Level of permission on database account

Similar Messages

• Row and Column Level Select Permission

  Hello Friends,
  I am using Oracle Oracle9i Enterprise Edition Release 9.2.0.1.0 and Windows XP. I have two questions. How to set :
  1. Row Level Select Permission?
  2.Column Level Select Permission?
  1. I have a table having 100 records in it. I don’t want to allow all the user to see them; means, if user1, user2 and user3 are going to select * from mytable then only they can get all the rows; while other users (including sys) should not able to get all rows, they should be capable of from 11th record.
  Though it can be managed by using another table, but I am just finding the other solution.
  2. Likewise, if I don’t want to allow to fetch all the columns; suppose column4 is having confidential info and only be visible by user1,user2 and user3 only, not by any othr user; what should I do?
  Please guide and help me.
  Regards

  You would need to use Virtual Private Database (VPD)/ row level security (RLS) to apply row-level security policies to the table. The DBMS_RLS package is used for this
  http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_rls.htm#sthref6168
  Unfortunately, column-level security wasn't available in 9.2. You would need to upgrade to Oracle 10g to get that functionality. Before that, you would have to create views that selected appropriate subsets of columns and grant permissions on those views to different users.
  Justin

• Problem with "View project-level information" permission when accessing build definition in Visual Studio Online

  Hi, 
  from some time all our team members are experiancing problems when acsessing list of builds on Visual Studio Online or when trying to edit build definition in Visual Studio. Error message suggests problem with missing View project-level information permission:
  "TF50309: The following account does not have sufficient permissions to complete the operation: XXXXXXXX. The following permissions are needed to perform this operation: View project-level information."
  I've checked permissions of my User account and Group. "View project-level information" is set to Allow on both levels. We didn't make any changes in security configuration recently. Does anyone faced similar problem?
  Short term solution was to add all users, to Project Collection Administrators Group, but it is not what we would like to live with.

  It seems that the problem was fixed and Project Collection Administrators permissions are no longer required. Great :-)

• How to find out who is locking my database account ?

  Hi,
  Which dynamic view can help me to find out who is locking my database account ?
  Thanks

  Yoav wrote:
  Hi,
  Which dynamic view can help me to find out who is locking my database account ?
  Thanksdoes account have PROFILE?
  if so, repeated failed logons can result in locked account.
  enable AUDIT to see from where logins originate.

• How to create an database account authentication scheme in apex

  Dear
  I have an apex installation (embeded) on oracle 11g.
  I want to create a database account authentication scheme in apex. I have seen the page with different tab like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
  I want to know what are the things to be specifed on these tabs and the effects. I have gone thru the documentation 'Application Builder User’s Guide Release 4.1' , but the functionalities of these tabs are not mentioned.
  Please help.
  Dennis
  Edited by: Dennis John on Feb 28, 2012 10:57 PM

  Thanks to dear Jit
  I am new to apex.
  I have gone thru that documents but I couldn't find any detailed documentation about the database account authentication scheme configuration
  The database account authentication scheme creation interface will show tabs like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
  I want to know what are the things to be specifed on these tabs and how it will reflect in the login. The specified documentation is not giving any detail about the above mentioned tabs of authentication scheme creation iwizard.
  And also I want to know how the applciation user will be mapped to the database account?
  As per my understanding a database user (for each run time user) is required for to authenticate the apex run time login other than the applciation schema user (holds the objects of applicaiton)
  run time user means - end user who uses the applcaition, not the developer.
  Please help.
  Dennis

• Database Accounts AR, AP, GL

  Do the AR, AP, GL Database accounts have access to all Oracle EBS receivables, payabales, ledger data in the Database, or are some tables/views restricted from these accounts?
  Is there any document that details which AR, AP, GL tables/views contain the more sensitive data?

  user599292 wrote:
  Do the AR, AP, GL Database accounts have access to all Oracle EBS receivables, payabales, ledger data in the Database, or are some tables/views restricted from these accounts?
  Is there any document that details which AR, AP, GL tables/views contain the more sensitive data?Hi user i suggest check [e-trm site|etrm.oracle.com] for table relations in EBS, i belive it can be helpful for you
  Regard
  Helios

• How to apply row level security against the database administrator

  I would like an advice in applying row level security against the database administrator. We need to prevent DBA from editing data in some table rows or have any indication that data was corrupted.
  There is no problem in viewing the data so we considered one way hash function or digital signature which will be stored in the same table, but we see following disadvantages:
  HASH - DBA may use the same hash function to update the stored data after he changes the sensitive row.
  Digital signature - the is a need to manage and keep the private key in a safe place outside of DB
  Is there additional ways to achieve the aim?

  Does VPD helps to prevent from DBA to edit/view a data in specific rows?Yes.
  If I correctly understand, DBA has full access to security policy used by VPD to control the access and can grant himself privileges that I don't want.You can to define which users can be exempt of the politics, for the context or by Grant EXEMPT.
  This includes DBAs.
  The simple fact of being DBA doesn't guarantee the exemption.
  Everything goes to depend of the VPD config.

• APEX Database Account Authentication Problem

  Hi There
  I'm developing an application in APEX 3.1 on top of an Oracle 10g database. The schema account ABC has full control of all objects but additional users have been added USER1 for example. When I set the authentication of the APEX application to Database Account I am able to login as ABC but not when I use USER1. The errors I receive are:
  ORA-28007: the password cannot be reused ORA-06512: at "APEX_030200.WWV_FLOW_SECURITY", line 248 ORA-06512: at "SYS.WWV_FLOW_VAL", line 55 ORA-06521: PL/SQL: Error mapping function
  ERR-10480 Unable to run authentication credential check function.
  I haven't used any custom funtions, pages or procedures, even tried starting a new app from scratch and still am not able to login.
  Thanks
  Daniel

  Thanks Varad, but I was able to log in to PL/SQL Developer using the USER1 credentials. I have found the problem though, the Oracle database was an older version than this APEX functionality could work with. We upgraded the database and now I can log in fine.

• Database Account Credentials Authentical Failure

  Hello All,
  I've set my Authentication Scheme in APEX to Database Account credentials (I have Oracle 10+ installed). However, when I login I get the following errors. Can someone please advise?
  ORA-28007: the password cannot be reused
  ORA-06512: [b]at "FLOWS_020200.WWV_FLOW_SECURITY", line 221
  ORA-06512: at "SYS.WWV_FLOW_VAL", line 49
  ORA-06521: PL/SQL: Error mapping function
  Error ERR-10480 Unable to run authentication credential check function.
  Thanks

  Hi Scott:
  Thanks for the clarification with Default User profile.
  In my database, the authetication works for all the profiles that have DEFAULT PROFILE. However, doesn't work for DB accounts that don't belong to DEFAULT profile(these users have profile called ENDUSER_PROFILE).
  So, how and where can I define multiple profiles as VALID for the Database Account authentication?
  Thanks for your help!
  Muni

• Database Account and User Groups

  Hello,
  Currently, I am using DATABASE ACCOUNT for an authentication scheme for all of my applications but, I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users. I have read that, in order to apply user groups in an application, you must use APPLICATON EXPRESS ACCOUNT credentials.
  Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.
  Is there a way to create user groups while using DATABASE ACCOUNT for authentication? What is the best practice in a case like this?
  Can anyone please shed some light on this? Thanks.
  - Dee

  Dee,
  I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users.I'm not clear on what your purpose is, just runtime authorization, or something more?
  Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.Those tables belong to your application's parsing schema and they are accessed only by code in applications you develop. The Application Express machinery knows nothing about them.
  Is there a way to create user groups while using DATABASE ACCOUNT for authentication?You can create your own tables to define groups and to keep track of which named accounts belong to which groups. And you can write an API for applications to use to query this information and to maintain it from custom applications built for that purpose.
  All

• Row-level security at the Database level

  We need Row-level security at the Database level, where the user who logs in to Crystal reports, should be able to fetch only those rows from the database that he is entitled to see. For this, the login name of the user is passed to a stored procedure which sets the context of the DB session and restricts the data retrieved.
  We are not looking for row-level security where the data is first retrieved and then filtered based on the user login name. However, we are definitely looking for a way to set a context for a database session based on the user login name, even before we start fetching data. So effectively, the user who logs in will fetch only those rows which he is supposed to see.
  Issue:
  We face a problem of not being able to pass a variable (something like 'BOUSER' for BO which works, whereas, 'CurrentCEUserName' for Crystal Reports, which doesn't work), to the database stored procedure to set the context.
  Please let us know if we can use 'CurrentCEUserName' variable in Crystal in the same way as 'BOUSER' is used in ConnectInit for BO? We would like to know how we could pass any variable in Crystal Reports which holds the user login information to a stored procedure.
  Also, please suggest alternate ways to achieve this security restriction, if any.

  Hi
  A previous database had a personnel table with their station name, district and region, with a field holding their logon name.  We also had an activity table with the fields referring to the activity, and a field of Station, district and region it occured in.
  By linking the individual rows in an activity table to the personnel table on the station name field, we then used the CurrentCEUserName to filter on the personnel.  This returned only the records in the activity table where the station the activity took place at was the same as the station associated with the selected personnel who has logged on.
  The additional bonus was if we linked it on District or region we had the same result but at a greater level. ie all activity in the logged on personell's District or if linked on region, then their region.
  The personnel table was maintained by the system administrators, so maintenance was low.
  I hope this helps.
  Kevin

• Database Account Credentials

  I have the following questions:
  1. I currently have APEX 2.0 in 3 databases. How can I upgrade them to APEX 2.2? APEX 2.0 uses the tablespaces called HTMLDB and FILES.
  2. How can I use database account credentials in APEX 2.2? Is there any detailed instruction on the Website?
  Thanks.
  Andy

  Download 2.2 and use the upgrade installation option. I don't understand the part about tablespaces.
  About the authentication scheme, just create an authentication scheme and select the new method and try it out.
  Detailed instructions on the website? What website or URL?
  Scott

• Database authentication & database account profiles

  Hi,
  Is anyone aware of any sample applications that uses database acccount profiles for password policies like ageing, length, reuse and so on.
  I've searched the forums but havn't found any links
  Has anyone experience in this field
  Many thanks
  Pete

  Roger,
  The authentication code and the general steps to hook it up are posted in this thread: Re: Custom Authentication
  As far as checking profile settings and account status, I would run these checks in processes on your after-login page. If there are exceptions, the user can respond to them on that page. If there are no exceptions, the page should branch to the start-of-application page of your choice. How you access this profile/account information for the authenticated user is up to you to figure out. Keep in mind that you will not be connected as the database account you authenticated against, so there is really no "active" profile involved. Your application's parsing schema will need to be granted access to whatever dictionary views it needs for this purpose.
  Good luck,
  Scott

• Database Account Authentication to a few users.

  Good Morning, apex teachers.
  I have one more doubt about apex.
  This time is related to Database Account Authentication.
  I was wondering if it would be possible to filter which database users
  can logon to my application?
  For instance I have this users on my database: John, Paul, Ringo and George.
  But I only want to John and Paul be able to logon, if Ringo or George try to
  do the same, they would have their access denied.
  Thanks for all the help you guys have been giving to me.
  Regards, Leandro Freitas.

  "Database Account Credentials
  Database Account Credentials utilizes database schema accounts. This authentication scheme requires that a database user (schema) exist in the local database. When using this method, the user name and password of the database account is used to authenticate the user.
  Database Account Credentials is a good choice if having one database account for each named user of your application is feasible and account maintenance using database tools meets your needs"
  You are trying to use schemas or do you have a table with the beatles users and passwords? Don't let Ringo out man... ;)

• ILR DPM "failed to gather item level catalog for 4 database"

  Dear all,
  Im dealing with an "DPM failed to gather item level catalog for 4 database(s) .... (ID 3133)" error.
  I have check log error at Sharepoint Agent logs and got the following:
  42AC      32F4       08/24     23:04:18.574       31           WSSCatalogGenerator.cs(234)  
  [0000000000F488B0]                       WARNING           [UniqueId 600] Caught Exception trying to
  generate a Catalog for Database [SQLCLU2\MSSQLSERVER_2\C_SP15_Content_WS_Technology]
  42AC      32F4       08/24     23:01:16.029       31           WSSCatalogGenerator.cs(234)  
  [0000000000F488B0]                       WARNING           [UniqueId 599] Caught Exception trying to
  generate a Catalog for Database [SQLCLU2\MSSQLSERVER_2\C_SP15_Content_WS_Comms]
  Any clue about how to solve this ?
  thanks in advace

  Hi,
  In the snip provided above does the log outline what the
  Exception Message is equal to?
  Example of what you may see in the stack  [
  Exception Message = ]  the line below that should state what the warning <is for>. This maybe helpful to narrowing down the failure.
  **Sample snip**
  WARNING Exception Message   = 
  WARNING <                           >
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to
  other community members reading the thread. Regards,Dwayne Jackson II. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights."