How to restrict a normal user
Please explain how to restrict a normal user from getting connected as sys user in sqlplus.Even though I have revoked the sysdba and sysoper priveleges, I am able to get connected as sysdba in sqlplus. Is there any way to restrict the normal user.
Regards
Vijay Kumar
That are the 2 ways, how to connect as sysdba:
Password Authentication
Unless a connection to the instance is considered 'secure' then you MUST use a
password to connect with SYSDBA privilege.
Users can be added to a special 'password' file using either the 'ORAPWD'
utility, or 'GRANT SYSDBA to USER' command.
Such a user can then connect to the instance for administrative purposes using
the syntax:
CONNECT username/password AS SYSDBA
Operating System Authentication
If the connection to the instance is local or 'secure' then it is possible to
use the operating system to determine if a user is allowed SYSDBA access.
In this case no password is required.
The syntax to connect using operating system authentication is:
CONNECT / AS SYSDBA
Oracle determines if you can connect thus:
On MS Windows NT/2000/2003/XP:
On MS Windows the OSDBA groups is a hard coded group thus:
Group Name Oracle uses this as...
~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
ORA_DBA OSDBA group for all instances
When you issue a 'CONNECT / AS SYSDBA' , Oracle checks if your MS Windows logon is a
member of the 'ORA_DBA' group.
If you don't want OS authentication, remove the ORA_DBA group from the logon id. But automatic database startup at boot time won't longer work.
Werner
Similar Messages
-
How can I allow normal user change their LDAP password?
I use Solaris10 + Sun Directory server 5.2SP6 + Samba, how can allow normal user change the password themselves?
Thanks.Depends on application you are using. I use ColdFusion and here is how I allow users to change their passwords
<cfldap action="Modify"
dn="uid=#form.UserLogin#,ou=your_ou,dc=example,dc=com"
attributes="userpassword=#FORM.newPassword#"
server="#servername#"
Port="#portnumber"
username="uid=#form.UserLogin#,ou=your_ou,dc=example,dc=com"
password="#form.userpassword#"> -
How to restrict the FBL5N (user wise restriction)
Hi experts
I want to restrict the FBL5N TCODE user wise.
In FBL5N one parameter is there Serch Help ID In serch help id when we select Customers per sales group
we see Sales office and Sales group .If we select sales grop and execute it report gives op under sales group.
My requirment is restrict the sales group or sales office for user wise.(if 5 sales office and 3 user id is there then,i want to give one user id for 2 sales office and if enter another sales office then he cant show the data)
THANKS
AJAY.Hi Ajay,
I am not quite sure if it is recommended to tweak standard elementary search help. However, I would suggest you to create your own search help and attach it to the standard collective search help as an append search help.
You can write what so ever logic the business demands in that custom search help exit there by restricting the entries that gets displayed as a result of value help.
Hope this gives you a brief idea on how to proceed.
Regards,
Hemanth -
How to Restrict same portal user from other node
Hi
In my application, we charge customers for each portal user logins. But, i found that, they can share same user logins amongs number of people.
I don't want to allow the same portal user login into the application if that user is already logged in and it's session is still active.
Here is the Scenario :
User A is logged in to the portal from terminal AA. Now, User A agin tries to logg in to the portal from terminal BB. I don't wnat to allow user A to log in from terminal BB bcuz user A has active session from terminal AA.
Can anyone know how to implement this??
thanks in advance.
SriniHi Srini!
We have solved this problem with our own login portlet. Before the final login we've got to check (from the certain table) how many logins there are currently with that username.
But there is a problem. If the user closes the browser without logoff, the session remains active. There is a cleanup job, which removes those session in some hours. Still it is not very elegant.
Regards,
Jari -
How to restrict "sftp only" user into your home dir and subdir
Hi OTN forums members
Question : I want restrict a sftp only user to browse ONLY in your home directory and subdirectory . I don't want sftp user access into other directory.
Details : I want use a "ssh bundle package" on s10(only package on SUNWCXall installation cluster). I don't want to use the "extrernal package", as "ProFTP", "Chroot", sunfreeware OpenSSH package,ecc. It's possible?
Technical Details of my system(test) : the hostname and username it's fantasy name, not real ;-)
root@sunlab1:/[1]$ cat /etc/release
Solaris 10 5/09 s10s_u7wos_08 SPARC
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 30 March 2009
root@sunlab1:/[2]$ uname -a
SunOS sunlab1 5.10 Generic_142909-17 sun4u sparc SUNW,Sun-Blade-100
root@sunlab1:/[3]$ grep explorer /etc/group
explorer::111:
root@sunlab1:/[4]$ grep explorer /etc/passwd
explorer:x:111:111:Sun Explorer Data Collector sftp only user:/export/home/explorer:/usr/lib/ssh/sftp-server
root@sunlab1:/[5]$ zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 27.3G 9.33G 96K /rpool
rpool/ROOT 11.6G 9.33G 18K legacy
rpool/ROOT/s10s_u7wos_08 11.6G 9.33G 11.6G /
rpool/cfengine 73.7M 950M 73.7M /var/cfengine
rpool/dump 1.00G 9.33G 1.00G -
rpool/export 5.01G 9.33G 11.8M /export
rpool/export/home 1.40G 3.60G 1.40G /export/home
rpool/mp3 2.65G 2.35G 2.65G /mp3
rpool/patches 206M 2.80G 206M /var/patches
rpool/swap 768M 9.58G 514M -
root@sunlab1:/[6]$
root@sunlab1:/[7]$ cd /export/home
root@sunlab1:/export/home[9]$ ls -la
total 47
drwxr-xr-x 5 root root 9 Oct 7 09:51 .
drwxr-xr-x 4 root sys 6 Jun 7 09:44 ..
drwxr-x--- 11 explorer explorer 11 Oct 7 11:30 explorer
root@sunlab1:/[8]$ sftp explorer@sunlab1
Connecting to sunlab1...
Password:
sftp> dir
[...more output...]
sftp> pwd
Remote working directory: /export/home/explorer
sftp> cd /var/adm
sftp> dir
[...more output...]
sftp> get messages
Fetching /var/adm/messages to messages
sftp> pwd
Remote working directory: /var/adm
sftp> bye
root@sunlab1:/[9]$
root@sunlab1:/[10]$ pkginfo -l SUNWsshr
PKGINST: SUNWsshr
NAME: SSH Client and utilities, (Root)
CATEGORY: system
ARCH: sparc
VERSION: 11.10.0,REV=2005.01.21.15.53
BASEDIR: /
VENDOR: Sun Microsystems, Inc.
DESC: Secure Shell protocol Client and associated Utilities
[...snip...]
root@sunlab1:/[11]$ pca -l installed --pattern=[Ss]sh
[...snip...]
Using /var/patches/pca/patchdiag.xref from Oct/14/10
Host: sunlab1 (SunOS 5.10/Generic_142909-17/sparc/sun4u)
List: installed (3/584)
Patch IR CR RSB Age Synopsis
141742 04 = 04 -S- 427 Obsoleted by: 141444-09 SunOS 5.10: sshd patch
143140 04 = 04 RS- 119 Obsoleted by: 143559-03 SunOS 5.10: ssh patch
143559 03 = 03 RS- 38 SunOS 5.10: ssh scp patch
root@sunlab1:/[12]$ pca -l 141444 143559
Using /var/patches/pca/patchdiag.xref from Oct/14/10
Host: sunlab1 (SunOS 5.10/Generic_142909-17/sparc/sun4u)
List: 141444 143559 (2/405)
Patch IR CR RSB Age Synopsis
141444 09 = 09 RS- 367 SunOS 5.10: kernel patch
143559 03 = 03 RS- 38 SunOS 5.10: ssh scp patch
root@sunlab1:/[13]$Legenda:
PCA = [url http://www.par.univie.ac.at/solaris/pca/] Patch Check Advanced , PCA is 3PP free and fast tool for Analyze, download and install patches for Solaris
IR =Installed Rev. CR = Current Rev. (published on patchdiag.xref from Oct/14/10)
RSB =[R]eccommended,[S]ecurity, [\B]ab patches
Not helpful reading "<tt>man sshd_config</tt>" and "<tt>man sftp-server</tt>", and Google searching. Nothing by MOS Community search.
Any idea?
Best Regards
Michele V.
P.S.: Excuse me for my bad English.Hi OTN forums members,
I find the solution. Thanks Andrea Manganaro (aka Amanga) for the help.
1) Download and install OpenSSH for Solaris 10/SPARC and all dependencies(Please read the http://www.sunfreeware.com/openssh.html note):
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssh-5.6p1-sol10-sparc-local.gz]openssh-5.6p1-sol10-sparc-local.gz
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssl-1.0.0a-sol10-sparc-local.gz]openssl-1.0.0a-sol10-sparc-local.gz
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/zlib-1.2.5-sol10-sparc-local.gz]zlib-1.2.5-sol10-sparc-local.gz
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/libgcc-3.4.6-sol10-sparc-local.gz]ibgcc-3.4.6-sol10-sparc-local.gz
2) Configure <tt>/usr/local/etc/sshd_config</tt> file with the "+<tt>ChrootDirectory</tt>+" directive. For me:
# override default of no subsystems
#Subsystem sftp /usr/local/libexec/sftp-server
Subsystem sftp internal-sftp[...]
# Example of overriding settings on a per-user basis
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no3) Create group and user for sftp-only account. For me:
root@taurus # groupadd sftponly
root@taurus # grep sftponly /etc/group
sftponly::202:
root@taurus # useradd -g sftponly -c "Sftp only user" -d /export/home/explorer -s /bin/false -m explorer
explorer:x:1002:202:Sftp only user:/export/home/explorer:/bin/false
root@taurus # passwd explorer
New Password:
Re-enter new Password:
passwd: password successfully changed for explorer
root@taurus # 4) Change home directory permission and create a r/w direcorty (uploads) for sftponly user account.
root@taurus # cd /export/home
root@taurus # ls -la
total 14
drwxr-xr-x 4 root root 4 Oct 29 15:28 .
drwxr-xr-x 3 root sys 3 Jan 22 2009 ..
drwxr-xr-x 3 explorer sftponly 3 Oct 29 15:41 explorer
root@taurus # chown root:sftponly explorer; chmod 750 explorer
root@taurus # ls -la
total 14
drwxr-xr-x 4 root root 4 Oct 29 15:28 .
drwxr-xr-x 3 root sys 3 Jan 22 2009 ..
drwxr-x--- 3 root sftponly 3 Oct 29 15:41 explorer
root@taurus # This will make a read-only, chrooted directory perfect for people to come in and get stuff, but never write.
For example, you could make a directory explorer/uploads that allow people to write in.Then you can moderate what gets copied into the read-only /explorer area. Remember that if a user can write in a directory then they can also delete anything in that directory.
root@taurus # cd explorer
root@taurus # mkdir uploads && chown -R explorer:sftponly uploads && chmod 0755 uploads
root@taurus # ls -al
total 9
drwxr-x--- 3 root sftponly 3 Oct 29 15:41 .
drwxr-xr-x 4 root root 4 Oct 29 15:28 ..
drwxr-xr-x 2 explorer sftponly 2 Oct 29 15:56 uploads
root@taurus # 5) Disable SunSSH "service" and enable OpenSSH "service" (with SMF):
root@taurus # svcadm disable sshSee [url http://www.sunfreeware.com/sshsol10.html]here for Running openssh vis SMF on Solaris 10 Systems
root@taurus # svcadm disable ossh
root@taurus # svcs -a | grep ssh
disabled 12:37:51 svc:/network/ssh:default
online 15:29:41 svc:/network/ossh:default
root@taurus # 6) Test your job :-)
Helpful links:
==============
http://www.sunfreeware.com
http://www.openssh.org
http://calomel.org/sftp_chroot.html
HTH
Michele Vecchiato -
How to restrict a VPN user with a specific anyconnect profile?
I need to assign to anyconnect users different profiles. This is done easily with IPSec, with the group policy configured in the client. With anyconnect I have two options:
- Allow the user to select the connect profile: The problem here is the user can select any profile and connect with the rules and permissions configured in this profile. I do not how to force one specific profile for each user.
- Use the DefaultWebVPNGroup as connection profile for everybody combined with DAP. This what I am doing now. Everybody connect with the default anyconnect profile and I use DAP to assign each user the network ACL's, Bookmarks, etc. The problem here is that I can not use other options that are included in the profiles or in the policies, like split tunneling or user authentication method.
I have seen some answers about this point but none of them is clear enough. I am using ASA 5540 with 8.4(6) and Windows IAS radius.
Thanks.Thanks Elias. This works. Easy to configure. When I connect using the client it takes de group policy from the radius attribute 25 and apply it.
Just one little problem. This doesn't work with bookmarks when the user connect with WebVPN. In the logs I can see the connection taking the correct group policy but the bookmarks from that policy are not applied. Any idea? -
How to restrict the internal users(Business Users)
Hi,
If i have a 3 catalogs like
1.US catalog
2.UK catalog
3.Italian Catalog
How can associate this three catalog to specific internal user.Hi,
For assigning a catalog to specific user, you can go to People and Organization-->Users in ACC
Then click on a user and there you can see a property catalog,just click on that and search/select your catalog,save it and catalog is assigned to user.
For more details please follow below link-
Oracle ATG Web Commerce - Assigning a Catalog to a User
Hope it help!
Regards,
PrateekG -
How to restrict non root users from changing proxy settings Ubuntu 12.04?
I have two Ubuntu 12.04 Desktops with Ncomputing vSpace software configured for remote terminal users of Ncomputing L300 thin clients. Both these desktops have Squid configured and connected to internet. So in a way users logging in to these machines can directly access internet without squid. Now users can remove the proxy and have unrestricted access anytime. Which is the reason I want to enforce proxy on users settings which they cannot change. I am fine if the settings makes it mandatory for root or sudo user of Ubuntu. Is this possible ?
Use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values.
Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
pref("general.config.filename", "mozilla.cfg");
These functions can be used in the mozilla.cfg file:
defaultPref(); // set new default value
pref(); // set pref, but allow changes in current session
lockPref(); // lock pref, disallow changes
See:
*http://kb.mozillazine.org/Locking_preferences
*http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
*http://mike.kaply.com/2014/01/08/can-firefox-do-this/ -
How to restrict Basis from User admin in Portal
Hi,
Iam looking to delete action Manage ALL action from Administrator role and add ReadALL so that basis is not given access to User admin in Portal. we already have Manage_All in a role that is assigned to security. However iam not sure of the problems. please advise if there would be any problem in tweaking the Administrator role as these are standard UME roles.
Thanks in advance.Hi,
Please try to modify User adminitrator role in the portal.
Content Administrator>>Portal Content>>Content Provided by SAP>>Admin Content>>User Administrators>>Right click on "User Admin" role >>Permission>> IN "Everyone" Group, Uncheck the 'End User' column. then SAVE your permision.
Hope this will helps you to resolve your issue.
Thanks
Arun Jaiswal -
How to restrict views in MS INFOPATH 2010 based on a user Login id
Hi,
I am the Admin of the Time Reporting SharePoint tool for my project. When a user enters/edit a time report ,it is done via an Infopath 2010 form. This form has 2 views:
1. For the normal users to see (default view)
2. For the Admins only.
What i want is that when a normal user(not an admin) logs in to the site to change his/her time report and opens this form,that person will only be able to see the default view . If an admin logs in then he/she can swicth between both the views .
Currently i am unable to provide any such functionality. Even a normal user is able to see both the views which i want to restrict.
Pelase let me know how do i restrict the normal users to the default view only based on their login ID.They shouldnt be able to switch views at all.
But if an admin logs on then both the views should be accessible.
I am new to InfoPath , so please let me know from scratch. I need only out of box solution for this as i cannot perform any kind of coding due to site restriction.
Regards,
GuruHi ,
My problem is still not resolved. I tried applying the people picker property and set a specific field(an email id field) to be available to only admins. Now the field is not visible to the normal users but only admins which is good but that email field
should be able to take normal users as wel as admin's email ID. currently due to the people picker property it only takes admin's ID and not normal user's ID - which is not as per expectation.
What this email ID field does is - when a normal user is logged in he/she wont see this field in that view. But when an admin logs in he/she can switch to admin view and see this field . The admin can put any user's ID in this field and pull out the required
resource's Time Report for modification.
Please let me know how do i overcome my problem. Detailed step description will be very helpfull .
As per Cameron's suggestion (add a rule on the "additional admin section") , i am not sure how exactly that is done. Would help a lot if i got to know how this works.
Regards,
Guru -
How to restrict number of concurrent connections etc.
Hi,
I'm able to use wi-fi thru WRT54GC.
I want to know:
1. How to restrict number of users connecting to the wireless network that is setup thru my router?
2. I also want to know about any monitoring software which can tell me about connected PCs, user names, bandwidth available, bandwidth utilized etc.
Thanks in advance
Rajeev1. logon to router's setup page, open I.E. and in the address bar type 192.168.1.1, it would ask for username and password, put "admin" default password without any username... click on the wireless tab >> wireless security >> try setting up wireless security as per the requirements, also you can setup wireless MAC filter and you can setup MAC address of wireless computers which you want to allow to coonect to the network...
2. not quiet sure about monitoring software which would show you detail log about bandwidth, bandwidth utilized by each computer...however you should view router's logs from linksys "logviewer" utility...go to ftp.linksys.com/pub/network and download the "logviewer" utility.
let me know if you have any issues. -
Creation of a normal user without admin rights
Hi,
I am new to oracle apex. Can you please let me know how to create a normal user without admin rights in oracle apex application.
Thanks & Regards,
venkat
Edited by: 866673 on Jun 17, 2011 9:53 AMWelcome to the forum: please read the FAQ and forum sticky threads (if you haven't done so already), and ensure you have updated with your profile with a real handle instead of "866673".
You'll get a faster, more effective response to your questions by including as much relevant information as possible upfront. This should usually include:
<li>Full APEX version
<li>Full DB version and edition
<li>Web server architecture (EPG, OHS or APEX listener)
<li>Browser(s)/version(s) used
<li>Theme
<li>Templates
<li>Region type
(although for your question only the APEX version is necessary).
Assuming you mean a user who can authenticate to an application that uses Application Express Account Credentials?
In APEX 4.0:
1. Go to Home > Application Builder > [Your Application ] > Administration > Create Users and Groups > Create User
2. Enter the User Identification information.
3. In the Account Privileges, specify:
User is a workspace administrator: No
User is a developer: No
4. Complete the rest of the form as necessary. -
Table access restriction to certain users
Hi,
How to restrict the particular user in accessing the database tables ?
For example: A user should not be given the the rights to access the table AUFK.
Thanks in advance.
Regards,
HarshaHi,
If you are talking about access of table through SM30, it can be done by authorization object concept. You can assign the appropriate authrization object while creating the table maintenance. Basis will assign the roles to the user. If it is SE16/SE16N then you need to create parameter transactions for each table user is allowed to view.
Other generic option is, You can develop a report program and display the tables allowed for the user. On clicking the table name, you can take to SE16 screen. (You may need to create a transaction variant for se16/se16n for disabling the table name input field to control the user not to access other tables). Tables allowed for the user can be maintained in a Ztable.
Thanks,
Vinod. -
Normal users accessing mounted NTFS disks? (Music related)
I havent yet fully converted to linux, so all my music and other stuff is on NTFS partitions.
My NTFS partitions are listed in fstab with the "defaults" options, only root have access to them now, however I want to play my music as a normal user.
How do I enable normal users, or preferably only one user, to access these partitions?
semi-newbie :?_Gandalf_ wrote:
I usualy mount with both suggestion above, actually i need full read acess to all users logged in the machine so i do
umask=022,uid=1000,gid=102
BTW u don't need to read /etc/passwd to know ur uid/gid, instead use the command
id
the id command was handy, thanks -
How to restrict users to not default layout while creating a user specific?
Hi all,
I have a problem with frequent changes in report layout setting. When users trying to create a user specific layout in the window "Default" is set, out of "User specific" & "default" checkbox defaultly, so users saving the layouts. so it's overwritting on existing layout. we are ossing the old data. how to restrict end users to create new one with out changing the existing one.How to change that default check in "Default" check box to user specific defaultly. where i have to do settings for this. Thanks in advance.
PradeeshHi ,
My problem is still not resolved. I tried applying the people picker property and set a specific field(an email id field) to be available to only admins. Now the field is not visible to the normal users but only admins which is good but that email field
should be able to take normal users as wel as admin's email ID. currently due to the people picker property it only takes admin's ID and not normal user's ID - which is not as per expectation.
What this email ID field does is - when a normal user is logged in he/she wont see this field in that view. But when an admin logs in he/she can switch to admin view and see this field . The admin can put any user's ID in this field and pull out the required
resource's Time Report for modification.
Please let me know how do i overcome my problem. Detailed step description will be very helpfull .
As per Cameron's suggestion (add a rule on the "additional admin section") , i am not sure how exactly that is done. Would help a lot if i got to know how this works.
Regards,
Guru
Maybe you are looking for
-
Can anyone please give me a few lines on how do we describe a KM Discussions iview, surprisingly i havent been able to find a single pdf or word doc can anyone help me with a doc abt this please.. Regards Sunny
-
JAX-WS and JAXB 2.0 for ComplexTypes
I have a simple web service method that returns a string. I want to enhance this method to return a Java object. Do I have to explicitly use JAXB and have the web service method return the marshalled data string? And then unmarshall on the client sid
-
How can I get GRC V5.3 Users Guide for the four modules
Hi, Does anyone know how I can get hold of GRC V5.0 User Guide(s) for Risk Analysis and Remediation, Compliant User Provisioning, Enterprise Role Management, and Superuser Privilege Management? So far I can only get Installation Guide, Configuration
-
When I try to run video on any website, why do I get just the Flash Player logo?
And why is it so difficult to get an answer to this basic question? The problem started on this computer just a week ago; until then, YouTube and any other video-oriented website ran fine. Now every video I try to view comes up as a blank (gray) scre
-
What kind of iphone case do you use?
About one year ago, I bought an incipio silicon case at at&t for my iphone 3g. It was good, but the plastic part was broken in two months. I bought an iPhone 3GS three months ago and got a crystal-clear case from icarecase. It is a good deal, only $7