Limited privileges for ReSA users

Similar Messages

• Check package/procedure level privileges for a user

  hi gurus,
  how to check the package/procedure level privileges for a user? like dba_tab_privs for tables.
  for eg: grant execute on dbms_scheduler to user1.
  now, i need to verify that user1 has execute privilege on dbms_scheduler or not.
  what's the view for this?
  thanks in advance,
  charles

  SQL> select privilege, count(*) from dba_tab_privs group by privilege order by 1;
  PRIVILEGE                       COUNT(*)
  ALTER                               19
  DEBUG                              256
  DELETE                              131
  DEQUEUE                            3
  EXECUTE                           19315
  FLASHBACK                          52
  INDEX                               14
  INSERT                              137
  MERGE VIEW                          36
  ON COMMIT REFRESH                     52
  QUERY REWRITE                          52
  PRIVILEGE                       COUNT(*)
  READ                                7
  REFERENCES                          54
  SELECT                                3752
  UNDER                                3
  UPDATE                              111
  WRITE                                5
  17 rows selected.DBA_TAB_PRIVS is for more than just tables.

• How to grant create table privilege for a user on a specific table

  Hi:
  I created a user, for a test scenario. I granted this user create any table, and I made the default tablespace as example.
  When I connect as the user and try to create a table, I get this:
  SQL> create table T1 (NAME varchar2 (500), AGE number(2));
  create table T1 (NAME varchar2 (500), AGE number(2))
  ERROR at line 1:
  ORA-01950: no privileges on tablespace 'EXAMPLE'
  How can I grant the necessary privilege to have user create/delete tables on tablespace example?
  Thanks.
  DA

  create user ADAM identified by radge default tablespace EXAMPLE
  quota 10M on EXAMPLE;
  for example 10Mbytes given to Example tablespace.... or you can write:
  .....quota unlimited on EXAMPLE
  and
  grant connect to ADAM
  grant create table to ADAM .....
  or
  grant connect , resource to ADAM .... although grant resource is not recommended...
  ....and something else....
  you should define temporary tablespace in create user command... otherwise the system would be used...
  Greetings...
  Sim
  Message was edited by:
  sgalaxy

• Task Privileges for Existing Users - Looking for a global update solution

  After some reading I understand that if you set the task privileges for the PUBLIC user in the Privileges section of Discoverer Administrator (10g), any new user created in the system will pick up the privileges you have assigned to the PUBLIC user.
  I currently have 4000+ users who have access to Discoverer Plus and the ability to create/edit queries. I want to limit who can access Discoverer Plus functionality to approximately 150 users.
  I have changed my PUBLIC user to NOT have privileges but this will only affect new users. Is there any way to restrict 4000+ users without having to go through each user individually and set the privileges.
  I am looking for a global update solution. I am wondering if this can be done through the back-end.

  Hi Mezzobella
  If you change the rights for the public user then other users, who have not been manually adjusted in any way, will automatically pick up the public rights. Therefore, if you have a lot of users that are not changing this means that at some point in their life you will have clicked OK or Apply on the screen with a user displayed. This now assigns the rights to that user as opposed to inheriting them from the public user.
  What you are describing is the perfect reason why you should not administer Discoverer using user accounts but to use roles or responsibilities instead.
  In your case you are now somewhat stuck. The programatic way to revoke these rights is to drop rows from the EUL5_ACCESS_PRIVS table but this could take longer than doing inside Discoverer. Basically, when a user has been granted privileges one row per privilege is inserted into this table. The column AP_EU_ID contains the ID of the user. The column GP_APP_ID is the one that tells you what privilege a user has. Here is a list of the privileges:
  1000 Desktop / Plus Privilege (U)
  1001 Create / Edit Query (U)
  1002 Item Drill (U)
  1003 Drill Out (U)
  1004 Grant Workbook (aka Sharing) (U)
  1005 Collect Query Statistics (U)
  1006 Admin Privilege (A)
  1007 Set Privilege (A)
  1008 Create / Edit Business Area (A)
  1009 Format Business Area (A)
  1010 Create / Edit Summaries (A)
  1011 Not used as far as can be determined
  1012 Schedule (U)
  1013 User is never required to schedule workbooks (U)
  1014 Save workbooks to database (U)
  1015 Managed scheduled workbooks (A)
  1016 This is an apps mode EUL
  1017 This is the user's assigned language
  1018 User is allowed to change password
  1019 to 1023 Not used as far as can be determined
  1024 Create Link (U)
  Note: A = Admin privilege, U = User privilege
  Theoretically you could manually delete rows from this table and that will revoke the rights. In reality, Oracle do not like it when inexperienced users manually the EUL as you could corrupt it. Therefore, any manual updates must be done with utmost caution after making sure you back up or have a copy of the table you will be updating - just in case.
  Try running this query to see the content:
  SELECT DECODE( AP_EU_ID, 104198, 'Viewer', 103697, 'Plus', 'Other' ) "Who" , AP_ID, AP_TYPE, AP_EU_ID, AP_PRIV_LEVEL, GP_APP_ID, GBA_BA_ID, GD_DOC_ID, AP_ELEMENT_STATE
  FROM EUL5_ACCESS_PRIVS
  Best wishes
  Michael

• Root Privileges for oracle user

  Hi,
  The System Administrator don´t whant that i have the roor password anymore.
  I need to use root user to do something like commands of RAC (crs_stat, crs_start , crsctl, ...).
  What option do we have to give the oracle all this privileges without need to give to me the root password???
  Tks,
  Paulo.

  He is trying sudo but hi is having some problem with that. Have another way????Maybe It's time the company changes SA, (or let him get the answer here).

• Can I set privileges for publishing a site?

  Is it possible to set up Muse such that one of my team is able to make various changes to a site, but only I am able to publish to Business Catalyst, once the changes have been approved?
  Thanks in advance

  Hi
  With Muse we cannot setup permission privileges for publishing sites, Muse will publish the site to user account which is setup in Publish account ( Edit > Preferences > Publish Account )
  Any user with administrative permission with the site can make changes to the site within Business Catalyst as well from Muse, unless you remove all the permission privilege for that user from Business Catalyst.
  So if user is added as Admin role in Business Catalyst then he can edit the site as well pulish the site from Muse , but if User is removed from admin role then he cannot publish the site from Muse.
  Thanks,
  Sanjit

• Problems accesing files in Mac Mini for Windows users.

  We have a Mac Mini that we use as a data server in our network. Our main server is Windows and most of the users are Windows users.
  At first, we had dificulties for connecting this Windows users to the server, but finally we did it and they have been working good accesing the files on the server, until last saturday when we run an update on the server.
  All the privileges for files and folders were distorted and the users that acces the server with Windows 7 and 8, can't open some files and can't modify others (there is a warning that says that the file is in use by another user and can only be read).
  We already re asigned the privileges for each user and folders, but we are still having problems with users that work with Windows 7 and 8 because they can not open any file. Windows XP users do not have this problem and they are working fine.
  Can someone help me with this issue?

  Hello,
  Since XP works & Win7&8 do not, I wonder if disabling SMBv2 & above might fix it...
  http://support.microsoft.com/kb/2696547

• You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation

  Hi all
  Have seen a couple threads regarding this but unfortunately nothing that solves my problem thus far!
  Right now, our developers are using the Domain Admin account to promote their website code using MSI files.  I'd like to change this as I feel the Domain Admin account should be on lock down and only used when absolutely necessary, pretty common.  The
  same goes for my account too, I would like to absolve as much use of the Domain Admin as I can.
  Problem is, when they run installers from their own accounts, they receive this error: You do not have sufficient privileges
  to complete this installation for all users of the machine. Log on as administrator and then retry this installation
  The accounts they are using are part of the Built In Administrators group and the Domain Admins group... I'm not sure what other permission you'd need in a domain?  We've gone as far as explicitly giving them local admin access on this server and still
  nothing changes.
  Is there a Group Policy or something that I can change to provide install rights and possibly remove these accounts as Domain Admin and more along the line of Power User?
  Thanks much for your help!
  Ryan

  Hi,
  You could use Software Restriction Policies (SRP’s) or Applocker(supported on Windows server 2008 R2/Windows 7 only) to restrict the running
  of the application for specific user.
  Description of the Software Restriction Policies
  http://support.microsoft.com/kb/310791
  HOW TO: Restrict Users from Running Specific Windows Programs
  http://support.microsoft.com/kb/323525
  How to Implement Group Policy Security Filtering
  http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.htmlPlease remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• OIM 9.1.0.2 provisioning privileges for user?

  Hi there,
  I can provision users to my DB. Great.
  However, if the user then logs on to the DB, they are rejected because they do not have connect privileges.
  How can I set up my provisioning so that the user is not only created in the DB, but also granted basic privileges that allow them access DB features?
  All the best, 2Hugh

  I am using the Standard Connector.
  The question is how do I use it?
  The tasks described below were performed in the Design Console as xelsysadm.
  I have opened the process Database Access Oracle User and ticked the auto-prepopulate and Autosave form.
  I've set up a pre-populate rule that calls this process and refers to the resource object called Database Access Oracle User RO. It only fires if the user created is in group Oracle.
  I've opened Form Designer and created a new version of UD_DB_ORA_U (Database Access Provisioning form for Oracle User). Within the pre-populate tab of this form, I've added pre-populate entries for username, password and IT resource.
  In the child tables tab under the UD_DB_ORA_U form, the roles and privileges tables are present.
  However, I can not see how I can configure these so that they get pre-populated with the other user pre-populate entries (IT resource, username and password).
  Any help with my impasse much appreciated.
  Thanks,
  2Hugh
  Edited by: 2hughg on 16-Feb-2011 07:31

• Can't retrieve folder privileges for a specific user

  I am trying to get the granted privilege for a specified user for a certain folder. I am using the wwsec_api.get_granted_user_privilege function. When I run my code, nothing is ever returned. Here is my code:
  l_priv_varchar := wwsec_api.get_granted_user_privilege(
  p_user_id => 0,
  p_object_type_name => 'FOLDER',
  p_name => '2889');
  p_user_id is from wwsec_person.id$
  p_object_type_name is my object type
  p_name is from wwv_corners.id
  I have looked at the properties of this folder and this user, 0, is set up as the owner. So I am expecting to see 'OWN' returned. I have another user set up to only VIEW the folder and when I put that user's id into the p_user_id parameter I still do not get any return. I can run this same code (with different parameter values) and get the privileges for a 'PAGE', but never for a FOLDER.
  Does anyone have this problem or can tell what I am missing?
  Thanks.
  null

  p_name for a folder is "sitename/parentfolder/foldername". You can see that in the syspriv_name field on the WWV_CORNERS table.

• Increasing Email Size Limits for some users

  Hi All,
  For some users (management) i needed to arrange that they are able to send bigger files then the default 10MB limit to each other.
  I used this procedure to do so,
  https://www.simple-talk.com/sysadmin/exchange/increasing-email-size-limits-for-your-high-profile-users-in-exchange-2010/
  In a nutshell:
  Set Global Transport Org. Config to 200MB
  Set Transport Send and Receive connector to 200MB
  Created a Distribution group adding the MT members and me (for testing)
  Created a transport Rule for the 10MB limit for all users and exception for the distribution group
  (Believe me, i am not happy with the 200MB size limit)
  All seems to work but i have one issue that i cannot tackel or maybe it is by design.
  -Managemant can also send big files to all
  users who do not have this privelige, this is not someting i want, sending 100MB+ attachments to over 150 users.
  Is this by design or do i mis something?
  Thanks,
  Ron

  Hi RonGielgens,
  Attachment size in exchange has to be set on
  Global settings
  Connectors (send and receive connectors)
  Mailbox
  The global settings will affect all the others. of course connectors will affect specific servers and mailbox one user. You have to set the global to the absolute max size you want to allow in your organization.
  after you do this you will need either to set the 10MB on each mailbox
  Get-Mailbox | Set-Mailbox -MaxSendSize 10MB -MaxReceiveSize 10MB
  Then change the limit on specific mailbox
  or another way is to create a transport rule that will reject the email if the attachment size it > 10MB unless the sender/recipient is the required user or group.
  so basically create 2 transport rules
  1. reject messages sent to anyone with attachment > 10mb unless the recipient is userX
  2. reject messages sent from anyone with attachment > 10mb unless the sender is userX
  Normal case it should not allow.
  Thanks, MAS
  Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Wat r d privileges req for a user to dba to perform simple consisent cdc???

  i am trying to do simple consisent cdc ... but it is showing an error 'insufficient privileges' and 'table or view does not exsists' ....... is it necessary the schema user should be 'dba' and have "select any table privilege" for tat????? please clarify me i have given "select any table privilege" but it is again showing same error..... is it must the user should have a 'dba' privilege for proper functioning of cdc???

  Hi,
  You need to have privilege to create view as well.
  GRANT CREATE ANY view, SELECT ANY TABLE TO <user>;
  Thanks,
  Guru

• How to grant  view privilege for Instant Portal to public users?

  How to grant view privilege for Instant Portal to public users?

  Oracle Instant Portal was designed to offer secure access to company and departmental information, and it isn't currently possible to make instant portal pages public.

• TS2529 The error msg "The iPad "User's iPad" cannot be synced.  You do not have enough access privileges for this operation." appears when I connect my ipad to itunes.  How to resolve?

  The error msg "The iPad "User's iPad" cannot be synced.  You do not have enough access privileges for this operation." appears when I connect my ipad to itunes.  How to resolve?

  If you're running Windows, close iTunes, right-click on the iTunes icon and choose Run as Administrator, then try syncing again.

• Missing privilege:NO TRIGGERS FOR REPLICATION USER

  Hello,
  I'm configuring the Synchronization Manager following the steps on the SAP MaxDB Library 7.6. I've done every step until the activation of the Replication Units, where the Synchronization Manager GUI give me the following error:
  +Create MaxDB Trigger
  com.sap.dbtech.jdbc.exceptions.DatabaseException: [-5001]: Missing privilege:NO TRIGGERS FOR REPLICATION USER
       at com.sap.dbtech.jdbc.packet.ReplyPacket.createException(ReplyPacket.java:65)
       at com.sap.dbtech.jdbc.ConnectionSapDB.throwSQLError(ConnectionSapDB.java:1061)
       at com.sap.dbtech.jdbc.ConnectionSapDB.execute(ConnectionSapDB.java:689)
       at com.sap.dbtech.jdbc.ConnectionSapDB.execute(ConnectionSapDB.java:563)
       at com.sap.dbtech.jdbc.StatementSapDB.sendCommand(StatementSapDB.java:855)
       at com.sap.dbtech.jdbc.StatementSapDB.sendSQL(StatementSapDB.java:919)
       at com.sap.dbtech.jdbc.StatementSapDB.execute(StatementSapDB.java:266)
       at com.sap.dbtech.jdbc.StatementSapDB.execute(StatementSapDB.java:234)
       at com.sap.dbtech.jdbc.trace.Statement.execute(Statement.java:79)
       at com.sap.sdb.syncMan.util.SQLBuilder.markMaxDBTableForRep(SQLBuilder.java:301)
       at com.sap.sdb.syncMan.design.DesignSQLLayer.installTableOfParticipant(DesignSQLLayer.java:2427)
       at com.sap.sdb.syncMan.design.DesignSQLLayer.installReplicationUnit(DesignSQLLayer.java:1493)
       at com.sap.sdb.syncMan.gui.jface_controls.UnitControl.internalActivateParticipant(UnitControl.java:1165)
       at com.sap.sdb.syncMan.gui.jface_controls.UnitControl.internalActivateSelectedParticipant(UnitControl.java:1067)
       at com.sap.sdb.syncMan.gui.jface_controls.UnitControl.access$000(UnitControl.java:98)
       at com.sap.sdb.syncMan.gui.jface_controls.UnitControl$WorkerThread.run(UnitControl.java:125)+
  Question:
  1. What privilege should I give to the Synchronization User? It's already a DBA user.
  2. Could it be a library problem?. According to the documentation installed with the application, the Mysql connector jdbc should be used instead of the sapdbc.jar; but doing this the Synchronization Manager GUI doesn't start.
  Regards!
  MY

  Hello,
  you can create the replication user like this.
  "create user dbservice password <your password> dba not exclusive replication"
  Did you grant the tables you want to replicate to the replication user?
  The replication user itself must not own triggers or tables. It owns special system triggers and repliaction meta tables.
  Best Regards
    Wolfgang