Is Object serialization secured?

Similar Messages

• Object Level Security in OBIEE 11.1.1.5

  Hi All,
  I am trying to implement object level security for certail groups. We have BI Apps 7.9.6.3 implemented in whch obiee 11.1.1.5 is integrated with EBS R12. Users are able to login through diffrent responsiblities to OBIEe. I need insight into how to implement object level security. Below are the steps whihc i have followed but still i am facing strange issues i.e. some users are able to see dashboards which they have no access with view display error. I checked in dashboard permission. They do not have access
  1) Created application roles in OBIEE with the same resposiblity names
  2) Grouped the application roles in diffrent groups. I.e. if application roles a,b,c should have access to dashboard x then i made b and c member of a.
  3) Configured security in manage previleges and catalog for these application roles i.e. i used application role a mentioned in step 2 in manage previleges etc.
  4) Restarted the BI server and presentation servers.
  Are there any other steps which should be followed apart from above mentioned steps. Do i have to make use of groups.
  Regards,
  Sandeep

  Sandeep Saini wrote:
  I checked the inheritance. I did a lot of investigation but it is weird. My purpose of asking the question was to find out if there are any bugs in version 11.1.1.5 otherwise i didn't see any issues.
  There are a couple of bugs related to the issue but I have checked that on 11.1.1.5.5 and its works as expected.
  Bug 13982971 : PERMISSIONS ON WEB CATALOG OBJECTS NOT APPLIED IMMEDIATELY
  In case you see anything like this -> QA:USER WITH NO ACCESS OVER A FOLDER IS ABLE TO RUN ANALYSIS REPORT CONTAINED then [Patch ID 15626966]
  1) I want to check if there are any components i.e. BI server, presentation server or any other service that should be started after creation of application roles. I started only BI server after creating application rolesAny changes made to the Application policies should need a restart of admin and managed server however if you are not creating policies just Roles with similar names OPMN restart should be good to see the changes made.
  2) I made use of application roles throughout in object level security . Is it the correct approach ?Yes that is the right approach to use application roles for defining object level permission settings throught, do not go for catalog groups its makes it nasty to manage. Here is the quote from Sec Guide : " Using catalog groups is not considered a best practice and is available for backward compatibility in upgraded systems."
  3) To check if there are any object level security related bugsThere might be more than once mentioned above since 11.1.1.5 .. I do not trust that version it bites a lot ;)
  And to explain step 2 lets say there are n number of application roles which should have same object level security but diffrent data level security. In that case i made all such application roles member of another application role and configured object level security for that group only. For ex in manage previlege i configured "Access to Answer" for one application group and made other application group member of this group. I hope its clear now .Grouping of Roles with other similar roles is what needs to done to get functionality like catalog groups.However a reference of the 5 basic rules is always a lifesaver : [Rules for Inheritance for Permissions and Privileges|http://docs.oracle.com/cd/E29505_01/bi.1111/e10543/mgrgrpsusers.htm#autoId16]
  Hope this helps.!
  SVS

• Object Level security not working on OBIEE 11g 11.1.1.7

  Hi,
  I am experiencing problems with object level security applied on application role in 11.1.1.7 version. If i create a user and assign that user to a application role and give that application role permission to Access Answers in Manage previleges, it is not working. If i directly add a user to permission list in Manage previleges section then user is able to access the answers. I added that application role in "Access to Answers" section in Manage previleges section. Permission for Authenticated users is denied.
  We recently upgraded from 11.1.1.5 to 11.1.1.7. Please can someone confirm if it a bug in 11.1.1.7 or it is because of the upgrade process.
  Regards,
  Sandeep

  Hello Sandeep,
  I have just verified the below scenario as you said but didnt find any issue.
  I have just created a User, Group and Applictaion Role under default authentication provider . Assigned user under group and group under newly created application role and provided access to answers for new application role under manage privilages and I am able see it.
  This might not be a 11.1.1.7 bug check it from upgrade end.
  Regards,
  Srikanth

• How can I limit/control the addition of auth. objects to security roles?

  Checking the authorization object S_USER_VAL it seemed that it grants the ability to limit the addition of authorization objects, but I tried using a test ID in sandbox along with a test role, removing the object, creating ranges in order to limit to a certaing type of auth. objects and didn't work. S_USER_AGR will give me access to limit which type of roles I can modify, but I'm looking to restrict the addition of specific security objects to security roles. If anyone knows the answer to this please share! Thanks in advance for your help!!!!
  Edited by: Armando Salas on Nov 29, 2011 7:41 PM

  Hi Armando,
  Try with auth.obj. S_USER_AUT. A suggestion. Search this objects with tcode SU24, for instance, for tcode PFCG and it gives a list with objects.
  I hope this helps you
  Regards
  Eduardo

• How to get object level security in Universe?

  Hi,
  I need to get the object level security for an Universe. I'm able to get the list of objects and its security access level (Public / Controlled / Restricted / Confidential / Private / )  from the (.Unv) file using the Designer SDK.
  But I need to get the list of users who has the object level security in the universe. In the CMC, by clicking the Universe and click on the Object Level Security tab, we can see the list of users there.
  I need to get the same using BOE SDK.
  I have used the following query to get the universe from the repository,
  "select * from ci_appobjects where si_kind='universe' "
  But I'm not able to get the list of users having obj. level security for that universe.
  Kindly help me to proceed.
  Thanks.

  The access security level is encapsulated in the SI_KIND='Overload' object. 
  Look for those types of objects, and the doc for the Overload class.
  An Overload references the Universe to which it's associated, and User/UserGroup objects are associated with the Overload via SecurityInfo.
  Sincerely,
  Ted Ueda

• Object Level security by creating catalog groups in OBIEE-10G

  Hi All,
  I have a requirement to display the dashboard based on the user login. Ex. Mike belongs to HR, Smith belongs to Accounts
  When Mike logs in he should see only these three dashboards. HR View, Common data1, common data2. When Smith logs in he should see only these three dashboards. Accounts view, Common data1, commondata2.
  The commondata1 and commondata2 dashboards has common reports for all the departments. The other dashboards are department specific with all different reports. How can I implement this?
  From one of my earlier posts I was advised to do it using Object Level security by creating catalog groups. Can you please provide me end to end instructions on how to create Object level security based on catalog groups.
  Thanks for your time and help.

  Hi,
  Mike to HR
  Smit - Account
  Yes, You achive by Object Level security by creating catalog groups
  1) Create Catalog group and users in RPD part(Ex: Account_grp,HR_grp)
  2)assign user to that particular group(let say Ex: Account_grp= Smith and HR_grp=Mike )
  3) login (Admin user id ) into dashboard page and --->mange dashboard page -->add users to that particular
  dashboard to relevent users and save it then
  try to login that mike and smith user it will work
  kindly refer below link
  http://www.rittmanmead.com/2010/01/obiee-10g-web-catalog-best-practices/
  http://www.rittmanmead.com/2007/05/obiee-and-row-level-security/
  thanks
  Deva

• Object Level Security Issue.

  Hi,
  I am facing an issue in applying object level security in OBIA.
  I have successfully done the LDAP authentication.
  In object level, I want to give permission for the currently logged in user to a page of General Ledger dashboard.
  Regarding this I have added the group corresponding to the logged in user through "Manage privilege" and given Access to the Dashboards.
  But after doing this I am getting following error in my report when I ll loggin as the same user.
  "Odbc driver returned an error (SQLExecDirectW).
  Error Details
  Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P:OI2DL65P
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 27004] Unresolved table: "Financials - GL Balance Sheet". (HY000)
  SQL Issued: {call NQSGetQueryColumnInfo('SELECT "Profit Center"."Profit Center Name", Ledger."Ledger Name", Time."Fiscal Quarter", Time."Fiscal Year" FROM "Financials - GL Balance Sheet"')}
  SQL Issued: SELECT "Profit Center"."Profit Center Name", Ledger."Ledger Name", Time."Fiscal Quarter", Time."Fiscal Year" FROM "Financials - GL Balance Sheet"
  Please suggest me where else I need do any setting.

  Hi,
  Looks like the user does not have access to the presentation table/column, check and see if the group has access.
  See: http://obiee-tips.blogspot.com/2009/09/obiee-security.html
  Regards,
  Matt

• Object Level Security,Data Level Security&Row level Security

  can anyone explain main difference between "Object Level Security,Data Level Security & Row Level Security " and how to implement.
  Thanks in advance,
  Kumar

  Hi Kumar
  Dashboards, Reports, Guided Navigation Links, Texts, briefing books are all Dashboard OBJECTS which are available at UI level of OBIEE..if you restrict them Say User 'A' wants to see 2 Dashboards and USer 'B' Wants to see 1 Dashboard....these settings & permission u r restricting in Object level called Object Level Security
  lly datalevel security is restriction of Data.. consider the same above example and User 'B" wants to see 2-3 regions data where as User A will see only Single Region Data..which you will do/restrict at logical tables, using variables..
  Row level security: http://groups.google.com/group/obiee-enterprise-methodology/browse_thread/thread/131ee938a5aefde0 refer this link, clearly explains you
  Please mark Correct or helpful if this clears

• 2D objects Serialization problem

  Welcome!
  I'm making a net game using RMI and I have this problem.
  When I'm trying to join my client with the server an error occures:
  Error: error marshalling arguments; nested exception is:
       java.io.NotSerializableException: java.awt.geom.Ellipse2D$Double
  My client contains an Object extending a JPanel class. There are 2D object used to make the map, and that's why this error occures.
  It's a funny thing, cause I'm not sending a whole Object of my client, but only it's refference (using "this" in the join() method) so I dont know why does the 2D object need to be serialized and sent :|?
  Any way, my question is how to make 2D objects serializable!? I have jdk1.5.0_06 and as far as I remember they should be srializable in this version. Mabey I'm dooing something wrong!? Mabey it's nessesary to ad an appropreate code-line or import sth... i don't know
  please help me... I have little time to finish my project, and this thing is blocking my work.
  Big thanks to anybodey who will help.
  regards floW

  I'll tel u the whole story then, my problem is as follows:
  public class BounceThread{
     public static void main(String[] args)   {
        JFrame ramka = new BounceFrame();
           ramka.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
           ramka.setVisible(true);
  class BounceFrame extends JFrame{
  public BounceFrame()
        setSize(DEFAULT_WIDTH, DEFAULT_HEIGHT);
        setTitle("MiniGolf v 1.0");
        panel = new BallPanel(); // this contains maps made with 2D objects
        panel.setBackground(Color.green);
        panel.setVisible(panel.czy_widać_panel());
        add(panel, BorderLayout.CENTER);
  // I add a menu bar, that starts a net game:
  JMenuBar pasekMenu = new JMenuBar();
            setJMenuBar(pasekMenu);
            JMenu menuGra = new JMenu("Game");
         // and so on... and finaly I add an option:
            menuGame_Nowa.add(new
                      AbstractAction("Net game")
                           public void actionPerformed(ActionEvent event)
                                net_game(panel);
  // here i write my net_game method:
  public void net_game(BallPanel aPanel)
       //here, i make an Client object, and connect him with my server
       client = new mgClient(panel);
       client.join();
       // I give panel as a paramete, cause I cant think of another way of leting my server to uce it's (panels) methods
       // If I join only a name of my client, then how can I change the panel in my BounceFrame from the Clients method
       // "shouted" by the server!? It has to be a field in the client's object.
       // Is there any other way out!?
  // Class BouceFrame holds the panel as a field:
  private mgClient client;
  private BallPanel panel;
  //and so on...
  }and that's the real problem I'm facing here. Is there any solution!? I think, that making a Client's field out of my panel is the only way ot. And that means I need those 2D objects serialized... :(
  Please help if u can.
  Regards floW

• Object level security will be done by bi-server or presentation server

  hi all
  object level security will be done by bi-server or presentation server?
  r both will be done by bi-server?
  Tnks

  Hi,
  object level security will be done by bi-server or presentation server?It would be maintained by both the servers,as the end user sends a request that would be sent to presentation server and then in turn to BI server....while in this processboth checks is there any security implemented on it.
  Ya in simple words authorization and authentication.
  Hope it helps you.
  By,
  KK

• How do you created object level security in BI for roles.

  How do you created object level security in BI for roles.  For example if I want users to only execute reports in BI for a particular "object" report how would I do that.
  Thanks.

  Hi Maritza,
  Can you be more specific.
  If you are looking for BI Security concept, check this presentation:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
  Regards,
  Zaheer

• Object Level Security Profile-Collaborators

  Dear All,
  I the document collaborator security profile one permission is change master data state, is master data considered all fields within the contract.Also what will happen if this permission is changed to not set.
  Thanks,
  Jay

  Hi,
  object level security will be done by bi-server or presentation server?It would be maintained by both the servers,as the end user sends a request that would be sent to presentation server and then in turn to BI server....while in this processboth checks is there any security implemented on it.
  Ya in simple words authorization and authentication.
  Hope it helps you.
  By,
  KK

• Servlet and Object Serialization

  Hi,
  I am developing a routing server in Java
  2 Instances of the same server will be running in 2 different data centers.
  The servers have a Jetty server embedded with a Servlet inside.
  Server 1 will use a GET method to talk to the Server 2 -> Servlet which will write the state of an object back which will read by Server 1 and reconstruct the object back.
  Do you find any issues in Object Serialization/DeSerialization in the Servlet.
  What are the factors that I need to consider in this case?
  Regards,
  Jana

  Make sure that your servlet handles the transaction in the same thread that doPost() or doGet() is called in.
  I ended up porting some old ServerSocket based code to a servlet, and was handing off the request and response objects to a handler thread on the server side. I ended up with a ton of intermittent errors like this.
  Once I started handling the transactions in the same thread things worked heartbreakingly well.

• Customizing Forte object serialization

  Forte supports serialization of arbitrary object graphs into streams.
  However, there do not seem to be any well documented ways to customize
  this serialization, e.g. by using a different encoding scheme. It would
  seem there must be some support in there somewhere. I suppose at the
  very least, one could parse a serialized object (once one decoded the
  Forte encoding scheme) and do the conversion from that. That seems
  suboptimal, though.
  Has anyone done this? Any thoughts on how it might be done?
  Regards,
  Coty
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/forte>

  JavaFunda wrote:
  Object serialization is the process of saving an object's state to a sequence of bytes. Does it saves only the instance variable or also the object methods(like getter and setter methods) ? Only the state--the instance variables. It doesn't save the class definition. That has to be available separately (via classloader) at deserilaization time. In other words, you cannot deserialize an instance of a class that is not on your classpath.
  Once we we write the object to outputstream or some text file, how does it get transmitted over network?The same way any other bytes get transmitted. You have a Socket. You get its OutputStream. You wrap that in an ObjectOutputStream. When you write to the ObjectOutputStream, that writes through to the Socket's OutputStream, which is responsible for putting the bytes on the wire.
  Does we write the java object to text file only duuring serialization?We write the objects to wherever the other end of the ObjectOutputStream is connected to. Just like any other I/O.

• Runtime Object serialization

  Hi,
  Could someone explain the concept of Runtime Object Serialization with a simple example?
  Thanks

  import java.io.*;
  /* you NEED to make the class implement Serializable */
  class Client implements Serializable {
      private String name;
      private String address;
      public String getName() { return name; }
      public String getAddress() { return address; }
      public void setName(String name) { this.name = name; }
      public void setAddress(String address) { this.address = address; }
      public String toString() { return "name='" + name + "' and address= " + address + "'"; }
  public class Test17 {
      public static void main(String[] args)  throws Exception {
          ObjectOutputStream oos = new ObjectOutputStream (new FileOutputStream ("test.bin"));
          Client myClient = new Client();
          myClient.setName("Steve Jobs");
          myClient.setAddress("1 Infinite Loop; Cupertino, CA 95014");
          System.out.println (myClient);
          oos.writeObject (myClient);
          oos.close();
          ObjectInputStream ois = new ObjectInputStream (new FileInputStream ("test.bin"));
          Client yourClient = (Client) ois.readObject();
          System.out.println (yourClient);
  }Run the program above. It creates an object of the class "Client", serializes it into a file named "test.bin" and recreates the object reading it from the same file.
  Dumping the binary file you get this:
  0000    AC ED 00 05 73 72 00 06  43 6C 69 65 6E 74 F1 D7   ....sr..Client..
  0010    74 76 C4 64 FD 43 02 00  02 4C 00 07 61 64 64 72   tv.d.C...L..addr
  0020    65 73 73 74 00 12 4C 6A  61 76 61 2F 6C 61 6E 67   esst..Ljava/lang
  0030    2F 53 74 72 69 6E 67 3B  4C 00 04 6E 61 6D 65 71   /String;L..nameq
  0040    00 7E 00 01 78 70 74 00  24 31 20 49 6E 66 69 6E   .~..xpt.$1 Infin
  0050    69 74 65 20 4C 6F 6F 70  3B 20 43 75 70 65 72 74   ite Loop; Cupert
  0060    69 6E 6F 2C 20 43 41 20  39 35 30 31 34 74 00 0A   ino, CA 95014t..
  0070    53 74 65 76 65 20 4A 6F  62 73                     Steve JobsYou can see a lot of things in the serialization of the object Client - the name of the class is written, the names of the fields, the type (java/lang/String), and the values of the fields as UTF-8 encoded strings.