LOGON ON TRIGGER를 이용한 접속제한 | TRACE 설정

Similar Messages

• Logon Database Trigger

  I want to write a database trigger that fires when a user logs onto the database. Oracle has this in 8i+.
  I am using 9i.
  I want to use this trigger to determine if the session is questionable(ie. Hacker). If it is then i want to either kill the session or audit it.
  Auditing is turning on for the database.
  I am trying to use
  execute immediate 'audit all by %username%'
  where username is from the v$session for the current session.
  It appears the logon trigger is fired but the session is not being audited.
  My question is how can I make the session be audited from within a trigger?
  Thanks for you help.
  Daniel

  ro**** wrote:
  When I login in sqlplus I get the error from the after login trigger, but after I get logged in I can issue ALTER SESSION ENABLE RESUMABLE and it works fine (session altered) So why does it let me alter the session after I get logged in, but not during the after logon trigger.It's probably because you have the privilege granted to a role and not a user. Roles are disabled when it comes to definer's rights (default).

• Database logon failed when deploy CR on Windows Server 2008

  I use Crystal Reports for Visual Studio 2010 Production Release with MVC 2 web aplication and SQL Server 2008 database server. When I compile/run from VS 2010 it running well, but when deploy it on Windows Server 2008, when load certain report (Not All report) face the following exception message:
  Database logon failed
  Stack Trace is as the following:
  at CrystalDecisions.ReportAppServer.ConvertDotNetToErom.ThrowDotNetException(Exception e) at CrystalDecisions.ReportSource.EromReportSourceBase.ExportToStream(ExportRequestContext reqContext) at CrystalDecisions.CrystalReports.Engine.FormatEngine.ExportToStream(ExportRequestContext reqContext) at CrystalDecisions.CrystalReports.Engine.ReportDocument.ExportToStream(ExportOptions options) at CrystalDecisions.CrystalReports.Engine.ReportDocument.ExportToStream(ExportFormatType formatType) at SequisLife.Controllers.ReportController.run_report(String report_name, IDictionary`2 dic_param)
  InnerException:
  System.Runtime.InteropServices.COMException (0x8004100F): Database logon failed. at CrystalDecisions.ReportAppServer.Controllers.ReportSourceClass.Export(ExportOptions pExportOptions, RequestContext pRequestContext) at CrystalDecisions.ReportSource.EromReportSourceBase.ExportToStream(ExportRequestContext reqContext)
  run_report method is as the following:
  private ActionResult run_report(string report_name, IDictionary<string, string> dic_param)
              string ls_respon = "";
              try
                  get_sqllogin();
                  ReportClass rptH = new ReportClass();               
                  rptH.FileName = Server.MapPath(VirtualPathUtility.ToAbsolute(report_name));
                  rptH.Load();             
                  rptH.Refresh();
                  Database crDataBase;
                  Tables crTables;
                  TableLogOnInfo crTableLogOnInfo;
                  ConnectionInfo reportConnectionInfo = new ConnectionInfo();
                  reportConnectionInfo.ServerName = server;
                  reportConnectionInfo.DatabaseName = database;
                  reportConnectionInfo.UserID = login_user;
                  reportConnectionInfo.Password = login_pass;
                  crDataBase = rptH.Database;
                  crTables = crDataBase.Tables;
                  foreach (Table crTable in crTables)
                      crTableLogOnInfo = crTable.LogOnInfo;
                      crTableLogOnInfo.ConnectionInfo = reportConnectionInfo;
                      crTable.ApplyLogOnInfo(crTableLogOnInfo);                  
                  ParameterFields lpf_parameters = rptH.ParameterFields;
                  if (lpf_parameters.Count > 0)
                      foreach (ParameterField lpf_param in lpf_parameters)
                          var llst_tmps = dic_param.Where(d => d.Key == lpf_param.Name);
                          foreach (var param in llst_tmps)
                              if (param.Key == lpf_param.Name)
                                  if (lpf_param.ReportName == "")
                                      rptH.SetParameterValue(lpf_param.Name, param.Value);
                                  else
                                      rptH.SetParameterValue(lpf_param.Name, param.Value, lpf_param.ReportName);
                  Stream stream = rptH.ExportToStream(CrystalDecisions.Shared.ExportFormatType.PortableDocFormat);
                  return File(stream, "application/pdf");
              catch (Exception ex)
                  ls_respon += ex.Message;
                  ls_respon = " - "ex.StackTrace;
                  ls_respon += " - " + ex.InnerException;
                  ls_respon += " - " + ex.Source;
                  ls_respon += " - " + ex.Data;
                  return Content(ls_respon);
  Please any body hepl me...
  Thank's in advance

  Hi,
  I am using CR with visual studio 2010 in windows 7 box 64bit box. using a ADO.net data source. And I need to export .rpt as pdf.The solution works fine in my dev box. by when i try to deploy in a windows server 2008 R2 box (64bit) it fails . Both my dev box and deplyment box uses sql server 2008 DB . Also i am using .Net framework 4.0 (not client profile)
  installed the following things in deployment box:
  1. CRRuntime_64bit_13_0_1.msi in
  2. Also copied the CRforVS_mergemodules_13_0_1 in C:\Program Files (x86)\Common Files\Merge Modules
  I get the following error in my Box:
  CrystalDecisions.ReportAppServer.ConvertDotNetToErom.ThrowDotNetException(Exception e)   at CrystalDecisions.ReportSource.EromReportSourceBase.ExportToStream(ExportRequestContext reqContext)   at CrystalDecisions.CrystalReports.Engine.FormatEngine.ExportToStream(ExportRequestContext reqContext)   at CrystalDecisions.CrystalReports.Engine.FormatEngine.Export(ExportRequestContext reqContext)   at CrystalDecisions.CrystalReports.Engine.ReportDocument.ExportToDisk(ExportFormatType formatType, String fileName)   at Tesco.Instore.PickingControl.ReportController.PrintDriverDocumentation(String driverDocumentation, Int32 vehicleTripId)] 20/10/2011 08:08:41        PCS        Critical                   Classic .NET AppPool      Error running End of Van [Logon failed.
  Error in File temp_31b3196f-fd25-45c8-b657-5d9cd7c9dccb {4F74290C-D56E-4FC4-8DEF-371BB5C5B10B}.rpt:
  Unable to connect: incorrect log on parameters.]
  I also verified the database connection is upto date. while creating the solution
  the project build is set to anyCPU.
  is there anything else i have to install ?? Please help me ..I am trying this thing from last one week and have not got any proper solution till now

• Trace in the listener.log

  Hello,
  Can we monitor failed connctions (ORA-01017: invalid username/password; logon denied) to trace the listener.log
  Does exist an option to do that ?
  Thanks for your answer
  Fabrice

  You've already been provided hints on using Database Audit.
  However, to answer your question : The reason why listener.log cannot log such errors is that the Listener does NOT do any authentication. It does not validate username/password pairs at all. When a connection request comes in to the listener, it just verifies if the request is for a valid SID / SERVICE and redirects the request to the database instance , having forked a server process. It is the server process in the database instance that does the authentication.

• Trace IP address of Successful login

  Hi
  We have had a security incident within our company. We know the user name (Windows Username) that was given elevated rights either by accident or on purpose. What we can't pick up is from what PC this account was used to access the database.
  1) Is there a way using the transaction logs to determine the IP address of machine that was used.
  2) Can we check when the windows profile was changed and by whom
  3) is there any advice on how to go about tracking down the culprit through SQL server or other means after the fact?
  regard
  Stephen

  ...We know the user name (Windows Username) that was given elevated rights either by accident or on purpose. What we can't pick up is from what PC this account was used to access the database.
  1) Is there a way using the transaction logs to determine the IP address of machine that was used.
  2) Can we check when the windows profile was changed and by whom
  3) is there any advice on how to go about tracking down the culprit through SQL server or other means after the fact?
  Hi Stephen
  by elevated rights/permissions you mean on SQL Server and not Windows AD already, right?
  I am not aware that the IP Address is captured in the Transaction Log.
  Using the default trace, located under your Log-folder, you should get the Host-Name though.
  The Default Trace captured the following Security relevant events:
  Security audit events
  Audit Add DB user event
  Audit Add login to server role event
  Audit Add Member to DB role event
  Audit Add Role event
  Audit Add login event
  Audit Backup/Restore event
  Audit Change Database owner
  Audit DBCC event
  Audit Database Grant, Deny, Revoke
  Audit Login Change Property event
  Audit Login Failed
  Audit Login GDR event
  Audit Schema Object GDR event
  Audit Schema Object Take Ownership
  Audit Server Starts and Stops
  So, if you still have the trace files from that date range, you should find the privilege elevation aka
  escalation.
  I am not sure what you mean by "Windows Profile". That would be an AD matter and logged at the DC.
  For forensics several methods are being used, beginning by using the ErrorLog (by default only containing failed logons) and default trace up to a memory dump. General rule would be to freeze all activity on the machine under examination. This depends on
  the level of the security incident. YMMV
  Andreas Wolter (Blog |
  Twitter)
  MCM - Microsoft Certified Master SQL Server 2008
  MCSM - Microsoft Certified Solutions Master Data Platform, SQL Server 2012
  www.andreas-wolter.com |
  www.SarpedonQualityLab.com

• Batchs taking time

  Hi,
  we are using production database 9.2.0.6.0 .
  lot of batches are running in this databases daily . batches are (function,procedures etc.)
  from last few days these batches are taking more time then previous time. There are no changes in structure of database .I checked for blocking sessions also during batch run but no blocking sessions are there .
  where i can check for finding the cause ....
  any idea...

  Sorry if my original post wasn't clearer.
  Tracing a session like execute dbms_system.set_sql_trace_in_session(sid,serial#,true) will trace a currently logged in session as of the current point.
  In the past I have setup a database logon trigger and traced all the sessions. Problems with doing this a user has to have the 'ALTER SESSION' privilege to enable tracing, if sessions connect through a connection pool then these need to be restarted/recycled (not possible sometimes) to capture the login and the tracing may generate alot of trace files (filesystem issues). Also, I've come across some bugs with logon tracing (creating trace file names with sys_context('USERENV','SESSION_USER') in the filename has caused problems on UNIX with OPS$ users, does not like $ in the filename and will error, possibly locking users out).
  The other approach you can take is enable tracing in the PL/SQL code or the beginning of the batch job.
  Another approach altogether is forget about tracing and take statspack snapshot before and after the job.

• How to create one user for one workspace

  Hi experts,
  I just wanted to know if anyone of you ever generated a user in a 11g database who only is able to see the content of one specifc workspace.
  The workflow would be that an admin-like user generates a new workspace and after this he creates a new user who can only see/change the data in this workspace.
  So when the new user is logging in, he is automatically in this new workspace and he has no priviliges to merge/create/rollback workspaces, or to change into another workspace.
  Could anybody please give me a hint on how to achieve this?
  Regards,
  Jens

  Hi Jens,
  Along with granting privileges on the specific tables, you would need to grant ACCESS_WORKSPACE using dbms_wm.grantWorkspacePriv on the specified workspace. Without granting any other privileges, the user would not be able to create additional child workspaces, or merge/rollback the workspace. Then, you would need to create a logon database trigger that places the user in the appropriate default workspace.
  However, a user is always able to access the LIVE workspace. There currently isn't any way to prevent that.
  Regards,
  Ben

• Wants delete user based on their last login details...

  Hi All,
  I have one question regarding oracle database user management. I have approx 300 users in my each Database and I know many of them are not actively used. I want to generate users report based on their last login information. I want to fetch list of users who is not logged in database since last 4 months and are eligible for delete operation.  Please guide me how to find this details.
  Thanks in advance...

  user12115, but really even if the logon time was not present and you only had the logoff time you know when the customer last used the system and relistically you could work with that.  Rather than audit user session connection due to the large number of connections/disconnects we have per day we created a database logon event trigger that updates an IOT for the username, logon_date of the OS user connecting.  If no row is updated we insert the username.
  Also keep in mind that many web based applications connect to the Oracle rdbms using an application username as not as the real end user.  In such a case auditing will not catch the real end user nor will the logon trigger unless the application uses dbms_application_info to post the real end username to Oracle.  If this is not true in your shop today it might be tomorrow so keep this potential issue in mind.
  HTH -- Mark D Powell -- 

• Peak Load

  I am looking for a way to repopulate some simple state information (list of
  proxies) to a backup copy of one of my SO's once the primary SO fails over.
  I had sent a request to the news group awhile back and received some great
  suggestions about writing to a file or to the DB. However, since the state
  information is data that CAN be recovered by the client app (i.e. node name,
  client id, pointer or proxy through the passing of an anchored object) we
  decided not to write this data to persistent storage but rather have the
  client re-register themselves with the SO by sending the appropriate info
  over to the SO (including the proxy back to the client). My question is
  this: If the SO goes down while a large number of users are logged on (lets
  say 500) and they all re-register themselves on the backup SO at the same
  time (passing 3 TextData objects and a proxy to the client) how much load
  will this cause and will it be enough of a load to hang the application?
  Another Question is: How does one go about forcing an SO to failover for
  testing purposes?
  Thanks you for your assistance!!
  George Vallas
  Systems Engineer
  EDS Medi-Cal - Systems
  3215 Prospect Park Dr.
  Rancho Cordova, CA 95670
  Phone: (916)636-1183
  mailto:[email protected]
  To unsubscribe, email '[email protected]' with
  'unsubscribe forte-users' as the body of the message.
  Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

  You can also use audit features of the database to audit user connections/disconnections and write the query to get what you need.
  Or you can also use with 9i/10g a LOGON/LOGOFF trigger to audit session connection and disconnection in a audit table and then write the query on this audit table to analyze the maximum number of connections.
  Got from somewhere in the forum.
  Hth
  Girish Sharma

• What other V$ view than V$SESSION can provide the "program" column ?

  Hi all,
  We get a blank value , no value then, given by the "program" column of the V£SESSION view when our after logon database trigger fires. This is perhaps because we use a forms R6i application which uses a 8.0.6 version of oracle client.
  So I want to know which other V$ view can be joined with the V$SESSION view to get the program column.
  Thank you very much indeed

  Modifying the sqlnet.ora has 0 to do with the issue at hand.
  Face it:
  if the client executable doesn't have provisions to expose the program name,
  you will never see it in v$session.
  Your problem is you want to remain in the Stone Age, where the CD rom didn't exist and records where played by birds.
  Sybrand Bakker
  Senior Oracle DBA

• How do we find out how many concurrent users login at peak time?

  Hi Frienz
  PLease let me know if there is any database trigger that we can keep to monitor this?
  Poonam Sachdeva

  You can also use audit features of the database to audit user connections/disconnections
  and write the query to get what you need.
  Or you can also use with 9i/10g a LOGON/LOGOFF trigger to audit session connection and disconnection in a audit table and then write the query on this audit table to analyze the maximum number of connections.

• What db-ressources are significant while runtime parsing queries in reports

  I have long idle time in running a report
  what db-ressources are significant
  while running Report
  Report compiling / Query parsing ?
  i have running the same report from a AS 10g
  in identical schema's
  on two different instances ( TEST and PROD )
  on a R11_2 orcale-db
  in TEST-Instance the report does run well in some seconds
  in PROD-Instance the report need more then 10 min
  to analyze it I have trace_all on AS
  and taken outputs in all triggers in the report
  I can see,
  the idle-time in the long-time report is between
  the AFTER_PARAM_FORM - Trigger
  and
  the BEFORE_REPORT - Trigger
  trace detail:
  [2011/6/22 0:9:25:115] State 56016 (JobManager:updateJobStatus): Job 76089 status is: Bericht Before-Report-Trigger wird ausgeführt wird
  ausgeführt
  [2011/6/22 0:9:25:115] Debug 50103 (JobManager:updateJobStatus): Finished updating job: 76089
  idle Time
  [2011/6/22 0:20:17:459] State 56016 (JobManager:updateJobStatus): Job 76089 status is: Bericht Seite 1 wird formatiert wird ausgeführt
  [2011/6/22 0:20:17:459] Debug 50103 (JobManager:updateJobStatus): Finished updating job: 76089
  this is while
  Report is "compiled".
  Queries are parsed.
  because both the reports run on the same AS
  and both schemas are identical
  it maybe the differences come from different the instance-system-ressources
  ( in the TEST-Instance there is 1 or 2 users / sessions,
  in the PROD-Instance there are > 100 users / sessions )
  what db-ressources are significant for performance
  while running Report
  Report compiling / Query parsing ?
  what other reason may be for the idle-time in this report ?

  In your trace your idle time is between Before Report Trigger and the formatting of page 1. So, the activity is in the database.
  Report compiling / Query parsing ?Compilation has already taken place when the report runs, so that's not it.
  Parsing depends on the query. If the query exists in the SGA it shouldn't parse again. However, if you have lexical parameters the query may be different each time. Still, parsing is (never) a problem.
  What remains: execution of the query. Trace the report session in the database.
  I just use TOAD for monitoring a session and see which query is executing for a particular session.

• Database level triggers

  How to know whether any of following database level triggers are enabled?
  Database Startup Triggers
  Logon/Logoff trigger
  DDL triggers
  Thanks
  R

  select owner, trigger_name, status from all_triggers;It should tell you its status!

• Problem with create context.

  I have one database instance in which I run the following command using DBUser1.
  ------------------------START---------------------------------
  create or replace context MyContext using set_context_id;
  create or replace procedure set_context_id
  context_id in number
  ) as
  begin
       dbms_session.set_context (
       'MyContext',
       'context_id',
       context_id
  end;
  --------------------------END-------------------------------
  Now, I have another user DBUser2, and I want to be able to use the same context name "MyContext" for this user as well. Since a context is unique, how can I use this context from DBUser2 ? As such, DBUser2 does not know anything about DBUser1 (until it looks up some system tables).

  Normally you sit the context for the user without their knowledge such as via a database logon event trigger. All contexts belong to user SYS and we place the associated package under an application Id. No users have execute on the package.
  You should be able to grant the users execute privilege on the associated package if you want the users to explicitly set the context though I have never done this and do not have a system in front of me to test with.
  HTH -- Mark D Powell --

• Assigned wrong role to administrator account.

  Hi all,
  To be able creating a user account on the portal. I wanted to add one role SAP_BC_JSF_Communication into account SAPJSF, but added it into j2ee_admin and restart system by accident. What I got now is I cannot use j2ee_admin logon portal.
  Here comes the questions:
  1. When I used j2ee_amin logon system, there was no any error message. It must be somewhere store the message for error handling. Where is it and how am I going to reach it?
  2. I checked the setting using J2EE engine visual administrator. Under server \ service \ security provider, I did not see this role attached to j2ee_admin on tab user management. If that's the case, why I cannot logon portal?
  PS) My NetWeaver version is 2004s SPS10.
  Any advice would be appreicated.

  Hi Mike:
    Thanks for your reply. Currently, even NWA I also can't logon. After trace defaultTrace.trc through Log Viewer. I found some error messages.
  <b>1.</b>
  Date : 04/26/2007
  Time : 10:37:47:265
  Message : Preventing access to user mapping data for user "J2EE_ADMIN, " (unique ID: "USER.R3_DATASOURCE.J2EE_ADMIN") and the SAP reference system ("PCCXI2") because the mapping has been saved when the system had not been set as SAP reference system.
  <b>Solution: Save the user mapping data again.</b> <b><i>(<--How to do that?)</i></b>
  Severity : Error
  Category : /System/Security/Usermanagement
  Location : com.sap.security.core.umap.imp.UserMappingDataImp.handleKeyedHashField(Object, int)
  Application : sap.com/com.sap.security.core.admin
  Thread : SAPEngine_Application_Thread[impl:3]_11
  Datasource : 1177574464015:F:\usr\sap\XI2\DVEBMGS11\j2ee\cluster\server0\log\defaultTrace.trc
  Message ID : 0015F2F00CD100790000000E0000020C00042EFAE77D8FF8
  Source Name : com.sap.security.core.umap.imp.UserMappingDataImp
  Argument Objs :
  Arguments :
  Dsr Component : pcc01_XI2_117653650
  Dsr Transaction : 1e5ad320f39f11db88280015f2f00cd1
  Dsr User : Guest
  Indent : 0
  Level : 0
  Message Code :
  Message Type : 0
  Relatives : /System/Security/Usermanagement
  Resource Bundlename :
  Session : 0
  Source : com.sap.security.core.umap.imp.UserMappingDataImp
  ThreadObject : SAPEngine_Application_Thread[impl:3]_11
  Transaction :
  User : J2EE_GUEST
  <b>2.</b>
  Date : 04/26/2007
  Time : 10:37:47:265
  Message : Reading user mapping data for principal "J2EE_ADMIN, " (unique ID: "USER.R3_DATASOURCE.J2EE_ADMIN") and system "PCCXI2" failed.
  Severity : Error
  Category : /System/Security/Usermanagement
  Location : com.sap.security.core.umap.imp.UserMappingDataImp.getLogonDataForSystem()
  Application : sap.com/com.sap.security.core.admin
  Thread : SAPEngine_Application_Thread[impl:3]_11
  Datasource : 1177574464015:F:\usr\sap\XI2\DVEBMGS11\j2ee\cluster\server0\log\defaultTrace.trc
  Message ID : 0015F2F00CD10079000000100000020C00042EFAE77D9304
  Source Name : com.sap.security.core.umap.imp.UserMappingDataImp
  Argument Objs : "J2EE_ADMIN, " (unique ID: "USER.R3_DATASOURCE.J2EE_ADMIN"),"PCCXI2",
  Arguments : "J2EE_ADMIN, " (unique ID: "USER.R3_DATASOURCE.J2EE_ADMIN"),"PCCXI2",
  Dsr Component : pcc01_XI2_117653650
  Dsr Transaction : 1e5ad320f39f11db88280015f2f00cd1
  Dsr User : Guest
  Indent : 0
  Level : 0
  Message Code :
  Message Type : 1
  Relatives : /System/Security/Usermanagement
  Resource Bundlename :
  Session : 0
  Source : com.sap.security.core.umap.imp.UserMappingDataImp
  ThreadObject : SAPEngine_Application_Thread[impl:3]_11
  Transaction :
  User : J2EE_GUEST
  It seems I set a unappropriate User Mapping System to j2ee_admin account. Can I cancel this setting throught any tool except portal's User Management web page?
  Any advice would be very appreciated.