Granting credentials to a developer

Similar Messages

• Report Viewer asking for Login credentials on Non-Development PC

  I have created several reports within Crystal 2008(using the push method). I run these reports in a VB6 application using the Report Viewer. Reports without sub-reports will run on both the development and non-development PC. If I try to run a report with a sub on a non-development PC it will prompt the user for login credentials.
  I can run the same report(with a sub) in development or on a PC with Crystal 2008 and Visual Basic installed. I have created a setup.exe to install this on the pc and included both the Crystal runtime 2008 and Crystal Report Viewer 2008 as prerequisites.
  Any help would be appreciated

  We created a form in Visual Studio 2008 that holds the Crystal Report Viewer.  We then used Interop to wrap the assembly into a usable reference for the VB6 application. 
  This was working fine when we were using the pull method for the report but once we changed the code to use the push method reports with subs will ask for a login. No matter what is entered the report will not print to the screen.  The reports without a sub will print just fine.
  Not sure what to look for next?
  Thanks for your quick response.

• SQL Developer Show Grants

  Hi!
  I use SQL Developer and also Toad to connect to my Oracle 10.2 Database.
  Maybe since Oracle 10 (and / or maybe InstanceClient) I cannot see the Grants in the SQL Developer of other users than the one I'm connecting.
  If I use Toad I have no Problems to see them.
  What could be the reason for this?
  I know I can use the View SYS dba_tab_privs to show me all Grants I want to know (yes I have access to it).
  If I use all_tab_privs or user_tab_privs I see only my own grants. -> I think thats the problem.
  How can I switch SQL Developer to use the dba_tab_privs view to show me the Grants / Privileges on the Table I selected
  Greetings

  Do better? What am I supposed to do better at? Describing how to get a ref cursor out?
  No, I don't claim to be able to do that better. That's not my issue.
  My issue is that the post is about 95% opinion, most of it rather ... well...
  and there's 5% useful. In that case, I'd copy the 5% and post it directly, rather than posting a link.
  Or do better at ...
  there's a long comment on the blog.

• Unable to enter a Division for which I have proper credentials, via the GUI

  I have a Division which I am unable to enter, either as a student or as the full site Administrator, from the GUI.
  When I log into the main Site page, I see the link for the Division (as I should - I have DOWNLOAD permissions for the Division). However when I click the link (the thumbnail image) I am always, 100% of the time, rejected and sent to the login page. Ignoring that, I still have all of my proper credentials and may continue to freely access other parts of the site.
  In the past, I had this exact behavior on (1) a Division "RobotCourses:PSYC" (Psychology), and (2) my main site breadcrumb, which appears at the top of the site page to the right of the "iTunes U" breadcrumb and says "Maiko Covington @ University of Illinois..." For reasons completely unknown to me, this behavior resolved itself yesterday, clicking both of those objects works as expected, although NO one at our site with any edit access did anything on the server.
  However, the same behavior has now reappeared, this time on a Division "RobotCourses:CLCV" (Classical Civilizations). Again, I have not done any editing of that Division, nor had anyone logged into it (these Divisions are in a test area where I am developing automation tools).
  I am, quite frankly, stumped. But I've done some investigation.
  SETUP:
  The Division has identity "RobotCourses:CLCV".
  This Division contains a single Course with identity "RobotCourses:CLCV:CLCV115:CLCV115All-13564".
  Both the Division and the Course are restricted to properly registered academic students. I have developed automation code in a login portal which grants credentials for RobotCourses:CLCV to students registered for courses in the CLCV department (Classical Civilizations) and credentials for RobotCourses:CLCV:CLCV115:CLCV115All-13564 to students registered for CLCV 115 (Classical Civilizations 115 - Mythology of Greece and Rome) specifically.
  The Permissions set on RobotCourses:CLCV in particular are:
  <Permission>
  <Credential>Authenticated@urn:mace:itunesu.com:sites:illinois.edu</Credential>
  <Access>No Access</Access>
  </Permission>
  <Permission>
  <Credential>gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV</C redential>
  <Access>Download</Access>
  </Permission>
  The point is to deny access to Authenticated@ (merely authenticated students) and then specifically grant it for people given a "gakusei" credential for RobotCourses:CLCV in particular.
  (Note here that "gakusei" is a Japanese word meaning "student," I am using it in my credentials to ensure that my credentials and permissions are not affected by other credentials named "student" set at upper levels and used by some live users of the site, as we do not have a segregated development environment. It is our lowest level of access beyond mere Authenticated@..., designed to give students access to download and "surf to" Divisions and Courses.)
  *LOGIN: ISSUING CREDENTIALS:*
  The login portal code works successfully, and so when a student "Jane Doe" logs in, she is in fact given appropriate credentials (as she is actually registered for CLCV 115 here at UIUC). From the code generating her login URL, I see:
  Issued credentials:
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  (You can see she is also registered for STAT 100).
  With the default login URL thus generated, she is taken to the top level of the Site in iTunes, and in fact sees thumbnail links for both STAT (Statistics) and CLCV (Classical Civilizations). Clicking on STAT takes her to the STAT Division where she can then enter the Course STAT 100 with no problems.
  *PROBLEM: CAN'T GET TO CLCV FROM THE MAIN PAGE IN THE GUI*
  HOWEVER! Clicking on CLCV brings up the login page. If she ignores the login page, she can still access the rest of the site, including STAT, just fine. Logging in again (reissuing her credentials) does not help the situation.
  Note that this is not a problem only for Jane Doe, the same thing happens for anyone in CLCV and in fact happens for me as Administrator of the whole site with full access, even.
  *ACCESS DIRECTLY TO THE DIVISION BY URL WORKS*
  With a slight modification to the login to allow access directly to the RobotCourses:CLCV Division (by adding the handle of the Division to the end of the location), credentials are issued exactly as before:
  Issued credentials:
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  and she is taken to the Division page, SUCCESSFULLY. So, it seems she actually HAS access, as expected.
  *ACCESS CONFIRMED WITH DEBUGGING:*
  Writing some code to generate not the actual login URL but rather a link that takes me to an "iTunes U Access Debugging" page for the Division (figured this out by reading some other posts! :)) I am taken to a page with the following:
  (at generated URL https://deimos.apple.com/WebObjects/Core.woa/Browse/illinois.edu.1945806043/xxx5 64?credentials=....)
  Received
  Destination illinois.edu.1945806043
  Identity "Jane X Doe" <[email protected]> (jxdoe) [xxxxxxxxx]
  Credentials gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV; ​ gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564; ​gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT;​ gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  Time 1236877947
  Signature 42ccef92a3298684a7a09eed45adb6b788a700c01645b8b423d33ace120650b0
  Analysis
  The destination string is valid and the corresponding destination item was found.
  The identity string is valid and provides the following information:
  Display Name Jane X Doe
  Email Address [email protected]
  Username jxdoe
  User Identifier xxxxxxxxx
  The credential string is valid and contains the following 4 recognized credentials:
  1. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV
  2. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564
  3. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT
  4. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  The time string is valid and corresponds to 2009-03-12 17:12:27Z.
  The signature string is valid.
  Access
  Because the received signature and time were valid, the received identity and credentials were accepted by iTunes U.
  In addition, the following 2 credentials were automatically added by iTunes U:
  1. All@urn:mace:itunesu.com:sites:illinois.edu
  2. Authenticated@urn:mace:itunesu.com:sites:illinois.edu
  With these credentials, you have browsing and downloading access to the requested destination.
  (In case you think to check the sums, be aware I've actually changed the student's name for this example.)
  So, as expected, I have access, in fact the student DOES have access, visiting the Division page directly (specifiying its handle as part of the desired location).
  *IT'S ONLY CLICKING THE THUMBNAIL ON THE MAIN PAGE THAT BREAKS*
  Because the problem is only apparent when clicking the icon for the Division on the main Site page, I have no way (that I know of) to get any information about precisely WHAT is going on, what possibly differs in the GUI-click situation from the "generate me a URL that takes me right there" situation.
  At that point I'm fully in the GUI, I'm not sending anything via web services, so I have no idea how I can proceed to debug this from here.
  I'm also quite confused at the sudden appearance of this behavior, and the disappearance of this behavior from RobotCourses:PYSC, another Division that was broken in this same way all last week but which magically resumed allowing me access yesterday.
  Any suggestions, hints, or advice would be very welcome. Has anyone else even seen behavior similar to this?
  Thanks for any information you might have.

  Maiko,
  I'm confess I'm still trying to get a handle on your problem. You do a fantastic job of describing it ... but I'm just trying to picture it accurately in my head.
  I think, were I in your shoes, I'd begin by looking at what the debug page has to say for the specific destination in which you're interested in fixing. In other words, I'm not clear on where, exactly, this destination points ...
  Destination illinois.edu.1945806043
  Is that your site, or the division within your site that you want to fix? "Normally", you do not need to specify a site handle to get to your site within your transfer CGI ... if you say "uillinois.edu", it's enough to transfer your users to iTunes U ... but every site still has a handle, and you could, if you wanted to, actually specify it in your transfer CGI. For example, this:
  Destination uic.edu.1139051993
  is for my entire site ... it's my site handle. Whereas this:
  Destination uic.edu.1991288441
  is for a division within my site ... but it's impossible to tell the difference between "site" and "division" from just the handle (I mean, if I didn't say "this is a site" and "this is a division", there'd be no way for you to know). So when I look at your creds and permissions on your debug page, I can't quite tell if they give you download access for your site, or for the specific division you want to fix. If you could open the debug page with your division as destination (or confirm that that's what we're looking at), it'd rule out some things.

• Submitting data through API without exposing DB credentials

  Submitting transaction / master data through API without exposing DB credentials
  I am developing a scenario where I will submit transaction / master data like sales order / master item to Oracle apps (EBS) through MS Excel via API / interface table but like to provide only apps (EBS) user credentials rather then DB credentials so DB password could not expose to normal end user. Please suggest something on same.
  [email protected]
  Thanks & regards,
  Sachin Gupta

  Sachin, you need a valid userid and password to connect to the database.
  Since these APIs are defined under apps, you need apps password to execute them.
  The workaround is that you define a new d/b userid.
  Grant execute on the API (and other objects as necessary) to this user.
  And then you call the api using the new userid and password.
  This way you are not exposing apps password. But since this means you have to grant a number of accesses to this new user.
  If you can use the interface tables, it becomes a little easier.
  All you have to do is grant insert access on a handful of interface to this new userid. And then you schedule a concurrent program that will process the interface records.
  If you absolutely can not expose ANY database password, then you can communicate with EBS using flat files. Your system creates a flat file on the server and a scheduled program in EBS reads the files and calls appropriate api.
  Hope this helps,
  Sandeep Gandhi

• R/3 security for a BW developer

  Hello all,
  What authorizations have to be granted to a BW developer in R/3? How do I go about it? Does a BW developer get all the access as an R/3 developer or is it restricted?
  Thanks.

  Hi,
  I would say it depends on the standards of the organization.
  BW developers can have the same authorizations as R3 developers, but then they don't need authorizations to say access Smartforms or SAP scripts, create screens, or do CATT, BDC or LMSW programs. In Prod may it be R3 or BW developer, access to Tcodes like SE38, SA38, SE11, etc should always be restricted to display and execute only.
  In addition, BW developers would also have additional authorizations like RSO2, RSA5, RSA3...basically all authorizations needed to confgure and set up BW on the source system side, which the R3 developers may not necessarily have.
  Cheers,
  Kedar

• JDeveloper Team Development with SCM

  I am trying to use JDeveloper & SCM in a team environment. I have SCM working for version control. Do I need to have all developers share the same SCM connection instead of connecting to the repository with their own accounts?
  Thanks in advance,
  Steve

  Steve,
  Create a configuration stripe of the code you want the developers to work on.
  Create a workarea based on this configuration and make it shared, either by granting
  access to each developer or grant access to the PUBLIC role.
  When each developer creates their own private workarea ask them to create
  it based on the above shared workarea. Each developer thus has access to the
  same code and will not disrupt each other with development they are working on.
  David

• Connection to SQL Developer Data Modeler Fails

  All,
  I am using Oracle SQL Developer Data Modeler version 3.0.0.665 in an Oracle 10g database environment. When I try to import DDLs, I get the following error message:
  NoSuchMethodError:
  oracle.i18.ntext.converter.CharacterConverterOGS.getInstance(I)Loracle/i18n/text/converter/CharacterConverter;I use the same connection profile in Oracle SQL Developer version 1.5.0.53, and my connection works fine there, but the same credentials in SQL Developer Data Modeler fails with the above error message. Any thoughts what causes this connection problem?
  Thank you,
  Seyed

  Hi Philip,
  Thank you so much for the information. Your suggested solution resolved my problem. For some reason when I first installed the Data Modeler, it worked fine and I was able to save the result into PDF files. Then my connection went bad and I posted this question on this forum.
  Again thank you very much,
  Seyed

• SQL Developer security

  Hello,
  Is it possible to "secure" the SQL Developer environment to allow end-users to do queries only? i.e. if an end-user has SQL Developer, potentially data can be modified, inserted, deleted, not to mention tables dropped or even the database.
  Thank you
  Cecilia

  They will have privileges to do whatever you've granted them. SQL Developer has nothing to do with it.

• "GRANT CREATE PROCEDURE TO " not working

   
   Hi Team,
                I am using SQL Server 2012 Developer Edition.Recently got request to grant permission to  "Create Stored Procedure" to a developer.When I execute this query "GRANT CREATE PROCEDURE TO [DEVELOPER];"
  It is not working again when the developer try to create a stored procedure Following error is displayed.I give the developer dbowner,ddladmin privileges also to test but the same below error is display.Can anybody guide me regarding this as it is high priority
  Msg 262, Level 14, State 18, Procedure test, Line 1
  CREATE PROCEDURE permission denied in database 'BASHA'.
   

                Following are the output for both the select queries.
  1) BASHA  DATABASE 0CONNECT GRANT    
  2) db_ddladmin
  Membership in db_ddladmin should be sufficient. Below is a script that
  demonstrates two ways to grant a user rights to create procedures. You can
  use this script for your troubleshooting.
  Also, please post the output from "SELECT @@version".
  CREATE USER nisse WITHOUT LOGIN
  EXEC sp_addrolemember db_ddladmin, nisse
  go
  CREATE USER kajsa WITHOUT LOGIN
  GRANT CREATE PROCEDURE TO kajsa
  GRANT ALTER ON SCHEMA::dbo TO kajsa
  go
  EXECUTE AS USER = 'nisse'
  SELECT * FROM fn_my_permissions (NULL, 'DATABASE');
  go
  CREATE PROCEDURE bludder AS PRINT 1
  go
  REVERT
  go
  EXECUTE AS USER = 'kajsa'
  SELECT * FROM fn_my_permissions (NULL, 'DATABASE');
  go
  CREATE PROCEDURE blidder AS PRINT 1
  go
  REVERT
  go
  SELECT p.name, db_name(), dp.class_desc, dp.major_id, dp.permission_name,
  dp.state_desc
  FROM sys.database_permissions dp
  JOIN sys.database_principals p ON p.principal_id = dp.grantee_principal_id
  WHERE p.name IN ('nisse', 'kajsa')
  SELECT m.name, r.name
  FROM sys.database_principals m
  JOIN sys.database_role_members rm ON m.principal_id =
  rm.member_principal_id
  JOIN sys.database_principals r ON r.principal_id = rm.role_principal_id
  WHERE m.name IN ('nisse', 'kajsa')
  go
  DROP USER nisse
  DROP USER kajsa
  DROP PROCEDURE bludder, blidder
  Erland Sommarskog, SQL Server MVP, [email protected]

• GRANT rights to a schema?

  If someone could help me out with this, I'd really appreciate your help. We have a rogue programmer who can't seem to stop writing UPDATE queries against our production instance. :)
  We are using Oracle Applications, FYI. We've set up a developer with his own login with basically read-only access to the entire database. Is there any way we can give him write and create access to just a particular schema? He'll need access to update and create tables in our CUSTOM schema, but all other schemas need to be read-only.
  I'm farily new to Oracle, so if you could explain this like you would to a four year old, I'd sure appreciate it. :)
  Thanks so much!
  Steve

  Yes, you can grant privs in modular way, or you create a Role and grant required privs to the Role and grant that role who ever needs in the development team this way you need not have to redo the grants everytime a new developer joins.
  Refer to creating and using Roles in Oracle Documentation Guide on OTN.

• New user created in oracle 11g (release 2) is not connecting (ORA-01017)

  Hi All,
  Kindly help me out regarding this.
  I have created a new user using "ORACLE Enterprise Manager 11g" and used the same credentials in SQL developer for a new connection and it throw "ORA-01017: invalid username/password; logon denied" message.
  Kindly note that have followed the following steps in creating user:
  On the Users page, click Create.
  In the Name field, enter NICK.
  In the Profile list, accept the value DEFAULT.
  This setting assigns the default password policy to user Nick.
  In the Enter Password and Confirm Password fields, enter a password that is secure.
  Create a password that is secure. See Oracle Database Security Guide for more information.
  Do not select Expire password now. If the account status is set to expired, then the user or the database administrator must change the password before the user can log in to the database.
  (Optional) Next to the Default Tablespace field, click the flashlight icon, select the USERS tablespace, and then click Select.
  All schema objects that Nick creates will then be created in the USERS tablespace unless he specifies otherwise. If you leave the Default Tablespace field blank, Nick is assigned the default tablespace for the database, which is USERS in a newly installed database. For more information about the USERS tablespace, see "About Tablespaces".
  (Optional) Next to the Temporary Tablespace field, click the flashlight icon, select the TEMP tablespace, and then click Select.
  For the Status option, accept the default selection of Unlocked.
  You can later lock the user account to prevent users from logging in with it. To temporarily deny access to a user account, locking the user account is preferable to deleting it, because deleting it also deletes all schema objects owned by the user.
  Grant roles, system privileges, and object privileges to the user, as described in "Example: Granting Privileges and Roles to a User Account".
  Note: Do not click OK in Step 13 of "Example: Granting Privileges and Roles to a User Account". Instead, skip that step and continue with Step 12 in this procedure.
  Assign a 10 MB quota on the USERS tablespace, as described in "Example: Assigning a Tablespace Quota to a User Account".
  If you did not click OK while assigning the tablespace quota (previous step), click OK now to create the user.Kindly note that I have log in as SYSTEM user and created this new user.
  Could any one help me regarding this ?

  After connecting with sqlplus, as user SYSTEM and when tried the below, I could see that the new user created by me does not exist..
  select '--' || username || '--'
  from dba_users
  order by username;
  But when tried with GUI "ORACLE Enterprise Manager 11g" I can very well see the new user created by me..
  How is this possible mate??
  Is the user not properly created through GUI (than from where it is showing the new user)
  Some more information i want to share;
  i have used schema "HR"
  And have used table space "USERS"
  And tep tablespace "TEMP"
  Edited by: 828569 on Jan 16, 2011 9:01 PM
  Edited by: 828569 on Jan 16, 2011 9:03 PM

• DAC server start-up error and Can't authenticate user

  HI,
       we have installed DAC server in Linux machine and client on windows. By using DAC client we restored the backup of DAC repository, DAC client was working fine still restoration and after restoring it’s not logging in. It throws error like "Can't authenticate user"
  while starting DAC services in Unix server it throws an error like
  ANOMALY INFO An exception occurred. Shutting down server...
  MESSAGE:::/u01/DAC/jdk/jre/lib/i386/xawt/libmawt.so: libXext.so.6: cannot open shared object file: No such file or directory
  EXCEPTION CLASS::: java.lang.UnsatisfiedLinkError
  Note: since DAC client is not separately available for windows we have installed dac server also and while installing and after installing we never configured to connect to the dac server which is in Linux, we have configured only DB.
  we have successfully installed OBIEE, Informatica, and DAC version is 10.1.3.4.1.
  How to start the DAC services?
  How to configure dac client to connect to DAC server and how to solve this "Can't authenticate user" issue?
  Pls help in this regard.
  Thanks in advance.

  EddyLau wrote:
  Hi,
  I encounter the "Can't authenticate user" error in DAC first setup after installation when it prompt up to ask for setting up administrator id and password.
  here's my sql statement to create database schema for dac in oracle database.
  grant dba, connect, resource, create view, create session to SSE_ROLE;
  create user DEV_DAC identified by "password";
  grant DEV_DAC to SSE_ROLE;
  grant dba, connect, resource, create view, create session, grant any role to DEV_DAC;
  I tried dropping the data schema and create it again but still fail to authenticate.
  did I grant enough privileges to the database schema?
  Please help.
  Thanks,
  EddyLogin to DEV_DAC using the credentials from SQL Developer or sql
  Then do select * from W_ETL_USER -- here you will see 2 Administrator id's listed
  now run the command Delete From W_ETL_USER
  Now login to dac client with Administrator and pwd which you have set earlier.
  Mark as helpful or correct if it helps
  Thanks,
  RM

• Multiple Teams

  Hi there, this might be asked several times but here we go:
  we are a company that neither facilates own iOS development knowledge nor hardware. If we have multiple external app development companies:
  Following this link https://developer.apple.com/library/ios/#qa/qa1763/_index.html we would need to have an admin from each company create an distribution certificate and thereby revoking the other companies distribution certificate leaving their respective provisioning profiles useless. Is that the intended way? Wouldn't it be smarter to have the option to create multiple teams with one developer program account and hence have one distribution cert for each team? AFAIK this is not possible by now. Is this information correct?
  Is there any other (smart) way to handle this situation except giving the private keys to the distribution certificate to the developement companies? Remember, we don't have Mac infrastructure so having the companies sending us archives to distribute is not (yet) an option.
  Thanks and kind regards
  Jens

  Ok, we already are enrolled in the iOS Developer Program and able to register multiple persons as members or even admins. However, it seems that what apple referes to as "team" (http://developer.apple.com/library/ios/#DOCUMENTATION/General/Conceptual/Applica tionDevelopmentOverview/CreateYourDevelopmentTeam/CreateYourDevelopmentTeam.html) is a 1:1 relationship to a developer account (account ID).
  Maybe I wasn't clear enough about our situation: We are a company that has multiple apps already uploaded to the app store on our behalf. A few apps (say app "A1" and "A2") were developed by comany "C1". As they were the first company we hired to do app development (and we didn't have the knowledge what they would need and time was short (usual situations)) they got credentials to the developer portal and set things up as they would own the developer account. So they had the private keys to the distribution certificate for instance.
  Now we have another company "C2" to develop another app "A3". This company now would either need the private keys to the distribution certificate or would need access rights as admin to the developer portal to revoke the former distribution certifikate and issue a new one, leading to unusable provisioning profiles for company "C1".
  Given the situation, is my understanding of the situation outlined in the above paragraph correct?
  Giving the above, it would be neat / great, if a single developer account would be able to have multiple teams. So the developer from company "C1" could have his own distribution certificate and developer from company "C2" could have a separate one yielding in 2 distribution certificates that still point to our very own organisation. Wouldn't that make sense?
  Granted we would circumvent many pains having Mac infrastructure. But as you might imagine the networks and security guys at a bigger corp are not very happy supporting (yet) another OS in their infrastructure and hence we are stuck in the situation without any Mac hardare.
  Hope this helps to clarify. Really appreciate any thoughts on this. Thanks so far for the input given.
  Kind regards
  Jens

• Create stored procedure with table from another schema throws PLS-00201

  Oracle 10g. I'm new to procedures, so maybe I'm missing something obvious.
  Schema owner ABC has table T2001_WRITEOFF. The SYSDBAs granted SIUD to Some_Update_Role, and granted that role to developer user IJK. User IJK then created a private synonym T2001_WRITEOFF for ABC.T2001_WRITEOFF. This worked with normal SQL DML commands. 
  When I try to create a simple procedure as follows, it throws PLS-00201 identifier 'T2001_WRITEOFF' must be declared, and points to the 2nd line.
  create or replace procedure woof1(
    fooname in T2001_WRITEOFF.territory%TYPE,  <=== error points here
    bardesc IN T2001_WRITEOFF.ind_batch_submit%TYPE) IS
  BEGIN
     INSERT into T2001_WRITEOFF
     VALUES ( fooname, bardesc);
  END woof1;
  What am I doing wrong?
  Thanks
  JimR

  Hi,
  The reason I've heard has to do with knowing when a procedure becomes invalid due to privileges being revoked.  Any time a grant to a role is revoked, you would have to check all procedures that depended on that role to know if they were still valid.  Even worse, since roles can be granted to other roles, every time a role is revoked from another role, you would have to check all procedures that depended on anything to see if they were still valid.
  Oracle 11 behaves the same as earlier versions in this regard, and I don't expect this to change.
  This whole thread applies only to AUTHID DEFINER stored procedures (which is the default).  If you can make the procedure AUTHID CURRENT_USER, then you can run it with privileges granted through roles.  Usually, however, you really want AUTHID DEFINER, and granting the necessary privileges directly to the procedure owner (or to PUBLIC)  isn't too hard.