Grant access to DBlink

Similar Messages

• Sql server grants access to specific login to database.

  i have created website for intranet and hosted it on server. for that i needed to create login "IIS APPPOOL\hi" in sql server 2008 for my application
  to access my "reportdb" database. "IIS APPPOOL\hi" has sysadmin and public server roles in sql server 2008. And i have default login"sa" same
  as "IIS APPPOOL\hi". these are working correctly. Now I want these two logins to access"reportdb" for all
  operations in database and remaining all logins should be denied to access"reportdb". My Sql Server 2008 is having mixed mode (windows authentication and Sql authentication). plz help me

  I think what Tauseef is requesting is to keep access for the 2 sysadmins & deny access to everyone else, correct?
  As Uri mentioned, by being part of sysadmin role, “IIS APPPOOL\hi” & “sa” would have access to everything in the server, and nobody else should have access to the DB unless explicitly being granted access.
  If you would really deny anyone else access to the database, you can potentially deny connect to public, and only sysadmins (who override permissions) would be able to connect; although I would strongly recommend against such practice.
  Something else I would like to recommend against is the usage of sysadmin for what may not be a DBA role (IIS appPool). Following the least-privilege principle, I would recommend having a non-administrator user for applications that has enough capabilities
  to perform the tasks needed.
  The main risk is that a SQL injection (SQLi) bug in your application would lead to a complete compromise of your SQL server.
  If there are app tasks that would require elevated permissions, I would recommend encapsulating the logic in a stored procedure and either use impersonation or digital signatures to accomplish a controlled elevation of privileges instead. If you have any
  question on this topic I will be glad to assist.
  I hope this information helps,
  -Raul Garcia
   SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Update to IOS 6 has been a nightmare. Facebook would allow me to save pictures unless I granted access to my foto album. Does this mean my pictures are going be planted all over the web? The safari keeps crashing and loading is slow.

  update to IOS 6 has been a nightmare. Facebook would allow me to save pictures unless I granted access to my foto album. Does this mean my pictures are going be planted all over the web? The safari keeps crashing and loading is slow. Most infuriating is that YouTube was deleted from my entertainment apps and I now have to pay for it if I want it back!! This is a bloody disgrace.

  Back up all data.
  Boot into Recovery by holding down the key combination command-R at the startup chime. Release the keys when you see a gray screen with a spinning dial.
  Note: You need an always-on Ethernet or Wi-Fi connection to the Internet to use Recovery. It won’t work with USB or PPPoE modems, or with proxy servers, or with networks that require a certificate for authentication.
  When the OS X Utilities screen appears, follow the prompts to reinstall the OS. You don't need to erase the boot volume, and you won't need your backup unless something goes wrong. If your Mac was upgraded from an older version of OS X, you’ll need the Apple ID and password you used to upgrade, so make a note of those before you begin.

• Grant access to all the views created in user schema to another schema

  How to grant access for all the views created in own HAGGIS schema to comqdhb schema on the HAGGIS database.
  Oracle Grant Privileges
  ===============
  Object privileges assign the right to perform a particular operation on a specific object
  I read that we can use select 'grant select on' ||view_name||'HAGGIS' user_views where owner='COMQDHB'
  Is this right
  Oracle System Privileges
  ===============
  System privileges should be used in only cases where security isnt important,because a single grant statement could remove all security from the table
  Role based security
  ============
  Role security allows you to gather related grants into a collection-since the role is a predefined collection of privileges that are grouped together.privileges are easier to assign to users.
  [http://www.dba-oracle.com/art_builder_grant_sec.htm]
  can we grant select update to all the views at a time to the other schema.
  Are there any other ways to secure the data other than creating users and assigning roles.
  Thank you
  Edited by: Trooper on Dec 23, 2008 9:24 AM

  I think what was suggested was that you use SQL to generate the grants on each and every view, that is, you use SQL to generate SQL where the SQL being generated is "grant select on view_name to role'"
  If you users to connect to Oracle you have to create usernames for them though if the users only connect via an application the application might run just as one user and access to the application is controled via application security. The control on the application can be via Directory Services such as OID or MS Active Directory. User access to Oracle can also be controlled via OID.
  To connect to Oracle you can use OS authenication (not recommended), usernames with passwords, or via Advanced Security Option which supports single sign-on products like Kebros or Oracle Internet Directory etc....
  Example using SQL to generate SQL
  How do I find out which users have the rights, or privileges, to access a given object ?
  http://www.jlcomp.demon.co.uk/faq/privileges.html
  HTH -- Mark D Powell --

• Why doesn't Photoshop touch ask for access to local photos on my iPad so I can grant access and edit?

  Why doesn't Photoshop touch ask for access to local photos on my iPad so I can grant access and edit?

  That's odd. Does this mean that you want to have the request or that you can't see the photos even though you enabled it over the privacy/photos?
  If you enable it - it's not necessary to get the request. If you want the request the safest way to get it back is to reset the privacy settings by going to iPad settings/General/Reset/Reset Location & Privacy
  thanks,
  Ignacio

• Problem Granting access on Business Area to Role

  Hello everybody,
  I am trying to grant access on a Business Area to a role but when I try to do so, the role does not appear in role list. It only shows role connect and resource.
  The version of Discoverer I am using is 10.1.2.
  Anyone has the same issue?
  Phil
  Message was edited by:
  [email protected]
  Message was edited by:
  [email protected]

  Hello everybody,
  I am trying to grant access on a Business Area to a role but when I try to do so, the role does not appear in role list. It only shows role connect and resource.
  The version of Discoverer I am using is 10.1.2.
  Anyone has the same issue?
  Phil
  Message was edited by:
  [email protected]
  Message was edited by:
  [email protected]

• How to grant access to sharepoint for the user from different Domain

  Hi All
      I need to grant access to user from different domain. 
      Where I can able to view the users in people picker (different domain).
  Thanks in Advance.
  Raj

   Hi
  Trevor Seward
  Sorry to disturb
  you again.
    I am trying to restrict user from search from other domain, say we have domain A and Domain B, where I am trying to restrict all the user from domain B (Search users)for a site collection. I have found couple of stsadmin command to do so. but none
  of them works. Below are the commands I have tried
  STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv "domain:<Name>.domain" -url "http://Site URL"
  stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv “(canonicalName=<Name>.domain*)” -url "Site URL"
  we have two way trust.
  Can you suggest any solution.
  Thanks 
  Raj

• Grant access to individual content

  Hello,
  I'm currently implementing a UCM solution and I came upon a customer requirement that I don't even know if it is possible to implement with UCM.
  I will try to explain by giving an example:
  The company has 2 Departments: Department 1 and Department 2 and for each department it was created a Security Group.
  SG_DEP_1 for Department 1 and SG_DEP_2 for Department 2.
  The company also has 2 users, one for each department, with full accesses:
  BOB_1 has RWDA to SG_DEP_1 and EDDIE_2 has RWDA to SG_DEP_2.
  Each user can manage its own Security_group, but what happens if BOB_1 needs to show a document to EDDIE_2 (example: for asking EDDIE_2 for an legal advice on a given document). Could BOB_1 grant read access to EDDIE_2 on that specific document ? (I'm not talking about granting access to SG_DEP_1, just the document).
  Note: in my specific projects, there are at least a dozen Departments, each tightly secured, but with needs to show 'some' content on a daily basis. What the customer really needs it the hability to specify access permissions individually on each content item (groups or specific users).
  How would you implement such a use case? I'm starting to consider the possibility on having to implement a BPM, or something like that to provide this level of control.
  Thanks
  Luís Duarte
  Edited by: user10359998 on Sep 25, 2008 4:19 AM

  Hi!
  In the HowtoComponents, there is a component named "SecurityFilter" :
  "This component demonstrates how to use the 'alterUserCredentials' filter to temporarilly boost a user's security privileges for one request. This filter is useful for dynamicly granting accounts and roles for specific service requests, or for specific users." quoting the readme of the component.
  You can download it there : http://www.oracle.com/technology/products/content-management/ucm/samples/index.html
  Hope it helps!
  romain.

• Grant access to application

  Hi All,
  I am working with Olite 10gR2;
  I created and deployed my application with data subsetting parameter using wtgpack; I published the application successfully.
  I then created a group and granted access to my application to the group.
  I created user's and added the users to the group. This worked fine last week in dev and I was able to add all 90 users to the group.
  Problem: I was able to add two users now; when I tried adding a third user I got this error message -
  "Error in executing " Save application ":oracle.lite.web.resource.ResourceException: CONS-10049: Consolidator Exception: Closed Statement "
  When I tried granting access to my application, to individual users as an alternative to adding users to group with access to the application, I get this error;
  Error Message: "Virtual Path Is Null"
  I will appreciate any solution on this error message. I need to be able to add more users to the group.
  Thanks for your time.

  I created a servlet filter for faces-servlet
  Don't map filter to servlet.
  Use URL mapping, something like:
    <filter-mapping>
      <filter-name>YourFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
  Also have a question about ReadOnlySQLAuthenticator. Mentioning sensitive queries like query to get the password of the user from the table etc, is it secure? will it lead to any type of security threat like if a user get access to console and get the query etc?
  Your sql queries shouldn't be 'sensitive'
  Best practice is to store secure hash(for example: SHA1 or better) instead of encrypted password.
  (ReadOnly)SQLAuthenticator can use encrypted passwords or secure hash(check Provider Specific Configuration). To make this to work, you will need to create secure hash and append {ALGORITHM_TYPE} to begin of hash.
  For example: {SHA1}asdsijifndfbj=
  And of course, you need to protect your WLS admin console(and enterprise manager, if deployed).
  Use strong admin password and restrict access to console url (if possible).
  Dario

• Grant access to page programmatically

  Hi
  I am looking into using pl/sql procedures in portal 9.0.2 to grant access for users and groups, programmatically, to a page that i have created.
  I am trying to use this procedure:
  wwsec_api.set_user_acl(p_object_type_name,p_owner ,p_name ,p_authorization_function );
  However, i m not too sure how to set the variables for p_object_type_name and p_name and how are i can extract the correct object_type_name from WWSEC_PRIV_OBJECT_TYPE. I am also not sure if I am on the right track.
  Would appreciate if anyone can advise on this procedure and if there are any other ways of implementation.
  Thank you and best regards
  Siew Leng

  Select the Documents folder, choose Get Info from the Finder's File menu, give them access under Sharing & Permissions, and tell them to use the Go to Folder command in the Go menu to access /Users/yourname/Documents/. Alternatively, move them to /Users/Shared/.
  (75108)

• Grant Access to folder for everyone - URGENT!!!!

  I've created a folder with the "wwsbr_api.add_folder" function, and I want to add privileges to another group or user. The problem arises when a user, different from the one who created the folder, tries to access to the documents contained in that folder. He/she won't be able to access this documents as there is no grant access for them.
  Can I give a grant access in that folder to another group or user with another API function?
  Version Portal 3.0.9.8.0
  It is very urgent so I would appreciate some help from you,
  Thanks in advance
  kind regards,
  Enrique

  Just a suggestion:
  This question has been asked several times on this forum, and there are some good answers out there. Please try to use the search function before posting a question.
  Hint: search on the the word "privilege".

• Grant access to users from different Domains

  Hi,
  Recently my company was merged with another. All users from my company are setup in our Domain (DomainA). Sharepoint is able to see the users in this domain and grant access to the users as well. When the merger happened, we created a Group (Test - Sharepoint)
  in our AD to add groups from other companie's domain:DomainB, totally different Forest. There is a two way trust setup between these domains. The group Test-Sharepoint is "domain local" and it is able to see the groups/users from other domain: DomainB.
  The other users are now able to access our sharepoint environment once access is granted to DomainA\Test-Sharepoint.
  Problem came when we applied Audience targetting around few web parts. The users from DomainB who are added as object in DomainA\Test-Sharepoint (group in DomainA) are not able to see the web parts that have audience targeting for this group. Someone
  suggested that AD groups should be Global or Universal but that is not our case. Most of the groups in our AD are domain local and SP is able to see the users within it.
  Please suggest how we can resolve audience targeting issue?
  Regards, Kapil ***Please mark answer as Helpful or Answered after consideration***

  My apologies, yes that is correct you'll have to use Domain Local in this case. http://technet.microsoft.com/en-us/library/cc755692(v=WS.10).aspx
  Actually what you'll need to do is not use Groups in your domain at all, as the users are Foreign Security Principals. Instead, use a group in the trusted domain, or attributes of the users you intend to target directly.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Grant access to specfic schema

  Is there any way that these permissions could be created without the ANY clause?
  CREATE ANY CONTEXT
  DROP ANY CONTEXT
  EXECUTE ANY PROCEDURE
  EXECUTE ANY TYPE
  I got access to only one schema ..Client side DBA are not permitting access to "ANY" clause but they are ready to grant access like create context, drop context etc ..Is there any access like CREATE CONTEXT, DROP CONTEXT,EXECUTE PROCEDURE,EXECUTE TYPE for to give access to one user alone..etc ???
  Advice me on this !!
  Regards
  dkoracle

  Pl post details of OS and database versions.
  Have you read the documentation ?
  http://download.oracle.com/docs/cd/E11882_01/server.112/e26088/statements_5002.htm#i2060927
  http://download.oracle.com/docs/cd/E11882_01/server.112/e26088/statements_8008.htm#i2099532
  If so, what have you found ?
  If not, I think it is time to read up !
  Srini

• Grant Access on View

  Hi,
  I would like to know the appropriate and easy way of granting access (SELECT,INSERT,UPDATE..Etc) on newly created object (VIEWS/SYNONYMS) to all users at one go.
  I have created a public synonym so that I can grant the access on synonym.
  Appreciate any suggestions.
  Thanks

  You will need a script or package to do this.
  e.g something like :-
  spool grant_select_to_all.sql
  select 'grant select on '||object_name||' to select_role;'
  from user_objects where object_type in('VIEW','TABLE');
  spool off;
  @grant_select_to_all.sql

• Signed applet - NO Grant access dialog

  I've develped a signed applet which works with the java plugin 1.3.1 and a self signed certificate. while developing i followed the description from irene67 in this forum. every thing works perfektly apart from the grant access dialog. after installing my certificate and starting my applet nothing happens appart from an file.io.exceptino (access denied)! i've tried out everything i could find in about 200 articels in several forums. but in the meantime i have no idea what i can do! may be anybody can help me!

  At some point the Plug-in switched from using the Windows Certificate Manager to using the cacerts file. If you're using Plug-in 1.3.1, then it's using the cacerts file to determine whether the jar is signed with a certificate chain that ends with a trusted ca. Use keytool to import your certificate into cacerts. If you've already tried that, then maybe list the commands that you've issued in your attempt so we can have a look.