Granting exp/imp privilege to externally authenticated user

Similar Messages

• Creating Externally Authenticated users

  Greetings,
  We recently migrated our Security team from Windows XP to Windows 7. With this upgrade, they were forced to stop using the java Oracle 9i Enterprise Manager to manage security and database users. I was able to find the View->DBA tab in Oracle SQL Developer which allows for things like CREATE LIKE, CREATE, etc, but under the CREATE USER, I see nowhere where the tool allows for a user other than a normal database authenticated account. We have a few key databases where we must create externally authenticated users (EXTERNAL) and this just isn't an option. Is this functionality anywhere in the tool?
  Thanks
  Bradd

  We recently migrated our Security team from Windows XP to Windows 7. With this upgrade, they were forced to stop using the java Oracle 9i Enterprise Manager to manage security and database users. I was able to find the View->DBA tab in Oracle SQL Developer which allows for things like CREATE LIKE, CREATE, etc, but under the CREATE USER, I see nowhere where the tool allows for a user other than a normal database authenticated account. We have a few key databases where we must create externally authenticated users (EXTERNAL) and this just isn't an option. Is this functionality anywhere in the tool?
  I don't understand what you are trying to do.
  Post your full sql developer info and explain in detail what you mean; with an example if possible.
  You can create users in the DB the way you do with any tool: write the appropriate DDL for CREATE USER. For OS authentication you add the OS_AUTHENT_PREFIX to the user name.
  In sql developer create connections for those users using the connections dialog that you use for any other user. On that dialog there is a checkbox for OS authentication.
  See this article by Sue Harper and see if the example for local OS authentication she provides answers your question:
  http://www.oracle.com/technetwork/issue-archive/2008/08-may/o38sql-102034.html
  To configure local OS authentication for a new user, first find the value of the OS_AUTHENT_PREFIX database initialization parameter in your system's init.ora file. When you create this new user in the database, you must add this parameter value as a prefix to the OS username. The default value is OPS$, for backward compatibility with earlier database releases. (If the value is "", the OS username and the database username are the same, so you don't need to add a prefix to create the Oracle usernames.)
  Establish a basic connection with the HR schema as the SYSTEM user. Execute the following from the SQL worksheet, using your database's OS_AUTHENT_PREFIX prefix and substituting your own OS username for "sue":
  CREATE USER ops$sue IDENTIFIED EXTERNALLY;  GRANT Connect, resource to sue;     
  Now create a basic connection for this user from the New / Select Database Connection dialog box. Enter a connection name; select Basic for Connection Type ; fill in the Hostname and Port fields; select OS Authentication ; and provide a SID or Service name . Click Test and Connect as before.

• Externally Authenticated User

  Hi, My application is a Pro C / Oracle 8i based application. I was using hardcoded user ids and passwords which we removed thru externally authenticated user. Now my application is stable in production but users are complaining of very slow performance of Oracle database.
  Is this due to externally authenticated user id ? Does it impact the system performance ?
  Edited by: user594301 on Jan 21, 2009 3:01 AM

  Were you using lightweight sessions or connection pooling before and now initiating a new connection for each user?

• Externally Authenticated Users

  Dear Sirs;
  I have a windows 2003 server with Oracle Database R2 installed on it. I have been trying to create an externally authenticated user but unfortunately it is not working. Are there any special procedures that I must pay attention too? I followed all the instructions that are mentioned in the documentation in the library section.
  Thank you in advance for your help.
  Mazen

  Dear Sirs;
  I could finally solve this problem. It turned out that the registry must contain the following entry: osauth_prefix_domain with the value of 0. This entry is located in windows registry > HKEY_LOCAL_MACHINE > SOFTWARE > ORACLE > KEY_OraDb10g_home1. This entry was supposed to be there by default but for some reason it wasn't.
  Anyway thanks for everyone who considered helping.
  Mazen

• Proxy login from externally authenticated user

  Hi Experts,
  I created an externally authenticated user in database. And can login without password with below syntax.
  SQL> connect / @TESTDB
  Connected.
  SQL> show user;
  USER is "SCOTT"
  This scott user has a proxy permission to another DBuser PROXY_USER.
  I got the syntax but that works only from Database OS.
  sqlplus [proxy_user]/
  SQL*Plus: Release 11.1.0.6.0 Production on Mon Nov 15 16:28:47 2010
  Copyright (c) 1982, 2010, Oracle. All rights reserved.
  Connected to:
  Oracle Database 11g Release 11.1.0.6.0 - 64bit Production
  I can connect as externally authenticated user from windows CLIENT running on Release 10.2.0.1.0
  SQL> connect / @TESTDB
  Connected.
  But the above mentioned Proxy connectivity syntax fails with below from CLIENT
  SQL> connect [proxy_user]/ @TESTDB
  SP2-0306: Invalid option.
  Usage: CONN[ECT] [logon] [AS {SYSDBA|SYSOPER}]
  where <logon> ::= <username>[<password>][@<connect_identifier>] | /
  But the same syntax works from Database OS!
  I can login from TOAD but can't login from SQLDEVELOPER or SQLPLUS
  My sqldeveloper version is:
  Version 2.1.1.64
  Build MAIN-64.45
  and sqlplus is:
  SQL*Plus: Release 10.2.0.1.0
  Any idea?
  Thanks.
  Edited by: Nadvi on Nov 18, 2010 3:09 PM

  Hi Nadvi
  If you get SQLPLUS working SQLDeveloper (thick jdbc/oci/instant client) is certainly worth trying.
  I am not sure what is the issue with your setup the proxy usecases I am familiar with are:
  Through the SQLDeveloper ui
  There are two ways of doing proxy logins:
  where p1 is proxy user and c1 is proxy client:
  1/single session method (if no 2nd password or distinguished name required)
  on main connection popup
  user: p1[c1]
  password: p1
  2/Two session method
  Main Connection popup
  user: p1
  password p1
  popup connection authentication
  proxy client: c1
  none or password or distinguished name
  -Turloch
  SQLDeveloper Team

• Password aging for externally authenticated user

  Hello All:
  How can we implement the password aging of externally authenticated user.
  Thanks
  San~

  If the user is externally authenticated, then the password expiry should be external. E.g for the unix account.
  "When you choose external authentication for a user, the user account is maintained by Oracle, but password administration and user authentication is performed by an external service. This external service can be the operating system or a network service, such as Oracle Net.
  With external authentication, your database relies on the underlying operating system or network authentication service to restrict access to database accounts. A database password is not used for this type of login. If your operating system or network service permits, you can have it authenticate users. If you do so, set the initialization parameter OS_AUTHENT_PREFIX, and use this prefix in Oracle user names. The OS_AUTHENT_PREFIX parameter defines a prefix that Oracle adds to the beginning of every user's operating system account name. Oracle compares the prefixed user name with the Oracle user names in the database when a user attempts to connect."

• Grant schema-level privileges to a Oracle  user

  Hi Experts,
  Do we have easy way to grant all objects to user (select only) in one schema?
  Thanks for help!
  Jim

  Thanks for help.
  actually, this is a group user account as
  CREATE USER user
  IDENTIFIED BY appuser
  DEFAULT TABLESPACE users
  QUOTA 10M ON example
  TEMPORARY TABLESPACE temp
  QUOTA 5M ON system
  PROFILE scapp_user
  Do you need to assign quota and profile?
  Also you need to access all data in database that i was told. this account should be grant a right to run view and procedures?
  do i need to go to all_object to find it?
  thanks for your suggestion in detail.
  JIm

• Schema Refresh using exp/imp.

  Hello All,
  I want to perform Schema Refresh of SAMPLE user from producation to Testing envrionment using export/import.
  Cud u plz tell what is the command to perform it ?
  Also Cud anyone plz tell me whether same user(SAMPLE) in Test environment gets dropped before Import done.
  Can i Perform the exp/imp using sys/system or user SAMPLE?

  tvenkatesh07 wrote:
  Hello All,
  I want to perform Schema Refresh of SAMPLE user from producation to Testing envrionment using export/import.
  Cud u plz tell what is the command to perform it ?
  Also Cud anyone plz tell me whether same user(SAMPLE) in Test environment gets dropped before Import done.
  Can i Perform the exp/imp using sys/system or user SAMPLE?If you're runnnig 10g, then use Data Pump and read the documentation:
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14215/dp_export.htm#i1007466
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14215/dp_import.htm#i1007653
  My Oracle Video Tutorials - http://kamranagayev.wordpress.com/oracle-video-tutorials/

• Refresh database through exp/imp

  version 10203 on windows (old db on solaris 8170)
  i Have to refresh database data, No of users/schemas are 400+. fastest way to do that would be to do full exp/imp.
  but 1st drop current users cascade. (any command to drop all users in with one command?)
  then validate all all tables/schemas are same & up-to-date( any suggestion to validate this efficiently?) i am thinking to check full exp logs on old & new db.(what that can take forever manually going through thousands of tables etc)

  First, make sure that statistics are properly gathered in both the old and the new DB.
  Next, use num_rows column in dba_tables. Since statistics are typically gathered by sampling, they would not necessarily match. They need to be quite close though.
  After you are sure that all objects were transferred, you can issue a query to find all tables with “invalid” number of records.
  The query can look something like this:
  select s.owner, d.table_name , d.num_rows
  from dba_tables d
  where d.owner not in (‘SYS’,’SYSTEM’,…)
  and not exists
             (select * from dba_tables@old_db s
            Where d.owner = s.owner
            And d.table_name = s.table_name
            And s.num_rows between 0.9*d.num_rows and 1.1*d.num_rows
            )You need to take care of some special cases, such as num_rows being NULL, partitioned tables, etc.
  Iordan Iotzov
  http://iiotzov.wordpress.com/

• BOFC 10.0 External Authentication

  Hi there,
  I have installed a BO Financial Consolidation 10.0 and a BO BI Platform 4.0 on the same machine. Now I want to set up the external authentication from FC to BI Platform.
  In the FC WebAdmin page I've configured the 'External authentication configuration string' to 'Business Objects Enterprise XI Authentication' and the CMS servername is the hostname the applications are installed on.
  This doesn't work. Maybe there is missing something. The BOFC Login doesn't accept a user that is configured in the CMC from BI Platform.
  I've searched for a long time, bud didn't find more than the short description in the instguide.
  I would be really thankful if you might help me figure out whats exaclty missing.
  Best regards

  Hello,
  In your steps you did no mention that you have created the user in BOFC10 itself
  An external user still needs to be defined in the BOFC application (as it needs a profile). On the authentication tab, you can specify that this an externally authenticated user and indicate its BOE (CMC) name/alias
  Regards
  Marc Kuipers
  SAP Support

• How to grant create table privilege for a user on a specific table

  Hi:
  I created a user, for a test scenario. I granted this user create any table, and I made the default tablespace as example.
  When I connect as the user and try to create a table, I get this:
  SQL> create table T1 (NAME varchar2 (500), AGE number(2));
  create table T1 (NAME varchar2 (500), AGE number(2))
  ERROR at line 1:
  ORA-01950: no privileges on tablespace 'EXAMPLE'
  How can I grant the necessary privilege to have user create/delete tables on tablespace example?
  Thanks.
  DA

  create user ADAM identified by radge default tablespace EXAMPLE
  quota 10M on EXAMPLE;
  for example 10Mbytes given to Example tablespace.... or you can write:
  .....quota unlimited on EXAMPLE
  and
  grant connect to ADAM
  grant create table to ADAM .....
  or
  grant connect , resource to ADAM .... although grant resource is not recommended...
  ....and something else....
  you should define temporary tablespace in create user command... otherwise the system would be used...
  Greetings...
  Sim
  Message was edited by:
  sgalaxy

• How to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically?

  Sharepoint 2013 online/office 365.
  I am creating site collection programmatically using sharepoint Auto hosted app.
  Now i want to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically after site collection creation.
  Is it possible through code? If yes please let me know how to do it?
  Najitha Sidhik

  For SharePoint 2013 Online, check below links:
  http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/manage-sharing-with-external-users-HA102849862.aspx
  http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sharing-for-your-sharepoint-online-environment-HA102849864.aspx
  https://www.nothingbutsharepoint.com/sites/eusp/Pages/SharePoint-Online-2013-Sharing-with-External-Users.aspx
  http://blogs.office.com/2013/11/21/sharepoint-online-improves-external-sharing/
  Please ensure that you mark a question as Answered once you receive a satisfactory response.

• Grant privileges and permission to user, to create user and database in 10g

  Hi,
  I'm very much new to Oracle 10g database and after all my search, I think this forum will help me to solve my puzzle. Installed Oracle 10g database and during installation created a Global database "TestDB". I created an user "user1" in sqlplusw, by logging in as system.
  Now I need to know, what privileges and permissions should be given to this "user1", so that I can create new users and create database by logging as "user1". I don't want to Inherit all the sytem privileges of SYSTEM or SYSDBA or SYS or SYSOPER.
  Is there a way where I could achieve this by explicitly granting the required privileges and permissions

  You may need to know all the views to get the privilege information.
  SQL> conn /as sysdba
  SQL> select table_name from dict where table_name like '%PRIV%';
  And also, take a look into below Oracle Documentations.
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#SQLRF01603
  Regards,
  Sabdar Syed.

• External Authentication won't correctly set USER name or Role

  I am using JAVA under Google App Engine for my backend and attempting to log a user into a room using external authentication. I can connect and get into the room just fine my issue is with the user infomation once I am logged in. The user has a null username and ID (possibly generated) and thier role is set to zero (or at least not high enough to publish). If the room is set to auto-Promote then I do have the ability to publish (this is what I would expect) but still I needed the user to have a role of owner (so they can create nodes).
  Here is a little of the java on the back end (I removed my shared secret):
  public String getRoomToken(String roomID, String userName, String userID, int userRole)      {
             try {               
                           Session session = am.getSession(roomID);
               return session.getAuthenticationToken(..., "Bob", "TestID", 100);               
                           //return session.getAuthenticationToken(..., userName, userID, userRole);          
                        } catch (Exception e) {
                 // TODO Auto-generated catch block
                                 e.printStackTrace();
                      return null;
  getAuthenticationToken is hardely changed from what is in the AFCS.java in the examples folder but here it is in any case
  /**      * get an external authentication token      */
  public String getAuthenticationToken(String accountSecret, String name, String id, int role) throws Exception
       if (role < UserRole.NONE || role > UserRole.OWNER)
           throw new Error("invalid-role");
          String token = "x:" + name + "::" + this.account
           + ":" + id + ":" + this.room + ":"+ Integer.toString(role);
          String signed = token + ":" + sign(accountSecret, token);
          // unencoded      
                 //String ext = "ext=" + signed;       
                 // encoded
         String ext = "exx=" + Utils.base64(signed);
         return ext;
  This should work. My Shared secret is removed above but I doubt that is the problem as my app does authenticate just fine it just throws an exception telling me I don't have the required permissions to publish when I try to do anything. while observing from the DevConsole I see a user in the room but they are marked as null. Note that non-external authentication works just fine. If I hardcode my login creds in AdobeHSAuthenticator I can get in just fine with no issue. Also if the room I get an authenticationToken for does not match the roomURL I connect to with ConnectSessionContainer I will fail to login correctly like I would expect. So I know my credentials are getting to the AFCS and being decrypted correctly (as I can only authenticate for the room I send in that credential token) but for some reason it simply won't set my role and username/userid correctly.  Any help would be great, this has caused me a great deal of grief for days now...
  Thanks guys...
  Ves

  Well this is wierd I was trying to set this up so that I could get the log output on that run and I ended up changing
  <rtc:AdobeHSAuthenticator id="auth" authenticationKey="{Application.application.parameters['token'] as String}"/>
  to
  <rtc:AdobeHSAuthenticator id="auth" authenticationKey="{token}"/>
  and adding a preinitialize function of:
  protected function preInit():void
              templateID = Application.application.parameters['room'];
               token = Application.application.parameters['token'];
  oddly enough it now works like a charm now. It is still disconcerting that I was able to actually enter the room even though my token was somehow corrupted (that probably isn't intened behavior). If this shows up agian I will try and track down the particulars and send you guys an email as an FYI. thanks for the help....
  Ves

• The current user username has not been granted the ADVISOR privilege despite having it !

  Hi,
  I'm trying to follow ML note 2499931.1 'Using Dbms_Advisor.Tune_Mview To Optimize Materialized Views For Fast Refresh' and am receiving an error suggesting the user4 does Not have the Advisor privilege
  despite the fact that it does. What am I missing ?
  Every note I've found so far suggests granting the privilege is the fix.
  I have and continue to receive the error.
  Version 11.2.0.3 on Redhat 5
  select * from dba_sys_privs where grantee = 'SOAUSER';
  GRANTEE                        PRIVILEGE                                ADM
  SOAUSER                        CREATE MATERIALIZED VIEW                 NO
  SOAUSER                        CREATE VIEW                              NO
  SOAUSER                        CREATE PUBLIC SYNONYM                    NO
  SOAUSER                        SELECT ANY DICTIONARY                    NO
  SOAUSER                        ON COMMIT REFRESH                        NO
  SOAUSER                        CREATE ANY DIRECTORY                     NO
  SOAUSER                        CREATE DATABASE LINK                     NO
  SOAUSER                        SELECT ANY TABLE                         NO
  SOAUSER                        ADVISOR                                  NO
  SOAUSER                        UNLIMITED TABLESPACE                     NO
  SOAUSER                        CREATE SESSION                           NO
  Error at line 2
  ORA-13616: The current user SOAUSER has not been granted the ADVISOR privilege.
  ORA-06512: at "SYS.PRVT_ADVISOR", line 4869
  ORA-06512: at "SYS.DBMS_ADVISOR", line 1969
  ORA-06512: at "SYS.PRVT_TUNE_MVIEW", line 490
  ORA-06512: at "SYS.PRVT_TUNE_MVIEW", line 970
  ORA-06512: at "SYS.DBMS_ADVISOR", line 739
  ORA-06512: at line 3
  Thanks in Advance
  Ken

  Sorry, but the code I was receiving the error message for is essentially   the same as the example in the note. Assumed people would have access to the note.
  The statement is:
  variable foo varchar2(20);
  declare foo varchar2(20) := 'ken_foo';
  begin
  dbms_advisor.tune_mview(:foo,
  'create materialized view ken_foo
  as
  select 
  papf.rowid R_papf,
  paaf.rowid R_paaf,
  gcc.rowid R_gcc,
  papf.employee_number,
  gcc.segment4 cost_center
  from hr.per_all_people_f@atc_pp_to_ebs_atcllc papf,
       hr.per_all_assignments_f@atc_pp_to_ebs_atcllc paaf,
       gl.gl_code_combinations@atc_pp_to_ebs_atcllc gcc
  where papf.person_id = paaf.person_id
  --and trunc(sysdate) between papf.effective_start_date and papf.effective_end_date
  --and trunc(sysdate) between paaf.effective_start_date and paaf.effective_end_date
  and paaf.default_code_comb_id = gcc.code_combination_id');
  end;
  Per another forum the answer appears to be that sys didn’t have the advisor privilege.
  Granted advisor to sys and ran the statement again as soauser and no error.
  Thanks
  Ken