How to implement Oracle user/role security with Access front end?

Hi,
We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
Can someone give me some assistance or point me in the right direction?
Thanks in advance,
Larry

We had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
Larry

Similar Messages

SSO and how to Managing User Roles/Privileges with Forms using Oracle db

We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
Questions:
-- Do we have to create users/passwords in both OID and application database?
-- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
Any advice and/or direction would be greatly appreciated.
Thank you,
Mika
Edited by: user11846198 on Sep 1, 2009 1:41 PM
Edited by: user11846198 on Sep 1, 2009 1:53 PM

Yes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
Greetings.

How to configure Oracle 10g Advanced Security to use SSL concurrently with

How to configure Oracle 10g Advanced Security to use SSL concurrently with database User names and passwords
In Oracle Advanced Security Documentation it is mentioned that i can use SSL concurrently with DB user names and passwords. But when i configure the client certificate on the client my DB connection is getting authenticated using the certificate, which out passing user id or password.
We want to connect to Oracle DB over SSL channel so that the data packets are not in clear text. Also we want the user to make a connection using user id and password.
Basically we want SSL with out authentication.
Need your expert advice

Read the documentation (I have given following links assuming you are running a 32 bit architecture)
Server installations:
http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14316%2Ftoc.htm&remark=portal+%28Books%29
Client installations:
http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14312%2Ftoc.htm&remark=portal+%28Books%29
You can find the required books (if not using 32 bit architecture) from
http://www.oracle.com/pls/db102/portal.portal_db?selected=3

How to implement OracleAS Portal Clustering ?

Dear all,
Can anybody pls point me to the docs about how to implement OracleAS Portal Cluster (version 10.1.4) ?
Also, about deploying Portal from development server to production server (using Export Import) , do we have to deploy it to all nodes , or can we just deploy it once to the cluster ?
Thank you,
xtanto

Hello Xtanto,
The Oracle documentation provides instructions for setting up Oracle Portal in a 'cluster'. For 10.1.2.0.2 and 10.1.4 :
[5.3|http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_advnc.htm#i1046354] Configuring Multiple Middle Tiers with a Load Balancing Router
Oracle® Application Server Portal Configuration Guide
10g Release 2 (10.1.4)
B19305-03
Alternatively you can also check the enterprise deployment guide :
[7|http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/portal.htm#CACHEECD] Installing and Configuring the myPortalCompany Application Infrastructure
Oracle® Application Server Enterprise Deployment Guide
10g Release 2 (10.1.2)
B13998-07
For deployment from development to production, transport sets can be used :
[10|http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_imex.htm#i1030999] Exporting and Importing Content
Oracle® Application Server Portal Configuration Guide
10g Release 2 (10.1.4)
B19305-03
Thanks,
EJ

"oracle" user and security

I am running Oracle 10g XE on a Linux machine (RHEL 4.0).
I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:
Authentication Failures:
unknown (200.3.248.22): 4159 Time(s)
oracle (200.3.248.22): 36 Time(s)
How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.
Can I change the password to something strong without affecting my system?
Thanks!

Can I change the password to something strong without affecting my system?
I just wonder if it will cause any problems if I change the password? I don't want to mess up my system.Well for Oracle SW (and whole local OS) there is no problem. Problem could be if you are using some external scripts that you are using on remote machine (and which using login password sequence to access the OS).
How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.To check the password strength you can use some utilities. For example John is very good for that: http://freshmeat.net/projects/john/
I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:Why aou are running your database in untrusted network segment (internet). Best practice is to place such system to secured segment (DMZ, VLAN). If the reason is that your 3rd party partner needs to connect to database you can do IPSEC tunnel.
Of course don't allow to connect anyone to your machine and to any port. So the recommendation about iptables (netfilter) is appropriate.

Difference between Security Oracle user and Security User

Hi All,
Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.
Thanks,
Mahesh.
Edited by: 991854 on Mar 12, 2013 1:49 AM

Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.Security > Oracle > Register:
Use this window to register an ORACLE username with Oracle E-Business Suite. An ORACLE username grants access privileges to the ORACLE database
http://docs.oracle.com/cd/E18727_01/doc.121/e12893/T174296T174305.htm
Security > Oracle > Data Group:
A data group defines the mapping between Oracle E-Business Suite products and ORACLE database IDs. A data group determines which Oracle database accounts a responsibility's forms, concurrent programs, and reports connect to. See: Defining Data Groups, Oracle E-Business Suite System Administrator's Guide - Configuration.
http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
Security > User > Define:
Use this window to define an Oracle E-Business Suite user. This user is an authorized user of Oracle E-Business Suite, and is uniquely identified by a username.
http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
Thanks,
Hussein

How to implement oracle in mobile

Hi,
I want to know how to implement oracle in mobile?
just we want to save small database in to the mobile ,if it is possible to install oracle in mobile.
Edited by: user12492625 on Jan 22, 2010 3:09 AM

Could you give us more details ? Is it Peoplesoft related ?
Nicolas.

Hide "ORACLE FUSION MIDDLEWARE" message in the front-end

Hi ,
I want to hide the "ORACLE FUSION MIDDLEWARE" message in the front-end forms layout.
Please let me know which file I need to make change in the back-end and do I need to do any-thing from oracle admin also (any deployment or any check).
Thanks & Regards,
Harish

After making some changes in my HTML page the layout is coming properly

How can I use an Access front end and Access button to control a LabView Shared variable boolean?

My company has invested a lot of money on the office network to write many many access databases and front ends. I'm looking for a way to tie a button on an access front end to toggle a LabView boolean shared variable to notify me when they changed something on their side of the network. I'm not seeing anything that helps on a web or forum search. They don't like the idea of a separate labview control that they have to push a button on to let me know.
Thanks
Solved!
Go to Solution.

Hi Patrick,
While this is not the intended purpose of Network-Published Shared Variables, you might be able to accomplish this by writing separate accessor VIs for reading from and writing to the variable, making sure to wire the inputs and outputs. Then, you could build a DLL, making sure that you include the accessor VIs as Exported VIs and include the DLL Library in the Always Included section of the DLL Build Specifications. During this process, you will define the function prototype, which will provide the function call, required parameters, and return values. Once the DLL is created, you can then call it and its functions from another programming language (C, C++, C#, VB, etc.). This may or may not work, but it is the only way that I can think of at this point. I have included some references that may help you in this process.
Building a Shared Library in LabVIEW (White Paper)
Calling LabVIEW VIs from Other Programming Languages (White Paper)
Calling LabVIEW DLL From C# (Forum with Examples)
I hope this helps.
Regards,
Mike Watts
Product Marketing - Modular Instruments

How many method can pass data from Database to front-end(aspx)?

How many method can pass data from Database to front-end(aspx)?
By using ajax, I want show some data to aspx or html
Here is one of these method,
HTTP Handler(ashx):
we can json data, use HTTP Handler pass data to front-end
And can we do this by other method? Web API? or some fancy way?
Thanks for any reply

Hello TaiwanWei,
Try forums.asp.net.
Thanks for your understanding.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

How to install Oracle BPEL Process Manager with the BEA WebLogic

Hi ,
I will install Oracle BPEL Process Manager with BEA WebLogic 9.2(MP2). I have download orabpel_10133_WebLogic.zip ,then Modify the following mandatory installation properties in the orabpel_10133_WebLogic\bpelDomain.properties file:
# BEA_HOME is the path where Weblogic is Installed
BEA_HOME=/opt/bea
# JAVA_HOME is the path of jdk folder inside your weblogic
JAVA_HOME=/opt/bea/jrockit90_150_10
# DOMAIN_HOME is the path where you wish to create your domain called BPELDomain
DOMAIN_HOME=/opt/bea/user_projects/domains
# APPS_HOME is the path where you wish to copy your applications and adapters that are required for oracleBPELServer
APPS_HOME=/opt/bea/user_projects/apps
# BEA_HOME is the path where BPEL PM is Installed
BPEL_HOME=/home/oracle/bpel/product/10.1.3.1/OraBPEL_1/bpel
# DRIVER_TYPE is the datasource class that installable use to create a datasources for oracleBPELServer
DRIVER_TYPE=oracle.jdbc.xa.client.OracleXADataSource
# DB_URL is the url to connect to orabpel schema
DB_URL=jdbc:oracle:thin:@16.157.134.17:1521:orcl
# DB_USER is the user Id for orabpel shema in database
DB_USER=ORABPEL
#DB_PASSWORD is the password for orabpel schema in database
DB_PASSWORD=bpel
#BPEL_SERVER_NAME is the server i.e. to be created under BPELDomain
BPEL_SERVER_NAME=oracleBPELServer
#PROXY_HOST is the Host name of the proxy server
PROXY_HOST=www-proxy.us.oracle.com
#PROXY_HOST=
#PROXY_PORT is the Port where the proxy server is running
PROXY_PORT=80
#PROXY_PORT=
#NON_PROXY_HOST is the list of non proxy hosts that are divided by a | symbol
#NON_PROXY_HOST=*.oracle.com|*.oraclecorp.com|localhost|127.0.0.1|stbbn10|stbbn10.us.oracle.com
NON_PROXY_HOST=*.oracle.com|*.oraclecorp.com|localhost|127.0.0.1|stbbn10|stbbn10.us.oracle.com|16.157.134.135
When I run the setup.sh , it will report
BUILD FAILED
/opt/software/WL_Installables/build.xml:131: Traceback (innermost last):
File "./wl_scripts/bpelDomain.py", line 22, in ?
File "./wl_scripts/createGroupsAndUsers.py", line 4, in ?
weblogic.management.utils.AlreadyExistsException: [Security:090267]Group BpelGroup
Actully ,there is no BpelGroup in Weblogic. Does anybody know how to solve it ?

MAke sure you have not set ANY environment variable related to Oracle / BEA / Java / LD_library path. Use the following script to unset / set the initial settings:
#!/bin/sh
unset ORACLE_BASE ORACLE_HOME ORACLE_SID ORACLE_TERM
unset LD_LIBRARY_PATH LD_LIBRARY_PATH_64
unset CLASSPATH JAVA_HOME
export PATH=.:/usr/sbin:/usr/bin:/usr/local/bin:/opt/VRTS/bin
export BEA_HOME=/appl/oracle/products/9.2/weblogic
Marc
http://orasoa.blogspot.com

How to implement Bursting(Row level security) in Xcelsius

Hi,
We are using Xcelsius 2008. We have created xcelsius dashboard using Qaaws but for authentication in qaaws we are suing enterprise authentication and default user.
Now in my dashboard i have one combo box wich gives data fro diffrent states, now i need to restrict the user to see the state values. I implement the row level security in universe, when i create webi report and view that reprot in infoview, the row level security works. But when i publish the dashboard to infoview the row level security doesn't work.
We are uisng XO 3.1 with SSO on IIS. So how and what are the diffrent option available to implement the row level security in Xcelsius Dashboard.
Thanks for the help in advance.
Thanks,
Nimesh.

Nimesh,
Were you able to implement ? I have a requirement to use the same dashboard for 5 regional users.
Row level security works.
combo box intial value is Global , when I login as North America user, combo still shows Global but it will have the value of North America.
i am curious to know how you implemeted this?
Thanks
Pushpa

How to revert back User Management changes with SAP ep6

Hi,
While implementing sso for R/3 with sap EP, we did some changes in SAP System of UM configuration, after that we are not able to login with existing super user.
We changed the existing userid SAPJSF to some other value in SAP system of UM. This is causing the problem.
How can I revert back the changes as currently I am not able to access the UM Configuration?
Which file can be change for reverting back the changes?
Thanks,
Manish

Hi Heiko,
I restarted server two times but it does not work. I also reverted the changes from propertysheet as well. Still it does not work.
After that I looked in defaultTrace.trc file and found the exception <b>[EXCEPTION]
#1#com.sap.engine.frame.ServiceException: User is locked. Please notify the person responsible</b>
The exception detail is below:
1.5#0011435A6406001D0000000F000013E80003FB0CCFA7CC82#1120457372187#com.sap.engine.core.service630.container.ServiceRunner##com.sap.engine.core.service630.container.ServiceRunner#######SAPEngine_System_Thread[impl:5]_17##0#0#Error#1#/System/Server#Java###Core service com.sap.security.core.ume.service failed. J2EE Engine cannot be started.
[EXCEPTION]
#1#com.sap.engine.frame.ServiceException: User is locked. Please notify the person responsible
     at com.sap.security.core.server.ume.service.UMEServiceFrame.start(UMEServiceFrame.java:531)
     at com.sap.engine.frame.ApplicationFrameAdaptor.start(ApplicationFrameAdaptor.java:31)
     at com.sap.engine.core.service630.container.ServiceRunner.startApplicationServiceFrame(ServiceRunner.java:201)
     at com.sap.engine.core.service630.container.ServiceRunner.run(ServiceRunner.java:142)
     at com.sap.engine.frame.core.thread.Task.run(Task.java:60)
     at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:73)
     at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:145)
Caused by: com.sap.security.core.persistence.datasource.PersistenceException: User is locked. Please notify the person responsible
     at com.sap.security.core.persistence.datasource.imp.R3PersistenceBase.newPersistenceException(R3PersistenceBase.java:2099)
     at com.sap.security.core.persistence.datasource.imp.R3PersistenceBase.init(R3PersistenceBase.java:2315)
     at com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.<init>(PrincipalDatabagFactoryInstance.java:280)
     at com.sap.security.core.persistence.imp.PrincipalDatabagFactory.getInstance(PrincipalDatabagFactory.java:224)
     at com.sap.security.core.server.ume.service.UMEServiceFrame.start(UMEServiceFrame.java:528)
     ... 6 more
Can you please tell me that how can I unlock the user as my portal is not coming up. Your reply will be helpfull to me.
Warm Regards,
Manish

How to create/get user & role in Weblogic 9.2 programmatically?

Hi,
I am new to Weblogic 9.
I need to create a web service to manage user/role in WebLogic 9.
Searching thru the web and found some classes like:
AtnSecurityMgmtHelper, AtnProviderDescription etc
Are those the correct classes to create/retrieve user & role?
If so, what jar file contains those classes and where is the jar
file?
Thanks in advance,
Terry

You can do it with WLST help
http://e-docs.bea.com/wls/docs92/config_scripting/config_WLS.html#wp1019913
or via JMX through http://e-docs.bea.com/wls/docs92/javadocs/weblogic/management/security/authentication/UserEditorMBean.html and such

How to integrate oracle crm on demand with R12?

Hi,
i wount to implement oracle crm on demand in my company and want to intigrate it with oracle r12. Can any budy guide me how can i do the same? as i am new in this field
Thanks,
Vishal Joshi

Vishal, I would recommend that you post this question on the CRM On Demand Integration Development forum.

How to implement Oracle user/role security with Access front end?

Similar Messages

Maybe you are looking for