Grant select role with filter ?
hi,
is it possible to Grant select with filter to a role, for example,
user should select where ename='smith'
I guess you may want something similar to VPD
Similar Messages
-
Select Granted By Role Doesn't Work
Oracle 11.1.0.7.0 running on AIX
This is crazy I don't know why it is happening or even how it is happening but when I grant a role to a user they still cannot select from the granted tables & views.
CREATE ROLE RETROMAN_USERS NOT IDENTIFIED
GRANT SELECT ON YBP.DDA_STATUS_CODES TO RETROMAN_USERS
GRANT SELECT ON YBP.DEMAND_DRIVEN_ACTIVITY TO RETROMAN_USERS
GRANT SELECT ON YBP.V_DDA_STATUS_CODES TO RETROMAN_USERS
GRANT SELECT ON YBP.V_DEMAND_DRIVEN_ACTIVITY TO RETROMAN_USERS
GRANT RETROMAN_USERS TO SABEL WITH ADMIN OPTION
GRANT RETROMAN_USERS TO CKING
GRANT RETROMAN_USERS TO FCROWELL
GRANT RETROMAN_USERS TO HCAMPBELL
GRANT RETROMAN_USERS TO LJOHNSON
GRANT RETROMAN_USERS TO RWILLIAMS
GRANT RETROMAN_USERS TO LMONTCALM
When I try to Select * from ybp.Demand_Driven_Activity as hcampbell I get a "table or view does not exist" error. where other users can get results using the same query. Any ideas? I am completely out of them. I am not a DBA and our company doesn't employ a DBA - scary huh. Any help would be greatly appreciated.
ScottOK, the user cannot select from the table...
$ sqlplus hcampbell@devorcl
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 07:51:33 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> select * from ybp.demand_driven_activity;
select * from ybp.demand_driven_activity
ERROR at line 1:
ORA-00942: table or view does not exist-----
Let's grant the role and verify that the role is assigned and what privileges it has.
oracle@qa:/home/oracle
$ sqlplus sabel@devorcl
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 07:53:21 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> grant retroman_users to hcampbell;
Grant succeeded.
SQL> select * from DBA_ROLE_PRIVS where grantee = 'HCAMPBELL';
GRANTEE GRANTED_ROLE ADM DEF
HCAMPBELL YBPREGUSER NO YES
HCAMPBELL OOPS NO YES
HCAMPBELL YBPENDUSER NO YES
HCAMPBELL RETROMAN_USERS NO NO-----
The role does exist (I think) and has the following permissions
SQL> set linesize 132
SQL> Select * from role_tab_privs Where role = 'RETROMAN_USERS';
ROLE OWNER TABLE_NAME COLUMN_NAME
PRIVILEGE GRA
RETROMAN_USERS YBP DEMAND_DRIVEN_ACTIVITY
SELECT NO
RETROMAN_USERS YBP V_DEMAND_DRIVEN_ACTIVITY
SELECT NO
RETROMAN_USERS YBP DDA_STATUS_CODES
SELECT NO
ROLE OWNER TABLE_NAME COLUMN_NAME
PRIVILEGE GRA
RETROMAN_USERS YBP V_DDA_STATUS_CODES
SELECT NO
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options-----
sys can't see the role though - but that may be normal...
$ sqlplus sys@devorcl as sysdba
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 08:30:34 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> Select * from role_tab_privs Where role = 'RETROMAN_USERS';
no rows selected-----
The user still cannot select from the table
$ sqlplus hcampbell@devorcl
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 08:39:46 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> select * from ybp.demand_driven_activity;
select * from ybp.demand_driven_activity
ERROR at line 1:
ORA-00942: table or view does not exist-----
let's try to make it a default role....
$ sqlplus sabel@devorcl
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 08:42:59 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> ALTER USER HCAMPBELL DEFAULT ROLE YBPREGUSER, OOPS, YBPENDUSER, retroman_users;
User altered.
SQL> exit-----
after the user logs out and then back on, now user can access the table.
oracle@qa:/home/oracle
$ sqlplus hcampbell@devorcl
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 08:47:57 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> Select Count(1) from ybp.demand_driven_activity;
COUNT(1)
161295If I remove the retroman_users from the default role I can still access the table until I log out and then back in so it must have something to do with default roles. I don't know why I didn't see this before but the other users that were granted the retroman_users role and could access the table had their default role set to ALL. Sorry, I didn't give you all the information that you needed to help me, this might have helped:
CREATE USER HCAMPBELL
IDENTIFIED BY h
DEFAULT TABLESPACE DATASMALL
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
ACCOUNT UNLOCK
-- 4 Roles for HCAMPBELL
GRANT YBPREGUSER TO HCAMPBELL
GRANT OOPS TO HCAMPBELL
GRANT YBPENDUSER TO HCAMPBELL
GRANT RETROMAN_USERS TO HCAMPBELL
ALTER USER HCAMPBELL DEFAULT ROLE YBPREGUSER, OOPS, YBPENDUSERI guess I need to read more about Default Roles. Sorry for my belligerent responses. -
Granting SELECT to user on VIEW with FULL OUTER JOIN fails?
I have a quandary.
Using Oracle 9i, I have created a simple view. When I perform a count on it, rows are returned.
However, when I grant SELECT access to another user, they can't see the VIEW. The VIEW has a FULL OUTER JOIN operation in it.
When I do the same thing using a regular join, it works.
Any ideas why, please?
SQL> conn ifsinfo/******@DB
Connected.
SQL> ed
Wrote file afiedt.buf
1 create view mctest3 as
2 select
3 vc.idcus ,
4 ci.customer_id
5 from
6 ifsapp.vmo_company vc
7 full outer join
8 ifsapp.customer_info ci
9 on
10* vc.custno = ci.customer_id
SQL> /
View created.
SQL> select count(*) from mctest3;
COUNT(*)
73994
SQL> GRANT SELECT ON MCTEST3 TO IFSAPP WITH GRANT OPTION;
Grant succeeded.
SQL> CONN IFSAPP/******@DB
Connected.
SQL> select count(*) from IFSINFO.MCTEST3;
select count(*) from IFSINFO.MCTEST3
ERROR at line 1:
ORA-00942: table or view does not existbut with regular join:
SQL> conn ifsinfo/******@DB
Connected.
SQL> create view mctest4 as
2 select
3 vc.idcus ,
4 ci.customer_id
5 from
6 ifsapp.vmo_company vc, ifsapp.customer_info ci
7 where vc.custno = ci.customer_id;
View created.
SQL> select count(*) from mctest4;
COUNT(*)
44269
SQL> GRANT SELECT ON MCTEST4 TO IFSAPP WITH GRANT OPTION;
Grant succeeded.
SQL> conn ifsapp/******@DB
Connected.
SQL> select count(*) from IFSINFO.MCTEST4;
COUNT(*)
44269Hi,
>>SQL> conn ifsinfo/******@DB
Connected.
SQL> ed
Wrote file afiedt.buf
1 create view mctest3 as
2 select
3 vc.idcus ,
4 ci.customer_id
5 from
6 ifsapp.vmo_company vc
7 full outer join
8 ifsapp.customer_info ci
9 on
10* vc.custno = ci.customer_id
SQL> /
According to Note:244315.1, it is not possible to make a FULL OUTER JOIN on views owned by another user at the 9i version of Oracle. As above, do not use FULL OUTER JOIN on views owned by another user. Try to use outer join operator (+), and/or UNIONS instead.
Cheers -
Grant select on all table of a schema to role
Hi , is it possible to grant select on all table on a schema to a role?
To grant SELECT on all tables of the current schema to particular role or user:
SELECT 'GRANT SELECT ON '||TABLE_NAME||' TO READ_ONLY_ROLE;' COMMAND
FROM (
SELECT TABLE_NAME
FROM ALL_TABLES
WHERE OWNER = (SELECT USER FROM DUAL)
Then copy and execute the result commands, eg:
GRANT SELECT ON DEPT TO READ_ONLY_ROLE;
GRANT SELECT ON EMP TO READ_ONLY_ROLE;
GRANT SELECT ON DEMO_USERS TO READ_ONLY_ROLE;
GRANT SELECT ON DEMO_CUSTOMERS TO READ_ONLY_ROLE;
GRANT SELECT ON DEMO_ORDERS TO READ_ONLY_ROLE; -
Is it possible to Grant Nested Roles using Data Pump Export?
I'm on Oracle 10.2.0.5, trying various Data Pump Parameters to obtain an Export containing a statement like "GRANT ParentRole TO ChildRole;" .
This is to Import to 11.2.0.2, on the Windows x64 Platform. I'm using SQLFILE= Parameter in an IMPDP to check the effect of various EXPDP Parameters.
I can get the "CREATE ROLE" Statements with a Full EXPDP using FULL=Y and INCLUDE=ROLE:"IN('ParentRole','ChildRole')"
I can get the Grants of Objects to Roles with a 2nd Schema EXPDP using SCHEMAS=('MySchema') - e.g. I get "GRANT SELECT ON MySchema.MyTable TO ParentRole;"
But I can get the Parameters so that a Role Being Granted to Another Role is Exported.
Is this possible?Can you give an example of the grants, a real example so I can try to create this here. I'm thinking it is a grant that you want, but not sure which grant. There are a bunch of different grants.
Dean -
Granting SELECT on dictionary views ... (?)
Hi there,
please try to find out, what I am doing wrong below:
1. I connect as sys:
connect sys as sysdba
2. Create a role. Just to point out the problem, it will have just CREATE SESSION, CREATE PROCEDURE
create role tr not identified;
grant create session to tr;
grant create procedure to tr;
3. Now the problem: I want the role (users with that role) to have SELECT privilege, just on one dict-view, that is v$session:
My first attempt is denied:
grant select on v$session to tr;
grant select on v$session to tr
FEHLER in Zeile 1:
ORA-02030: can only select from fixed tables/views
Now this in itself is wierd. I read v$-objects are synonyms to v_$-objects. Is that right? What is the problem here? See, what happens next...
4. grant select on v_$session to tr;
That works!
5. create user tu identified by tu;
grant tr to tu;
That works!
6. Now connect as tu/tu
sql*plus Test: select count(*) from v$session;
COUNT(*)
46
works!
7. Now: create a simple stored function to perform the same as my query:
create or replace function testf
return number
is
res number;
begin
select count(*) into res from v$session;
return res;
end;
This is refused with ORA-00942: Table or view does not exist !!!
Simple query on v$session works, but its usage inside a stored function is not allowed??? Please explain!!!
Pointing out to the explanation in the documentation (just one link) would suffice. I just have not found an explanation for this behaviour!
Many thanks in advance!
XenofonOk, It seems this GRANT, even though it is an object privilege it is handled like of those privileges, which can be granted only directly to a user and not to a role;
But on the other hand, the reaction is not the system:
When you try to grant UNLIMITED tablespace to a role you get a definitive error message: ORA-01931.
You don't get this error when granting SELECT on V_$SESSION to a role...
It's getting more and more wierd...
(Does anyone know a complete list of privs which can only be granted directly to a user? I thought it's only UNLIMITED TABLESPACE) -
Database Vault Owner Grant Any Role Permission
So I just noticed that the role DV_OWNER has the system privilege to GRANT ANY ROLE assigned to it by default. I was wondering if this is necessary for something. If not I would like to remove it. We would prefer the Database Vault owner person to not have any permissions execept for logging into the Data Vault console to modify realms and rules and stuff, and as well as looking at audit logs. The DV_OWNER role also has ADMINISTER DATABASE TRIGGER and ALTER ANY TRIGGER privileges which I would like to remove as well. Any body have any opinions on this?
Oracle EE 11.2.0.2 on Windows 2008 R2
Thanks.Sysdba can issue powerful statements such as create user, drop user, alter user, create profile .. and so on... can be done only if it is allowed so by modifying the Can maintain accounts/profiles rule set.
You can also login with dvsys account but that account is locked after installation. So unlock it with
alter user username account unlock; command. And be aware that ANY system privileges are blocked in protected schemas. You can try to grant the following roles in DB Vault := DV_OWNER, DV_REALM_OWNER, DV_REALM_RESOURCE, DV_ADMIN, DV_PUBLIC, DV_ACCTMGR, DV_SECANALYST
Following can help you
SELECT TABLE_NAME, OWNER, PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE = 'DV_ACCTMGR';
SELECT PRIVILEGE FROM DBA_SYS_PRIVS WHERE GRANTEE = 'DV_ACCTMGR';
Regards
Karan -
Default role with password - reality check
I support the database for an application. We upgraded from Oracle10 to Oracle11 9 months ago. Then recently we applied the OCT CPU.
The application admin says that they have a program that has recently stopped working that worked after the Oracle11 upgrade.
The application user has a default role which has a password. Is that possible? A default role with a password. Would this have ever worked in any version of Oracle?Default role with password is a feature even available with Oracle XE. Default roles are activated without requiring role password in Oracle 10.2:
SQL> drop user admin cascade;
User dropped.
SQL> drop user test cascade;
User dropped.
SQL> drop role rwp;
Role dropped.
SQL> select * from v$version;
BANNER
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product
PL/SQL Release 10.2.0.1.0 - Production
CORE 10.2.0.1.0 Production
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
NLSRTL Version 10.2.0.1.0 - Production
SQL>
SQL> create user admin identified by oraclexe;
User created.
SQL> grant create session, create table to admin;
Grant succeeded.
SQL> grant unlimited tablespace to admin;
Grant succeeded.
SQL> grant create user to admin;
Grant succeeded.
SQL> grant create role to admin;
Grant succeeded.
SQL>
SQL> create user test identified by oraclexe;
User created.
SQL> grant create session to test;
Grant succeeded.
SQL>
SQL> connect admin/oraclexe;
Connected.
SQL> create table t(x varchar2(10));
Table created.
SQL> insert into t values('admin OK');
1 row created.
SQL> commit;
Commit complete.
SQL> create role rwp identified by oraclexe;
Role created.
SQL> grant all on t to rwp;
Grant succeeded.
SQL> grant rwp to test;
Grant succeeded.
SQL>
SQL> connect test/oraclexe;
Connected.
SQL> select * from session_roles;
ROLE
RWP
SQL> select * from admin.t;
X
admin OK
SQL> insert into admin.t values('test OK');
1 row created.
SQL> commit;
Commit complete.
SQL> select * from admin.t;
X
admin OK
test OK
SQL>There have been changes between Oracle 10.2 and 11.2 because the same script fails in 11.2 unless the role is set with the password:
SQL> drop user admin cascade;
User dropped.
SQL> drop user test cascade;
User dropped.
SQL> drop role rwp;
Role dropped.
SQL> select * from v$version;
BANNER
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for Linux: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
SQL>
SQL> create user admin identified by oraclexe;
User created.
SQL> grant create session, create table to admin;
Grant succeeded.
SQL> grant unlimited tablespace to admin;
Grant succeeded.
SQL> grant create user to admin;
Grant succeeded.
SQL> grant create role to admin;
Grant succeeded.
SQL>
SQL> create user test identified by oraclexe;
User created.
SQL> grant create session to test;
Grant succeeded.
SQL>
SQL> connect admin/oraclexe;
Connected.
SQL> create table t(x varchar2(10));
Table created.
SQL> insert into t values('admin OK');
1 row created.
SQL> commit;
Commit complete.
SQL> create role rwp identified by oraclexe;
Role created.
SQL> grant all on t to rwp;
Grant succeeded.
SQL> grant rwp to test;
Grant succeeded.
SQL>
SQL> connect test/oraclexe;
Connected.
SQL> select * from session_roles;
no rows selected
SQL> select * from admin.t;
select * from admin.t
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> insert into admin.t values('test OK');
insert into admin.t values('test OK')
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> commit;
Commit complete.
SQL> select * from admin.t;
select * from admin.t
ERROR at line 1:
ORA-00942: table or view does not exist
SQL>
SQL> set role rwp identified by oraclexe;
Role set.
SQL> select * from session_roles;
ROLE
RWP
SQL> select * from admin.t;
X
admin OK
SQL> insert into admin.t values('test OK');
1 row created.
SQL> commit;
Commit complete.
SQL> select * from admin.t;
X
admin OK
test OK
SQL>10.2 Security Guide says:
If you are granted a role protected by a password, then you can enable or disable the role by supplying the proper password for the role in a SET ROLE statement. However, if the role is made a default role and enabled at connect time, then the user is not required to enter a password.
11.1 and 11.2 Secuirty Guide says:
If a user is granted a role protected by a password, then you can enable or disable the role by supplying the proper password for the role in the SET ROLE statement. You cannot authenticate a password-authenticated role on logon, even if you add it to the list of default roles. You must explicitly enable it with the SET ROLE statement using the required password.
Edited by: P. Forstmann on 20 févr. 2010 10:28 -
Hi,
I am working on oracle10g and HP-UX .
I need to create on read only user , how can select data from other users tabels .
One way to do this - is create a srript with gant statement ...
Like
Grant select on UserA.Tb1 to UserB ;
Grant select on UserA.Tb2 to UserB ;
Grant select on UserA.Tb3 to UserB ;
and so on .....
there are 4000 tables in UserA schema ...and we need to write one sql script and execute it on database ...
Question -
Is there any way to gant select to UserB on all obj. of UserA in one sql statement ... ?No. There is no single GRANT command. You can, however, write a small PL/SQL script, i.e.
FOR x IN (SELECT * FROM dba_tables WHERE owner = 'UserA')
LOOP
EXECUTE IMMEDIATE 'GRANT SELECT ON UserA.' || x.table_name || ' to UserB';
END LOOP;Of course, you would generally want to create a new role, grant that role to UserB, and grant the privileges to that role, i.e.
CREATE ROLE UserA_Select;
GRANT UserA_Select TO UserB;
BEGIN
FOR x IN (SELECT * FROM dba_tables WHERE owner = 'UserA')
LOOP
EXECUTE IMMEDIATE 'GRANT SELECT ON UserA.' || x.table_name || ' to UserA_Select';
END LOOP;
END;That way, when you need to create the next read-only user, you just need to grant that user the UserA_Select role.
Justin -
Error while granting BPMOrganizationAdmin role to SOAOperator.
Error Starting While starting SOA server. Please advise.
<Mar 5, 2015 12:56:08 PM EST> <Error> <oracle.bpm.services.organization> <BEA-000000> <Exception
exception.70692.type: error
exception.70692.severity: 2
exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present.
ORABPEL-10513
Cannot get application roles from application identified by "{0}".
An error occurred while getting application roles from application identified by "soa-infra".
The underlying APIs threw an exception. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:920)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy307.postDeployInit(Unknown Source)
at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
Caused By: ORABPEL-10510
Application role not found.
Application role "BPMOrganizationAdmin" could not be found for application identified by "soa-infra".
Check if the application role exists in the repository associated with the application. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
at oracle.tip.pc.services.identity.jps.JpsProvider$9.run(JpsProvider.java:2338)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRoleEntry(JpsProvider.java:2333)
at oracle.tip.pc.services.identity.jps.JpsProvider.access$000(JpsProvider.java:169)
at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:917)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy307.postDeployInit(Unknown Source)
at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
>
<Mar 5, 2015 12:56:08 PM EST> <Error> <oracle.bpm.common> <BEA-000000> <Exception
BPM-70692
Exception
exception.70692.type: error
exception.70692.severity: 2
exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present.
at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:324)
at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:29)
at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy307.postDeployInit(Unknown Source)
at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
Caused By: ORABPEL-10513
Cannot get application roles from application identified by "{0}".
An error occurred while getting application roles from application identified by "soa-infra".
The underlying APIs threw an exception. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:920)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy307.postDeployInit(Unknown Source)
at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
Caused By: ORABPEL-10510
Application role not found.
Application role "BPMOrganizationAdmin" could not be found for application identified by "soa-infra".
Check if the application role exists in the repository associated with the application. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
at oracle.tip.pc.services.identity.jps.JpsProvider$9.run(JpsProvider.java:2338)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRoleEntry(JpsProvider.java:2333)
at oracle.tip.pc.services.identity.jps.JpsProvider.access$000(JpsProvider.java:169)
at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:917)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy307.postDeployInit(Unknown Source)
at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
>Hi user,
Can you give us some information on the version you are using and your security setup? Are you using an external security provider? Because to me it sounds that you are using an external LDAP server.
Antonis -
Checking against Select-Options with "CP" using "IF value IN select_option"
Dear experts,
first of all: I'm sorry, if this question already should have been asked and answered!
I tried quite a lot of search terms but didn't find anything helpful.
We are using a statement like "IF value IN select_option" to perform comparisons after the Select-Options have been used in a SELECT statement. This logical expression fails (compared to the results of the DB-SELECT) whenever a select-option line contains the option CP (Contains Pattern). To be more specific: The case sensitivity of the LOW value doesn't seem to play a role any more. A variable with the value 'ABCD' would be positively checked against a select-option with OPTION 'CP' and LOW 'abc*', whereas this value wouldn't have been selected if the select-option had been used in a DB-SELECT.
Does anybody know a workaround?
Thanks in advance
AndreasDear Keshav,
it's an own field in an own table, defined as CHAR of length 140 (lowercase allowed), reflecting to a line of remittance info of an account statement. A regular Select-Option for this field is provided in a report which works perfectly fine regarding the case sensitivity. For reasons I don't want to point out in detail we need to check a value in this field against the select-option without selecting it from the db again.
Let's assume that a field remittance_info contains the value 'ABCD'.
A line of the select-option table looks like this:
select_option_table-SIGN = 'I'
select_option_table-OPTION = 'CP'
select_option_table-LOW = 'abc*'.
Then an ABAP statement such as
IF remittance_info IN select_option_table.
* would be true !!!
ENDIF.
but wouldn't deliver a result in a SELECT such as
SELECT * FROM my_table INTO TABLE my_internal_table WHERE remittance_info IN select_option_table.
because of the differences in lower/upper case.
regards
Andreas -
ORA-01720 while trying to grant select on a view
Hi Friends,
Iam getting the following error while trying to grant select privilege for the view to SchemaB, i have the view in schemaA.
I have used the tables from both the schema for creating the view and iam getting the error on showing a particular table
ORA-01720: grant option does not exist for 'schemaB.Product'.
I have looked into so many forums but i couldn't find the answer for my question.
I must have to create the view in the Schema A only(strictly), as i seen in some forums stated that while creating the view in the other schema and granting the select privilege will solve the problem.But it was an exception to me ...
Tell me something how can i proceed in this .....grant select on t1 to seconduser with admin optionNo. WITH ADMIN OPTION applies to system privileges only. Object privileges need the WITH GRANT OPTION ...
SQL> grant select on joe_soap.some_table to apc with admin option
2 /
grant select on joe_soap.some_table to apc with admin option
ERROR at line 1:
ORA-00993: missing GRANT keyword
SQL> grant select any table to apc with admin option
2 /
Grant succeeded.
SQL> grant select on joe_soap.some_table to apc with grant option
2 /
Grant succeeded.
SQL> Cheers, APC -
Extraction of CO Plan data with filter on company code
Hello,
I have this urgent requirement:
Extracting CO Plan data (from COSP) by selecting on the company code.
Problem: company code not in extract structure used by 0CO_OM_CCA_1
Actual data are extracted with 0CO_OM_CCA_9.
My first idea was to use make an append to the extract structure of 0CO_OM_CCA_1 (i.e. BUKRS) and to fill this new field in the CMOD enhancement.
Do you have any other hint?
Thxs.
LauQHi,
I donot think the Selection works with any Customer enhanced fields(i.e the fields foe which, code written in CMOD) . So you have to keep filter some where either in Transfer rules or in update rules.
Or Check whether you can replace the datassource 0CO_OM_CCA_1 with the datasources:
0CO_OM_CCA_10
0CO_OM_CCA_9.
With rgds,
Anil Kumar Sharma .P
Message was edited by:
Anil Kumar Sharma
Message was edited by:
Anil Kumar Sharma -
Report to see list of roles with no user assignment
Hi Gurus,
I need to know the transaction/Report where i can see list of roles which doesnt have any user assignment.
Pls help meHII,
To search for roles with no users assignment u can run a report RSUSR070 AFTER EXECUTING TCODE SA38 in the progran field enter the name of the report and click execute button u get roles by complex selection criteria then scroll down and in the selection according to user assignments select without user assignment then cli ck execute button u will get the roles with no user assigments............
Thanks and regards -
Hi friends,
I created a role in oracle 10 and can be granted to user one by one. it works.
But I try to grant the role to all users and get error.
my code as (copy and modify from OTN)
====
DECLARE
l_schema VARCHAR2(30) := 'SCHEMA_OWNER';
BEGIN
FOR i IN (SELECT USERNAME
FROM all_users
WHERE username not in ('SYS','SYSTEM','OUTLN','DMSYS','TSMSYS','XDB','CTXSYS','WMSYS','DBSNMP','DIP','OLAP','OLAPSYS','MDSYS','EXFSYS','MDSYS'))
LOOP
BEGIN
EXECUTE IMMEDIATE 'GRANT USERS_SELECT ||' TO i.USERNAME;
EXCEPTION
WHEN OTHERS THEN
NULL;
END;
END LOOP;
END;
ORA-06550: line 10, column 41:
PLS-00103: Encountered the symbol "TO" when expecting one of the following:
* & = - + ; < / > at in is mod remainder not rem return
returning <an exponent (**)> <> or != or ~= >= <= <> and or
like LIKE2_ LIKE4_ LIKEC_ between into using || multiset bulk
member SUBMULTISET_
The symbol "* was inserted before "TO" to continue.
SQL>
I double check syntax is OK. what is wrong?
Thanks for help!
JimTry:
EXECUTE IMMEDIATE 'GRANT RAC_SELECT TO '|| i.USERNAME;And remove this part, which is for 99.99% a bug:
EXCEPTION
WHEN OTHERS THEN
NULL;
ENDOnly catch errors you expect...
Maybe you are looking for
-
Problem reading GoPro Hero Black 4 files (1080p 120 fps) on my iMac with Adobe Premiere Elements
Hello, I have a problem reading GoPro Hero Black 4 files (1080p 120 fps) on my iMac with Adobe Premiere Elements : the file is read but the quality is quite bad. When I watch it with other software like VLC or MPC, the quality is perfect but the vide
-
Combobox in jtable two tab problem
Hi all, If i am using combobox for one of the columns of jtable with custom editor and renderer, it needs two tab for navigation between the cells. How can i make it as 'one tab navigation'. Even i tried with 'isManagingfocus() return true' but...no
-
Hi, What is sequence for installing-SP1 on Project Server 2013 ? 1.SP1 for sharepoint 2013 2.Windows updates (is it required ?) 3.PSConfig Wizard (is it required ?) Recent CU needed ? 4. SP1 for project Server 2013 5.Windows updates (is it requir
-
IWeb Quits when Publishing - Apple Genius said to Archive & Reinstall
Just spent over an hour with an Apple Genius at the Apple store to see if he could alleviate my problem with iWeb quitting whenever I tried to publish. I've been using iWeb for the last 5 months and have successfully posted hundreds of blog posts and
-
So I know how to directly import from the camera, but I've got all these .mts files I need to import from a hard drive. Each clip has two files it seems..the .mts and a .modd maybe? I gather from a google search this is a recurring problem, but I hav