IMPDP for non-dba

Similar Messages

• SQL tab not working in V2.1 EA1 for non-DBA users -- how to fix?

  In v2.1 EA 1 the tab to show the SQL script (DDL) in the object browser is not working for non-DBA users. In the prior version, these users would see a message about DBMS_METADATA and then the message would indicate that an "internal generator" would be used to generate the DDL script. After that brief message the DDL would show up as expected. This doesn't seem to be the case in the newest version.
  I issued the following two grants to a particular user which worked, but I am reluctant to issue the grants to "PUBLIC".
  SQL> grant execute on DBMS_METADATA to XXXXX;
  SQL> grant select_catalog_role to XXXXX;
  So, my questions are:
  1) Will the old functionality (that didn't require these privileges) be added to V2 at some point?
  2) What security implications are there for issueing the above grants to PUBLIC?
  NOTE: After granting execute on the DBMS_METADATA package, it still didn't work. I left that grant in place and granted SELECT_CATAOG_ROLE, so I can't say for sure that the 1st grant was required.
  Edited by: user615070 on Nov 19, 2009 9:30 AM
  Edited by: user615070 on Nov 19, 2009 10:06 AM

  An OEM account is separate from the database account. You need to use OEM UI to create an OEM account, however, for certain tasks to be done in the databases which OEM is monitoring they will also require separate database accounts within those databases. For example, to view the performance tab in OEM UI, a database account is required.
  OEM only has two types of users, i.e. Super Administrator and Administrator, but don't go by the names. You can grant an OEM 'Administrator' account access to specific targets and what they can do within OEM, such as only viewing reports, targets, and so on. For access within a database, the user created need not be a DBA either.
  I hope you understand.

• Grid control interface for non-DBA users...

  I was wondering if there is a way to provide non-DBAs an account to log into OEM (OMS Grid Control) for 11g.
  We have some SQL Server DBAs and developers/report writers who are quite curious about OEM, especially after I gave them all a presentation on it.
  I tried creating an account in one of our repository databases but OEM did not recognize the account (invalid username/password).
  Does anyone know if this is possible or how this can be done?
  I have OMS 10.2.0.5 set up with a repository database and a crash-and-burn database that our folks can mess with.
  Thanks.

  An OEM account is separate from the database account. You need to use OEM UI to create an OEM account, however, for certain tasks to be done in the databases which OEM is monitoring they will also require separate database accounts within those databases. For example, to view the performance tab in OEM UI, a database account is required.
  OEM only has two types of users, i.e. Super Administrator and Administrator, but don't go by the names. You can grant an OEM 'Administrator' account access to specific targets and what they can do within OEM, such as only viewing reports, targets, and so on. For access within a database, the user created need not be a DBA either.
  I hope you understand.

• Alternative free version for TOAD for non-DBA purpose

  Hi,
  I am a new junior DBA in my company. i have lots of oracle developers who needs a tool like TOAD to work with oracle but should not have DBA facilities.
  and also need to have something which is for long term and not like TOAD freeware which we have to re-install every 3 months.
  I have sql developer and plsql developer in mind.
  does someone know of any other tools that can be used like TOAD with non-DBA privilieges.
  Thanks in advance,
  Philip.

  We use PL/SQL Developer from allround automations, it's not free, but it is much cheaper than TOAD (Does Toad still have the clause where you can keep reinstalling the free version, as long as you don't have more than 5 people using it in your organistation?). The company are very flexible about licensing too - we recently whent from 10 to 20 licences, about 3 years after getting the original 10 user pack, and they let us just pay the difference between the 10 user pack and 20 user - don't know many companies who would do that.
  We have been using it for a few years now, and it works great - both for people doing PL/SQL development, and for people just using it for ad-hoc querying and support purposes.
  But if SQL Developer had been available when I started looking at the available tools I probably have gone with that - you can't beat the price, and you know the company isn't going to go bust!

• 2.1.1 and 3.0 EA2: No tables shown for a non-dba user on 11R2

  Hi all
  I'm experiencing a strange problem with one 11R2 DB standard edition installation on Windows 2008 32-bit.
  Versions are:
  Windows
  Windows 2008 SP2 32 bit (build 6002)
  Oracle
  Oracle Database 11g Release 11.2.0.1.0 - Production
  PL/SQL Release 11.2.0.1.0 - Production
  CORE 11.2.0.1.0 Production
  TNS for 32-bit Windows: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production
  Java
  java version "1.6.0_23"
  Java(TM) SE Runtime Environment (build 1.6.0_23-b05)
  Java HotSpot(TM) Client VM (build 19.0-b09, mixed mode, sharing)
  The DB has some users, to whom some tables belong.
  If I run SQL Developer (either 2.1.1 or 3.0 EA2) on the server (as windows administrator), and create a connection using one of the non-dba users credentials, clicking on the Tables (filtered view) leaf, does not show any table, even if they are on the DB (e.g. using sqlplus from command line and doing a select table_name from user_tables shows the entire list, and I can select, insert, delete and so on).
  If I connect from my pc (I have 10g client installed), it works perfectly, i.e. I see the list of tables, and I can operate on them as expected.
  Conversely, on 11R2 another installation (Oracle Enterprise Edition on Windows 2003 Enterprise), both versions of sqldeveloper work fine on the server machine. Here versions are:
  Windows
  Windows 2003 R2 Enterprise Edition SP2 build 3790
  Oracle
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  PL/SQL Release 11.2.0.1.0 - Production
  CORE 11.2.0.1.0 Production
  TNS for 32-bit Windows: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production
  Java
  java version "1.6.0_06"
  Java(TM) SE Runtime Environment (build 1.6.0_06-b02)
  Java HotSpot(TM) Client VM (build 10.0-b22, mixed mode, sharing)
  What could be wrong here? Is there any way to debug it?
  Thanks in advance
  Ciao
  Andrea

  I run sqldeveloper.bat as instructed by you.
  These are the results. The error appears only when starting sqldeveloper. When I expand tables I see nothing.
  C:\sqldeveloper\sqldeveloper\bin>java -Xmx640M -Xms128M -Xverify:none -Doracle.i
  de.util.AddinPolicyUtils.OVERRIDE_FLAG=true -Dsun.java2d.ddoffscreen=false -Dwin
  dows.shell.font.languages= -XX:MaxPermSize=128M -Dide.AssertTracingDisabled=true
  -Doracle.ide.util.AddinPolicyUtils.OVERRIDE_FLAG=true -Djava.util.logging.confi
  g.file=logging.conf -Dsqldev.debug=false -Dide.conf="./sqldeveloper.conf" -Dide.
  startingcwd="." -classpath ../../ide/lib/ide-boot.jar oracle.ide.boot.Launcher
  Exception initializing 'oracle.dbtools.raptor.plsql.PLSQLAddin' in extension 'Or
  acle SQL Developer': java.lang.NoClassDefFoundError: com/sun/jdi/Bootstrap
  at oracle.jdevimpl.debugger.jdi.DebugJDIConnector.getVersion(DebugJDICon
  nector.java:30)
  at oracle.jdevimpl.debugger.support.DebugFactory.<clinit>(DebugFactory.j
  ava:81)
  at oracle.dbtools.raptor.plsql.PLSQLAddin.initialize(PLSQLAddin.java:87)
  at oracle.ideimpl.extension.AddinManagerImpl.initializeAddin(AddinManage
  rImpl.java:407)
  at oracle.ideimpl.extension.AddinManagerImpl.initializeAddins(AddinManag
  erImpl.java:214)
  at oracle.ideimpl.extension.AddinManagerImpl.initProductAndUserAddins(Ad
  dinManagerImpl.java:128)
  at oracle.ide.IdeCore.initProductAndUserAddins(IdeCore.java:1949)
  at oracle.ide.IdeCore.startupImpl(IdeCore.java:1573)
  at oracle.ide.Ide.startup(Ide.java:703)
  at oracle.ideimpl.DefaultIdeStarter.startIde(DefaultIdeStarter.java:35)
  at oracle.ideimpl.Main.start(Main.java:184)
  at oracle.ideimpl.Main.main(Main.java:146)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at oracle.ide.boot.PCLMain.callMain(PCLMain.java:62)
  at oracle.ide.boot.PCLMain.main(PCLMain.java:54)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at oracle.classloader.util.MainClass.invoke(MainClass.java:128)
  at oracle.ide.boot.IdeLauncher.bootClassLoadersAndMain(IdeLauncher.java:
  189)
  at oracle.ide.boot.IdeLauncher.launchImpl(IdeLauncher.java:89)
  at oracle.ide.boot.IdeLauncher.launch(IdeLauncher.java:65)
  at oracle.ide.boot.IdeLauncher.main(IdeLauncher.java:54)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at oracle.ide.boot.Launcher.invokeMain(Launcher.java:713)
  at oracle.ide.boot.Launcher.launchImpl(Launcher.java:115)
  at oracle.ide.boot.Launcher.launch(Launcher.java:68)
  at oracle.ide.boot.Launcher.main(Launcher.java:57)
  Caused by: oracle.classloader.util.AnnotatedClassNotFoundException:
  Classe mancante: com.sun.jdi.Bootstrap
  Classe dipendente: oracle.jdevimpl.debugger.jdi.DebugJDIConnector
  Loader: ide-global:11.1.1.0.0
  Origine codice: /C:/sqldeveloper/jdev/extensions/oracle.jdeveloper.r
  unner.jar
  Configurazione: extension jar in C:\sqldeveloper\jdev\extensions
  Questo caricamento Þ stato iniziato alle ide-global:11.1.1.0.0 utilizzando il me
  todo loadClass().
  La classe mancante non Þ disponibile in nessuna origine codice o loader nel sist
  ema.
  at oracle.classloader.PolicyClassLoader.handleClassNotFound(PolicyClassL
  oader.java:2190)
  at oracle.classloader.PolicyClassLoader.internalLoadClass(PolicyClassLoa
  der.java:1733)
  at oracle.classloader.PolicyClassLoader.access$000(PolicyClassLoader.jav
  a:143)
  at oracle.classloader.PolicyClassLoader$LoadClassAction.run(PolicyClassL
  oader.java:331)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.classloader.PolicyClassLoader.loadClass(PolicyClassLoader.java
  :1692)
  at oracle.classloader.PolicyClassLoader.loadClass(PolicyClassLoader.java
  :1674)
  ... 35 more
  Thanks for your help.

• Solaris 10,oracle 10g question- can't connect with non-dba user

  Hi
  I've installed the Oracle10g suite, enterprise edition ( 10.2.0.1). I've created a database called qa10g, which I can connect to as user 'oracle' once I export the ORACLE_SID and the ORACLE_HOME
  export ORACLE_HOME=/oracle/10g2
  export ORACLE_SID=qa10g
  then I type in the following at it puts me into sqlplus:
  $ORACLE_HOME/bin/sqlplus system/system
  so that works fine..now whan I try to log in as another user that isn't a member of the dba group, and I export the ORACLE_HOME and ORACLE_SID variables, I can't get in to the database using $ORACLE_HOME/bin/sqlplus system/system, I get the following errors:
  ERROR:
  ORA-01034: ORACLE not available
  ORA-27101: shared memory realm does not exist
  SVR4 Error: 2: No such file or directory
  Enter user-name:
  BUT, when I put the connector string at the end, I can get in:
  $ORACLE_HOME/bin/sqlplus system/system@qa10g
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
  With the Partitioning, Oracle Label Security, OLAP and Data Mining Scoring Engin
  e options
  SQL>
  so obviously, it is an enviromnet variable that isn't getting set properly, perhaps even ORACLE_SID=qa10g isn't working properly for the non-dba user ( in this case, the user is called ctronsys)
  for the work I need to do on this databse, I need to have the user I select to be able to log into the database with sqlplus commands like the ones listed above, without the connector string added at the end..the SID gets exported first..
  any help would be greatly appreciated, I'm a newbie to Oracle!
  thanks!
  Rob

  There is a possibility that you could be hitting bug 4516865....
  Bug 4516865 "WRONG PERMISSIONS AFTER INSTALLATION IN OH AND SUBSEQUENT DIRECTORIES".
  Described in <Note.4516865.8> Bug 4516865 - Wrong permissions after install of 10gR2 (10.2.0.1)
  -Ramesh

• Grant priviliges to directory by a non-dba user

  Hi All.
  I want to know the command to grant create tables, views, procedures, directory , functions, indexes, sequences to a non dba user.
  I have already granted following priviliges:
  grant create table to stats;
  grant create view to stats;
  grant create sequence to stats;
  grant create procedure to stats;
  But unable to create functions, packages and directories in non-DBA user.
  Plz help regarding this.
  Thanks
  Hassan

  So, i think you should go for these roles....... Yogesh, of course that's possible, but is not a good advice. Oracle 10g documentation :
  CONNECT, RESOURCE, and DBA
  These roles are provided for compatibility with previous versions of Oracle Database. You can determine the privileges encompassed by these roles by querying the DBA_SYS_PRIVS data dictionary view.
  Note: Oracle recommends that you design your own roles for database security rather than relying on these roles. These roles may not be created automatically by future versions of Oracle Database.
  Moreover, RESOURCE role includes UNLIMITED TABLESPACE privilege, which could be a bit dangerous. To avoid that you can grant connect and resource to a role and grant the role to the user.

• Granted roles as a non-dba user

  One of the goals we are trying to do here is to let departments manage more of their roles by themselves. For instance, the sales department can manage the sales role, the customer service the customer service role, etc.
  However, as these are non-dba users, they do not have access to DBA_ROLE_PRIVS. Is there any way for an administrator of a role to see who has this role?
  For instance, as a quick example:
  create user sales_admin identified by *****;
  create role sales;
  grant connect to sales_admin;
  grant sales to sales_admin with admin option;
  connect sales_admin/*****
  grant sales to scott;
  Is there any way for sales_admin to see who has the sales role? Or will they need to go to the DBA and ask for a list?

  Granting "select any dictionary" privilege to sales_admin user is something that cannot be proposed ? Like this :
  SYS@db102 SQL> get sales
    1  create user sales_admin identified by sales_admin;
    2  create role sales;
    3  grant connect to sales_admin;
    4  grant select any dictionary to sales_admin;
    5  grant sales to sales_admin with admin option;
    6  connect sales_admin/sales_admin
    7  grant sales to scott;
    8* select * from dba_role_privs where granted_role='SALES';
  SYS@db102 SQL> @sales
  User created.
  Role created.
  Grant succeeded.
  Grant succeeded.
  Grant succeeded.
  Connected.
  Grant succeeded.
  GRANTEE                        GRANTED_ROLE                   ADM DEF
  SYS                            SALES                          YES YES
  SALES_ADMIN                    SALES                          YES YES
  SCOTT                          SALES                          NO  YES
  SALES_ADMIN@db102 SQL>                                                                                

• Which OS, Version, Best Setup on like-new 2008 MBP for non-HD archival DV?

  MacBook Pro 15"
  (Early 2008)
  2.4 GHz Core 2 Duo
  4GB RAM
  720GB 7200rpm Hard Drive (original 360GB 5400rpm drive also available)
  OS 10.6.8
  (6GB RAM possible but additional $100+ for 4GB module needed now for software upgrades)
      I first and last used Final Cut Pro 2-3 in film school on a Titanium PowerBook (500MHz!) during the OS9/X transition.  Next, was an Aluminum PowerBook (1.67Ghz) but because of life changes, I did little editing other than occasionally in iMovie.  Then as an early adopter of iPhone/Pad, I rarely used my AlPB other than for back up, writing, and occasional simple editing.
      Now I'm finally entering the early MacIntel age with a pristine "early 2008" MacBook Pro bought for $250 from an elderly original-owner couple who used it only at home for email and iPhoto.  Though at the end of its supported life, it's practically new with a known history of light graphics usage (no video or gaming rendering ever) delivered in the original box with original battery (only 46 cycles!), discs, manual, like-new charger, and no sign of wear.  The original internal wrapper was even saved and put back on the device!  Furthermore, because the wife was a photo enthusiast, the Apple Store swapped out her internal hard drive for a Western Digital 720GB 7200rpm drive and the husband just gave me the original 360GB drive!
      I want to do several things with this "new" device.  I've done a lot of research but the world has changed since FCP 3 and the G4 processor and I'm overwhelmed with all the possibilities.  I need guidance and have always appreciated the wisdom and generosity of the gurus here. I thank you all in advance!
  iCloud integration: I'd like it since I'm an iPhone/Pad user.  I could upgrade to Mountain Lion but Mavericks, under the best of conditions, is doable on my device and may give me improved CPU and battery performance.  I realize this is best left for the OSX forums.  HOWEVER...
  Final Cut Pro: I want to also return to editing in FCP an unfinished documentary using primarily archival film and video converted to non-HD DV.  This may greatly impact how I set up my drives and the decision as to which OS is best.  So, this should probably be my initial decision.
  Hard Drive:  First and foremost, I should probably swap the drives and place the 7200rpm drive into an enclosure (Firewire or is that stone-age?) for FCP media, correct?
  OS:  With Mavericks, I must use FCPX which is beyond my current non-HD needs and will most likely strain my system resources.  However, the new simplified interface is appealing and I've read some users are running it on "early 2008" MBPs.  If an earlier OS is better suited, then which one?  And also...
  FCP Version:  Which is most stable given my model?  And which is best for non-HD needs?  What about FCExpress?  I want to explore more possibilities than what's available in iMovie and would appreciate the simpler interface found in FCE and FCPX, especially since I haven't used any Final Cut since FCP 3 but will gladly embrace what's best.  I want to relearn the program and hope to continue using it for other projects.
  Partitioned drive:  Finally, what about partitioning my drive, one for daily life running Mavericks or other OS, the other solely dedicated to an optimized OS/FCP for non-HD editing?  Even at 360 GB it should be doable if I keep it lean and the bulk of storage externally (I ran FCP 3 adequately on a partitioned 40GB drive back in the day).  How much space should I dedicate to an FCP partition?
      Finances are tight and I'll need to upgrade Office, other apps (I know there's Rosetta in Snow Leopard but must weigh that with iCloud integration; decsions, decisions!) and probably locate an older copy of FCP on EBay or elsewhere which could be expensive.  I must wait a bit before swapping in a 4GB RAM module and possibly upgrading to an SSD.  Meanwhile, I'd like to experience this like-new MacBook Pro now, both as it was during its heyday and with what's still possible today.  It seems doable and I appreciate any and all suggestions.
  Thank you all and have a great day!
  Evalyn
  PS: I realize my FCP3 files are probably useless and plan to reimport everything into a new project.  And sorry for the lack of paragraph spacing.  Can't get it formatted right on the iPad!

  CyberFinch wrote:
  FCP Version:  Which is most stable given my model?  And which is best for non-HD needs?  What about FCExpress?  I want to explore more possibilities than what's available in iMovie and would appreciate the simpler interface found in FCE and FCPX, especially since I haven't used any Final Cut since FCP 3 but will gladly embrace what's best.  I want to relearn the program and hope to continue using it for other projects.
  Just to note that there is much more commonality between FCP3 and FCP7 and/or FCE than with the early version and FCP X. IMO, learning FCP X is worth the effort, but it will require some effort since it is so different than traditional NLE's. You could "get by" with FCE for many types of projects and you should be able to find a copy on eBay or Amazon  for a few hundred dollars. However, you will not be able to open a FCP project of any version with it.  Also, I don;t think I would agree that  its UI is simple; it's essentially the same as FCP.
  As for partitioning, some people advise against editing from drives that have been partitioned. I use a partition on one machine and I've not had any problems, so I think it is an option.
  As you can see from the replies you've received so far, you have  reasonable choices. Good luck.
  Russ

• ISE 1.2 - Posture Detail Assessment - enforcement audit mode report not show status for non-compliant

  ISE 1.2 - Posture Detail Assessment - enforcement audit mode report not show status for non-compliant.
  - For old version 1.1.4 it can be reported for non-compliant, How can I generate report for this? 
  Thanks
  Kosin Usuwanthim

  It used to be in there (id 226635 is the last one with it); should I clean it up a bit and put it back with a bit more of a disclaimer?

• Service desk for non-sap (please - any inputs are welcome)

  hi all,,
  I know how to setup service desk for SAP use. Can some one provide me some tips on using solution manager - service desk for non-sap as well? eg: the company wants to use service desk for normal activities as well, as laptop not working, server down, other system issues etc.
  The questions I have are -
  1) Any specific structure to be created for the non-sap? The way we use in SAP specific environment is to use "SAP Components" while creating tickets. How can we create tickets for non-sap components? What will be the "responsibility" selection?
  2) How about the Ibase? For SAP, the ibase already have the data from SMSY. How can I get data for non-sap systems? Anything is SAP to keep the Asset management data (like entries of laptops, servers etc)
  Thanks for all the suggestions !!
  JZKALH

  Hi
  You need to go for service desk XT which is the extension of service desk to manage non sap or IT incidents
  Check below link
  https://websmp110.sap-ag.de/_solutionmanager
  Heterogeous system environments are a challenge for IT-service management in any company. The associated complex structures and varying forms of media often make it difficult to realize efficient service processes. With SAP Solution Manager Service Desk - Extended Usage (Service Desk XT), SAP offers a centralized support tool as a single point of access - for service requests and problem tickets related to SAP and non-SAP software.
  The Single Point of Access for Support
  SAP Solution Manager, which is a standard part of every SAP solution and therefore can be used by all SAP customers, supports users in SAP relevant service requests. The standard function of the service desk is restricted to service requests.
  With Service Desk XT, SAP provides an extended support tool, which can be also used for general service requests, for example regarding IT or telecommunication equipment.
  This priced add-on does not require additional interfaces to third-party products - the same service requests are used for SAP and non-SAP applications. This simplification is a benefit for your employees.
  This solution has been created with IT service providers in mind, especially those which work within a company and currently do not have an IT-service desk application in place or would like to replace an existing system.
  Also,
  check this link
  pg(46)
  https://websmp205.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700000147532009E
  Pg 52 onwards
  https://websmp205.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700000059742008E
  https://websmp205.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700000548652007E
  Hope it helps
  Regards
  Prakhar

• How to allow access to winrs for non-admin user?

  I have Windows Server 2012 (and Server 2008, but it is next priority) to monitor it using txwinrm. txwinrm library internally is using WinRS protocol. I have to monitor it using least privileged user, but don't know how to configure access for him.
  All I managed to do - is to configure remote Powershell session for my user, but it's look like that winrs and powershell sessions have different security descriptors:
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential Administrator $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential lpu1 $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  winrs -r:192.168.173.206 -u:Administrator -p:$pwd 'powershell -command "2+2"'
  # gives 4
  winrs -r:192.168.173.206 -u:lpu1 -p:$pwd 'powershell -command "2+2"'
  # Gives Winrs error: Access is denied.
  Configuration for my user is following:
  (Get-Item WSMan:\localhost\Service\RootSDDL).value
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
  (Get-PSSessionConfiguration -name Microsoft.Powershell).SecurityDescriptorSddl
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1149)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
  (In each security descriptor my user is given general access to protected object).
  So what security descriptor should I set to make my winrs query work for non-admin user?

  Hi Bunyk,
  I can not recreate the erroe you posted, and please also post the screenshoot in your convenience.
  I tested with a non-domain user but has the local admin permission of the remote computer, and this worked, before running the remote cmdlet in powershell, I also configured the TrustedHosts.
  In addition, the access denied could be also caused to the Protocol Filtering on the remote server, for more detailed information, please refer to this thread:
  winrs error:access is denied
  I hope this helps.

• "SSO" for non-sap web application using SAPGUI to browse?

  I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
  To strengthen the authentication in the web app, I wanted to implement SSO 
  authentication as we pity the users for having to remember so many strong pw's and I
  dont like LDAP based pw sync or other technology I dont understand, because then we are
  just yet another application with the same pw...
  We are having technical problems implementing SSO on the web app side, and are anyway a
  bit sceptical about the user admin / role admin assignment if we get it to work.
  So I have created a transaction in SAP which browses the web app and the intention is to
  send the SAP sy-uname as the web app user. We can control this using s_tcode, and
  an own auth object on the WAS side and a check on the session type before the connection is
  established. In this sense we are dependent on the SAP concept implemented, but even so:
  The role assignment is controlled in the web app itself -> so assume that I am not overly
  worried about unauthorized access to the web application, as they would not have any
  system role for it as their sy-uname does not exist. (Infact we can monitor this)
  The browser on the front end is the SAPGUI with html controls on the SAP side.
  I would be interested in knowing whether anyone else has experience with this approach, and
  whether there are any areas to be carefull of?
  I would also like to know whether this is a strategic error?
  Kind regards,
  Julius

  Hi Julius,
  well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
  a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
  But for non-SAP web applications that does not help.
  In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
  Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
  In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
  Cheers, Wolfgang

• SSO FOR NON SAP APPLICATIONS

  SSO for non sap applications in EP on which siteminder sso is integrated
  Posted: Aug 28, 2006 7:09 AM        Reply      E-mail this post 
  Hi ,
  we have implemented Siteminder on SAP PORTAL 6 SP16 for authentication.I would like to integrate non sap application in Portal.I could not find any documentaion for setting up non sap application's in portal on which siteminder external authentication is implemented.
  can anybody help for getting step by step document.
  diff rewards to be given

  Hi,
  if you have access to service.sap.com via S-User, you can download "SAP Enterprise Portal Security Guide" in the portal section. It has dedicated descriptions about SSO-Settings, also about netegrity.
  You can also search help.sap.com about "SSO" which gives you overview descriptions.
  On SAP Service Net, there is also an pdf "Integrating Security functions" in the Netweaver 2004s Portal section, where the description of the Java API for the PDK is included. This is very helpfull for coding.

• Unity: Voice-mail for non-Exchange subscribers

  Hi everyone!
  I have this issue: customer wants to enable voice-mail for non-Exchange users, I've created them as Internet subscribers for using with auto attendant, but I can't enable voice-mail for these extensions, basically the customer does not want for this users to receive the messages in their mail just only check it on IP phones. Is there a possible way???
  Thanks in advance for your help

  To add to Hailey's comment, here's the documentation that explains the behavior/limitations of Internet Subscribers in case you're interested in checking it out:
  http://www.cisco.com/en/US/docs/voice_ip_comm/unity/5x/networking/guide/ex/5xcunet040e.html#wp1050583
  Hope that helps,
  Brad