Limited privileges for ReSA users
Hi Experts,
Can someone help me create users in Oracle Retail Sales Audit. Granting limited privileges to RMS users that only can only access Sales Audit or what script shall I use
to grant limited privileges to roles like Manager and accounting Clerk?
Thanks,
Jeremy
You may be able to do things with a script.
Typical "Changing the EUL tables is a risky thing and could cause all sorts of problems..." disclaimers apply.
I'm not sure how things work with responsibilities, but here's how they work for users.
The query governor restrictions are stored in the EUL5EUL_USERS table. The "Warn user if predicted time exceeds..." value is stored in the EU_QUERY_EST_LMT column. The "Prevent queries from running longer than..." value is stored in the EU_QUERY_TIME_LMT column. The "Limit retrieved data to..." value is stored in the EU_ROW_FETCH_LIMIT column.
You should be able to update these values with a simple update statement. Setting the values to 0 essentially acts as if there is no limit
Similar Messages
-
Check package/procedure level privileges for a user
hi gurus,
how to check the package/procedure level privileges for a user? like dba_tab_privs for tables.
for eg: grant execute on dbms_scheduler to user1.
now, i need to verify that user1 has execute privilege on dbms_scheduler or not.
what's the view for this?
thanks in advance,
charlesSQL> select privilege, count(*) from dba_tab_privs group by privilege order by 1;
PRIVILEGE COUNT(*)
ALTER 19
DEBUG 256
DELETE 131
DEQUEUE 3
EXECUTE 19315
FLASHBACK 52
INDEX 14
INSERT 137
MERGE VIEW 36
ON COMMIT REFRESH 52
QUERY REWRITE 52
PRIVILEGE COUNT(*)
READ 7
REFERENCES 54
SELECT 3752
UNDER 3
UPDATE 111
WRITE 5
17 rows selected.DBA_TAB_PRIVS is for more than just tables. -
How to grant create table privilege for a user on a specific table
Hi:
I created a user, for a test scenario. I granted this user create any table, and I made the default tablespace as example.
When I connect as the user and try to create a table, I get this:
SQL> create table T1 (NAME varchar2 (500), AGE number(2));
create table T1 (NAME varchar2 (500), AGE number(2))
ERROR at line 1:
ORA-01950: no privileges on tablespace 'EXAMPLE'
How can I grant the necessary privilege to have user create/delete tables on tablespace example?
Thanks.
DAcreate user ADAM identified by radge default tablespace EXAMPLE
quota 10M on EXAMPLE;
for example 10Mbytes given to Example tablespace.... or you can write:
.....quota unlimited on EXAMPLE
and
grant connect to ADAM
grant create table to ADAM .....
or
grant connect , resource to ADAM .... although grant resource is not recommended...
....and something else....
you should define temporary tablespace in create user command... otherwise the system would be used...
Greetings...
Sim
Message was edited by:
sgalaxy -
Task Privileges for Existing Users - Looking for a global update solution
After some reading I understand that if you set the task privileges for the PUBLIC user in the Privileges section of Discoverer Administrator (10g), any new user created in the system will pick up the privileges you have assigned to the PUBLIC user.
I currently have 4000+ users who have access to Discoverer Plus and the ability to create/edit queries. I want to limit who can access Discoverer Plus functionality to approximately 150 users.
I have changed my PUBLIC user to NOT have privileges but this will only affect new users. Is there any way to restrict 4000+ users without having to go through each user individually and set the privileges.
I am looking for a global update solution. I am wondering if this can be done through the back-end.Hi Mezzobella
If you change the rights for the public user then other users, who have not been manually adjusted in any way, will automatically pick up the public rights. Therefore, if you have a lot of users that are not changing this means that at some point in their life you will have clicked OK or Apply on the screen with a user displayed. This now assigns the rights to that user as opposed to inheriting them from the public user.
What you are describing is the perfect reason why you should not administer Discoverer using user accounts but to use roles or responsibilities instead.
In your case you are now somewhat stuck. The programatic way to revoke these rights is to drop rows from the EUL5_ACCESS_PRIVS table but this could take longer than doing inside Discoverer. Basically, when a user has been granted privileges one row per privilege is inserted into this table. The column AP_EU_ID contains the ID of the user. The column GP_APP_ID is the one that tells you what privilege a user has. Here is a list of the privileges:
1000 Desktop / Plus Privilege (U)
1001 Create / Edit Query (U)
1002 Item Drill (U)
1003 Drill Out (U)
1004 Grant Workbook (aka Sharing) (U)
1005 Collect Query Statistics (U)
1006 Admin Privilege (A)
1007 Set Privilege (A)
1008 Create / Edit Business Area (A)
1009 Format Business Area (A)
1010 Create / Edit Summaries (A)
1011 Not used as far as can be determined
1012 Schedule (U)
1013 User is never required to schedule workbooks (U)
1014 Save workbooks to database (U)
1015 Managed scheduled workbooks (A)
1016 This is an apps mode EUL
1017 This is the user's assigned language
1018 User is allowed to change password
1019 to 1023 Not used as far as can be determined
1024 Create Link (U)
Note: A = Admin privilege, U = User privilege
Theoretically you could manually delete rows from this table and that will revoke the rights. In reality, Oracle do not like it when inexperienced users manually the EUL as you could corrupt it. Therefore, any manual updates must be done with utmost caution after making sure you back up or have a copy of the table you will be updating - just in case.
Try running this query to see the content:
SELECT DECODE( AP_EU_ID, 104198, 'Viewer', 103697, 'Plus', 'Other' ) "Who" , AP_ID, AP_TYPE, AP_EU_ID, AP_PRIV_LEVEL, GP_APP_ID, GBA_BA_ID, GD_DOC_ID, AP_ELEMENT_STATE
FROM EUL5_ACCESS_PRIVS
Best wishes
Michael -
Root Privileges for oracle user
Hi,
The System Administrator don´t whant that i have the roor password anymore.
I need to use root user to do something like commands of RAC (crs_stat, crs_start , crsctl, ...).
What option do we have to give the oracle all this privileges without need to give to me the root password???
Tks,
Paulo.He is trying sudo but hi is having some problem with that. Have another way????Maybe It's time the company changes SA, (or let him get the answer here).
-
Can I set privileges for publishing a site?
Is it possible to set up Muse such that one of my team is able to make various changes to a site, but only I am able to publish to Business Catalyst, once the changes have been approved?
Thanks in advanceHi
With Muse we cannot setup permission privileges for publishing sites, Muse will publish the site to user account which is setup in Publish account ( Edit > Preferences > Publish Account )
Any user with administrative permission with the site can make changes to the site within Business Catalyst as well from Muse, unless you remove all the permission privilege for that user from Business Catalyst.
So if user is added as Admin role in Business Catalyst then he can edit the site as well pulish the site from Muse , but if User is removed from admin role then he cannot publish the site from Muse.
Thanks,
Sanjit -
Problems accesing files in Mac Mini for Windows users.
We have a Mac Mini that we use as a data server in our network. Our main server is Windows and most of the users are Windows users.
At first, we had dificulties for connecting this Windows users to the server, but finally we did it and they have been working good accesing the files on the server, until last saturday when we run an update on the server.
All the privileges for files and folders were distorted and the users that acces the server with Windows 7 and 8, can't open some files and can't modify others (there is a warning that says that the file is in use by another user and can only be read).
We already re asigned the privileges for each user and folders, but we are still having problems with users that work with Windows 7 and 8 because they can not open any file. Windows XP users do not have this problem and they are working fine.
Can someone help me with this issue?Hello,
Since XP works & Win7&8 do not, I wonder if disabling SMBv2 & above might fix it...
http://support.microsoft.com/kb/2696547 -
Hi all
Have seen a couple threads regarding this but unfortunately nothing that solves my problem thus far!
Right now, our developers are using the Domain Admin account to promote their website code using MSI files. I'd like to change this as I feel the Domain Admin account should be on lock down and only used when absolutely necessary, pretty common. The
same goes for my account too, I would like to absolve as much use of the Domain Admin as I can.
Problem is, when they run installers from their own accounts, they receive this error: You do not have sufficient privileges
to complete this installation for all users of the machine. Log on as administrator and then retry this installation
The accounts they are using are part of the Built In Administrators group and the Domain Admins group... I'm not sure what other permission you'd need in a domain? We've gone as far as explicitly giving them local admin access on this server and still
nothing changes.
Is there a Group Policy or something that I can change to provide install rights and possibly remove these accounts as Domain Admin and more along the line of Power User?
Thanks much for your help!
RyanHi,
You could use Software Restriction Policies (SRP’s) or Applocker(supported on Windows server 2008 R2/Windows 7 only) to restrict the running
of the application for specific user.
Description of the Software Restriction Policies
http://support.microsoft.com/kb/310791
HOW TO: Restrict Users from Running Specific Windows Programs
http://support.microsoft.com/kb/323525
How to Implement Group Policy Security Filtering
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.htmlPlease remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
OIM 9.1.0.2 provisioning privileges for user?
Hi there,
I can provision users to my DB. Great.
However, if the user then logs on to the DB, they are rejected because they do not have connect privileges.
How can I set up my provisioning so that the user is not only created in the DB, but also granted basic privileges that allow them access DB features?
All the best, 2HughI am using the Standard Connector.
The question is how do I use it?
The tasks described below were performed in the Design Console as xelsysadm.
I have opened the process Database Access Oracle User and ticked the auto-prepopulate and Autosave form.
I've set up a pre-populate rule that calls this process and refers to the resource object called Database Access Oracle User RO. It only fires if the user created is in group Oracle.
I've opened Form Designer and created a new version of UD_DB_ORA_U (Database Access Provisioning form for Oracle User). Within the pre-populate tab of this form, I've added pre-populate entries for username, password and IT resource.
In the child tables tab under the UD_DB_ORA_U form, the roles and privileges tables are present.
However, I can not see how I can configure these so that they get pre-populated with the other user pre-populate entries (IT resource, username and password).
Any help with my impasse much appreciated.
Thanks,
2Hugh
Edited by: 2hughg on 16-Feb-2011 07:31 -
Can't retrieve folder privileges for a specific user
I am trying to get the granted privilege for a specified user for a certain folder. I am using the wwsec_api.get_granted_user_privilege function. When I run my code, nothing is ever returned. Here is my code:
l_priv_varchar := wwsec_api.get_granted_user_privilege(
p_user_id => 0,
p_object_type_name => 'FOLDER',
p_name => '2889');
p_user_id is from wwsec_person.id$
p_object_type_name is my object type
p_name is from wwv_corners.id
I have looked at the properties of this folder and this user, 0, is set up as the owner. So I am expecting to see 'OWN' returned. I have another user set up to only VIEW the folder and when I put that user's id into the p_user_id parameter I still do not get any return. I can run this same code (with different parameter values) and get the privileges for a 'PAGE', but never for a FOLDER.
Does anyone have this problem or can tell what I am missing?
Thanks.
nullp_name for a folder is "sitename/parentfolder/foldername". You can see that in the syspriv_name field on the WWV_CORNERS table.
-
Increasing Email Size Limits for some users
Hi All,
For some users (management) i needed to arrange that they are able to send bigger files then the default 10MB limit to each other.
I used this procedure to do so,
https://www.simple-talk.com/sysadmin/exchange/increasing-email-size-limits-for-your-high-profile-users-in-exchange-2010/
In a nutshell:
Set Global Transport Org. Config to 200MB
Set Transport Send and Receive connector to 200MB
Created a Distribution group adding the MT members and me (for testing)
Created a transport Rule for the 10MB limit for all users and exception for the distribution group
(Believe me, i am not happy with the 200MB size limit)
All seems to work but i have one issue that i cannot tackel or maybe it is by design.
-Managemant can also send big files to all
users who do not have this privelige, this is not someting i want, sending 100MB+ attachments to over 150 users.
Is this by design or do i mis something?
Thanks,
RonHi RonGielgens,
Attachment size in exchange has to be set on
Global settings
Connectors (send and receive connectors)
Mailbox
The global settings will affect all the others. of course connectors will affect specific servers and mailbox one user. You have to set the global to the absolute max size you want to allow in your organization.
after you do this you will need either to set the 10MB on each mailbox
Get-Mailbox | Set-Mailbox -MaxSendSize 10MB -MaxReceiveSize 10MB
Then change the limit on specific mailbox
or another way is to create a transport rule that will reject the email if the attachment size it > 10MB unless the sender/recipient is the required user or group.
so basically create 2 transport rules
1. reject messages sent to anyone with attachment > 10mb unless the recipient is userX
2. reject messages sent from anyone with attachment > 10mb unless the sender is userX
Normal case it should not allow.
Thanks, MAS
Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. -
Wat r d privileges req for a user to dba to perform simple consisent cdc???
i am trying to do simple consisent cdc ... but it is showing an error 'insufficient privileges' and 'table or view does not exsists' ....... is it necessary the schema user should be 'dba' and have "select any table privilege" for tat????? please clarify me i have given "select any table privilege" but it is again showing same error..... is it must the user should have a 'dba' privilege for proper functioning of cdc???
Hi,
You need to have privilege to create view as well.
GRANT CREATE ANY view, SELECT ANY TABLE TO <user>;
Thanks,
Guru -
How to grant view privilege for Instant Portal to public users?
How to grant view privilege for Instant Portal to public users?
Oracle Instant Portal was designed to offer secure access to company and departmental information, and it isn't currently possible to make instant portal pages public.
-
The error msg "The iPad "User's iPad" cannot be synced. You do not have enough access privileges for this operation." appears when I connect my ipad to itunes. How to resolve?
If you're running Windows, close iTunes, right-click on the iTunes icon and choose Run as Administrator, then try syncing again.
-
Missing privilege:NO TRIGGERS FOR REPLICATION USER
Hello,
I'm configuring the Synchronization Manager following the steps on the SAP MaxDB Library 7.6. I've done every step until the activation of the Replication Units, where the Synchronization Manager GUI give me the following error:
+Create MaxDB Trigger
com.sap.dbtech.jdbc.exceptions.DatabaseException: [-5001]: Missing privilege:NO TRIGGERS FOR REPLICATION USER
at com.sap.dbtech.jdbc.packet.ReplyPacket.createException(ReplyPacket.java:65)
at com.sap.dbtech.jdbc.ConnectionSapDB.throwSQLError(ConnectionSapDB.java:1061)
at com.sap.dbtech.jdbc.ConnectionSapDB.execute(ConnectionSapDB.java:689)
at com.sap.dbtech.jdbc.ConnectionSapDB.execute(ConnectionSapDB.java:563)
at com.sap.dbtech.jdbc.StatementSapDB.sendCommand(StatementSapDB.java:855)
at com.sap.dbtech.jdbc.StatementSapDB.sendSQL(StatementSapDB.java:919)
at com.sap.dbtech.jdbc.StatementSapDB.execute(StatementSapDB.java:266)
at com.sap.dbtech.jdbc.StatementSapDB.execute(StatementSapDB.java:234)
at com.sap.dbtech.jdbc.trace.Statement.execute(Statement.java:79)
at com.sap.sdb.syncMan.util.SQLBuilder.markMaxDBTableForRep(SQLBuilder.java:301)
at com.sap.sdb.syncMan.design.DesignSQLLayer.installTableOfParticipant(DesignSQLLayer.java:2427)
at com.sap.sdb.syncMan.design.DesignSQLLayer.installReplicationUnit(DesignSQLLayer.java:1493)
at com.sap.sdb.syncMan.gui.jface_controls.UnitControl.internalActivateParticipant(UnitControl.java:1165)
at com.sap.sdb.syncMan.gui.jface_controls.UnitControl.internalActivateSelectedParticipant(UnitControl.java:1067)
at com.sap.sdb.syncMan.gui.jface_controls.UnitControl.access$000(UnitControl.java:98)
at com.sap.sdb.syncMan.gui.jface_controls.UnitControl$WorkerThread.run(UnitControl.java:125)+
Question:
1. What privilege should I give to the Synchronization User? It's already a DBA user.
2. Could it be a library problem?. According to the documentation installed with the application, the Mysql connector jdbc should be used instead of the sapdbc.jar; but doing this the Synchronization Manager GUI doesn't start.
Regards!
MYHello,
you can create the replication user like this.
"create user dbservice password <your password> dba not exclusive replication"
Did you grant the tables you want to replicate to the replication user?
The replication user itself must not own triggers or tables. It owns special system triggers and repliaction meta tables.
Best Regards
Wolfgang
Maybe you are looking for
-
Can no longer send email from my accounts but can receive
I have 5 email accounts set up on my imac. 3 are mine 2 are my partners. I can no longer send emails from my accounts but my partner still can. They all still receive mail but when I attempt to send mail I get:- Cannot Send Message Using Server Then
-
Output date in words on a smart form
I need to output a date in words on a smart form. As in today's date (01/13/2009) should be output as January 13, 2009. How do I acheieve this? Please could someone help me out with this one?
-
Windows 8 Problems with Airport/Airtunes
Installed Windows 8 from Windows 7, reinstalled latest version of iTunes and Airport Utility. iTunes now no longer "sees" Airtunes speakers (connected through multiple Airport Express units throughout house). Speakers are seen by all Apple devices
-
Hi Imagine I have a desktop Firefox and an Android Firefox. I create an account and sync desktop Firefox with Android Firefox. Now I disconnect sync in my Desktop. For one week sync is disconnected and I changed my bookmarks a lot. After a week I wan
-
Creating a PDF from Word 2010 doesn't correctly convert text boxes and images
I have Acrobat 11 and my co-workers with 9 and 10 can correctly convert Word docs with images and text boxes, but v.11 cuts off the text and doesn't convert images correctly.