Grant role to user in form 6i
Dear all,
I have a role called ets_manager. How can i grant it to my user steve in forms 6i? I mean what is the script? I have a button when button pressed i want the role be granted to a user
Thanks in advance.
regards
Try out FORMS_DDL Built-in
http://www.oracle.com/webapps/online-help/forms/10g?topic=formsddl_html
Similar Messages
-
How can use Oracle Developer2000 Form6 to grant priveledge and role to user in database (oracle 8i) from Trigger of Form6. Is there any built-in about this statement?
PL/SQL doesn't allow you to issue DDL commands directly, but it does provide a utility package called DBMS_SQL. This allows you to create dynamic SQL statements at runtime and execute them. The code you would need are as follows:
In declaration section -
v_sql varchar2(200);
v_cursor number;
v_result number;
In the code body -
v_sql := 'GRANT <ROLES> TO <USER>';
v_cursor := dbms_sql.open_cursor;
dbms_sql.parse(v_cursor, v_sql, dbms_sql.native);
v_result := dbms_sql.execute(v_cursor);
You can ignore the value of v_result as it is not a DML statement. Also you could build your SQL string up dynamically using variables from your form ie:
v_sql := 'GRANT '||:FORM.ROLE||' TO '||:FORM.USER;
Hope that helps!
Ian -
Oracle 10.2.05
Linux environment
I just granted a role to a user, but the user does not have privileges base on the role.
Here is what I did:
First create a user (db_user) using system id
Second, create role schema_admin_role
Then run the script to grant privileges to the role
(SELECT 'grant select, insert, update, delete on ' ||owner|| '.'||table_name || ' to schema_admin_role;' from dba_tables WHERE OWNER = 'another_schema';
Then run
grant schema_admin_role to db_user;
The problem:
When db_user tries to update table X own by another_schema, he gets not sufficent privileges
But when I run (select owner, table_name,privilege from dba_tab_privs where grantee = 'SCHEMA_ADMIN_ROLE'; ), I see all the privileges owned by this role.
Any solution from your end will be appreciated.sb92075 wrote:
did db_user start a new session after GRANT was issued?Yes he did - also when I try to list all privileges granted to db_user, I get no row seleted. On the other hand, when I query privileges granted to role schema_admin_role, I see all privileges granted earlier
example
select owner, table_name,privilege from dba_tab_privs where grantee = 'SCHEMA_ADMIN_ROLE'; ---Here we get all privileges
select owner, table_name,privilege from dba_tab_privs where grantee = 'DB_USER'; --No row seleted -
Who granted role to user and when
In Oracle 11g, is it possible to find out who granted a particular role to a user and when? Like maybe from logs?
SELECT log_mode
FROM v$databasewill tell you whether the database is running in ARCHIVELOG mode or not. You'd need for the database to be running in ARCHIVELOG mode and to have the archived logs back to the point in time that the role was granted in order to use LogMiner.
I don't suppose there is any chance that you had enabled auditing of GRANTs prior to the role being granted, is there? That would be the appropriate way to capture that information going forward.
Justin -
How do i grant Access to users to modify published organizational forms outlook 2007 and 2010, we use exchange server 2010 in our environment. Please advise.
Aditya MedirattaHi Aditya
Thank you for your question.
Organizational Forms belongs to public folder. You can use Add-PublicFolderClientPermission modify user permission.
You can refer to the following link:
http://technet.microsoft.com/en-us/library/bb124743(v=exchg.141).aspx
you can refer to the following link to create organizational form;
http://technet.microsoft.com/en-us/library/gg236889(v=exchg.141).aspx
the public folder permission,you can refer to the following link:
http://technet.microsoft.com/en-us/library/ee633461(v=exchg.141).aspx
If any questions, please let me know.
Best Regard,
Jim Xu -
I created a custom security extension following the steps listed in the Readme_Security Extension Sample. It works fine if I login as the user that is specified AdminConfiguration section of the rsreportserver.config file but if I
log in as another user, I get this error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed. I've added the user to both System Administrator
and System User roles to try to get it to work but still no luck.
Does anyone know how to fix this?
Thanks.Hi MetronM,
The issue is due to that user have no permission to access the report server. In report manager, Reporting Services includes predefined roles that we can assign to users and groups to provide immediate access to a report server. Each role defines a collection
of related tasks.
You can refer to the following steps to assign corresponding role to the user.
Open report manager.
Click “Folder Setting” button.
Click “New Role Assignment” icon.
Type the user name and select the corresponding role.
There is an article about Granting Permissions on a Native Mode Report Server, you can refer to it.
http://technet.microsoft.com/en-us/library/ms156014.aspx
Regards,
Alisa Tang
Alisa Tang
TechNet Community Support -
Hi,
in forms 10g , it's possible to change the role for user
REVOKE role_name FROM :USERNAME;This should work, but the user revoking a role from a different user needs to have the admin option of this role.
When creating a role, by default the "Admin option" for that role should be enabled for the user creating the role.
Normally, this would be the schema-owner of the application objects ...
A user holding the "admin option" may grant a role to a different user and grant the other user "admin option" on this role... -
Grant role and make it default
Hello all,
I'm facing an awkward situation whit the grant command.
Let's say we have a user some_owner that is granted the role some_role with admin option.
We have a procedure owned by some_owner as follows:
CREATE PROCEDURE "+some_owner"."GRANT_ROLE"
(P_USER IN VARCHAR2
BEGIN
EXECUTE IMMEDIATE 'GRANT some_role TO ' ||UPPER(P_USER);
END;
A user some_user who has execute privilege on the procedure is able to successfully execute the procedure using SQL+ and the role some_role is granted (default = Y) to the user.
However, when the procedure is called from a 10g form, the role is granted (default =N)
Have you ever faced a similar situation?
Thanks in advanse
JosephTest first post second.
SQL> CREATE USER john identified by john;
User created.
SQL> GRANT oem_monitor TO john;
Grant succeeded.
SQL> SELECT granted_role,default_role
2 FROM dba_role_privs
3 WHERE grantee = 'JOHN';
GRANTED_ROLE DEF
OEM_MONITOR YES
SQL> GRANT hs_admin_role TO john;
Grant succeeded.
SQL> SELECT granted_role,default_role
2 FROM dba_role_privs
3 WHERE grantee = 'JOHN';
GRANTED_ROLE DEF
HS_ADMIN_ROLE YES
OEM_MONITOR YES
SQL> GRANT finrep TO john;
Grant succeeded.
SQL> SELECT granted_role,default_role
2 FROM dba_role_privs
3 WHERE grantee = 'JOHN';
GRANTED_ROLE DEF
FINREP YES
HS_ADMIN_ROLE YES
OEM_MONITOR YES
SQL> ALTER USER john DEFAULT ROLE ALL EXCEPT finrep;
User altered.
SQL> SELECT granted_role,default_role
2 FROM dba_role_privs
3 WHERE grantee = 'JOHN';
GRANTED_ROLE DEF
FINREP NO
HS_ADMIN_ROLE YES
OEM_MONITOR YES
SQL> REVOKE hs_admin_role FROM john;
Revoke succeeded.
SQL> GRANT dba TO john;
Grant succeeded.
SQL> SELECT granted_role,default_role
2 FROM dba_role_privs
3 WHERE grantee = 'JOHN';
GRANTED_ROLE DEF
DBA YES
FINREP NO
OEM_MONITOR YESGranting or revoking roles has no effect on other existing roles. A granted role is always a default row unless you tell Oracle otherwise.
TTFN
John -
How can I see which roles or users have access to a table?
How can I see which roles or users have access to a table?
For a given table, how can I see the grants, who and what?
Many thanksdba_tab_privs.
Grantee can be a role or an user, as roles are fake users.
Sybrand Bakker
Senior Oracle DBA -
Assigning roles to users programmatically
Hi,
I want to programmatically create roles, assign roles to users etc.
I saw at this thread
ADF Security Policy Store
the folowing scriptlet by Frank Nimphius
try {
IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore();
try {
UserManager userManager = idstore.getUserManager();
RoleManager roleManager = idstore.getRoleManager();
Role adminRole = idstore.searchRole(Role.SCOPE_APPLICATION,"admin");
// create user
//TODO check for empty username and password
User newUser = userManager.createUser(this.username,this.password.toCharArray());
roleManager.grantRole(adminRole,newUser.getPrincipal());
} catch (IMException e) {
// TODO
} catch (JpsException e) {
// TODO
return null;
this is a TP3 scriptlet, is it still working on the 11g production?
I try it and i get a JpsException
oracle.security.jps.JpsException
at oracle.security.jps.internal.common.util.JpsCommonUtil.getValidIdStore(JpsCommonUtil.java:1004)
do I have to replace "idstore.xml.provider" with something else depending on my configuration?
thanks
TilemahosHi Frank thanks for the answer,
I check this functionality at WLS embeded LDAP and I shaw your "How-to configure OID for authentication in WebLogic Server" post.
I manage to add users and assign them roles that i created at my application.
But what if I want to have a super user that can create new roles and assign them member roles?
eg.
Developer created roles (policy store):
accessPage1 ( granted all the necesery principals to access page1 )
accessPage2 ( granted all the necesery principals to access page2 )
Super user created roles
Role1 member roles :accessPage1,accessPage2
If i want my application to have that functionallity i must create roles programmatically wont I?
If there another way?
By the way I followed the advices at the following useful links
Chris Muir: http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html
Frank Nimphius's How-to configure OID for authentication in WebLogic Server
Edwin Biemond's Using OpenLDAP as security provider in WebLogic
Andrejus Baranovskis: Practical ADF Security Deployment on WebLogic Server
And I manage to add users of the Microsoft LDAP at the WLS
but I could't mekae them group members of my application groups (roles)
is this possible?
Thanks -
Problem in assigning roles to users
Hi
I created Role in EP, which i want to assign to the users. i assigned that role to user. the user i not able to access the particular iviews. i attached some R/3 transactions iviews to that role. it says unable to lookup the system or system alias. when i assign that role to me, i'm able to access that iviews(R/3).
i have superadmin role permissions.
what default roles and permissions need to assign for users.
suggest me
thx
pradeepHi Pradeep,
In SP9 apart form creating a System, we need to assign permissions for users.
Follow this path:
System Administration -> Permissions -> <select your System in Portal Content> -> Open Permissions <on right click>. This would take you to the Permission Editor.
Here you need to add the user and assign permissions.
Please check this and let me know if its working.
Awaiting Reply.
Warm Regards,
Ritu -
LDAP/AD Role group user login issue in sharepoint 2010 FBA with LDAP
Hi.
I created sharepoint 2010 site with LDAP FBA.If I add the AD user as form based user and try to login to my site its working very well but if I add a AD Group in to my site and try to login with one of the AD user of this group its say "Access
Denied".
In my project we want add AD group in sharepoin Groups not a individual AD users.
Can anyone help me with this please its urgant?I added both LDAP membership and LDAP Role provider.And I can also find groups in people picker in my Central Admin and FBA Web app site colleciton.
<add name="ADMembers"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
server="company.com"
port="389"
useSSL="false"
userNameAttribute="sAMAccountName"
userContainer="DC=company,DC=com"
userObjectClass="person"
userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
userDNAttribute="distinguishedName"
scope="Subtree"
enableSearchMethods="true"
otherRequiredUserAttributes="sn,givenname,cn"
/>
<add name="ADRoles"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="Company.com"
port="389"
useSSL="false"
groupContainer="DC=Company,DC=com"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
userFilter="(ObjectClass=person)"
scope="Subtree" /> -
Differences between Roles, Schemas, Users and Logins.
I need differences between Roles, Schemas, Users and Logins. Can anyone help me. Thanks in advance
Roles:
I think of creating roles in the database to group users of like
function. Roles are granted certain permissions in the database. You
should become familiar with the fixed database roles since these will be
utilized once you start creating users within the database. Also, once
you see the type of permissions that are granted to each role, is makes
more sense.
Schema: there can be several schemas in a database,
which will house different types of objects such as tables, indexes,
stored procedures, functions, etc. Users own schemas. Looking into
the AdventureWorks database illustrates this concept, with several
schemas like HR, Production, etc.
Login: Think about login as
gaining access to the SQL Server instance. If a user account is not
granted any permissions within the instance, you basically just were
able to unlock the door and enter the room, by creating a user you then
grant access to the database objects or principals, and can begin to
work with them.
Users: Users own schemas, and as such will be
able to manipulate the objects they own. Some of the manunipulations
are very permissive, such as creating tables, indexes, stored
procedures, functions, etc. These are developers and administrators.
Users
are created and granted permissions for application use, which will
have select, update, insert, and delete and execute permissions to a
finite set of objects in the schema, for which the application will need
to function properly.
In a client server database, as an
example, of the structure. Roles were defined which provides the
permissions to the database objects in the database, which only has one
schema 'dbo'. One SQL server login was created with the same username,
and dbo is the assigned default schema, and the roles assigned to that
username.
In the application, each specific user is given there own
"application" login which is mapped to the one defined sql server
login.
Ahsan Kabir Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread. http://www.aktechforum.blogspot.com/ -
the problem as follows ,
connector DBUM-11.1.1.6.0 used to provision user to oracle DB , i can create user on oracle db with no errors , but i notice that password is inccorrect when i use same password used when creating user under OIM , adding role to user for example ( Resource , connect ) rejected , i have checked logs and i found the follwoing error
WatchRuleType: Log
WatchRule: (SEVERITY = 'Error') AND ((MSGID = 'WL-101020') OR (MSGID = 'WL-101017') OR (MSGID = 'WL-000802') OR (MSGID = 'BEA-101020') OR (MSGID = 'BEA-101017') OR (MSGID = 'BEA-000802'))
WatchData: DATE = Aug 14, 2012 12:06:54 PM AST SERVER = oim_server1 MESSAGE = [ServletContext@411956704[app:oim module:xlWebApp path:/xlWebApp spec-version:2.5 version:11.1.1.3.0]] Root cause of ServletException.
javax.servlet.jsp.JspException: Can't insert page '/layouts/tjspClassicLayout.jsp' : Write failed: Broken pipe
at org.apache.struts.tiles.taglib.InsertTag$InsertHandler.doEndTag(InsertTag.java:902)
any one can help me figure out wht is the problem ?i have checked logs again and found the following errors
from OIM resource page show the following error
Response: Operational attribute '__CURRENT_ATTRIBUTES__' can not be added or removed.
Response Description: Unknown response received
Error Details
Setting task status... "Operational attribute '__CURRENT_ATTRIBUTES__' can not be added or removed." does not correspond to a known Response Code. Using "UNKNOWN".
<BEA-000000> <Error: SIZE_LIMIT_EXCEEDED[LDAP: error code 4 - Sizelimit Exceeded]>
=================
<Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcLookupOperationsBean/getLookupValuesForColumnFilteredData encounter some problems: Lookup.DBUM.Oracle.Tablespacesis not a valid form field>
=================
<Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcLookupOperationsBean/getLookupValuesForColumnFilteredData encounter some problems: Lookup.DBUM.Oracle.Profilesis not a valid form field>
==================
<Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcLookupOperationsBean/getLookupValuesForColumnFilteredData encounter some problems: Lookup.DBUM.Oracle.Temp.Tablespaceis not a valid form field>
==================
<Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcLookupOperationsBean/getLookupValuesForColumnFilteredData encounter some problems: Lookup.DBUM.Oracle.Rolesis not a valid form field>
=================
<Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcLookupOperationsBean/getLookupValuesForColumnFilteredData encounter some problems: Lookup.DBUM.Oracle.WithAdminOptionis not a valid form field>
=================
<Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcLookupOperationsBean/getLookupValuesForColumnFilteredData encounter some problems: Lookup.DBUM.Oracle.Privilegesis not a valid form field>
====================
<Aug 15, 2012 2:03:01 PM AST> <Error> <org.apache.struts.tiles.taglib.InsertTag> <BEA-000000> <Can't insert page '/layouts/tjspClassicLayout.jsp' : Write failed: Broken pipe
java.net.SocketException: Write failed: Broken pipe
at jrockit.net.SocketNativeIO.writeBytesPinned(Native Method)
at jrockit.net.SocketNativeIO.socketWrite(SocketNativeIO.java:46)
at java.net.SocketOutputStream.socketWrite0(SocketOutputStream.java)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at weblogic.servlet.internal.ChunkOutput.writeChunkTransfer(ChunkOutput.java:568)
at weblogic.servlet.internal.ChunkOutput.writeChunks(ChunkOutput.java:539)
at weblogic.servlet.internal.ChunkOutput.flush(ChunkOutput.java:427)
at weblogic.servlet.internal.CharsetChunkOutput.flush(CharsetChunkOutput.java:298)
at weblogic.servlet.internal.ChunkOutputWrapper.flush(ChunkOutputWrapper.java:188)
at weblogic.servlet.jsp.JspWriterImpl.flush(JspWriterImpl.java:99)
at org.apache.struts.tiles.taglib.InsertTag$InsertHandler.doEndTag(InsertTag.java:893)
at org.apache.struts.tiles.taglib.InsertTag.doEndTag(InsertTag.java:465)
at jsp_servlet._pages.__taskdetailspage._jsp__tag0(__taskdetailspage.java:111)
at jsp_servlet._pages.__taskdetailspage._jspService(__taskdetailspage.java:76)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
<Aug 15, 2012 2:03:01 PM AST> <Error> <HTTP> <BEA-101017> <[ServletContext@410340580[app:oim module:xlWebApp path:/xlWebApp spec-version:2.5 version:11.1.1.3.0]] Root cause of ServletException.
javax.servlet.jsp.JspException: Can't insert page '/layouts/tjspClassicLayout.jsp' : Write failed: Broken pipe
at org.apache.struts.tiles.taglib.InsertTag$InsertHandler.doEndTag(InsertTag.java:902)
at org.apache.struts.tiles.taglib.InsertTag.doEndTag(InsertTag.java:465)
at jsp_servlet._pages.__taskdetailspage._jsp__tag0(__taskdetailspage.java:111)
at jsp_servlet._pages.__taskdetailspage._jspService(__taskdetailspage.java:76)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:35)
Truncated. see log file for complete stacktrace
WatchRule: (SEVERITY = 'Error') AND ((MSGID = 'WL-101020') OR (MSGID = 'WL-101017') OR (MSGID = 'WL-000802') OR (MSGID = 'BEA-101020') OR (MSGID = 'BEA-101017') OR (MSGID = 'BEA-000802'))
WatchData: DATE = Aug 15, 2012 2:03:01 PM AST SERVER = oim_server1 MESSAGE = [ServletContext@410340580[app:oim module:xlWebApp path:/xlWebApp spec-version:2.5 version:11.1.1.3.0]] Root cause of ServletException.
javax.servlet.jsp.JspException: Can't insert page '/layouts/tjspClassicLayout.jsp' : Write failed: Broken pipe
at org.apache.struts.tiles.taglib.InsertTag$InsertHandler.doEndTag(InsertTag.java:902)
at org.apache.struts.tiles.taglib.InsertTag.doEndTag(InsertTag.java:465)
at jsp_servlet._pages.__taskdetailspage._jsp__tag0(__taskdetailspage.java:111)
at jsp_servlet._pages.__taskdetailspage._jspService(__taskdetailspage.java:76)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:35)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:417) -
I want to revoke a number of roles from users. What I found is if one or more roles were not granted to the user before, then the whole 'revoke' statement will fail, i.e. the granted roles will not be revoked from the user. Is there a way to let the statement revoke the granted roles even though there may be some roles were not granted. For example;
REVOKE role1,role2,role3 from user;
I want to revoke role1 and role2 even though role3 were not granted to the user.Why don't you test this yourself?
satyaki>
satyaki>select * from v$Version;
BANNER
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Prod
PL/SQL Release 10.2.0.3.0 - Production
CORE 10.2.0.3.0 Production
TNS for 32-bit Windows: Version 10.2.0.3.0 - Production
NLSRTL Version 10.2.0.3.0 - Production
Elapsed: 00:00:00.98
satyaki>
satyaki>
satyaki>
satyaki>
satyaki>create role r1;
Role created.
Elapsed: 00:00:01.80
satyaki>
satyaki>
satyaki>GRANT select ON emp TO r1;
Grant succeeded.
Elapsed: 00:00:00.51
satyaki>
satyaki>
satyaki>create role r2;
Role created.
Elapsed: 00:00:00.02
satyaki>
satyaki>grant update on emp to r2;
Grant succeeded.
Elapsed: 00:00:00.05
satyaki>
satyaki>
satyaki>grant r1 to hr;
Grant succeeded.
Elapsed: 00:00:00.17
satyaki>
satyaki>grant r2 to titan;
Grant succeeded.
Elapsed: 00:00:00.07
satyaki>
satyaki>
satyaki>revoke r2 from hr;
revoke r2 from hr
ERROR at line 1:
ORA-01951: ROLE 'R2' not granted to 'HR'
Elapsed: 00:00:00.12
satyaki>
satyaki>Regards.
Satyaki De.
Maybe you are looking for
-
HP OfficeJet Pro 8500 A909a - scanning stopped working in Windows 8
I'm using a HP Officejet Pro 8500 with Windows 8, connected via Ethernet. I was having a scanning issue with Windows 8 when I first upgraded from Windows 7 a few months ago that resolved when I reinstalled Windows 8 completely, but now it seems tha
-
Good Method To Send Videos Through email?
I live in california with my family but will be in china visiting for 5 weeks beginning july 3rd. i have a macbook and would like to record video of myself and send it to them. What would be the best way of doing this? I'd record through imovie, and
-
9iFS: import multiple files with common attributes
Hello, Customer wants to apply attributes to a set of contributed documents, all at once. They also want to recursively apply partial attributes to sets of folders / documents. Did I miss this fundamental feature? Does it require customization?
-
Optimal Block Size for Xserve's RAID hosting Final Cut Server
What would be the optimal block size for the software RAID on the machine that will be hosting Final Cut Server? The default is 36K. Since FCS is essentially a database, would be the optimal settings? Any glimpse what data size chunks FCS write to th
-
SD output determination using trasnmission medium sample mail
Working on output determination for sales documents. I configured new ouput type z111 .path: img>sd>Basicfunctions>ouput control>Maintain ouput determination for sales docs> maintain output types> here I entered new ouput type z111 and I selected Tra