HTMLDB, Database Users, Permissions

Similar Messages

• New HTMLDB User - Want to authenticate against a database user

  Greetings... I would like to authenticate a user sign-in/logon screen against database users setup in the database. It appears to me that DAD might do this, but I'm a bit fuzzy on how to make it work. I looked in some of the FAQ's here and can't seem to find something that tells me how to do this. I'd be thankful for any help you can give this old DBA who's stepping into HTMLDB Development.
  (Love the product so far by the way!)
  Robert

  Robert - It depends on what your aim is, but one way to do it is to create a new DAD without a username or password in the connect info. This will require users to respond to the basic authentication challenge allowing those who have database accounts to authenticate to your application.
  Regardless of which database account is used to authenticate, keep in mind that all SQL and PL/SQL in the application executes as the schema designated as the application's "owner" or parsing schema, so the identity of the authenticated user with respect to database roles and privileges plays no part unless you actively use the session's USER value in VPD/RLS, for example.
  Scott

• Copy Users/Permissions/objects from a database to another database

  Can anyone help me how to copy users, permissions, stored procedures, views, functions and all other objects from one database to another database.
   I need a SQL Script to get this job done. I cannot use backup restore or SSIS Package.

  There's also a transfer sqlserver objects task available in SSIS
  http://www.mssqltips.com/sqlservertip/2064/transfer-database-task-and-transfer-sql-server-objects-task-in-ssis/
  Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

• Different software and database user

  I want to install oracle software and oracle database on two difference user
  Software user: orasoft
  Primary group: oinstall
  Secondary group: dba
  User Home: /u01/orasoft
  $ORACLE_HOME=/u00/app/oracle/product/10.2.0
  /u00: owner: orasoft:oinstall permission 775 (before installing software)
  Database User: oradb
  Primary group: dba
  Secondary group: oinstall
  User Home: /u01/oradb
  In this scenario,
  Software is getting installed perfectly; I’m getting permissions issue for creating database
  1. Do I need to change the $ORACLE_HOME permissions to 775 after software installation for the database to get installed without any issue?
  2. if I do this, then the permission executables also gets changed to rwx-rwx-rx.

  Hi,
  First of all, I cannot really see the concept behind the user management how you have assigned orasoft and oradb users to oinstall and dba groups.
  Why cannot oinstall be the primary for both users and dba is the secondary? As well as what OS group do you plan to be the sysdba and sysoper groups?
  Second of all what do you mean by:
  user8209189 wrote:
  I want to install oracle software and oracle database on two difference userWhat kind of oracle software do you mean by the first oracle software ? What Oracle component are you refering here?
  As well as:
  user8209189 wrote:
  2. if I do this, then the permission executables also gets changed to rwx-rwx-rx.Be careful with playing with such permissions in the Oracle binary home as certain binary files require SUID settings (e.g. rwS)
  Regards,
  Jozsef

• QUOTED_IDENTIFIER when trying to replicate user permissions

  I'm trying to add user permissions to a user on a database but I keep getting the following error. The user already has access to another DB on the same instance but when I try and copy the permissions (manaully or by query) this error appears. Can someone
  help. Thanks in advance.
  SELECT failed because the following SET options have incorrect settings: 'QUOTED_IDENTIFIER'. Verify that SET options are correct for use with indexed views and/or indexes on computed columns and/or filtered indexes and/or query notifications and/or XML data type methods and/or spatial index operations. (Microsoft SQL Server, Error: 1934)

  Good day
  1. please post the exact query that you are using while you are getting this error. 
  2. The error "SELECT failed because the following SET options have incorrect settings..." usually mean that you can change the SET option regarding the issue or just change the query a bit (options can be change or configure during the connection
  string or after you are connected). For example in your case you might tried to use simple quotation mark in the code
  SET QUOTED_IDENTIFIER causes SQL Server to follow the ISO rules regarding quotation mark delimiting identifiers and literal strings.
  * check this blog regarding the issue:
  http://sqlhints.com/2012/02/04/insertupdate-failed-because-the-following-set-options-have-incorrect-settings-quoted_identifier/
  * for more information regarding QUOTED_IDENTIFIER please
  check this link.
  * For more information and some example regarding GRANT Object Permissions please
  check this link, or
  this link.
    Ronen Ariely
   [Personal Site]    [Blog]    [Facebook]

• OIM 9.1.0 with Database User Management: Connector Exception upon Connect

  Hi,
  I've been struggling with the Database User Management connector (9.0.4) with Sybase, following the steps word-for-word as per the documentation (Oracle® Identity Manager Connector Guide for Database User Manage Release 9.0.4; E10425-0; July 2009).
  When defining the IT Resource through the Install Connector wizard, I get the following when it does a connection test:
  14:51:52,795 ERROR [WEBAPP] Class/Method: CreateITResourceAction/testConnectivityForDataBase/ClassNotFoundException encounter some problems: No ClassLoaders found for: com.sybase.jdbc2.jdbc.SybDriver
  java.lang.ClassNotFoundException: No ClassLoaders found for: com.sybase.jdbc2.jdbc.SybDriver
  even though I've ensured jconn2.jar is in the ThirdParty directory, reflushed the cache, and restarted OIM; the connector still can't seem to load the driver.
  I've tried the database testing script with similar results.
  Any thoughts?
  Cheers
  Simon
  PS: I believe v5.5 of JConnect (as required by the OIM Connector) has been EOL'd and Sybase. They recommend you use v6.0 (v6 is jconn3.jar)), which from what I can see should work as com.sybase.jdbc3.jdbc.SybDriver; I tried that as well but had the same ClassNotFoundException.

  I've fixed it; needed to copy jconn2.jar into the $JBOSS_HOME/lib directory and restart the server.

• How to setup database user for windows NT SSO

  Hi,
  We have a scenario where we have to setup a database user so that SSO can be worked in windows environment.
  We have oracle 10g installed on UNIX server. Now we want to setup a autosys user which will also be a winows user for eg by the name kumaral and domain (which is Logon option in windows) will be FM, so eventually user name will be FM\kumaral. Autosys will be on windows machine and we have installed oracle client on this machine.
  On oracle database we have created two user by following syntax:
  (1) CREATE USER "OPS$FM\KUMARAL" IDENTIFIED EXTERNALLY;
  (2) CREATE USER "OPS$FM\kumaral" IDENTIFIED EXTERNALLY;
  Also we have provided connect grant to these users.
  GRANT CONNECT TO "OPS$FM\KUMARAL".
  GRANT CONNECT TO "OPS$FM\kumaral".
  I am login in windows through FM\kumaral user, but we are not able to connect to oracle through this user, we are trying to connect to oracle from below mentioned query:
  sqlplus /
  but we are not able to connect.
  Can someone please help me on this?
  Thanks in Advance.
  Amit.

  Check MOS note :
  WIN: Setup O/S Authentication [ID 60634.1]
  Regards
  Rajesh

• ORASSO database user privileges

  Hi-
  We are using 10G SSO, in the OID database DBA role is assigned to ORASSO user.
  I am unable to find that why do we require DBA role for this user, can we revoke DBA role from ORASSO?
  Regards

  Hio Srini,
  Thanks for your feedback. We are using Discoverer 11g on a 10g database. OS on client machine running Discoverer Desktop is Windows xp and im pretty sure its solaris on the box.
  The eulowner user is indeed a database account and was specifically created to create the eul with. Therefore with this in mind, i created a new database user with resource and connect privs. Once this was created i navigated to Discoverer Administrator expecting to see the user within the dropdown menu under tool > priviledges, but the new user namely disco_user is not appearing in the lsit for selection.
  I'm wondering if this eul was created as an apps mode eul, would this determine whether standard database users are able to be selected in this mode? The full error message when logging into Discoverer Desktop is;
  unable to connect to: disco_user@db you do not have access priviledges to any end user layer tables.
  This message appears does apear quite rightly as i have found before when no priviledges have been assigned to the user in admin, but without the ability to select the user from the dropdown list, im unable to grant these.
  Please let me know if you have any further questions. I appreciate your help.
  Simon

• How to add multiple users permissions to a calendar using powershell?

  I have an organization that was recently setup in Exchange Online and they have unique circumstances in that every user in the organization needs "reviewer"
  access to every other users calendars.  I cannot change the default permission since new users added after this should not be able to see these calendars details.  There are a few I will go back to run a Set command on to change an individual permission
  here and there for specific needs, but the main need is below.
  I have basic experience with powershell commands and have found how to manually add a single users permissions to a calendar using the command below:
  Add-MailboxFolderPermission -Identity alias:\calendar -user alias -AccessRights reviewer
  Since it's not realistic to run this command thousands of times changing the user aliases each time, I was hoping someone could help me build a command to run on a single mailbox's calendar that would add every current user in the organization with certain
  permissions such as "reviewer" or "availabilityonly".
  Thanks for the help!

  Hi,
  A possible solution is to do this via Security Groups.
  Add-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected] -AccessRights Owner
  This way, you simply add users that require access to the CalendarOwnerAccessGroup
  You still have to run this on every mailbox that should have this feature, but that could be solved using powershell piping.
  http://technet.microsoft.com/en-us/library/ee176927.aspx
  /Anders Eide

• Error while creating database user with first.lastname pattern

  I am trying to user the database user management connector to create oracle database user, but when i use first.lastname pattern as the database username i got an ora-01936
  ERROR,07 Jul 2010 17:06:56,370,[OIMCP.DBUM],oracle.iam.connectors.dbum.common.db.util.DBUtil : executeQuery
  ERROR,07 Jul 2010 17:06:56,370,[OIMCP.DBUM],Error occurred while trying to execute query.
  ERROR,07 Jul 2010 17:06:56,370,[OIMCP.DBUM],Description : ORA-01936: cannot specify owner when creating users or roles
  ERROR,07 Jul 2010 17:06:56,370,[OIMCP.DBUM],java.sql.SQLSyntaxErrorException: ORA-01936: cannot specify owner when creating users or roles
  i figured out that when i use fist.lastname as database username i have to add double quotes, so i can create de user properly , but now the add role or grant task fails with ora-01741.
  ERROR,07 Jul 2010 17:18:01,096,[OIMCP.DBUM],================= Start Stack Trace =======================
  ERROR,07 Jul 2010 17:18:01,096,[OIMCP.DBUM],oracle.iam.connectors.dbum.common.db.util.DBUtil : executeQuery
  ERROR,07 Jul 2010 17:18:01,096,[OIMCP.DBUM],Error occurred while trying to execute query.
  ERROR,07 Jul 2010 17:18:01,096,[OIMCP.DBUM],Description : ORA-01741: illegal zero-length identifier
  ERROR,07 Jul 2010 17:18:01,096,[OIMCP.DBUM],java.sql.SQLSyntaxErrorException: ORA-01741: illegal zero-length identifier

  Did u try adding the roles via sqlplus by running a command ?
  Whats the result
  Thanks
  Suren

• Unable to drop database user

  Hi All,
  I am unable to drop database user and getting the folllowing error:
  " must use DBMS_AQADM.DROP_QUEUE_TABLE to drop queue tables "
  I find 3 table with AQ prefix in the schema but unable to drop these table even by using "sys" user.
  Any idea how can I do that ?
  Regards,

  Hi,
  select object_name,object_type from dba_objects where owner='USERNAME' and object_name like '%AQ%';TO drop the queue table, login as the owner and
  exec DBMS_AQADM.DROP_QUEUE_TABLE(queue_table=>'PASTE_THE_OBJECT_NAME_FROM_ABOVE',force =>TRUE);Anand

• Database User Management Connector ,

  Hi,
  Want some help in understanding the database user management connector to achieve the Requirement -
  " Need to do user provisioning to a database according to roles/entitlements assigned to a user and also wants that access to that database is managed according to roles assigned to that users "
  My environment is OIM 11g R2 which is integradted with OIA 11.1.1.5.0
  Googled and found that Database User mangement Connector is required for his purpose.Please confirm is this understanding correct or is there any better approach.
  Also want to know is it mandatory to install bundle on ICF for this connector?
  Thanks,
  Puneet
  Edited by: Puneet Lobana on May 23, 2013 11:55 PM

  Hi one more silly doubt.....can i connect to oracle database without using a connector but creating an IT Resource Type, IT Resource, RO,PD - adapters using stored procedure task to call a stored procedure on the target database?
  Pls help
  Regards,
  sk
  Edited by: sk on 19/08/2010 22:15

• Contained Database Users are now available in Azure SQL Database Update preview

  Contained Database Users should be of particular help for people migrating to Azure SQL Database. At the moment, this is a preview release but you can start testing. Here is the announcement of the
  preview with links to more information.
  New SQL Database public preview with new Standard-tier performance level
  Previously announced in November 2014 and now available for customers to try, the
  new
  public preview of SQL Database improves the compatibility of SQL Server applications for Azure SQL Database. Details of this preview are available on the
  SQL
  Database documentation webpage, including the following key enhancements: easier management of large databases to support heavier workloads with parallel queries
  and online indexing, support for programmability functions like CLR and XML index to support more robust application design, improved monitoring and troubleshooting with XEvents and 100 new Dynamic Management Views (DMV), and more performance in the Premium
  tier.
  To try this preview, please sign up via the Preview
  features webpage. Only SQL Database servers with a mix of one or more Basic, Standard, or Premium (not Web or Business) databases are compatible and eligible to
  upgrade to the preview. Please note that any move of an existing Basic, Standard, or Premium database into this preview is irreversible; we recommend that you create a database copy or leverage test databases on any server enrolled in this preview.
  A new Standard-tier performance level, S3, is also available in this preview which gives you more pricing flexibility between Standard and Premium. S3 will deliver 100 Database Throughput Units (DTU) and all the features available in the Standard tier. Please
  note that S3 will appear on your bill as a multiple of S2 until further notice.
  For more information, please visit the SQL
  Database webpage and the
  Microsoft
  Azure Blog. For a comprehensive look at pricing, please visit the
  SQL
  Database pricing webpage.
  Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

  Hello Rick
  That is great, one thing I'd like to ask, does it support SSMS,SSDT?
  No sign of that yet, that I’ve seen.....
  Best Regards,Uri Dimant SQL Server MVP,
  http://sqlblog.com/blogs/uri_dimant/
  MS SQL optimization: MS SQL Development and Optimization
  MS SQL Consulting:
  Large scale of database and data cleansing
  Remote DBA Services:
  Improves MS SQL Database Performance
  SQL Server Integration Services:
  Business Intelligence

• Multiple database users, ORM, entity framework, best practices

  Hello everyone!
  You've already helped me several times, however I must ask for an advice once more.
  I was assigned to develop .NET application with Data Access Layer and I've decided to use Oracle Database Software to provide sample data.
  As I'm absolute novice considering creating DAL I'd be grateful if you can examine my plan in terms of security and reliability:
  My database:
  1) I've created database with sample tables and relations between them. All tables belongs to databaseAdmin.
  2) I've created HR and Manager database users and granted them some privileges on certain databaseAdmin's tables. My intention is to reduce access to unnecessary tables. If my application user want to make some changes to Customers table it should be enough to connect to database as HR.
  And now I'd like to map my database using Entity Framework in my application. And that's where I have a problem:
  -If I create Entity Model basing on databaseAdmin tables I get perfect model, however every Entity SQL query would be executed on behalf of databaseAdmin, which breaks my idea of hiding unnecessary tables.
  -If I create Entity Model for HR and Manager users, my models could overlap on tables that both users have access to and no connection between tables would be generated (as from their point of view those tables are just some tables that belong to databaseAdmin)
  Could you help me with this deadlock? Or maybe my assumptions about multiple database users are incorrect? Please, bear in mind I'm a novice.
  I was trying to find a solution in web, and there're tons of data discussing technical aspects of Entity Framework etc., but not so many documents about conceptual model of database.

  hi Michael,
  Thanks for you posting!
  Sorry for I am not totally understanding your issue. Maybe two points need your confirm:
  1. I confuse with the "Service controller"? IS your meaning MVC controller? Or ServiceController(http://www.codeproject.com/Articles/31688/Using-the-ServiceController-in-C-to-stop-and-start
  2.whether  The type of ID in the model is match to the database ? In other words, Is the type of IDin .edmx matched to the database?
  By the way, it seems that this issue is more related to EF. You could post this issue on EF discussion for better support.
  Thanks & Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How to force my Web part to run regardless of users permissions

  I have created the following custom permission , which will allow users to Create items without being able to view,edit them:-
  $spweb=Get-SPWeb -Identity "http://vstg01";
  $spRoleDefinition = New-Object Microsoft.SharePoint.SPRoleDefinition;
  $spRoleDefinition.Name = "Submit only";
  $spRoleDefinition.Description = "Can submit/add forms/files/items into library or list but cannot view/edit them.";
  $spRoleDefinition.BasePermissions = "AddListItems, ViewPages, ViewFormPages, Open";
  $spweb.RoleDefinitions.Add($spRoleDefinition);
  $spweb.Dispose();
  then inside my "Issue Tracking List" i stop inheriting permission from team site , and i define the following permission for all users:-
  now users can add items and they can not view them ,, which is perfect :).
  But now i wanted to add a custom web part to my Create form which will hide certain fields if the user is not within specific group ,the web part looks as follow:-
  protected override void OnInit(EventArgs e)
  base.OnInit(e);
  InitializeControl();
  using (SPSite site = new SPSite(SPContext.Current.Site.Url))
  using (SPWeb web = site.OpenWeb())
  web.AllowUnsafeUpdates = true;
  SPGroup group = web.Groups["Intranet Visitors"];
  bool isUser = web.IsCurrentUserMemberOfGroup(group.ID);
  if (!isUser)
  SPList myList = web.Lists.TryGetList("Issue List");
  SPField titleField = myList.Fields.GetField("Category");
  titleField.Hidden = true;
  titleField.ShowInEditForm = false;
  titleField.ShowInNewForm = false;
  titleField.ShowInDisplayForm = false;
  titleField.Update();
  myList.Update();
  // web.AllowUnsafeUpdates = false;
  else
  SPList myList = web.Lists.TryGetList("Issue List");
  SPField titleField = myList.Fields.GetField("Title");
  titleField.Hidden = false;
  titleField.Update();
  myList.Update();
  // //web.AllowUnsafeUpdates = false;
  web.AllowUnsafeUpdates = false;
  then i deploy the web part and i add it to the Create form. but after doing so user are not able to create items and they will get the following error:-
  Sorry this site has not been shared with you
  so can anyone advice how to force my web part to run , without checking the users permissions or with minimal permssions ?

  in this case, use the elevated privileges to read/add/edit items with elevated privileges with below code.
  but make sure the page which you add this web part have at least read access to all user.
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite site = new SPSite(web.Site.ID))
  // implementation details omitted
  More: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges.aspx
  Bistesh
  Ok after adding :-
  SPSecurity.RunWithElevatedPrivileges(delegate()
  users with the following permissions can create items:-
  "AddListItems, ViewPages, ViewFormPages, Open";
  and they can not edit/read them, which is great. but i am facing a caching problem , because if user is inside the "Intranet visitor" he will be able to see Category field as mentioned in my code, but if i remove him from the "Intranet Visitor"
  he still can see the field,, although in the web part i specify not to display the Category column if the user is not inside the "Intranet visitor " group... here is my current code:-
  protected override void OnInit(EventArgs e)
  base.OnInit(e);
  InitializeControl();
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite site = new SPSite(SPContext.Current.Site.Url))
  using (SPWeb web = site.OpenWeb())
  web.AllowUnsafeUpdates = true;
  SPGroup group = web.Groups["Intranet Visitor"];
  bool isUser = web.IsCurrentUserMemberOfGroup(group.ID);
  if (!isUser)
  SPList myList = web.Lists.TryGetList("Risk & Issue Management");
  SPField titleField = myList.Fields.GetField("Category");
  titleField.Hidden = true;
  titleField.ShowInEditForm = false;
  titleField.ShowInNewForm = false;
  titleField.ShowInDisplayForm = false;
  titleField.Update();
  myList.Update();
  // web.AllowUnsafeUpdates = false;
  else
  SPList myList = web.Lists.TryGetList("Risk & Issue Management");
  SPField titleField = myList.Fields.GetField("Category");
  titleField.Hidden = false;
  titleField.ShowInEditForm = true;
  titleField.ShowInNewForm = true;
  titleField.ShowInDisplayForm = true;
  titleField.Update();
  myList.Update();
  web.AllowUnsafeUpdates = false;
  so can you advice please ? is this a caching problem, or once the user add at-least single item he will be able to see all columns ?