How to trace an user access

Similar Messages

• How to trace a user System or I.P address

  Hi Experts,
  Had to ask how to trace a User's System or I.p address whom  has performed changes over a BEX Query.
  I have a situation where a user has done some changes in report it displays in last changed by user name:-****and last change date  but i would like to trace the system from which these changes have been applied over a the bex Query.
  Thanks in advance
  Aman

  Hi Aman,
  Please have a quick look at the note 368048 which explains why the terminal ids are blank in some cases and gives the solutions where applicable.
  If you want to see the current workstation with IP Addresses you can have a look at table USR41 which contains this information but this is not contained within the security audit log.
  539404     FAQ: Answers to questions about the Security Audit
  39418      Logging user actions
  As for your query, about viewing user's IP, you might need to get user's Terminal ID from STAT/AL08 and manually use tracert in MS-DOS command to see particular user's IP. EG:tracert myl5005500.
  Tracing route to <hostname>[10.10.10.10]
  over a maximum of 30 hops:
    1    <1 ms    <1 ms    <1 ms  <FQDN> [10.10.10.10]
  Trace complete.
  Note : I personally tested from logging in via query designer but my connections were not displayed in USR41. Once I connect to backend system my terminal IP could be traced.
  Regards,
  Naveen.

• How to trace which user shutdown oracle database in unix OS?

  our organization is having 10 DBA with sysdba priviladge. We are using UNIX operating system. At morning say for example if some one (SYSDBA user) shutdown the oracle database how other sysdba user trace the user who shutdown the database? the information i need is terminal from where oracle got shutdown and the username? Please help...

  Hello,
  You are right Sybrand, SYSDBA connections are always audited.
  My answer was about enabling auditing to any connections, which may give informations about who access to the Database in general. And, this is true, it was not the scope of the OP question.
  However, so as to enlarge audit of SYS/SYSDBA/SYSOPER operations, setting the parameter audit_sys_operations=TRUE may be interesting:
  http://download.oracle.com/docs/cd/E11882_01/network.112/e16543/auditing.htm#DBSEG0611
  To the OP:
  Where the audit tracefile get genareted for sys user?You may execute this:
  show parameter audit_file_destThank again Sybrand for correcting me.
  Best regards,
  Jean-Valentin

• How to trace a USER in oracle?

  Hi Sir,
  I have a rquirement that I need to Trace a session created through the Application. The only data I have is that I know the application will connect to a Database schema and nothing else. How is it possilbe that I can create a trace file for it.
  Also is it possilble, that i can trace complete user. how to find all the trace as it create number of process inturn number of trace, how do I find it and combine. I read the documentation but can't understand it clearly?
  Any help will be great.

  sanora600 wrote:
  Aman, thanks for replying. This is the problem, they have not implemented dbms_application_info.
  That is the reason I want to know how to trace user(all session of a schema) and combine all the session generated trace(something like trcsess) and then generate tkprof. I am on Oracle 10g.Well, first off, users connect to databases, they don't connect to schemas. And as a follow on, users have sessions, schemas don't.
  That said, you might investigate a logon trigger that initiates a 1046 trace. Something like this:
  -- create a logon trigger for capturing extended trace data
  -- NOTE: must be run as SYS
  -- NOTE: Be sure to change both occurances of the target username
  -- ('user = xxx' and 'TRACEFILE_IDENTIFIER=') to the
  -- correct value for the session you want to trace.
  create or replace trigger logon_trigger
  after logon on database
  begin
  if (user = 'SCOTT' ) then
  execute immediate 'ALTER SESSION SET TRACEFILE_IDENTIFIER=''SCOTT_APP''';
  execute immediate 'alter session set timed_statistics=true';
  execute immediate 'ALTER SESSION SET EVENTS ''10046 TRACE NAME CONTEXT FOREVER, LEVEL 12''';
  end if;
  exception
  when others then
  null;
  end;
  end;
  Of course, you can play around with the 'if' condition, and delete or disable the trigger when it is no longer needed. The resulting trace file can be run through tkprof.
  Edited by: EdStevens on Dec 19, 2008 9:03 AM

• How can know which user accessing specific form in ERP application

  Hi,
  In our organization we have ERP application that is developed based on Orace forms and reports 10g.
  My question is how can i know which user accessing specific form in ERP application based on their login.
  Please do the needful.
  Regards,
  M. Satish

  What I infer from your statements now, significantly different from your OP, is that you do not have any logging mechanism and now want to introduce logging with minimum effort.
  If that is the case you can add the logging code in your Menu(s), before the CALL_FORM/NEW_FORM. Fewer object(s) to modify, but roughly the same lines of code get added.
  Regards,

• How to trace other user's session?

  Dear Experts,
  I would like to trace other user's session, I am on Oracle 10g R2 (10.2.0.4) on a Windows box. I did search on google and found tons of articles explaining about tracing techniques. But unfortunately, trace file is not getting generated in my case. Below are the steps I am following:
  SQL> conn /as sysdba
  Connected.
  SQL>
  SQL> select sid, serial# from v$session where username = 'TEST';
         SID    SERIAL#
          38         17
  SQL> show parameter user_d
  NAME                                 TYPE        VALUE
  user_dump_dest                       string      C:\DB10G\UDUMP
  SQL> show parameter timed_s
  NAME                                 TYPE        VALUE
  timed_statistics                     boolean     TRUE
  SQL>Connect a new SQL*Plus session as TEST and then
  SQL> show user
  USER is "SYS"
  SQL>
  SQL> select sid, serial# from v$session where username = 'TEST';
         SID    SERIAL#
          19      24465
          38         17
  SQL> exec dbms_system.set_ev(38,17, 10046, 12, '');
  PL/SQL procedure successfully completed.
  SQL> exec dbms_system.set_ev(38,17, 10046, 0, '');
  PL/SQL procedure successfully completed.
  SQL> grant execute on dbms_system to test;
  Grant succeeded.
  SQL> exec dbms_system.set_ev(38,17, 10046, 12, '');
  PL/SQL procedure successfully completed.in the new session (TEST):
  SQL> select * from tab;
  TNAME                          TABTYPE  CLUSTERID
  T                              TABLE
  T3                             TABLE
  T1                             TABLE
  T2                             TABLE
  MYEMP                          TABLE
  SQL>Yet, no trace file is generated in "C:\db10g\udump" folder.
  C:\db10g\udump>dir
  Volume in drive C is SYSTEM
  Volume Serial Number is AC21-0462
  Directory of C:\db10g\udump
  12/15/2008  12:36 PM    <DIR>          .
  12/15/2008  12:36 PM    <DIR>          ..
                 0 File(s)              0 bytes
                 2 Dir(s)   9,891,508,224 bytes free
  C:\db10g\udump>Your help/advice in this regard will be very helpful.
  Regards

  You must be using shared server.
  You can verify this by referring to the SERVER column of v$session.
  In shared server several servers will execute your code, so that's why you don't find a trace file.
  The method described in this article should work in your case also:
  http://technology.amis.nl/blog/1794/how-to-trace-a-java-application-through-a-connection-pool-using-dbms_monitor-6
  Hth
  Sybrand Bakker
  Senior Oracle DBA

• How to trace connect user ?

  Hi,
  How can I trace all user connection in a file ?
  I would like to know who connected (user oracle) and when.
  Thanks for your help,
  gnom92.

  You can see the figure how many connection made since the db starts up quering v$sysstat;
  select name,value from v$sysstat where name like '%logon%';
  NAME VALUE
  logons cumulative 132671
  logons current 175
  Generally, Oracle doesn't keep this information. You have to enable audit to keep this info.

• How to trace a user session?

  Hi DBA,
  OS: Linux 5
  DB Ver: 10.2.0.1
  can any one tell me how to trace a session of user in oracle 10g?
  Regards,
  BK

  user12942781 wrote:
  Hi DBA,
  OS: Linux 5
  DB Ver: 10.2.0.1
  can any one tell me how to trace a session of user in oracle 10g?
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14211/sqltrace.htm#CHDDGCCB
  HTH
  Aman....

• How to restrice ananymous user access to portal link /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default?

  Hi experts,
  We had an issue with portal access. I wonder if portal is venerable for security threats?
  Could you please let me how to restrict the unauthorized users (anonymous user) to the portal URL.
  https://HOST:50001//irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default .
  Appreciate your help.
  Regards
  Maruti

  Hi Maruti,
  Hope you are doing good.
  Can't you just amend the portal permissions so that this access is not possible.
  The PCD location should be:
  com.sap.portal.system/security/sap.com/NetWeaver.Portal/no_safety/com.sap.portal.navigation.portallauncher....
  Hope this helps.
  Thank you and have a nice day!
  Kind Regards,
  Hemanth

• How to avoid multiple users accessing same test data via parameterization in LR??

  i am using LR11.5, i have the following test data&colon;
  TestData
  1
  2
  3
  4
  5
  when i run this script from Controller with 3 users LR picks it as user1->1, user2->1, user3->1
  How do i achieve this case: user1->1, user2->2, user3->3 ??
  Any help would be great.

  I have a related question. i created 2 websites/domains then i went to users and created 2 seperate "network" users then i went to ftp and selected each website and added only user A to site A and user B to site B. what's weird is that when i try to ftp using either of the users it seems to land on the same site. i looked at shared security for the folders and it only shows user a on site a folder and user b on site b folders. am i doing somehitng wrong or is this how it works in mountain lion server? i just want to give the domain owner ftp access so they can manage their files and only thier files. i also had to turn on open directory so that it would not create a local user but a network user. do i need to turn that off and just deal with having a bunch of local users as ftp user? i want to host multiple websites on the server and NO users remote on to server besides ftp.
  edit 1: i only have 1 IP running on the server which i don't think it has any affect on this but thought i mention it :-)
  edit 2: i just noticed one more thing that may help. i used filezilla to remote in using both users, one at a time. it seems to allow both users in but then it shows same directories. i then created a file using the one that was not supposed to have acces and it never sows up. but if i remote desktop to server i can see the new file in the correct folder. so it may have something to d o with the directory listing.

• How to give a user access to just 2 fields in a user account properties

  Is it possible to create a user that has basic access rights in Active Directory but give it access to just the users name and telephone number of every user in Active Directory?  We have a Windows 2003 AD level at the moment.
  Thanks.

  Sure, by default a user you create in Active Directory is going to be apart of Domain Users.  This user will be an Authenticated User and will have Read permissions over all other users in AD, meaning they can see all other users information.
  If you want you can delegate control to a user or group and limit or expand what the user can do.  For instance you can right-click the name of your domain in Active Directory Users and Computers and click Delegate Control then click Next.  Click
  add to add a user or test user, then click Next. Click the Create a custom task to delegate then click Next, select Only the following objects in the folder, then select account objects and click Next. Click Property-specific and there you'll find things like
  Read displayName.  Check Read displayName and Click next then click Finish.  So you've delegated that to that user or group. 
  How to Delegate Basic Server Administration To Junior Administrators. 
  http://support.microsoft.com/kb/555986
  Best Practices for Delegating Active Directory Administration 
  http://technet.microsoft.com/en-us/library/cc773318%28v=ws.10%29.aspx
  If it answered your question, remember to “Mark as Answer”.
  If you found this post helpful, please “Vote as Helpful”.
  Postings are provided “AS IS” with no warranties, and confers no rights.
  Active Directory: Ultimate Reading Collection

• How can my main user access files of sharing only user?

  I use network MFD to scan files into shared folders through Samba. Works perfectly fine on Windows: scanner uses its own limited account to access shared folder and store files, but Windows admin user is the owner of this folder and of all of the PDFs in it.
  I wanted to setup same system under Mac OS X 10.9.4. I created sharing only user "scanner" for my network MFD to access shared "Scan" folder on my MacBook Air through Samba. I shared this "Scan" folder for both my main MacBook user and "scanner" user with read/write permissions. Now if my network scanner logs on to the shared folder with username/password of my main user (and I consider this insecure and wrong) - everything works fine. But if network scanner uses its special "scanner" account, it creates file which I can't open later with my main MacBook user ("scanner" is the owner of this file, and "main" doesn't have permission even to read the file).
  Looks like newly created files in shared folder don't inherit permissions of the folder.
  Is there a way to force my main MacBook account to be owner of all files created by "scanner" account (at least in one folder used for scan results)?

  Create a “scannergroup” group in Users & Groups. It’s the same process as for a user, but change the type to Group. Add all of your real users and your scanner user to the group.
  Open Terminal and copy/paste this command into the terminal window. If you want to use different names for the Group or the folder, edit the line in a text editor, then copy/paste it into Terminal.
  sudo chmod -R +a "scannergroup allow delete,chown,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" /Users/Shared/Scan
  To change the group name in the command, change scannergroup to whatever you create in Users & Groups.
  To change the folder, change the full path as shown by /Users/Shared/Scan
  That command creates an Access Control List entry that allows each member of the scannergroup to read/write/delete/ items created by others in the group.

• How to trace a user who entered/dropped a table in a shared DataBase

  Hai, I have a doubt plz help me
  when working in a shared DataBase environment, different users will create or drop
  tables from the DataBase. Is it possible to trace who has created/altered a particular table in the DB. If yes plz tell me the procedure.
  Thanks in advance.
  SrihariKrishna

  Maybe this link provides some help?
  http://asktom.oracle.com/pls/ask/f?p=4950:8:5395923770553724381::NO::F4950_P8_DISPLAYID,F4950_P8_CRITERIA:6399608034075
  C.

• How to trace communication users in system & build a role

  Hi all
  I have a requirement in my compnay to create a role for communication users currently assigned to SAP_ALL
  we have 20 communication id's & turning on trace is not feasible option due to the impact on system performance.
  Plz let me know what is the approach i need to have inorder to find neccessary tcodes & objects into my role.
  thank you in advance.
  Best Regards
  NaveenMurthy_

  What I meant is that good "housekeeping" and securing of these sensitive RFC connections is hard to do properly if you are "far away" from them.
  Go figure why SAP delivers many of their connection wizards with SAP_ALL... they don't know either what the customer will be using and which data will be transfered and when you might need to temporarily debug the connection or when someone will try to use an existing connection for a new application without thinking about developing a new role to go with it, or which checks an SP might introduce which then pop up as a problem in a remote program or system, etc.
  Really, it is not an easy thing to do properly (both technically and procedurally) and the further you are away from it, the more hassle it will be.
  No inflamatory hype intended toward any specific type or location of "offshoring".
  Cheers,
  Julius

• How do we check user access control in Apex

  Hi All,
  In my application we have three different roles like
  1 = Write/Edit
  2 = Write/Edit/Export
  3 = View Only
  Based on the roles i have dsiplay the show and hide few things. How do achieve this property in apex?
  Thanks,
  Anoo..

  Always include the following information when asking a question
  Full APEX version
  Full DB/version/edition/host OS
  Web server architecture (EPG, OHS or APEX listener/host OS)
  Browser(s) and version(s) used
  Theme
  Template(s)
  Region/item type(s)
  And always search on oracle documentation and apex forum before posting a question
  Anoo wrote:
  Hi All,
  In my application we have three different roles like
  1 = Write/Edit
  2 = Write/Edit/Export
  3 = View Only
  Based on the roles i have dsiplay the show and hide few things. How do achieve this property in apex?
  Thanks,
  Anoo..You can create 3 different authorizations for each one above, and use the authorization in the region,page, item level etc..
  http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/sec_authorization.htm#HTMDB25782