List of Privileges under a ROLE
Hello, Which database view do I query to derive list of privileges covered under a role? This is on 10g Thanks, R
SQL> select * from role_sys_privs where role='DBA';
ROLE PRIVILEGE ADM
DBA CREATE SESSION YES
DBA ALTER SESSION YES
DBA DROP TABLESPACE YES
DBA BECOME USER YES
DBA DROP ROLLBACK SEGMENT YES
DBA SELECT ANY TABLE YES
DBA INSERT ANY TABLE YES
DBA UPDATE ANY TABLE YES
DBA DROP ANY INDEX YES
DBA SELECT ANY SEQUENCE YES
DBA CREATE ROLE YES
ROLE PRIVILEGE ADM
DBA EXECUTE ANY PROCEDURE YES
DBA ALTER PROFILE YES
DBA CREATE ANY DIRECTORY YES
DBA CREATE ANY LIBRARY YES
DBA EXECUTE ANY LIBRARY YES
DBA ALTER ANY INDEXTYPE YES
DBA DROP ANY INDEXTYPE YES
DBA DEQUEUE ANY QUEUE YES
DBA EXECUTE ANY EVALUATION CONTEXT YES
DBA EXPORT FULL DATABASE YES
DBA CREATE RULE YES
ROLE PRIVILEGE ADM
DBA ALTER ANY SQL PROFILE YES
DBA ADMINISTER ANY SQL TUNING SET YES
DBA CHANGE NOTIFICATION YES
DBA ALTER ROLLBACK SEGMENT YES
DBA DELETE ANY TABLE YES
DBA ALTER DATABASE YES
DBA FORCE ANY TRANSACTION YES
DBA ALTER ANY PROCEDURE YES
DBA DROP ANY TRIGGER YES
DBA DROP ANY MATERIALIZED VIEW YES
DBA UNDER ANY TYPE YES
ROLE PRIVILEGE ADM
DBA ALTER ANY LIBRARY YES
DBA CREATE DIMENSION YES
DBA DEBUG ANY PROCEDURE YES
DBA CREATE RULE SET YES
DBA ALTER ANY RULE SET YES
DBA ANALYZE ANY DICTIONARY YES
DBA RESTRICTED SESSION YES
DBA CREATE TABLESPACE YES
DBA ALTER TABLESPACE YES
DBA CREATE USER YES
DBA ALTER USER YES
ROLE PRIVILEGE ADM
DBA LOCK ANY TABLE YES
DBA CREATE VIEW YES
DBA DROP ANY VIEW YES
DBA GRANT ANY ROLE YES
DBA CREATE TRIGGER YES
DBA CREATE TYPE YES
DBA EXECUTE ANY OPERATOR YES
DBA CREATE ANY DIMENSION YES
DBA ALTER ANY DIMENSION YES
DBA CREATE ANY OUTLINE YES
DBA ADMINISTER DATABASE TRIGGER YES
ROLE PRIVILEGE ADM
DBA RESUMABLE YES
DBA FLASHBACK ANY TABLE YES
DBA CREATE ANY RULE SET YES
DBA EXECUTE ANY RULE SET YES
DBA IMPORT FULL DATABASE YES
DBA EXECUTE ANY RULE YES
DBA EXECUTE ANY PROGRAM YES
DBA CREATE ANY TABLE YES
DBA CREATE ANY INDEX YES
DBA CREATE ANY SEQUENCE YES
DBA ALTER ANY ROLE YES
ROLE PRIVILEGE ADM
DBA ANALYZE ANY YES
DBA DROP ANY LIBRARY YES
DBA CREATE ANY OPERATOR YES
DBA CREATE INDEXTYPE YES
DBA UNDER ANY TABLE YES
DBA DROP ANY DIMENSION YES
DBA SELECT ANY DICTIONARY YES
DBA GRANT ANY OBJECT PRIVILEGE YES
DBA CREATE EVALUATION CONTEXT YES
DBA CREATE ANY EVALUATION CONTEXT YES
DBA DROP ANY EVALUATION CONTEXT YES
ROLE PRIVILEGE ADM
DBA CREATE ANY RULE YES
DBA CREATE JOB YES
DBA CREATE ANY JOB YES
DBA ALTER SYSTEM YES
DBA AUDIT SYSTEM YES
DBA CREATE ROLLBACK SEGMENT YES
DBA DROP ANY TABLE YES
DBA COMMENT ANY TABLE YES
DBA CREATE CLUSTER YES
DBA ALTER ANY INDEX YES
DBA DROP PUBLIC DATABASE LINK YES
ROLE PRIVILEGE ADM
DBA CREATE PROFILE YES
DBA ALTER ANY MATERIALIZED VIEW YES
DBA ALTER ANY TYPE YES
DBA DROP ANY TYPE YES
DBA UNDER ANY VIEW YES
DBA EXECUTE ANY INDEXTYPE YES
DBA DROP ANY CONTEXT YES
DBA ALTER ANY OUTLINE YES
DBA ADMINISTER RESOURCE MANAGER YES
DBA MANAGE SCHEDULER YES
DBA MANAGE FILE GROUP YES
ROLE PRIVILEGE ADM
DBA CREATE TABLE YES
DBA BACKUP ANY TABLE YES
DBA CREATE ANY CLUSTER YES
DBA DROP ANY SYNONYM YES
DBA DROP PUBLIC SYNONYM YES
DBA CREATE ANY VIEW YES
DBA CREATE SEQUENCE YES
DBA ALTER ANY SEQUENCE YES
DBA FORCE TRANSACTION YES
DBA CREATE PROCEDURE YES
DBA CREATE ANY PROCEDURE YES
ROLE PRIVILEGE ADM
DBA ALTER RESOURCE COST YES
DBA DROP ANY DIRECTORY YES
DBA CREATE ANY TYPE YES
DBA CREATE ANY INDEXTYPE YES
DBA ENQUEUE ANY QUEUE YES
DBA ON COMMIT REFRESH YES
DBA DEBUG CONNECT SESSION YES
DBA DROP ANY RULE SET YES
DBA EXECUTE ANY CLASS YES
DBA MANAGE ANY FILE GROUP YES
DBA ALTER ANY TABLE YES
ROLE PRIVILEGE ADM
DBA DROP ANY CLUSTER YES
DBA CREATE SYNONYM YES
DBA CREATE PUBLIC SYNONYM YES
DBA DROP ANY SEQUENCE YES
DBA DROP ANY ROLE YES
DBA AUDIT ANY YES
DBA DROP ANY PROCEDURE YES
DBA CREATE ANY TRIGGER YES
DBA ALTER ANY TRIGGER YES
DBA DROP PROFILE YES
DBA GRANT ANY PRIVILEGE YES
ROLE PRIVILEGE ADM
DBA CREATE LIBRARY YES
DBA CREATE OPERATOR YES
DBA DROP ANY OUTLINE YES
DBA MERGE ANY VIEW YES
DBA ADMINISTER SQL TUNING SET YES
DBA MANAGE TABLESPACE YES
DBA DROP USER YES
DBA ALTER ANY CLUSTER YES
DBA CREATE ANY SYNONYM YES
DBA CREATE DATABASE LINK YES
DBA CREATE PUBLIC DATABASE LINK YES
ROLE PRIVILEGE ADM
DBA CREATE MATERIALIZED VIEW YES
DBA CREATE ANY MATERIALIZED VIEW YES
DBA EXECUTE ANY TYPE YES
DBA DROP ANY OPERATOR YES
DBA QUERY REWRITE YES
DBA GLOBAL QUERY REWRITE YES
DBA MANAGE ANY QUEUE YES
DBA CREATE ANY CONTEXT YES
DBA ALTER ANY EVALUATION CONTEXT YES
DBA ALTER ANY RULE YES
DBA DROP ANY RULE YES
ROLE PRIVILEGE ADM
DBA ADVISOR YES
DBA SELECT ANY TRANSACTION YES
DBA DROP ANY SQL PROFILE YES
DBA CREATE ANY SQL PROFILE YES
DBA READ ANY FILE GROUP YES
DBA CREATE EXTERNAL JOB YES
160 rows selected.
SQL>
Similar Messages
-
Dynamic calculation of privileges into business role
hi,
I have a requirement to create business roles containing a dynamic list of privileges. In addition, a costcenter attributes allows to determine the right privileges, within a business role, to assign.
I thought to use dynamic groups so that each time I assign a business role, a calculation of privileges based on costcenter is achieved.
for example:
BR1;FR10;Z_technical_privileges
BR1;FR30;Z_technical_privileges2
This list is often updated that's why I need it to be dynamic.
In the filter tab of the dyn group, I set a request to retrieve the mskeys of privileges (here is mskey of PRIV:ROLE:<sys>:Z_technical privileges & PRIV:ROLE:<sys>:Z_technical_privileges2)
Then I attach the dyn groups to the role (BR1) by setting up the autoassign field in the membership tab of the role.
When I assign the BR to a user, no privilege is provisioned (user already have an account in that system).
Am I forgetting something or doing something wrong?
how can I include the "check" on costcenter attributes?
thanks
GuillaumeHello Guillaume,
dynamic roles find you the pool of people, that can be used in a business roles. If you attach a dynamic role to a BR, those users will become members of the BR.
You are trying the same with privileges and that's why nothing happens. Because privileges can't become members of the BR.
Are the different lists of privileges, that need to be assigned to users via the costcenter-attribute really changing so much?
You could use the dynamic groups to look for the members of a costcenter and assign those to the BR specific for that costcenter with the privileges added to the BR. That means one BR per costcenter and the privileges need to be changed manually or maybe via a job.
Hmm... where do the new privileges come from? How would you find them dynamically anyway? If you have a SQL statement for that, it should be possible to create a job, that adds the new privileges to the BR and delete old ones.
I don't see a fast and easy way to do this, but I haven't come across a request like this yet, so maybe there is one and I just don't know it (yet ^^).
Regards,
Steffi. -
How do I remove an app from the update list that is under someone else's apple id?
How do I remove an app from the update list that is under someone else's apple id? So this way the update always fails because it asks for someone else's password. I don't have the app on my mac, it only appears in the update list. It's just annoying, because the update keeps appearing, and the reminder keeps reminding me that I should install a new update.
You installed a hacked app, originally from the Mac App Store. It contains the receipt for a different app, downloaded using an account that you don't control. You need to identify and remove the hacked app.
Important: The app you need to remove is not necessarily the one named in the App Store alert. For example, the App Store may prompt you to update "Angry Birds" or "Twitter," but the hacked app may be something else entirely. Don't make any assumptions about which app you're looking for. To find it, you must carry out a systematic search with Spotlight.
1. Triple-click anywhere in the line of text below on this page to select it:
kMDItemAppStoreHasReceipt=1
Copy the selected text to the Clipboard by pressing the key combination command-C.
2. In the Finder, press command-F to open a search window, or select
File ▹ Find
from the menu bar. In the search window, select
Search: This Mac
from the row of tokens below the toolbar. Below that is a popup menu of search criteria, initially showing Kind. From that menu, select
Other...
A sheet will drop down. In that sheet, select
Raw Query
as the criterion, then click OK or press return.
Now there will be a text box to the right of the menu of search criteria. That's where you enter the raw search query. Click in that box and paste the text you copied earlier by pressing command-V.
4. The search window will now show all the App Store products that are installed. Compare those search results with the list of your purchases from the App Store. To see the complete list, you may need to unhide hidden purchases. If any apps were download from the App Store using other Apple ID accounts that you control, sign in to the store under each of those ID's and check the purchases.
At least one of the apps in the Spotlight search results is not among your purchases in the App Store. Move each such item to the Trash, after quitting it if it's running. You may be prompted for your administrator password. Empty the Trash.
Quit and relaunch the App Store. Test.
If you find these instructions confusing, ask for an alternative method. -
How do I add a link to the list of links under the "My Account Link"
Q) How do I add a link to the list of links under the "My Account Link"?
A) Edit any of your portlet web services and go to the "Advanced URL Settings" and then "User Configuration URL". If you type a path in this box, a link displays on the My Account page.
You need to restart your portal web server to see results immediately because the display page is cached.What To Do If Your iDevice or Computer Is Lost Or Stolen
If your Mac, iPhone, iPod, iPod Touch, or iPad is lost or stolen what do you do? There are things you should do in advance - before you lose it or it's stolen - and some things to do after the fact. Here are some suggestions:
Reporting a lost or stolen Apple product
AT&T, Sprint, and Verizon can block stolen phones/tablets
What-To-Do-When-Iphone-Is-Stolen
Lost or Stolen iPhone? Here’s What to do.
6 Ways to Track and Recover Your Lost/Stolen iPhone
Find My iPhone
It pays to be proactive by following the advice on using Find My Phone before you lose your device:
Find My iPhone
Setup your iDevice on MobileMe
OS X Lion- About Find My Mac
How To Set Up Free Find Your iPhone (Even on Unsupported Devices)
Third-party solutions for computers:
VUWER 1.5.4
Sneaky ******* 0.2.0
Undercover 4.7
LoJack for Laptops Premium Mac
STEM 2.1
MacPhoneHome 3.5 -
I read the article on how to remove Bing; however, it does not show up on my list of installed programs and it does not show up in the list of extenstions under "Tools" and "Addon" yet it is installed as an extention to the right of the addlress line. It is not my home page. Help!!!
See also:
*https://support.mozilla.com/kb/Removing+the+Search+Helper+Extension+and+Bing+Bar
*https://support.mozilla.com/kb/Troubleshooting+extensions+and+themes
*http://kb.mozillazine.org/Resetting_preferences -
Remote Desktop Client Update 3.8.2 v.11 remains in Software Update queue but, is listed (several times) under "Updates Installed in Last 30 Days". This is also the case with HP Printer Software update 3.0 and Digital Camera RAW Compatibility Update 6.03. Clicking the "update" button for these doesn't appear to install the software, but lists it in the "Updates Installed in Last 30 Days" without removing it from the Software Update queue.
Thank you. I tried that and even gave it a few days to do its thing, but I still get the same results. Remote Desktop, HP Printer, Digital Camera all still appear in "Available Updates", but the same versions appear under "Updates Installed in the Last 30 Days". BTW, I had to manually install the Safari 8.0.4 update because it also wasn't updating.
-
Need to find out the list of objects under a Transport
Hi ,
My requriement is to programatically find the list of objects under the Transport.
I tried using the table E071 but no luck is there any FM or table which gives me the list of objects assigned to the transport request
Regards,
kkTYPES: BEGIN OF ty_tasks,
trkorr TYPE trkorr,
trstatus TYPE trstatus,
strkorr TYPE strkorr,
as4user TYPE tr_as4user,
END OF ty_tasks,
BEGIN OF ty_object,
trkorr TYPE trkorr,
as4pos TYPE ddposition,
pgmid TYPE pgmid,
object TYPE trobjtype,
obj_name TYPE TROBJ_NAME,
lang TYPE spras,
END OF ty_object,
SELECT-OPTIONS : so_trans FOR e070-trkorr
*selection from table e070.
SELECT trkorr
trstatus
strkorr
as4user
FROM e070 INTO TABLE it_tasks
WHERE strkorr IN so_trans or
trkorr in so_trans.
IF SY-SUBRC = 0.
*selection from table e071 to get all the objects
*under the respective task/request.
data: g_trans type e070-trkorr,
g_strkorr type e070-strkorr.
SELECT trkorr
as4pos
pgmid
object
obj_name
lang FROM e071 INTO TABLE it_object
FOR ALL ENTRIES IN it_tasks
WHERE trkorr = it_tasks-strkorr.
hope it might be helpfull.
regards ,
aby -
IView behavior under a role vs. preview
Hi,
Anyone knows why my iView is working fine in a preview but later when I see this iView under a role doesn't works? Maybe should I change some parameter of this iView like isolation method?
Thanks
GuillermoHi,
the iView has a component that calls to another using Ajax but the request fails.
What is the difference between iView behavior under a role and only launched in a preview?
Thanks in advance
Guillermo -
How to restrict selected Role under a Role???
Hi Friends,
I have 3 roles, which are Role-1, Role-2, Role-3.
Role-2 & Role-3 are Under/Part of Role-1.
Now, I have assigned Role-1 to a user. By doing this, When he logs in he is able to see the Role-2 and Role-3 also eventhough we havent assigned Role-2&3.
Now My question is, How to restrict a role under a role. For example, I dont want to show Role-3.
When i checked the user roles assigned, i see only Role-1 but not 2 other roles.
Could anyone advice on how to make unwanted role in role. Assuming, no one is going to assign directly with Role-2 & Role-3. They got assigned only Role-1.
Thanks for u r time!!
Thanks,
Raghavendra.PHi Praveen,
Thanks for important/useful information. I really dont understand is., Inspite of giving the properties to the each of role/workset, How do we call the approprite under the role. for example :
If we have Role-2 with propery dept=sd,
and Role-3 with propert dept=xi, etc.
Now i have Role-1, within which i have Role-2 and Role-3.
Now, if i want to see only roles with dept=xi then where should i mention and what should i mention.
I understood till creating the properties, assigning the properties to roles/worksets, giving values to properties.
Only i doesnt understood is how to activate which we want in the scenario.
Thanks for your time..!!!
Thanks,
Raghavendra Pothula -
Transport of the query under some role................
Hi,
I created new query in development and saved it under one role.
I transported the query and workbook to production but didnt transfer the role with query.
When I checked the query in production it is not reflecting under the required role.
Do I need to transfer the role also with the new query? However it is present in the Info area trea of Queries.
now as I have alreday transported the query and workbook to production do need to again transport these with the Role OR I can transferring the role only will be sufficient?
Thanks
JeetuIt's enought to trasnport the role in production.
Hope it helps.
Regards -
In the process of reformatting my macbook pro, I saved everything but my keyword list. The keywords are with the images, but the total list I use under "Keywords" is not present. Is there a way to re-create all my keywords I've used over the last 6 years.
I accomplished what I needed last night. I remembered I had picked my favorite images from each year and put them in a "favorite" folder by year. These folders included 500 to 1200 images per year. I pulled up the folder for each year and highlighted all images and clicked on "Keywords" and all keywords used for all images were listed. I made those keywords persistent. It took me a while to realize I had to click on each keyword to make it persistent. After doing this for all years, I assume 95% of all keywords I have used over the many years were back in my list. I'm sure there is probably a more "technical" way to accomplish what I needed, but this seems to have worked. I also exported my list into a word document and is saved on my hard drive.
If I had not made folders with my favorite images for each year, I could not have used this method, so if you figure out a better way, I like to hear it. Thanks for your comments and willingness to help. -
Find out operator privilege for a role
Hi,
How to find out targets missing operator privilege for a role in OEM?From the backend you should use EMCLI
Check http://download.oracle.com/docs/cd/B16240_01/doc/em.102/b40004/cli_verb_ref.htm#BABFGJBG -
How to remove transaction that was added under Menu - Role Menu
We have roles that we need to remove some transactions.
These transactions were added under Menu - Role Menu and expanded for ex: Logistics and Picked Miro transaction.
When I go to PFCD and check under s_tcode I cannot remove Miro transactions since it's grayed out.
The only way to remove this is to go back to the Menu and do a find on miro and work through the menu until I get to Miro transaction and then delete it.
Is there another way to accomplish this.
Thanks
JoeThis is the intended way a role built from a menu works. What might be the use of an authorization without any corresponding transaction to start it? It is only a risk...
Unless of course you know better or design differently and don't make the effort to adjust SU24, then you can insert manually or cause "changed" authorizations, but PFCG will not look at it from a "your own fault" view and not adjust it or protect it against illogical changes.
To use the discipline of the one approach but keep the flexibility of manual authorizations is not possible for S_TCODE, S_RFC and S_SERVICE objects (the entry points).
Cheers,
Julius
PS:
> Total Questions: 42 (36 unresolved)
Please follow-up on your unresolved questions. There is a limit now of 10 open questions asked since July 2008. -
Role Config Key Not Working under Business Role
Hi Gurus,
I have created a Z role configuration key under a Z business role which is assigned to my user id. I have done some configuration changes under that role config key. Now when i login with my user id, i am not able to see the config changes. It always shows the standard config.
Please let me know if i have to do any additional thing to get the custom config.
Appreciate your inputs.
Thanks,
Sujani.Hi All,
I have enhanced the standard component IUICOBJD for the Point of Delivery view. I have written the following code in the DO_CONFIG_DETERMINATION
DATA: lr_config TYPE REF TO cl_bsp_dlc_configuration2,
ls_ui_profile TYPE crms_ui_role_profile.
lr_config ?= me->configuration_descr.
cl_crm_ui_roles=>get_role_attrib( IMPORTING es_role_attributes = ls_ui_profile ).
IF ls_ui_profile-role_config_key = 'ZPOD'.
lr_config->if_bsp_dlc_config_appl~set_object_type( '<DEFAULT>' ).
lr_config->if_bsp_dlc_config_appl~set_object_sub_type( '<DEFAULT>' ).
lr_config->if_bsp_dlc_configuration~set_component_usage( '<DEFAULT>' ).
lr_config->if_bsp_dlc_configuration~set_role_key( ls_ui_profile-role_config_key ).
However, The standard configuration is still coming. If i perform some action on the screen then it is taking the custom configuration. I want to display the customer configuration the very first time.
Please help me in this regard.
Thanks,
Sujani. -
Customize the privileges based on role i mean just assign the privileges to security gurop?
how to create and configure privileges like how to assign privileges to help desk, server administrator, desktop administrator if any way to customize the privileges based on role i mean just assign the privileges to security gurop?
Yes, you can read the Wiki you started here: http://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx
Mainly, you can create security groups, delegate them rights on your platforms and then just add/remove users to these groups.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile
Maybe you are looking for
-
Hi to all, I have a task to enhance Vl02n for outbound delivery. My requirement is to populate picking quantity using delivery quantity. Normally pick list OUTPUT TYPE EK00 will populate picking quantity. here one of my company's plant they are not d
-
My podcasts do not show the pictures only the sound when I import them to iTunes from Garage Band. How do I get the pictures to show up in iTunes?
-
Using a custom SSLSocketFactory for imqbrokerd on startup for SSLJMS
I want to startup imqbrokerd with my OWN custom SSLSocketFactory (to enable decrypting a password to send over as plaintext, so as to NOT store the password in plaintext on the filesystem). I have tried to use this without success: imqbrokerd -vmargs
-
How can I rotate a small video
Hi I took a small 1 minute video with my phone, but I was holding it the wrong way. I have downloaded it and the extension is .3g2 How can I rotate it? I only have regular quicktime thanks J
-
Help get rid of Bing search engine from macbook pro os 10.7.5
Help me get rid of Bing search engine from macbook pro os 10.7.5 fmartn67