGGP (because this isn't specific to FGGP), ad the minimum password age as well. If you have a chance to try this in a lab, let us now... In the mean time, if you can share logs or code from your
app? Like the section that does the password change?
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
Fine Grained Access ERROR on INSERT when generating unique keys
I'm using VPD/Fine Grained Access Control (FGAC) to implement security on my 9i backend. I created a security policy function that returns the predicate 'owner = USER'; - each of the tables has an additional column titled OWNER which contains the name of the logged-in user. Every time a user inserts a record, a BEFORE INSERT trigger fires (for every row) and inserts the USER name into the OWNER column. This is fairly straightforward and ensures that users can see only their rows. Using the DBMS_RLS.add_policy procedure, I attached the security policy to several tables and made it effective upon SELECT, UPDATE, INSERT, and DELETE statements.
However, the frontend Java application (custom-made) generates unique IDs (sequences are not used) by selecting max(ID)+1 from the primary key columns of the tables. The problem is that the predicate is appended to the SELECT max(ID)+1 query to limit the max(ID) to only those rows where 'owner = USER'. Therefore, the max(ID) generated is not the largest ID for the entire table, but only the largest among the USER rows.
So unless that USER happens to have the the largest ID in the whole table (and it has worked then), a primary-key violation error will be returned and the INSERT operation will be aborted.
How can I allow every USER to select from AND get the absolute largest ID from the PK column without allowing that user to select records that don't belong to him? If I had developed the application, I would have made use of sequences on the back-end to generate unique primary key IDs. Unfortunately, I don't have this option and must work with the application as is.
NOTE: the front-end Java application understands only the base table names, NOT Views created by me on the server. If the answer to this problem involves views, how can I make use of them on the backend when the front-end code does not recognize them?
Any help is greatly appreciated!
Michaelfirst you could use default column values, not a trigger, which is more expensive.
if your apps already assumes full access to table to get max id ( another RT ), this is bad. Current RLS can not really help if you can not change the apps because of this flaw logic ( you can store the maxid anywhere, why scanning the whole table to find it ) -
RMAN backups running slow with Catalog , Running fine using control file.
I am facing a weird scenario
RMAN backups are running fine with Control file but are failing using Catalog
There are other databases configured on the same catalog and they are running fine leaves us to suspect this is issue with Database.
Can you please suggest what need to be checked in such scenario
DB: 11.2.0.2
OS: Aix 6.1
Catalog : 11.2.0.2Hi,
Basically its not only with backups, simple list incarnation also taking a lot of timeDo sql tracing on your catalog session and target db session while running the 'list incarnation' command for your problem dbs and a normal dbs.
Regards,
Tycho -
To extend a clip I have `Show Fine Tuning controls' turned on in my iMovie 11 preferences, but the blue forward/backward buttons don't appear. To get the orange handle bar, is there a hotkey?
That's a comment in the file. It has no effect at all.
-
How to pass the context from Portal to Database for fine grain access?
Hi,
I am developing an omniportlet and I need to pass on the context of the logged in user to the database so that when the user tries to access data in the omniportlet, he can see data relevant to him only. Does anyone know how to do that?
I have set up a light weight user scott and also has a schema in the database by the same name (scott)..
what I am trying is when the user logs in as scott in the portal site and runs an omniportlet, he should be dynamically be logged in to scott the schema so that the data visible to him can be restricted. Same should happen for other users as well.
Does anyone know in which table in the PORTAL schema is this connection information stored, so that I can override it using some API..?
Thanks,
AbhiI had tried sending the user_name in the sql and that works fine. but my requirement is that the user should login to his schema and only his schema directly and automatically.. such that even if an omniportlet is created using some default schema, when user logs in he can access only the schema meant for him..
e.g. While running the omniportlet when logged-in as user scott, he should be logged-in to scott schema in the database, so that the fine grain access can be enabled ..
Edited by: user6386347 on Mar 12, 2009 12:15 PM -
Should I use the fine-grained auditing?
I need to record the changes (of data) made to serveral tables by users. For example, I have to check the before and after images of the changes and what kind of transactions they do to cause the changes. Sould I program the logging procedure in the application or should I use the fine-grained auditing function of oracle to do it. I am not sure what this built-in function can do for me. Can anyone give me some advice on this? Thks.
A beginnerWhy Fine-Grained Auditing?
You may want to check standard auditing if it is suitable for you
http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/cfgaudit.htm#BABCFIHB
I don't think you can get pre and post update values of the affected data with Auditing.
FGA is useful when you want to audit just a "subset" of the data in the table.
(for instance, audit everyone that wants to get all records from EMP table where SALARY > 100000)
Message was edited by:
tekicora
Maybe you are looking for
-
I have found many solutions to this problem assuming home internet access, but I only have access to the internet via my iPhone. I do not want online capability in my PS3. All I want to be able to do is control iTunes on my MacBook, and hear/view the
-
'bapi_document_create2' open original
Hi, We try to open document with original using 'bapi_document_create2'. the document was create, but the original checked in. can i use this bapi - and leave the original open ? (check out). thanks, Aviva.
-
IOS 4.2.1 Broke VPN
Any reason 4.2.1 would break our VPN connection? Currently connecting to a SonicWall VPN using L2TP. Everything worked great on 3.2.2, but broke on 4.2.1. I have even downgraded and it works fine, but no go on 4.2.1
-
hi all, in that IDOC extension program(customer) user exit for extension it is not coming to change mode in my IDES version.It shows the warning message 'This include program is for user_exit only'. Rgs, Venkat.
-
Model type for DB stored procedures back end?
I have to use a database via stored procedures (#>100) as a back end system in a web dynpro application. And I wonder which type of model is the most appropriate for that usage szenario. Of course, I have to create some kind of DAO to access the db a