IP based restriction on DDL and DML statement
Hi
I am working oracle 10g daabase.I want to restrict a specific IP for all DML and DDL and the that particular IP should have only select only rights.Kindly let me know if its possible?
Regards
Vijay
Dear friends,
To be more clear on my requirement,i will explain you entire scenerio.
Example
There is person called John,and in a database BANK,there is are
3 schemas called
1) ABC (This schema has full privileges on its own schemas)
2) DEF (This schema has full privileges on its own schemas)
3) XEF (This schema has full privileges on its own schemas)
The priveleges of ABC,DEF and XEF cannot be reduced as they are related to application functiaonality,and any
change in the same will affect the application modules.Neither can we change the passwords for the above schemas,because this needs a bigger activity by incorporating the new password in all applications files.
Mr John has login creditanals for all there schemas i.e ABC,DEF and XEF.And thus he has full privileges on this schemas.
So we want John's IP with restriction of only select on this schemas.
In this example Mr john is the application vendor,and we would give him access to single IP for just one day.
Regards
Vijay
Similar Messages
-
Auditing DDL and DML statements of selective IP addresses....
Hi all,
DB : 11.2.0.2 64 bit
OS : RHEL 5.7 64bit
Hi all,
I want to audit all DDL and DML statements for some selective IP Addresses or hostnames.
I read about Fine Grained Audit. I got the following code to enable auditing of nondatabase user's actions(Application users).
created policy for client identifier.......
BEGIN
DBMS_FGA.ADD_POLICY(OBJECT_SCHEMA => 'OE',
OBJECT_NAME => 'ORDERS',
POLICY_NAME => 'ORDERS_FGA_POL',
AUDIT_CONDITION => 'SYS_CONTEXT(''USERENV'', ''CLIENT_IDENTIFIER'') = ''Robert''',
HANDLER_SCHEMA => NULL,
HANDLER_MODULE => NULL,
ENABLE => True,
STATEMENT_TYPES => 'INSERT,UPDATE,DELETE,SELECT',
AUDIT_TRAIL => DBMS_FGA.DB + DBMS_FGA.EXTENDED,
AUDIT_COLUMN_OPTS => DBMS_FGA.ANY_COLUMNS);
END;
But I want to audit all DDL and DML statements for a particular schema say ABC from selective IP addresses or hostnames so how can I do this?
Pl suggest.....
Regards,
Andy.Hi,
You could :
1. create a function, say myfunction, returning 1 if you want to audit, 0 otherwise
This function would test sys_context('userenv','ip_address') within the desired IP address to be audited
2. create your fga on the objects you want to audit adding the clause audit_condition=>'myfunction=1'
Nicolas. -
HR Schema DDL and DML Statements
Dear all,
I want all tables and datas for practicing purpose.(HR Schema)
In Oracle site where can I get these DDL and DML Statements.
Can Any one post all statements..
Thanks in advance.Unlocking the Sample Tables
The Human Resources (HR) Sample Schema is installed as part of the default Oracle Database installation. The HR account is locked by default.
You need to unlock the HR account before you can use the HR sample schema. To unlock the HR account, log in as the SYSTEM user and enter the following command, where your_password is the password you want to define for the user HR:
ALTER USER HR IDENTIFIED BY your_password ACCOUNT UNLOCK;
For further information about unlocking the HR account, see the Oracle Database Sample Schemas guide. The HR user is primarily to enable you to access the HR sample schema and is necessary to enable you to run the examples in this guide.
Each table in the database is "owned" by a particular user. You may wish to have your own copies of the sample tables to use as you try the examples in this guide. To get your own copies of the HR tables, see your DBA or see the Oracle Database Sample Schemas guide, or you can create the HR tables with the script HR_MAIN.SQL which is located in the following directory on UNIX:
$ORACLE_HOME/DEMO/SCHEMA/HUMAN_RESOURCES/HR_MAIN.SQL
And on the following directory on Windows:
%ORACLE_HOME%\DEMO\SCHEMA\HUMAN_RESOURCES\HR_MAIN.SQL
To create the HR tables from command-line SQL*Plus, do the following:
1.
Ask your DBA for your Oracle Database account username and password.
2.
Login to SQL*Plus.
3.
On UNIX, enter the following command at the SQL*Plus prompt:
SQL> @?/DEMO/SCHEMA/HUMAN_RESOURCES/HR_MAIN.SQL
On Windows, enter the following command at the SQL*Plus prompt:
SQL> @?\DEMO\SCHEMA\HUMAN_RESOURCES\HR_MAIN.SQL
To remove the sample tables, perform the same steps but substitute HR_DROP.SQL for HR_MAIN.SQL.
Regards
Asif Kabir -
To Capture the DDL and DML statement
Hi,
I have one requirement to capture all the statement (DDL & DML),which will perform on the table.
How can i do implement the same?
Please assit me .
ThanksI have to capture exact SQL statement along with literal value and to store in a certain table.
-
How to Split ddl or dml statement
Hi guys,
i'm using oracle 11.2
i've the following question.
i've a string that can contains multiple ddl or dml statement and i need to split them in more statement.
i.e. i can have a string like the below and i need 2 string each one with a statement:
insert into TEST_KIT_USER1.table1 values (1,'a');
insert into TEST_KIT_USER1.table1 values (2,'b');
otherwise i can have a string like the below and i need 2 string each one with a statement:
create table TEST_KIT_USER1.table2
name char(10),
surname CHAR(10 BYTE)
create table TEST_KIT_USER1.table3
id number,
description CHAR(10 BYTE)
is there a simple way to do this?Have you tried using iMovie?
I know that iMovie HD '06 can do this, I'm not sure if '08 can.
If you have iLife '08, you can download iMovie HD '06 from apple's site here.
Good luck! -
hey
the method executeQuery will return ResultSet then i can use this resultSet to show result but with this method i can't excute the ddl commands (del , insert,..etc)
executeUpdate can do both , but will not return ResultSet that i use to show result...
how can i see the results if i use resultUpdate ?
do i need to creat 2 different methods one to select and one for ddl , or i can use one that will do both ?
thxhey
the method executeQuery will return ResultSet then i
can use this resultSet to show result but with this
method i can't excute the ddl commands (del ,
insert,..etc)Right.
>
executeUpdate can do both , No, just INSERT/UPDATE/DELETE and DML statements.
but will not return
ResultSet that i use to show result...If a tree falls in the forest...If you can't get your ResultSet, the method can't do SELECTs.
executeUpdate can't do both, but execute can. Read more of the javadocs.
how can i see the results if i use resultUpdate ?
do i need to creat 2 different methods one to select
and one for ddl , or i can use one that will do both
?Here's how I've done it (just the method, not the entire class):
* Execute ANY SQL statement
* @param SQL statement to execute
* @returns list of row values if a ResultSet is returned,
* OR an altered row count object if not
* @throws SQLException if the query fails
public Object executeSQL(final String sql) throws SQLException
Object returnValue;
Statement statement = null;
ResultSet rs = null;
try
statement = this.connection.createStatement();
boolean hasResultSet = statement.execute(sql);
if (hasResultSet)
rs = statement.getResultSet();
ResultSetMetaData meta = rs.getMetaData();
int numColumns = meta.getColumnCount();
List rows = new ArrayList();
while (rs.next())
Map thisRow = new LinkedHashMap();
for (int i = 1; i <= numColumns; ++i)
String columnName = meta.getColumnName(i);
Object value = rs.getObject(columnName);
thisRow.put(columnName, value);
rows.add(thisRow);
returnValue = rows;
else
int updateCount = statement.getUpdateCount();
returnValue = new Integer(updateCount);
finally
close(rs);
close(statement);
return returnValue;
}% -
Which tool is able to maninupalate UTF-8 encoded data saved in Oracle database?
(execute DDL and DML commands with non latin text)Hi,
You can easily create your own scripts for creation (and even deletion/drop) of tables and inserts made to those tables. You just need to put the statements in a notepad and save it with a .sql extension. Then run this file from a SQL prompt with @ sign. For example
SQL >@"c:myscript.sql" .
Hope this helps
Regards
Aditi -
How to Track DDL and DML Operations happening in Backend into Log Files....
Hi I have one requirement for Tracking the DDL And DML Operation happening in Backend once the user Inserts or Updates any Table.How to Implement the same can anyone proviode the code for the same.
Ex: I have multiple tables in my database if any user fires the DDL or DML it should make entry in the Log file as
Name of the Table Operation Timestamp
X Insert DD-MM-YYYY HH24:MM:SS
Y Update DD-MM-YYYY HH24:MM:SS
Z Delete DD-MM-YYYY HH24:MM:SS
L Select DD-MM-YYYY HH24:MM:SS
Is it Possible to Develop it through Procedure,Function or Package,please give me Idea,,,,,Please do not post same question in multiple forum. How to Track DDL and DML Operations happening in Backend into Log Files....
What's wrong with the answers posted in the above forum ? Do you go through the "AUDIT" option as suggested in the above post by various members ? -
DDL and DML separators in sql file
Hi,
I have sql files with database changes in them. DDL:s and DML:s mixed. Unfortunately I cannot run them without doing some 'cleaning up' witch is very time consuming.
I would like to write a VB (or similar) program that replaces the ';' with '/' at the end of a statement and puts in '/' after packages e.t.c so I can run the file in one go.
The problem is to know where a trigger, package, insert, modify and what not, ENDS. What code belongs to object x and y so I know where to put in the '/'.
Is there a way to find out what is a DDL or DML and where they start and ends?
Cheers,
MagnusYou can remove GO or batch separator if you don't have:
1. same variables declared in more than 1 batch
2. CREATE/ALTER VIEW/PROCEDURE statements, they should be first statement in the batch otherwise will fail. (otherwise it will give you following error: CREATE/ALTER VIEW/PROCEDURE' must be the first statement in a query batch.)
3. there could be more things, just check based upon my above 2 points.
~manoj | email: http://scr.im/m22g
http://sqlwithmanoj.wordpress.com
MCCA 2011 | My FB Page -
Hi All,
Is their any way to find the current transaction(dml or ddl) happening database with helps any view if answer yes please send me the query
Thanks Much,
Napi.Napi wrote:
Hi All,
Is their any way to find the current transaction(dml or ddl) happening database with helps any view if answer yes please send me the query
Thanks Much,
Napi.If you are interested in finding out all the details of these two, you should enable Auditing in your database.
HTH
Aman.... -
Hi,
I am new to Oracle and am having some difficulty jumping over from MSSQL. My question is how would one simply do the following:
Drop a table if it exists, create it if it doesn't.
Then fill the table with a set of data.
(All from within a stored procedure)
In MSSQL this is very easy and straight forward. I am having a heck of a time making it work in Oracle.
I've tried Execute Immediate and it doesn't seem to work. To make the problem worse, I cannot even compile the stored procedure in Toad because the idividual inserts fail (table has not been created prior to compile).
Thanks for any help.
RobThanks much, but still have a problem.
CREATE OR REPLACE procedure sp_Generate_Color
as
iCursor integer;
iFlag integer;
begin
select count(*) into iFlag from all_tables where table_name = 'color';
if iFlag > 0 then
iCursor := dbms_sql.open_cursor;
dbms_sql.parse(iCursor, 'drop table color',dbms_sql.v7);
dbms_sql.close_cursor(iCursor);
end if;
iCursor := dbms_sql.open_cursor;
dbms_sql.parse(iCursor, 'create table color (id number,name varchar2(50), family varchar2(10), hex varchar2(7), r number(3), g number(3), b number(3))',dbms_sql.v7);
dbms_sql.close_cursor(iCursor);
insert into color (id,name,family,hex,r,g,b) values (1,'ALICEBLUE','BLUE','#F0F8FF',240,248,255);
insert into color (id,name,family,hex,r,g,b) values (2,'ANTIQUEWHITE','WHITE','#FAEBD7',250,235,215);
insert into color (id,name,family,hex,r,g,b) values (3,'AQUAMARINE','BLUE','#7FFFD4',127,255,212);
commit;
end;
I integrated your code into what I need done (see above). But I still get a compile error on the first insert line. Since the insert works when the table exists, I assume the stored procedure is not compiling because this line cannot be valid at the time of compilation (when the color table has not been created yet).
Any ideas?
Thanks,
Rob -
About DDl and Dml Operations On B1
Hi ,
I had Created A form In SDk Using UiAPI, It Contains Five Text Fields And One Button. And I had Created An EMP Table.It Contains Five Fileds. My Question Is:----
>
When I clicked Button , The data Entered In TextFields(EditText) Need To stored in Database. Similirly All The Operation Need To Do. How Can we Do In sdk. Please tell Me code
Regards
SrinivasSrinivas,
Please look at the subject of "Binding Items to Data SourcesBinding Items to Data Sources" in the SAP Business One SDK Help Center Documentation. This should assist you and show you code samples.
Eddy -
Exporting Application w/ DDL and data
I can export an Application.
I can export the DDL for that application.
I Cannot_ export the data for that application unless I am not following the proper procedure.
Note that I did use "with supporting objects" option.
Anyone know why ?
Thanks in advance,
Anon
Edited by: Anon on Aug 2, 2010 11:20 AM
Edited by: Anon on Aug 2, 2010 11:27 AMSupporting Objects allow you to add ddl and dml to your application so that you can export as one file and then import and install in one step. To get your data, I would suggest using SQL Developer and extracting your data as insert statements. That can then be loaded into your supporting objects (after your ddl).
Here is a link to a 3.2 tutorial that explains more about Supporting Objects.
-- Sharon -
Forall with multi dml statements
hi
I am trying to write a procedure for learning purpose, but it gives error message.
Normally we use for loops, it is slow but for loop is a block and you can execute many select and dml statements inside for loop.
I want to achieve this with bulk collect and for all but I can not. Can you help me?
/* Formatted on 2009/07/28 07:34 (Formatter Plus v4.8.8) */
CREATE OR REPLACE PROCEDURE bulk_collect_query
IS
TYPE employee_tt IS TABLE OF employees.employee_id%TYPE
INDEX BY BINARY_INTEGER;
TYPE salary_tt IS TABLE OF employees.salary%TYPE
INDEX BY BINARY_INTEGER;
TYPE hire_date_tt IS TABLE OF employees.hire_date%TYPE
INDEX BY BINARY_INTEGER;
hire_datet hire_date_tt;
employeet employee_tt;
salariet salary_tt;
BEGIN
DBMS_OUTPUT.put_line ('Before Bulk Collect: ' || SYSTIMESTAMP);
SELECT employee_id, salary, hire_date
BULK COLLECT INTO employeet, salariet, hire_datet
FROM employees;
DBMS_OUTPUT.put_line ('After Bulk Collect: ' || SYSTIMESTAMP);
FORALL indx IN employeet.FIRST .. employeet.LAST
begin
INSERT INTO t_emp_history
(employee_id, salary, hire_date
VALUES (employeet (indx), salariet (indx), hire_datet (indx)
INSERT INTO t_emp_history
(employee_id, salary, hire_date
VALUES (employeet (indx), salariet (indx), hire_datet (indx)
end;
DBMS_OUTPUT.put_line ('After FORALL: ' || SYSTIMESTAMP);
COMMIT;
END;
//* Formatted on 2009/07/28 07:34 (Formatter Plus v4.8.8) */
CREATE OR REPLACE PROCEDURE bulk_collect_query
IS
type v_datareturn IS record(
employee_id employees.employee_id%TYPE,
salary employees.salary%TYPE,
hire_date employees.hire_date%TYPE
TYPE employee_tt IS TABLE OF v_datareturn
INDEX BY BINARY_INTEGER;
employeet employee_tt;
CURSOR c IS
SELECT employee_id, salary, hire_date
FROM employees;
BEGIN
DBMS_OUTPUT.put_line ('Before Bulk Collect: ' || SYSTIMESTAMP);
OPEN c;
FETCH c BULK COLLECT INTO employeet;
FORALL i IN 1..employeet.COUNT
INSERT INTO t_emp_history VALUES employeet(i);
CLOSE c;
DBMS_OUTPUT.put_line ('After Bulk Collect: ' || SYSTIMESTAMP);
COMMIT;
END;
/Untested one.....
Ravi Kumar -
Restrict access in report based on compnay codes and cost centers
Hi,
We are using a standard report, which is assigend to a Z transaction and assigend to the role.
The report need to be restricted based on the company code and cost center ?
but i could not find any AUTHORITY- CHECK statements in the code ( there is only authority check statement for object G_803J_GJB which has authorization groups and aCTVT field.)
Please let me know what steps need to be followed to restrict the report based on company codes and cost centers.
Thanks for your help in advance.Thanks all for the quick response.
Steps to be followed:
1) incorporatomg AUTHORITY-CHECK statements for K_KOSTL and F_BKPF_BUK objects in the program.
2) adding the objects as check yes in SU24 for the Z transaction.
and restricting in the role.
The program name is "GP3O4ZGOOF3HA68QMGHF8S7I9ER250".
Please let me know if any more steps need to be followed.
Based on this i have to send a estimate to my client.
Thanks,
Sanketh.
Maybe you are looking for
-
Your computer appears to be infected We believe that your computer is infected with malicious software. If you don't take action, you might not be able to connect to the Internet in the future. Learn how to remove this software.
-
I'm just becoming comfortable with using CSS. At least, I thought I was. I put together a test page and it worked on IE 7. Then, I downloaded Firefox and Safari to check compatability on other browsers. I have a centered page with a top navigation ba
-
URGENT: running processes fail because BPM change
Hi, We've got some running processes on our CE 7.30 instance. I've done a change in the corresponding BPM (added one parameter to the WSDL of a sub-process). Now we're facing the following problem: When the running process instances are further proce
-
SU53 not diplaying correctly: Question Marks "?????" in SU53 description
Transactions SU53 and SU56 are displaying "???????????" instead of descriptions in some fields. SAP Side Effect Note 989888 has been applied. (albeit with a problem with SNOTE/saprouter and the changes had to be made manually). The problem still pe
-
CopyMedia fails during install
My cdrom drive is called /dev/sr0. The copyMedia RPM script is looking for /dev/cdrom (or dvd etc etc) and fails to copy the DVD's contents. I am now manually running the script's cp command after mount -o bind the DVD to /mnt. Hillarious. It may eve