Managing Disco Users and reports

Hi,
I am finding it very difficult to manage the increasing discoverer users and reports.
I need to develop a tool or process to report, manage Discoverer active users and reporting for license compliance.
How to review user reports for possible deletion/preservation and final deletion of a user database logon?
How to delete a list of users?
How to preserve any shared reports that are actually used.?
How to clean up and delete their unused reports?
How to report: all active in a year (in last 6 months rolling), top 50, inactive?
any suggestions on how to get started with this?
Visakh

Marcelo,
You can manager users using EUSM (executable) found on the oid/ovd installation. Global/local role has to be created on the database side. All EUS mapping can be done on the OID or OVD side using "eusm". There is a metalink note that gives lots of examples on this. Or you can also use enterprise manager grid control that lets you do the same.
As or OVD vs. OID, I am not aware of any major limitations. just operational limitations. Since OID is a ldap server by itself, you can do a lot of tracing/auditing yourself instead of relying on other LDAP admins (unless you manage other ldap servers also). We are currently implementing oid 11.1.1.2 for EUS and I know of my previous employer who is in the middle of implementing OVD 11g (with sun one directory).
Regards,
Shaji
http://www.linkedin.com/in/shajivps

Similar Messages

How do i manage multiple users and devices with one apple id without everything showing up on every device?

how do i manage multiple users and devices with one apple id without everything showing up on every device?

How to use multiple iPhone, iPad, or iPod devices with one computer

What is the best way to manage 5 users and 6 devices? We dont all want the same merged contacts, we dont all want the same calendar notes, music, pics etc etc.

What is the best way to manage 5 users and 6 devices? We dont all want the same merged contacts, we dont all want the same calendar notes, music, pics etc etc.

As long as it is pointed to iTunes it will be accessible via home sharing on Apple TV.
http://support.apple.com/kb/HT1751?viewlocale=en_US&locale=en_US
If these are commercial DVD's we can't comment on any conversion process.

1. Is your service multi-tenant? Can an enterprise manage their users and data independent of other enterprises using their service or is your service more like a consumer service Do you support any sort of enterprise identity? If so, do you support SAM

1. Is your service multi-tenant? Can an enterprise manage their users and data independent of other enterprises using their service is your service more like a consumer service ?
2. Do you support any sort of enterprise identity? If so, do you support SAML, openID or user provisioning APIs?
3. What level of audit logging do you perform? All read/write of data? Do you support ability for customers to view only their activity logs?
4. What level of penetration testing do you perform? Is it done by 3rd parties? How often are these tests performed?

1. Is your service multi-tenant? Can an enterprise manage their users and data independent of other enterprises using their service is your service more like a consumer service ?
2. Do you support any sort of enterprise identity? If so, do you support SAML, openID or user provisioning APIs?
3. What level of audit logging do you perform? All read/write of data? Do you support ability for customers to view only their activity logs?
4. What level of penetration testing do you perform? Is it done by 3rd parties? How often are these tests performed?

Oracle VM Manager 3 User and groups

Hi!
Has anybody know something about howto manage users/groups in OVM3? I didn't find any information in the user's guide and there isn't such as configuration tabs or options in the web interface.
Thanks!

From what I've gathered talking to support is this:
OVM 3 is not well suited for single node implementations. You also should not mangle with the remaining space of the primary disk that has OVM Server installed on it. If one tries to do so - as I have, and exports the space as NFS for use with OVM 3 it will loop back on itself and cause errors I've reported in my post.
The only way to try such (lab) implementation is to use external NFS for server pool creation - or better yet, use external NFS for images and don't even enable clustering in server pool definition (meaning you would not use local physical disks for storage repository at all).
It's my impression Oracle put great effort into making a clustered solution that would scale very well. It's just not meant for single server implementations - which in reality make no sense anyway.
If you come across such problems, now you know. :-)

Best way to manage multiple users and multiple devices?

I would like some advice on the best way to manage iTunes and devices synced to it for multiple users -- Here's the scenario: I have 2 grade-school aged kids, who each have an iPod Nano and are going to get my old iPhone 3G to use as an iTouch after I upgrade my phone to the iPhone 4. In addition to my iPhone, I have a MacBook, a 30GB iPod, and a iMac. We are also looking into buying an iPad that we'll want to use (among other things) to watch movies while traveling. All music/apps/movies are currently located in my iTunes account on the iMac, and we sync via my personal @mac.com account.
I don't want to simply set up separate iTunes accounts for each kid, as I'd like to be able to control what music & apps they buy/download, and I've already got a fair amount of "their" music/apps/movies in my account, and don't want to have to try and move it from my account to theirs. Any advice on how to best set up an iTunes sharing arrangement that allows me to control their accounts, and sync all of the above devices would be most appreciated. Thanks in advance.

turingtest2 wrote:
Wow, I'd forgotten that one...
as I said in the thread, that post did find it's way into my database
great stuff, tt2 !

SQL to retrieve business areas, users and their reports?

Hi,
I've been able to retrieve by sql, users and their reports or business areas and thier users, but I'm unable to retrieve business areas, users and reports in the same sql.
I've been looking in eul tables without success. I guess someone has already done that?
Thanks

Hello
The problem you have is that you are trying to mix objects that don't go together.
As you have already determined, you can have a script to query users who have access to business areas, and you can also have a script to query users who have access to or own reports. However there is no link between business areas and reports.
Discoverer reports are validated against folders, not business areas. If a report uses 2 folders and there are 10 business areas that contain those folders which business area do you think the report was written against? The answer is none of them. You just happened to have a business area open at the time the report was written but truthfully you could have used any of them. Therefore, if a user reopens a workbook that uses folders found in multiple business areas, Discoverer will default to the first business area by name that contains all of the folders used and that the user has been granted access to.
Hope this helps
Best wishes
Michael

Manage users and groups on 10.5 client like 10.5 server?

can anyone recommend software for managing local users and groups on 10.5 client? we only need filesharing and don't need the added expense of OS X Server.
thanks

oh, right. we can add users with the File Sharing pref pane and can add groups under the Accounts pref pane.
i'm assisting a friend reconfigure a 'server' (os x client box) that was damaged.
i'd like to create a new group and then add a handful of users to that group for filesharing. these users don't really need to access the mac for local login.
they are using Windows Vista from the clients and the way it's set up now, if a user connects and modifies/creates a file, no one else can then modify the file. we have to run chmod on the file/directory for everyone to be able to change it. i'd like to configure it so the permissions work correctly without having to do this.

Security Settings on Domain Node in Users and Computers

When I open Active Directory Users and Computers (dsa.msc) and right click on the domain node (top node of the tree) and select Properties, there is a security tab with the usual dialog for setting permissions.
I assume the Domain Administrator account, Domain Admins, and Enterprise Admins should have full control. But what other groups or users should have what permissions? Are the permissions I set here applicable only to the folders and OUs
in the tree? Why would anyone but Domain/Enterprise Admins need permissions to these objects?
Are there any KB articles or best practices that offer guidance regarding how to set permissions here?

Hi,
Thanks for your posting.
Please check the following articles,
Security Groups
http://technet.microsoft.com/en-us/library/cc960640.aspx
Managing Domain Users and Groups
http://technet.microsoft.com/en-us/library/cc759353(v=ws.10).aspx
http://ss64.com/nt/syntax-groups.html
Regards.
Vivian Wang

LDAP Users and Groups

Hi,

I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:

com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.


It seems that this needs to be setup. How do I do this?


Some general notes on LDAP:

I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.

Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.

It would be interesting to read what Bea and other developer think about this.

Kind regards,

Kai


Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)

Users And Security Best Practice

Dear Experts
I am designing an application with almost fifty users scattered in different places. Each users should access tables according to his/her criteria. For example salessam, salesjug can see only the sales related tables. purchasedon should access only purchase related tables. i have the following problems
Is it a best practice to create 50 users in the DB i.e. 50 Schemas are going to be created? Where are these users normally created?
or is it better for me to maintain a table of users and their passwords in my design itself and i regulate through the front end. seems that this would be risky and a cumbersome process.
Please advice
thanks
Manish Sawjiani

You would normally create a single schema to own the
objects and 50 users to use them. You would use roles
and object privileges to control access.Well, this is the classic 'Oracle' approach to do this. I might say it depends a bit on what you want to achieve. Let's call this approach A.
The other option was to have your own user/pwd table. You can create your own custom authentication but I would go for the built-in Application Express Users - authentication scheme. You can manage the users via the frontend (Application builder > manage Application Express Users) . There you can manage the groups and end users which you can leverage in your Apex app. You can even use the APIs to create the users programmatically. It is all done for you. Let's call this approach B.
Some things to consider:
1) You want to create a web application and also other applications that access the data stored in Oracle (another PHP / Oracle Forms / Perl ) or allow access via SQL/Plus. Then you should use approach A. This way you don't need to reimplement security for these different approaches.
2) You want to create one (or multiple) Apex applications only. This will be the only mechanism the users will access your data. Then I would go for approach B.
3) When using approach A some users didn't like that all users will have access to their workspace, including the sql command line and having the capability of building applications and possibly being able to change the data they have access to through the Oracle roles. Locking down this capability is possible but it takes some effort and requires an Apache as a proxy.
4) When using approach A you will need DBA privileges to manage the users and assign the roles. This might not always be possible nor desired. Depends on who will manage the Oracle XE instance.
5) Moving the application including the end users to another machine is a bit easier using approach B since they are exported via the application export mechanism. Using approach A you would have to do it yourself. Be aware that the passwords are lost when you install the users into a different Oracle XE instance.
6) If you design the application using approach B you will have to design security in a way that doesn't rely on the Oracle roles / grants security mechanisms. This makes it easier to change the authentication scheme later. For example, later you want to use a LDAP directory, a different custom authentication scheme or even SSO (SSO is not available out of the box but feasible). This is directly possible.
Using approach A you would have to recode the security mechanisms (which user is allowed to update/delete which data).
Hope that clarifies your options a bit.
~Dietmar.
Message was edited by:
Dietmar Aust
Corrected a typo in (5): Approach B instead of approach A , sorry.
Message was edited by:
Dietmar Aust

Workspace/Developer users and Oracle accounts

We plan to install Apex 4 (for first time) into an existing database with many schemas and users. Some users already have developer privileges in their schemas pre-Apex install. Will their user/schema privileges be 'inherited' into the Apex environment or will they have to be re-defined as Workspace admins/developers? If they have to be re-defined as developer user in Apex is there a way for them to keep their old passwords?
Also, we are implementing Oracle Identity Management and plan to move all developer-type accounts to be Enterprise User accounts in OIM. Will Apex developer users be compatible with this?
Thanks,
Pat

Yes, I have no problem with end-user authentication -- we have already implemented LDAP authentication in another Apex environment with our central LDAP directory as an alternate user authentication. I am glad to hear that some plans are being made for other methods of authentication of developers--why not become compatible with Oracle's own OIM and the concept of Enterprise User??
Quoting an Oracle whitepaper entitled: Directory Services Integration with Database Enterprise User Security
"... many enterprises today are still managing database users and privileges in individual databases. From end user perspective, managing passwords in multiple databases is confusing and results in poor user experience. From administration perspective, redundant user management is costly, and managing user authorizations in multiple databases is error prone. From auditing and compliance perspective, on time provision and de-provision of user access and privileges across databases is challenging.
Enterprise User Security (EUS), an Oracle Database Enterprise Edition feature, leverages the Oracle Directory Services, and gives you the ability to centrally manage database users and role memberships in an LDAP directory. Enterprise User Security reduces administration cost, increases security, and improves compliance through centralized database user account management, centralized provisioning and de-provisioning of database users, centralized password management and self-service password reset, and centralized management of authorizations using global database roles. "
Sounds like a great option to consider!!
Pat

Framework to handle users and roles

hi
is there any framework that allow to manage security(users and there roles) in swing application

Swing is a graphic user interface toolkit. What do users and roles have to do with user interfaces?
Anyway, in Java of course you have a multitude of possibilities at your disposal.
[check here|http://java.sun.com/javase/technologies/security/]

Need help understanding MS SQL Server 2008R2 and Report Builder 3.0 and user access / priviledges.

Having Problems with connections and access. I have spent the last 2 days reading various threads regarding SQL Reporting Services pertaining to access and connections.
First, let me explain what I have done to date.
1) I am using Windows 7 - Home Premium.
2) I downloaded and installed MS SQL Server 2008 R2 Express. This was successful.
3) I downloaded Report Server 3.0 - This was successful.
4) In IE, I tried logging onto http://servername/reports, but this failed. After logging into IE
via ' Run Administrator', I was able to access URL.
Next, I updated the security / trust sites as explained in the
threads
Next, I went to Folder Setting and added my user name and granted all roles (Browser,
Content Manager, My
Reports, Publisher and Report Builder).
5) Now, I can log into Http://servername/reports using my normal windows 7 user account.
6) Next, I opened Report Builder 3.0. However, I am having trouble connecting to report
server. I tried connecting with
http://servername/reports, but this failed.
However, If I change URL to http://servername/reportserver, it works. BUT NOW, I have
another problem. When I
execute the RUN button to create report, I get a permission
error. "PERMISSION GRANTED TO USER ARE
INSUFFICIENT FOR PERFORMING THIS OPERATION".
7) Finally, I can not save reports to http://servername/reportserver when I select "Recent
Site and Servers". ERROR
MESSAGE: UNABLE TO OPEN OR SAVE REPORT
8) In my Reporting Services Configuration Manager:
Web URL = http://servername:80/ReportServer
Report Manager URL = http://servername:80/reports.
What is strange, the Report Manager URL works for IE URL and WEB URL works for
Report Builder connect (Even though it really does not work).
THREE QUESTIONS:
1) What URL should I use to connect in Report Builder.
2) How do I update my normal Windows 7 user so I can run reports when I connect to report
builder.
3) How can I save my reports so they are displayed in IE Reporting services. Note: I was
able to save report to
documents folder and import into IE Reporting Services.
4) And finally, is it possible to add report builder 3.0 as a tab in my IE Reporting Services. I
save seen samples of Reporting Services screens where the instructor has Report Builder
tab.
Thanks
Dan

To answer question 1... it should connect through /ReportServer
http://bretstateham.com/reporting-services-architecture-diagram%E2%80%A6/
Report Builder 3.0 is not a web application, it is a client side application can be used using the click-once or downloaded from Microsoft's website. If you are having issues, you might download and install it and try running it as an administrator.

User login report in Active Directory for specific date and time

I want to get User login report in Active Directory for specific date and time e.g user logged in at15-01-2015 from 8:00am to 4:00pm
Is any query, script or any tool available?
Waiting for reply please

You can identify the last logon date and time using my script here: https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771
If you would like to get back in time and see when the user did a logon / logoff then you need to have auditing enabled. Once done, you can records from Security log in the event viewer: https://social.technet.microsoft.com/Forums/windowsserver/en-US/98cbecb0-d23d-479d-aa65-07e3e214e2c7/manage-active-directory-users-logon-logoff-events
I have started a Wiki about how to track logon / logoff and it can help too: http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

Managing Disco Users and reports

Similar Messages

Maybe you are looking for