Grant V$LOCKED_OBJECT

Dear friends,
Can the users be granted SELECT previlage on V$LOCKED_OBJECT or DBA_OBJECTS ? How? From which users?
with thanks in adv.
Rathnakumar RJD

hi
connect sys as sysdba and grant it.
hope it helps you.
check out the following link.
http://www.kods.net/stag/grant-select-on-dba-objects-to-public/
sarah
Edited by: SaRaH on Jul 6, 2010 2:30 AM

Similar Messages

  • GRANTing privileges on some DBA_ views not working

    DB Version: 10g Release 2
    I installed the Oracle Software and created the database manually using CREATE DATABASE command. Later I ran ORACLE_HOME/rdbms/admin/catalog.sql . But, now when i try to GRANT SELECT ON some DBA_ views, i receive error. GRANT SELECTs on V$ views are working fine. Why is it that GRANT SELECT on some DBA_ views (like dba_objects) are working fine but not for views like DBA_LOCKS, DBA_WAITERS
    SQL> grant select any dictionary to  scott    ;
    Grant succeeded.
    SQL> grant select on dba_objects to  scott    ;
    Grant succeeded.
    SQL> grant select on dba_lock to  scott    ;
    grant select on dba_lock to  scott
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL> grant select on dba_locks to  scott    ;
    grant select on dba_locks to  scott
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL> grant select on dba_waiters to  scott    ;
    grant select on dba_waiters to  scott
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL> grant select on dba_blockers to  scott    ;
    grant select on dba_blockers to  scott
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL> grant select on v_$session to  scott    ;
    Grant succeeded.
    SQL> grant select on v_$process to  scott    ;
    Grant succeeded.
    SQL> grant select on v_$locked_object to  scott    ;
    Grant succeeded.
    SQL> grant select on v_$parameter to  scott    ;
    Grant succeeded.
    SQL> grant select on v_$lock to  scott    ;
    Grant succeeded.

    Those are views created by catblock.sql (which is not run by default)
    not catalog.sql

  • V$LOCKED_OBJECT

    SQL> SELECT SID,ORACLE_USERNAME, OS_USER_NAME, LOCKED_MODE, OBJECT_NAME, OBJECT_TYPE
    2 FROM V$LOCKED_OBJECT A,DBA_OBJECTS B
    3 WHERE A.OBJECT_ID = B.OBJECT_ID
    4
    SQL> /
    FROM V$LOCKED_OBJECT A,DBA_OBJECTS B
    ERROR at line 2:
    ORA-00942: table or view does not exist
    I got the above error msg.
    Please give the reason for this.
    Thanks in adv.
    Rathnakumar
    Tuticorin

    You need following grants to this user(which you are currently connect).
    grant select on V_$LOCKED_OBJECT to <username>;
    grant select on DBA_OBJECTS to <username>;Edited by: Chinar on Jul 5, 2010 9:56 PM

  • Error while granting BPMOrganizationAdmin role to SOAOperator.

    Error Starting While starting SOA server. Please advise.
    <Mar 5, 2015 12:56:08 PM EST> <Error> <oracle.bpm.services.organization> <BEA-000000> <Exception
    exception.70692.type: error
    exception.70692.severity: 2
    exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
    exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
    exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present.
    ORABPEL-10513
    Cannot get application roles from application identified by "{0}".
    An error occurred while getting application roles from application identified by "soa-infra".
    The underlying APIs threw an exception. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
            at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:920)
            at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
            at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
            at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
            at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
            at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
            at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
            at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
            at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
            at $Proxy307.postDeployInit(Unknown Source)
            at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
            at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
            at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
            at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
    Caused By: ORABPEL-10510
    Application role not found.
    Application role "BPMOrganizationAdmin" could not be found for application identified by "soa-infra".
    Check if the application role exists in the repository associated with the application. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
            at oracle.tip.pc.services.identity.jps.JpsProvider$9.run(JpsProvider.java:2338)
            at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRoleEntry(JpsProvider.java:2333)
            at oracle.tip.pc.services.identity.jps.JpsProvider.access$000(JpsProvider.java:169)
            at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:917)
            at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
            at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
            at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
            at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
            at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
            at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
            at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
            at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
            at $Proxy307.postDeployInit(Unknown Source)
            at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
            at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
            at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
            at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
    >
    <Mar 5, 2015 12:56:08 PM EST> <Error> <oracle.bpm.common> <BEA-000000> <Exception
    BPM-70692
    Exception
    exception.70692.type: error
    exception.70692.severity: 2
    exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
    exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
    exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present.
            at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:324)
            at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
            at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
            at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:29)
            at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
            at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
            at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
            at $Proxy307.postDeployInit(Unknown Source)
            at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
            at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
            at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
            at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
    Caused By: ORABPEL-10513
    Cannot get application roles from application identified by "{0}".
    An error occurred while getting application roles from application identified by "soa-infra".
    The underlying APIs threw an exception. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
            at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:920)
            at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
            at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
            at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
            at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
            at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
            at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
            at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
            at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
            at $Proxy307.postDeployInit(Unknown Source)
            at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
            at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
            at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
            at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
    Caused By: ORABPEL-10510
    Application role not found.
    Application role "BPMOrganizationAdmin" could not be found for application identified by "soa-infra".
    Check if the application role exists in the repository associated with the application. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
            at oracle.tip.pc.services.identity.jps.JpsProvider$9.run(JpsProvider.java:2338)
            at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRoleEntry(JpsProvider.java:2333)
            at oracle.tip.pc.services.identity.jps.JpsProvider.access$000(JpsProvider.java:169)
            at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:917)
            at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
            at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
            at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
            at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
            at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
            at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
            at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
            at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
            at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
            at $Proxy307.postDeployInit(Unknown Source)
            at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
            at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
            at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
            at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
    >

    Hi user,
    Can you give us some information on the version you are using and your security setup? Are you using an external security provider? Because to me it sounds that you are using an external LDAP server.
    Antonis

  • Replication of a BP in CRM as a FI Vendor in ECC for Grants Management

    Hi,
    We are implenting SAP CRM 7 with SAP ECC for Grants Management, integrated with FI AP (we're not using PSCD).
    For BP replication we followed the next steps, however something looks it is incorrect because my BDOC still shows errors:
    The middleware settings had been completed between the CRM and the ECC system.
    - Site, Suscription and replication from CRM to SAP ECC are in placed
       -The next replication object are activated:
        -All Business Partners (MESG)   (BUPA_MAIN)
        -All Busines Partner Relationships (MESG) (BUPA_REL)
        -All Business Transactions (MESG)
        -Grantor Program Management
    Also we implemented the next steps:
    1) Define the number ranges for BP groupings in CRM: This number range would be internal in CRM and External in ECC.
    CRM (IMG) -> Customer Relationship Management -> Cross-Application Components -> SAP Business Partner -> Basic Settings ->
    Number Ranges and Groupings
    2) Since the BP would be replicated as a BP in ECC we define the same number ranges in ECC too:
    ERP (IMG) -> Customer Relationship Management -> Cross-Application Components -> SAP Business Partner -> Basic Settings ->
    Define Groupings and Assign Number Ranges
    3) Activate the post-processing framework: (Business processes CVI_02 and CVI_04 in Component AP-MD)
    ERP (IMG) -> Cross-Application Components -> General Application Functions ->Postprocessing Office -> Business Processes->
    Activate Creation of Postprocessing Orders
    4) Activate PPO Requests for Platform Objects in the Dialog:
    ERP (IMG) -> Cross-Application Components -> Master Data Synchronization -> Synchronization Control -> Synchronization
    Control -> Activate PPO Requests for Platform Objects in the Dialog
    Edited by: Lyda Osorio on Oct 9, 2009 7:25 AM

    For CRM I had the following FM activated:
    BPOUT     BUPA     100000     CRM_BUPA_OUTB_RENTED_ADDRESS     X
    BPOUT     BUPA     200000     BUPA_MWX_BDOC_CREATE_MAIN     X
    BPOUT     BUPA     300000     CRM_BUPA_OUTB_MARKETING_ATTR     X
    BPOUT     BUPA     400000     VEND_MWX_CREATE_MAIN_BDOC     X
    BPOUT     BUPA     1000000     BUPA_OUTBOUND_MAIN     X
    BPOUT     BUPR     100000     BUPA_MWX_BDOC_CREATE_REL     X
    BPOUT     BUPX     1000000     MDS_BUPA_OUTBOUND     X
    CLEAR     BUPA     1000000     BUPA_OUTBOUND_CLEAR_FLAGS     X
    CRMIN     BUAG     100000     CRM_BUAG_MWX_PROCESS_EXT_STRUC     X
    CRMIN     BUPA     90100     CRM_BUPA_INBOUND_SET_BUAG_FLAG     X
    CRMIN     BUPA     1000000     BUPA_INBOUND_MAIN_CENTRAL     X
    CRMIN     BUPA     1100000     CRM_BUPA_INBOUND_MAIN_MD     X
    CRMIN     BUPA     1200000     CRM_BUPA_BDOC_MAP_MAIN     X
    CRMIN     BUPA     1400000     CRM_BUPA_KOREA_INBOUND_MAP     X
    CRMIN     BUPA     2000000     ABA_FSBP_INBOUND_MAIN     X
    CRMIN     BUPR     1000000     BUPA_INBOUND_REL_CENTRAL     X
    CRMIN     BUPR     1100000     CRM_BUPA_INBOUND_REL_MD     X
    CRMIN     BUPR     1200000     CRM_BUPA_BDOC_MAP_REL     X
    CRMOU     BUAG     100000     CRM_BUAG_MWX_FILL_EXT_FROM_MEM     X
    CRMOU     BUPA     1000000     BUPA_OUTBOUND_BPS_FILL_CENTRAL     X
    CRMOU     BUPA     1200000     CRM_BUPA_OUTB_BPS_FILL_MD     X
    CRMOU     BUPR     1000000     BUPA_OUTBOUND_BPR_FILL_CENTRAL     X
    CRMOU     BUPR     1200000     CRM_BUPA_OUTB_BPR_FILL_MD     X
    CRMOU     BUPR     1300000     CRM_BUPA_BDOC_BPR_FILL_DATA     X
    EXTR     BUAG     100000     CRM_BUAG_MAIN_GET_ID_LIST     X
    MERGE     BUPA     1000000     MERGE_BUPA_CENTRAL     X
    MERGE     BUPA     2000000     MERGE_BUPA_FINSERV     X
    MERGE     BUPR     1000000     MERGE_BUPR_CENTRAL     X
    PXYIN     BUPA     1000000     BUPA_INBOUND     X
    R3AOU     BUPA     100000     BUPA_MWX_BDOC_UP_CURRSTATE_SET     X
    XIIN     BUPA     1000000     ABA_BUPA_MAP_PROXY_TO_DDIC     X
    XIIN     BUPA     2000000     ABA_FSBP_MAP_PROXY_TO_DDIC     X
    XIIN     BUPA     2100000     ABA_FSBP_MAP_PROXY_TO_DDIC_1     X
    XIIN     BUPR     1000000     ABA_BUPR_MAP_PROXY_TO_DDIC     X
    XIOUT     BUPA     1000000     ABA_BUPA_MAP_DDIC_TO_PROXY     X
    XIOUT     BUPR     1000000     ABA_BUPR_MAP_DDIC_TO_PROXY     X

  • Sql server grants access to specific login to database.

    i have created website for intranet and hosted it on server. for that i needed to create login "IIS APPPOOL\hi" in sql server 2008 for my application
    to access my "reportdb" database. "IIS APPPOOL\hi" has sysadmin and public server roles in sql server 2008. And i have default login"sa" same
    as "IIS APPPOOL\hi". these are working correctly. Now I want these two logins to access"reportdb" for all
    operations in database and remaining all logins should be denied to access"reportdb". My Sql Server 2008 is having mixed mode (windows authentication and Sql authentication). plz help me

    I think what Tauseef is requesting is to keep access for the 2 sysadmins & deny access to everyone else, correct?
    As Uri mentioned, by being part of sysadmin role, “IIS APPPOOL\hi” & “sa” would have access to everything in the server, and nobody else should have access to the DB unless explicitly being granted access.
    If you would really deny anyone else access to the database, you can potentially deny connect to public, and only sysadmins (who override permissions) would be able to connect; although I would strongly recommend against such practice.
    Something else I would like to recommend against is the usage of sysadmin for what may not be a DBA role (IIS appPool). Following the least-privilege principle, I would recommend having a non-administrator user for applications that has enough capabilities
    to perform the tasks needed.
    The main risk is that a SQL injection (SQLi) bug in your application would lead to a complete compromise of your SQL server.
    If there are app tasks that would require elevated permissions, I would recommend encapsulating the logic in a stored procedure and either use impersonation or digital signatures to accomplish a controlled elevation of privileges instead. If you have any
    question on this topic I will be glad to assist.
    I hope this information helps,
    -Raul Garcia
     SQL Server Security
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • How can I grant Application access to a user via API ) programattically

    how do I grant access to a portal user from API
    I want to grant access to a user from an API, ie I need a
    command to grant "SCOTT" access to "EXAMPLE_APP" APPLICATION as
    an end user?

    Hi,
    I am assuming that you have already updated the EUL in the Administrator Edition, correct? If not, open Discoverer Administrator and login to the database you want to connect to. You must use your EUL user name which I assume has already been created and assigned the correct privileges in the database. You will be asked to update your EUL. Follow the prompts.
    Once logged into the EUL, go to Tools \ Privileges and find the user that you want to give administrator access to.
    Hopefully, this answers your question.
    Regards,
    Nancy

  • Dynamic SQL and GRANT CREATE ANY TABLE

    hi gurus,
    i have a dynamic SQL in a procedure where a table will be created from an existing table without data.
    strSQL:='create table ' || strTemp || ' as select * from ' || strArc || ' where 1=2';
    execute immediate strSQL;
    without GRANT CREATE ANY TABLE for the user, *"ORA-01031: insufficient privileges"* error during execution.
    Is there a way to tackle this issue without providing GRANT CREATE ANY TABLE privilige?
    many thanks,
    Charles

    ravikumar.sv wrote:
    The problem is not because of dynamic sql...It probably has something to do with dynamic SQL or, more accurately, dynamic SQL within a stored procedure.
    From a SQL*Plus command prompt, you can create a table if your account has the CREATE TABLE privilege either granted directly to it or granted to a role that has been granted to your account. Most people probably have the CREATE TABLE privilege through a role (hopefully a custom "developer role" that has whatever privileges you grant to users that will own objects but potentially through the default RESOURCE role). That is not sufficient to create tables dynamically via a definer's rights stored procedure. Only privileges that are granted directly to the user, not those granted via a role, are visible in that case.
    I expect that the DBAs are granting the CREATE ANY TABLE privilege directly to the account in question rather than through whatever role(s) are being used which is why that appears to solve the problem.
    Justin

  • How can I grant users the ability to pause/resume printing without a "print operators group" password.

    Greetings,
    We are running 10.8.5 on 30 machines in an active directory environment (graphics lab). The clients are experiencing a persistant error when pausing or resuming print jobs. Each time something is paused, it requires an administrator password to resume the job. Administrators are not always present so designers are locked out of all of the printers until we come in (or remote in) to authenticate.
    I spoke with Apple today and they said they would not support active directory accounts and that the account must be edited by the department that created the account because the restrictions come from the Active Directory account preferences.
    On the other hand, I ALSO read that I can edit this in the CUPS interface or modify it with the terminal command below, locally.
    dseditgroup -o edit -u admin_name -p -a user_name -t user _lpadmin
    "dseditgroup" adds the user_name to a group (in this case, _lpadmin).
    And admin_name is the name of your administrator's account.
    a) Must this be modified on the Active directory account or CAN I modify this on the local machine via CUPS or terminal?
    b) If so, how would I grant users the ability to resume printing without an admin password?
    c) If not, exactly what must be modified in the active Directory account to allow pause/resume without an admin password.
    I have seen a terminal command that adds users to the print operatiors group (Ipadmin) and I have seen some info on editing the CUPS interface, If i must edit the CUPS interface to allow this, can anyone point to detailed instructions on how to make this change.
    I also saw info on editing the CUPS interface but the suggestion lacked details as to how and how to return to default if it does not work.
    I also saw a post with these suggestions below but without detail as to how one would carry this out.
    /etc/cups/cupsd.conf
    # All administration operations require an administrator to authenticate...
    <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    *#Require user @SYSTEM*
    *Require valid-user*
    Order deny,allow
    </Limit>
    # All printer operations require a printer operator to authenticate...
    <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    *#Require user @AUTHKEY(system.print.operator) @admin @lpadmin*
    *Require valid-user*
    Order deny,allow
    </Limit>
    /etc/authorization
    +The system.print.operator key is new to Snow Leopard and seems to control resuming and pausing a printer queue among other things.+
    <key>system.print.admin</key>
    <dict>
    <key>allow-root</key>
    <true/>
    <key>class</key>
    <string>user</string>
    <key>group</key>
    <string>staff</string>
    <key>shared</key>
    <true/>
    </dict>
    <key>system.print.operator</key>
    <dict>
    <key>allow-root</key>
    <true/>
    <key>class</key>
    <string>user</string>
    <key>group</key>
    <string>staff</string>
    <key>shared</key>
    <true/>
    </dict>
    I have read all posts on this subject and I still am not clear on how to proceed, please assist.
    Thanks in advance,
    V

    Hello again.  For AD environments you can run the following command on each workstation:
    sudo dseditgroup -o edit -n /Local/Default -u localadmin -p -a "Domain Users" -t group _lpadmin
    This command assumes you are typing this interactively on the machine.  Obviously change localadmin to the Mac's local admin's name.  When running you will be prompted for password twice.  Once to elevate permissions (sudo) and once to validate you are localadmin.
    If you are using Apple Remote Desktop (or JAMF or other management suite), you can push this command out while embedding the localadmin's password. 
    sudo dseditgroup -o edit -n /Local/Default -u localadmin -P yourpass -a "Domain Users" -t group _lpadmin
    Please note, if your password uses special characters (/-\) this may fail over ARD.
    In Mavericks, AD groups are cached once they are referenced.  If you are dealing with a lot mobile users (laptops) you might want to replace Domain Users with everyone
    R-
    Apple Consultants Network
    Apple Professional Services
    Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

  • Splitting on customer defined fields in Grants Management

    Hi All,
    I am implementing a grants management solution where funds are drawn down from the sponsor using resource related billing based on payments.  As part of the reporting to the sponsor we are required to report information from the grants management ledger (payment documents) with information from a third party system which triggered the initial expenditure against the grant.  The join between the information is a reference number passed from the interfaced system.
    My solution is to put the reference number in a customer field in the coding block and have updated the GM field movement to populate the field in GMIA.  I would like to put this field in the splittng rules in grants management so that for the reporting to sponsor can be a straight forward join on the interfaced system and the data from payments in GMIA (rather than splitting in the general ledger then joining GMIA, flex GL data and the interfaced system).
    The fields which can be used in splitting in GM seem to be a predefined list.  I have traced this in debug and found a function module GM_SPLIT_T8G40_FIELDS which is defining the list of fields availale and translating the the field name.  Any field for which it cannot find a new field name in this function module is being deleted from the list of valid fields.  Therefore, customer fields are deleted from the available fields for splitting.
    Can anyone suggest a way around this?
    Kind regards,
    Geoffrey

    OK, it's something along the lines of:
    Vendor Invoice posted in GL:
    Entry view:
    CR Vendor                                         1000 GBP
    DR Expense/Customer field A              600 GBP
    DR Expense/Customer field B              400 GBP
    GL View (splitting on customer field):
    CR Vendor/Customer field A                 600 GBP
    CR Vendor/Customer field B                 400 GBP
    DR Expense/Customer field A               600 GBP
    DR Expense/Customer field B               400 GBP
    GM document (not possible to split on customer field)
    Value type 54 CR Vendor                            1000 GBP
    Value type 99 DR Expense/Customer field A  600 GBP
    Value type 99 DR Expense/Customer field B  400 GBP
    Payment Posted:
    GL Entry Veiw
    DR Vendor            £1000
    CR Bank Clearing  £1000
    General Ledger View (split on customer field)
    DR Vendor/Customer field A                 600 GBP
    DR Vendor/Customer field B                 400 GBP
    CR Bank Clearing/Customer field A       600 GBP
    CR Bank Clearing/Customer field B       400 GBP
    GM Document (not possible to split on customer field)
    Value Type 54 DR Vendor            £1000
    Value Type 57 CR Bank Clearing  £1000
    In GM, there is no link back to the values in the customer fields when the payment is made as the field movement from GL to GM is based on the line items and values in the the entry view and not the split general ledger view.  If  the split GL data were used to populate the GM tables, then the data would already be split by the customer field by the time it reaches GM, negating a need to split on the customer field once in GM.
    It still feels, however, that the simplest solution would just be to have the GM ledger split by customer fields.  I have tried raising a customer message with SAP, but this query falls outside of their support remit.
    Kind regards,
    Geoffrey

  • Update to IOS 6 has been a nightmare. Facebook would allow me to save pictures unless I granted access to my foto album. Does this mean my pictures are going be planted all over the web? The safari keeps crashing and loading is slow.

    update to IOS 6 has been a nightmare. Facebook would allow me to save pictures unless I granted access to my foto album. Does this mean my pictures are going be planted all over the web? The safari keeps crashing and loading is slow. Most infuriating is that YouTube was deleted from my entertainment apps and I now have to pay for it if I want it back!! This is a bloody disgrace.

    Back up all data.
    Boot into Recovery by holding down the key combination command-R at the startup chime. Release the keys when you see a gray screen with a spinning dial.
    Note: You need an always-on Ethernet or Wi-Fi connection to the Internet to use Recovery. It won’t work with USB or PPPoE modems, or with proxy servers, or with networks that require a certificate for authentication.
    When the OS X Utilities screen appears, follow the prompts to reinstall the OS. You don't need to erase the boot volume, and you won't need your backup unless something goes wrong. If your Mac was upgraded from an older version of OS X, you’ll need the Apple ID and password you used to upgrade, so make a note of those before you begin.

  • How to grant new user permission when the acct is created from application?

    Our application team will randomly create users in DB. But the new user need to have the permission of "execute on DBMS_SNAPSHOT, DBMS_STAT, DBMS_SYSTEM" being granted from sys. We need to grant it automatically after the user is created. I was thinking about using DDL "create" trigger or just DDL database trigger. Once the trigger is fired off, issue the grant statement. We can capture the create even for the user, but got error when running the grant in the trigger or from the procedure called by trigger. My guess is that the "grant" is a DDL and DDL trigger cannot start another DDL statement. I also think about put the insert trigger on the sys.user$. But oracle would not let trigger being created on the sys tables or views.
    What can we do now? The other option, I am wondering if there is a system package that can call external program (like Unix shell script) from the DDL trigger, to let the shell script do the grant, since this may not be considered as the same execution tree. Do we have such package to call from database to the UNIX shell script? Or for such need, do we have any other option?
    Thanks for help!
    Edited by: user5973955 on Oct 6, 2010 3:51 PM

    The application teams do not have the sys permission. If the application has privileges to CREATE USER, it can then issue GRANT
    Change the privileges.
    But they want this being resolved from DBA.DBA did NOT make this problem.
    The flawed application created the problem.
    Alternatively CREATE PROCEDURE that can issue GRANT & have application call this new procedure.

  • How To Modify Privileges For APEX Objects Granted To PUBLIC?

    I have searched this forum but couldn't any threads relating to this...
    We have APEX 3.0.1 installed in some 10g (10.2.0.2) databases that host GIS data. I was informed by a GIS administrator that when using ESRI tool to search for data, the objects that belongs to FLOWS_030000 schema and ones that were granted to PUBLIC are shown. He would like to know if there is a way to hide these objects so they don't show up on the list? There are about 176 objects granted to public from the flows_030000 schema.
    Could we establish a different security scheme that could accomplish the same thing? Maybe we need to create a new account and a role. Grant all of the privileges for flows_030000 to public to the new role. Then grant the role to the new account and the flow_files schema?
    Our goal here is to make the flows_030000 objects hidden from the ESRI tools and still have APEX working properly.

    If you look at the grants, you'll see that there are over 170 objects from the FLOWS_030000 granted to PUBLIC:
    SQL> select count(*) from dba_tab_privs where owner= 'FLOWS_030000' and grantee = 'PUBLIC';
    173
    If we were go grant these privileges to a role, called APEX_APP_RU, and grant this role to APEX_PUBLIC_USER and any schemas an application is linked to (Workspace to Schema), would that be a workable solution?
    The only problem I see right off hand that this might not work is that PUBLIC has synonyms created for the FLOWS_030000 objects. If we revoke the underlying privileges, because of the synonyms, this might not work.
    SQL> select COUNT(*) from dba_synonyms where table_owner = 'FLOWS_030000' and owner = 'PUBLIC';
    176
    Does anyone else have any ideas?

  • How to grant create table privilege for a user on a specific table

    Hi:
    I created a user, for a test scenario. I granted this user create any table, and I made the default tablespace as example.
    When I connect as the user and try to create a table, I get this:
    SQL> create table T1 (NAME varchar2 (500), AGE number(2));
    create table T1 (NAME varchar2 (500), AGE number(2))
    ERROR at line 1:
    ORA-01950: no privileges on tablespace 'EXAMPLE'
    How can I grant the necessary privilege to have user create/delete tables on tablespace example?
    Thanks.
    DA

    create user ADAM identified by radge default tablespace EXAMPLE
    quota 10M on EXAMPLE;
    for example 10Mbytes given to Example tablespace.... or you can write:
    .....quota unlimited on EXAMPLE
    and
    grant connect to ADAM
    grant create table to ADAM .....
    or
    grant connect , resource to ADAM .... although grant resource is not recommended...
    ....and something else....
    you should define temporary tablespace in create user command... otherwise the system would be used...
    Greetings...
    Sim
    Message was edited by:
    sgalaxy

  • How to grant corporate accounts access to the Office store to install the Dictionary in Word 2013 (365)

    We are currently migrating from Office 2010 MSI to Office 365 (2013) click to run installation deployed with Configuration Manager.  I was curious if there was a way to grant our corporate accounts access to the Office store to pull in the Dictionary
    and other tools not baked into Office 2013 (365).
    The only way I have been able to do this is to have a separate Microsoft account to install the Dictionary. 
    Thanks,
    Brita

    Hi Brita:
    With which accounts you set up your Office client, Office 365 subscribe account or your corporation account? Have you set up
    directory synchronization for Office 365? Per my experience, if the directory synchronization has been set up, your corporation accounts will be associated with Office, therefore no need extra effort to install apps from Office store,
    you can simply insert apps available in Office store to word in your case. If I misunderstood the situation, please let me know, thank you.
    For Plan for directory synchronization for Office 365 please refer to
    this article

Maybe you are looking for

  • Restore power mac g5 from time machine

    i have a power mac g5 that i'd upgraded to 10.5 leopard and backed up on my time capsule. the hard drive died & i replaced it. i reloaded the os from the only disk i could find - a 10.3 panther install disk. unfortunately i don't think panther suppor

  • Download a text file from JSP (Urgent Please!)

    Hi, I have a issue with this JSP, I need to download a txt file from my webserver to the pc client, the page shows the dialg box but appear the filename (list.jsp) of my jsp instead of the txt file. If I click the save buton save the list.jsp page; i

  • What is the recommended virus software for my apple laptop?

    What is the recomended virus protection software for my apple laptop?

  • I Won't Pay the Increased Adobe Tax

    I currently pay my Adobe Tax on a volunteer basis to upgrade to the current version of Photoshop.  That tax costs me about $100 every two years, or a little over $4/month.  Now you want me to pay $20/month Adobe Tax.  You are out of your mind!  I wil

  • Where is the Clone Tool?

    i had picture it photo program on my computer before, it had a clone button , i now have adobe elements 10 ,in that i can't find a clone button , help please lorraine Message title was edited by: Brett N