Modifying Create User Dialog to enforce password rules

How do I modify the Create User dialog, so that the user is forced to select a password with atleast one lowercase, one uppercase letter and one numeric letter. As of now, there is no such restrictions.

ksk259,
I've found the answer to part of our issue - making the email field required. To do so, you have to:
Go to /var/clientlibs/libs/cq/security/widgets.js and find the createUser function
Add "allowBlank":false, under the "fieldLabel":CQ.I18n.getMessage("Mail") section.
As for the password security, we've made some progress on the password validation as well. You can add the in-dialog error string by adding a new vtype/return message.
Go to /libs/cq/ui/widgets/source/ext/override/locale/ext-lang-cq.js and add pwdText: CQ.I18n.getMessage('Your Error String Here') under CQ.Ext.form.VTypes
In the widgets.js above, add "vtype":"pwdText", under the "fieldLabel":CQ.I18n.getMessage("Password") section
Write your function in JavaScript that does the logic you need it to do.
What we are still unclear about is where exactly do we put this JavaScript function and how do we call it from the New User Dialog box. In the widgets.js file, the check passwords function is local to the CreateUser function - is this best place for a validation function? I don't understand exactly how the email validation function is working - I see the error message , but where is the code that actually performs the validation?
Can someone from Adobe chime in here?

Similar Messages

Create User WF - Expire Lighthouse Password

I want to automatically expire the Lighthouse password when a new user is created manually or via FFAS. I tried setting the following in the "Create user" workflow as the first Action in the 'Provision' Activity:
<dolist name='resAccountName'>
<ref>user.password.accounts[*].name</ref>
<block trace='true'>
<set>
     <ref>user.password.accounts[$(resAccountName)]</ref>
     <s>expirePassword</s>
     <s>true</s>
</set>
<set>
     <ref>user.waveset</ref>
     <s>expirePassword</s>
     <s>true</s>
</set>
</block>
</dolist>But the newly created user's password is not expired. How can I expire the Lighthouse password by setting an attribute in the user view?
Did I miss something and this is not possible in the user view and I have to checkout/checkin a ResetPassword view?

Setting waveset.passwordExpiry to a new instance of [java.util.Date|http://java.sun.com/j2se/1.5.0/docs/api/java/util/Date.html#Date()] does the trick.
waveset.passwordExpiry:
Contains the date on which the Identity Manager password will expire. When the view is initially constructed, the memory representation will be a java.util.Date object. As the view is processed with the form, the value can either be a Date object or a String object that contains a text representation of the date in the format mm/dd/yy.Hence, using the default toString() of java.util.Date wouldn't work and indeed did not work for me.
Either you expire the password in your UserForm:
<Field name='waveset.passwordExpiry'>
     <Default>
          <new class='java.util.Date'/>
     </Default>
</Field>or in the appropriate workflow (in my case, in Create User):
<Action id='0' name='expire password for certain users'>
<Condition>

</Condition>
<expression>
     <set>
       <ref>user.waveset</ref>
       <s>passwordExpiry</s>
       <new class='java.util.Date'/>
     </set>
</expression>
</Action>

Creating user account and setting password in Solaris9 through shell script

I need to create and set password of user through shell scripts.
User can be added successfully through "useradd" command but password cant be set through "passwd" command in script.
Is there any other alternative for the same.

Hi,
Did you get the answere for this ? I have the same problem as urs , like I want to creat the users by using useradd and want to hardcode there password in one script.
But I cant use expect utility which would have made my work easier

Create user/schema is script, then tables for that user/schema

Hi;
First off, if I phrase this a little wrong - I'm from the Sql Server world and still trying to totally understand Oracle.
I have a schema (.sql file) that creates my database fine. But what I would liek to add to the .sql schema is for it to create a user and then place all the tables, indexes, sequences, and triggers in as belonging to that created user.
This way we can tell people to log in as sysop and run the script to create the schema rather than create the user, log in as the user, then run the script.
What do I need to add?
thanks - dave

Hi;
I have tried:
CREATE USER DAVE IDENTIFIED BY password;
CONNECT DAVE/password AS SYSDBA
I have also tried:
CONNECT DAVE/password AS SYSTEM
CONNECT DAVE AS SYSDBA
CONNECT DAVE
In all cases ApplicationExpress says it does not recognize the CONNECT command. Should I do something different? What I want to accomplish is that all subsequent commands in the script creating tables, indexes, etc are assigned to the user/schema DAVE.
thanks - dave

Creating users in new 10g instance

I am upgrading a production database from 8i on Win NT to 10g on linux. I want to create the production users from the 8i db on the new 10g database without having to have them reset their passwords. We want this to be a seemless migration for our end users. How can we go about this?

Sounds like a full export and full import is what you're after, but in case you need to do a user level, you can do the before:
in your 8i database, as internal or sys select:
username, password, temporary tablespace, default tablespace from dba_users for each user
system privs from dba_sys_privs for each user
roles from dba_role_privs for each user
something like:
SQL>spool c:\somewhere\copyusers.sql
SQL>select 'create user '||username||' identified by '|| password||' default tablespace '||default_tablespace||' temporary tablespace '||temporary_tablespace||';' from dba_users where username IN('list_of_users);
SQL>spool off
Or use whatever where clause you need to or none at all.
then do similar for dba_sys_privs and sys_role_privs.
or if you have the time you can join all three into one script.
then run the scripts in the 10g database and you'll have your users. then you can do a user level import or whatever you need to do.
US

Create users for other clients from client 000

Hello!
I have the following question:
What is the Tcode allows me to see all created users (perhaps wuth their password) in all clients from e.g. client 000?
Is it possible to create new users for other clients from client 000?
Thank you very much!
regards
Thom

<b>SU10 User Mass Maintenance</b>
SCUA Central User Administration
SCUM Central User Administration
SCUG Copy users
SU01/SUCOMP User Maintenance/User company address maintenance
SU01D User Display
SCUL Central User Management Log

Create user like

Hi
I want to create a new user with exactly same roles and priveleges with a user which is created before.
How can I do that in Oracle 9i ? There is no enterprise manager

OrionNet wrote:
Hello,
YOu can genric script like in this example and create different users with the same privs and grants. It will prompt you to enter username and tablespace name, you can also do same for the password
CREATE USER &username
IDENTIFIED BY "password"
DEFAULT TABLESPACE &tsname
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
ACCOUNT UNLOCK;
GRANT IMP_FULL_DATABASE TO &username;
GRANT RESOURCE TO &username;
GRANT EXP_FULL_DATABASE TO &username;
GRANT CONNECT TO &username;
ALTER USER &username DEFAULT ROLE NONE;
GRANT CREATE SESSION TO &username;
GRANT ALTER SYSTEM TO &username;
BEGIN
Not sure that the script is going to work foolproof. For example, I don't think that there is a need to give explicit create session when already user is getting connect role in 10g . Also resource role comes with an unlimited tablespace priv , a big NO IMO to be given just to anyone. A much better option than this can be to make stand alone user-created roles for all the different types of users and grant them to the users when they are created. By this, all one would need to do is to issue a create user and couple of grant role commands and he is done.
Cheers
Aman....

"create user" not same as creating user from Administration?

I have created users both from scripts and from the Administration pages and am getting different results.
I created a user from a command line script (e.g., "create user <name> identified by <password>"), and then later granted the user all the privileges from the Administration -> Database users -> Manage Users page.
I created a second user from within the Admin pages - this user has all the privileges and works fine.
The user I created from the command line and then granted all privileges (including "DBA" and all explicit privileges) is NOT working correctly.
Specifically:
1. "select ... from ALL_OBJECTS" returns no records. (ALL_TABLES, ALL_INDEXES, and everything else that I try seem to work ok, but in order to see "ALL_OBJECTS", I have to explicitly qualify it with "SYS.ALL_OBJECTS".)
2. When compiling PL/SQL procedures, etc. in that user schema, the built-in packages are not visible unless I explicitly GRANT EXECUTE on each package to the user (from a system account). At that point, they are accessible.
I tried searching the forums for similar topics and didn't find any. I apologize if this is a redundant post, but it is driving me crazy.
Can someone tell me how to make sure the script-created users get all the appropriate rights, and why when they are granted rights from the Admin screens, they still don't appear to have all the rights?
I would strongly prefer not to drop the user account and rebuild it, as there are already 2200 existing objects (tables, procedures, indexes, etc.) in the user account.

Please disregard this post. While investigating another issue, I discovered that the user account from which I had migrated 600+ tables had (for some unknown reason) empty copies of ALL_OBJECTS, USER_INDEXES, and USER_IND_COLUMNS in the user tablespace, so these got copied over with the other valid tables. Having "local" (and empty) copies was causing most of the issues.

Wireless: unable to create user

Hi,
I got this error: "Resource /marconi/error not found" when trying to create a wireless user with using http://midtierhost:midtierport/marconi/welcome.uix.
The user has been created in OID, and has been provisioned to use email, calendar, files successfully.
Any clues?

Hi Swarup,
Try putting the password between single quotes like:
create user test identified by 'password';
Best regards,
Etienne van den Heiligenberg
TenICT, NL
url: http://www.tenict.nl/mailons.html

Create user statement on Procedures

Hi,
How to use create user command in oracle procedure.
Whenever I am using the statemet create user <username> identified by <password> it gives me the error. But whenever I am removing this statement the procedure is compiling successfully.
Is there anyway to use create user statement inside procedure?
Regards,
Indraneel

You have to use dynamic sql :
SQL> begin
2 execute immediate ('create user test_user identified by test_user');
3 end;
4 /
PL/SQL procedure successfully completed.
SQL>Of course the command should be completed with other information (e.g. default tablespace, temporary tablespace, and so on).
Paul

A question from a newbie:create user failed.

Hi,there.
I am a newbie on oracle database,and now I meet a question.It is said in the book that you can use:
create user username
identified by password;
to create a user.But when I test:
create user test1
identified by test1;
the system returns:
ORA-01031: insufficient privileges
How does this happen?

944775 wrote:
It looks just like it.Thank you very much.
And then I can't do any practices on this chapter.
Edited by: 944775 on 2012-7-5 下午11:42Why not? If you are doing "practices on this chapter", I would assume you have your own database to practice on. If that is the case, you - own - the database. You cana be sysdba and grant whatever privileges you want.
And if this isn't your own practice database, why not? See http://edstevensdba.wordpress.com/category/opinion/

Read this to find out how to add/update/delete users and change/reset passwords programmatically

WebLogic 7.0
I have read a number of questions on how to do these but not many answers, so
after figuring it all out, I thought I would post a message describing all these
tasts (It would be great if BEA would start something like 'HOW-TOs for Linux'
for WebLogic)
-1. Imports required :
import weblogic.jndi.Environment;
import weblogic.management.MBeanHome;
import weblogic.management.WebLogicObjectName;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authentication.GroupEditorMBean;
import weblogic.management.security.authentication.UserEditorMBean;
import weblogic.management.security.authentication.UserPasswordEditorMBean;
import weblogic.security.providers.authentication.*;
0. Code to retrieve DefaultAuthenticatorMBean (this code is running inside WebLogic
server - I have it inside EJB):
DefaultAuthenticatorMBean authBean;
Context ctx = new InitialContext();
MBeanHome mbeanHome = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
//Find UserEditorMBean
DomainMBean dmb = mbeanHome.getActiveDomain();
SecurityConfigurationMBean scmb = dmb.getSecurityConfiguration();
RealmMBean rmb = scmb.findDefaultRealm();
AuthenticationProviderMBean[] providers = rmb.getAuthenticationProviders();
for (int i = 0; i < providers.length; i++) {
if (providers[i] instanceof DefaultAuthenticatorMBean) {
authBean = (DefaultAuthenticatorMBean) providers;
break;
1. Create/Drop/Update users
to perform these tasks, the user must be logged in into weblogic and be in Administrators
group. Then, the code is as follows:
create user: authBean.createUser(username, password, description);
remove user: authBean.removeUser(username);
change user's description: authBean.setUserDescription(username, newDescription);
remove user from group: authBean.removeMemberFromGroup(groupname, username);
add user to group: authBean.addMemberToGroup(groupname, username);
2. Change other users' passwords (MUST BE ADMIN TO DO THIS - by Admin I mean be
a member of Administrators group)
authBean.resetUserPassword(username, newPassword);
3. Change your own password:
this is a bit trickier, because if you are not an admin, you can't change your
own password!!!! This is a part that I personally don't understand - seems like
a screw up on BEA's part. So, to allow users to change their own passwords, you
must change security context in the middle of processing to that of Admin user
and run this function as Admin user. Although a bit ackward, it's very easy to
do. Suppose you have two EJBs - EJB A and EJB B. EJB A does normal processing
for the user and always runs in logged in user's security context. Now, suppose
you want to add a method to EJB A to change current password. The method may
look like:
public void changePassword(String logon, String oldpwd, String newpwd)
throws some exceptions
Now, there is no way to do it in EJB A, because for most users, it will run in
a 'non-admin' security context. So, to get around it, you create another
EJB - EJB B. This EJB has one method:
public void changePassword(String logon, String oldpwd, String newpwd)
throws some exceptions
and one major difference - this EJB always runs in a secrity context of admin
user. To get an EJB B running 'as admin user', all you have to do in EJB A is
the following
EJB A:
public void changePassword(String logon, String oldpwd, String newpwd)
Hashtable props = new Hashtable();
props.put(Context.SECURITY_PRINCIPAL, "wlmanager");
props.put(Context.SECURITY_CREDENTIALS, "password");
// get context that with different credentials
Context ctx = new InitialContext(props);
EJBBHome home = (EJBBHome) ctx.lookup("EJBBHome");
EJBBLocal adminEJB = home.create();
adminEJB.changePassword(logon, oldpwd, newpwd);
adminEJB.remove();
of course, this poses a problem of hardcoding user id and password for admin user
in your application - you can come up with your own ways to secure that.
THAT's IT!!! You can use the method explained in part 3 to allow non-admin users
to do pretty much everything, however for the sake of security, I would definetly
vote against it and use part 3 to ONLY allow users change their own passwords
Enjoy
Andrey

I have a similar question, I would like to edit the artwork for EACH episode in the podcast, as well as have one artwork for the entire podcast series. Any suggestions? This is a podcast that I've created -- I did the same thing for a TV Show where I was able to do custom artwork for each episode, but not one single artwork for the entire series. Does anyone have suggestions of how i should proceed?
Recap:
One image for entire Podcast Series (or TV show)
Different Set of Images for each episode in Podcast. (Understand how to do this in TV show)
Thanks!

Problem in creating users with password restrictions

I have enabled the following option in the Authentication>Enterprise tab of CMC.
Must contain at least N Characters and specified N as 7
Enforce mixed-case passwords
However I am able to create user with password as abcd.
Please suggest.
Thanks in Advance

I might be missing something but the rule applies to users changing their pw not administrators creating accounts. If the administrator sets this rule it would be thought/assumed that they would enforce their own rule when creating accounts. The users however should not be able to select 4 character passwords.
I'll run some tests and see if I find out anything different.
Tested this on XIR2 SP4 and XI 3.0 The rules apply to the user not the administrator creating the account.
So create an account while the 7 character pw is enabled. By default the user logs in with the pw (any amount of characters) and is prompted to change their pw. They cannot choose anything less than 7 characters. So unless an administrator creates an account with a password less than 7 characters AND deselects the option to force a pw change. All new users will be forced to select a 7 character password.
This is by design. If it forced the administrator to create accounts without a 7 character pw they could simply deselect the options(as administrators) so there is no security in forcing this.
Regards,
Tim
Edited by: Tim Ziemba on Aug 13, 2008 5:28 PM
Edited by: Tim Ziemba on Aug 13, 2008 5:33 PM

Modify Script to Create User Role on Single Database.

Hi All,
Below is the script to create user role on database. Here problem is when I execute this script, it creates user role for all database within an instance and I want it to create user role only on 2 database say TEST1 and TEST2
Can anyone help me to modify the script?
--===================================================================================
-- Description
-- Database Type: MSSQL
-- This script creates a role called 'gdmmonitor' for ALL databases.
-- It grants some system catalogs to this role to allow Classification and Assessment on the database.
-- It then adds a user called "sqlguard" to all databases and grants this user gdmmonitor role.
-- before runnign this script
-- you MUST CREATE A SQL LOGIN CALLED 'sqlguard'
-- This sqlguard login doesn't need to be added to any database or given
-- any privilege. The script will take care of that.
-- Note:
-- If you wish to use a different login name (instead of 'sqlguard') you need to change
-- the value of the variable '@Guardium_user' in the script below;
-- (Look for the string: "set @Guardium_user = 'sqlguard'" and replace the 'sqlguard')
-- after runnign this script
-- Nothing to do, the script already creates the db user
-- User/Password to use
-- User: sqlguard (or any other name, if changed)
-- Pass: user defined
-- Role: gdmmonitor
--===================================================================================
PRINT '>>>==================================================================>>>'
PRINT '>>> Creating role: "gdmmonitor" at the server level.'
PRINT '>>>==================================================================>>>'
-- Change to the master database
USE master
-- *** If a different login name is desired, define it here. ***
DECLARE @Guardium_user AS varchar(50)
set @Guardium_user = 'sqlguard'
DECLARE @dbName AS varchar(256)
DECLARE @memberName AS varchar(256)
DECLARE @dbVer AS nvarchar(128)
SET @dbVer = CAST(serverproperty('ProductVersion') AS nvarchar)
SET @dbVer = SUBSTRING(@dbVer, 1, CHARINDEX('.', @dbVer) - 1)
IF (@dbVer = '8') SET @dbVer = '2000'
ELSE IF (@dbVer = '9') SET @dbVer = '2005'
ELSE IF (@dbVer = '10') SET @dbVer = '2008'
ELSE IF (@dbVer = '11') SET @dbVer = '2012'
ELSE SET @dbVer = '''Unsupported Version'''
IF (@dbVer != '2000')
BEGIN
-- This privilege is required to peform a specific MSSQL test.
-- Test name: SQL OLEDB disabled (DisallowAdhocAccess registry key)
-- Procedure execute: EXEC master.dbo.sp_MSset_oledb_prop
-- Purpose: To display provider property, not changing anything.
PRINT '==> Granting MSSSQL 2005 and above setupadmin server role'
EXEC master..sp_addsrvrolemember @loginame = @Guardium_user, @rolename = N'setupadmin'
END
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if they exist
CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL)
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND mbr.groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the role gdmmonitor on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the role gdmmonitor on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.spt_values TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysconfigures TO gdmmonitor
GRANT SELECT ON dbo.sysdatabases TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syslogins TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
-- Grant execute privileges to the role for MSSql Common
PRINT '==> Granting common EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON sp_helpdbfixedrole TO gdmmonitor
GRANT EXECUTE ON sp_helprotect TO gdmmonitor
GRANT EXECUTE ON sp_helprolemember TO gdmmonitor
GRANT EXECUTE ON sp_helpsrvrolemember TO gdmmonitor
GRANT EXECUTE ON sp_tables TO gdmmonitor
GRANT EXECUTE ON sp_validatelogins TO gdmmonitor
GRANT EXECUTE ON sp_server_info TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sql_logins TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
GRANT SELECT ON sys.server_role_members TO gdmmonitor
GRANT SELECT ON sys.configurations TO gdmmonitor
GRANT SELECT ON sys.master_key_passwords TO gdmmonitor
GRANT SELECT ON sys.server_principals TO gdmmonitor
GRANT SELECT ON sys.server_permissions TO gdmmonitor
GRANT SELECT ON sys.credentials
TO gdmmonitor
--This is called by master.dbo.sp_MSset_oledb_prop.
--By defautl it should have already been granted to public.
GRANT EXECUTE ON sys.xp_instance_regread TO GDMMONITOR
GRANT EXECUTE ON sys.sp_MSset_oledb_prop TO GDMMONITOR
END
-- Re-add the dropped members
IF EXISTS (SELECT 1 FROM #rolemember)
BEGIN
PRINT '==> Re-adding the role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- END of role creation on database
PRINT '==> END of role creation on: ' + @dbName
PRINT ''
-- Change to the msdb database
USE msdb
set @memberName = ''
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if it exists
TRUNCATE TABLE #rolemember
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM .dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the gdmmonitor role on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the gdmmonitor role on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
GRANT SELECT ON dbo.backupset TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
-- Grant execute privileges to the role for MSSql 2005 or above
PRINT '==> Granting MSSql 2005 and above EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON msdb.dbo.sp_enum_login_for_proxy TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
END
IF (@dbVer > '2000' and @dbVer < '2012')
--This sp is not available in SQL 2012
BEGIN
GRANT EXECUTE ON sp_get_dtspackage TO gdmmonitor
END
-- Re-add the dropped members
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Re-adding the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the temporary table
DROP TABLE #rolemember
-- END of role creation on database
PRINT '==> END of gdmmonitor role creation on: ' + @dbName
-- Role creation complete
PRINT '<<<==================================================================<<<'
PRINT '<<< END of creating role: "gdmmonitor" at the server level.'
PRINT '<<<==================================================================<<<'
PRINT ''
PRINT '>>>==================================================================>>>'
PRINT '>>> Starting application database role creation'
PRINT '>>>==================================================================>>>'
use master
DECLARE @databaseName AS varchar(80)
DECLARE @executeString AS varchar(7950)
DECLARE @dbcounter as int
set @dbcounter = 0
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases where name not in ('master', 'msdb')
and not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @dbcounter = @dbcounter + 1
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'PRINT ''>>> Starting MSSql ' + @dbVer + ' role creation on database: ' + @databaseName + ''' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'/* Variable @memberNameDBname must be declare within the string or else it will fail */ ' +
'DECLARE @memberName' + cast(@dbcounter as varchar(5)) + ' as varchar(50) ' +
'/*find any members of the role if it exists*/ ' +
'CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL) ' +
'INSERT INTO #rolemember ' +
'SELECT DISTINCT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr ' +
'WHERE usr.uid = mbr.memberuid ' +
'AND groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'/*Drop the Role Members If they exist*/ ' +
'IF EXISTS (SELECT * FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Dropping the role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Dropping member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_droprolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/*drop the role if it exists*/ ' +
'IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'BEGIN ' +
'PRINT ''==> Dropping the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_droprole ''gdmmonitor'' ' +
'END ' +
'/* Create the role */ ' +
'PRINT ''==> Creating the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_addrole ''gdmmonitor'' ' +
'/* Grant select privileges to the role for MSSql Common */ ' +
'PRINT ''==> Granting common SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON dbo.sysmembers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysobjects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysprotects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysusers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON dbo.syspermissions TO gdmmonitor ' +
'/* Check if the version is 2005 or greater */ ' +
'IF (' + @dbVer + ' != ''2000'') ' +
'BEGIN ' +
'/* Grant select privileges to the role for MSSql 2005 and above */ ' +
'PRINT ''==> Granting MSSql 2005 and above SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON sys.database_permissions TO gdmmonitor ' +
'GRANT SELECT ON sys.all_objects TO gdmmonitor ' +
'GRANT SELECT ON sys.database_principals TO gdmmonitor ' +
'GRANT SELECT ON sys.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON sys.database_role_members TO gdmmonitor ' +
'END ' +
'/* Re-add the dropped members */ ' +
'IF EXISTS (SELECT 1 FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Re-adding the gdmmonitor role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Re-adding member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_addrolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/* drop the temporary table */ ' +
'DROP TABLE #rolemember ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT ''<<< END of role creation on: ' + @databaseName + ''' ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT '' ''' +
'PRINT '' '''
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
-- Adding user to all the databases
-- and grant gdmmonitor role, only if login exists.
PRINT '>>>==================================================================>>>'
PRINT '>>> Add and Grant gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '>>> on all databases.'
PRINT '>>>==================================================================>>>'
USE master
/* Check if @Guardium_user is a login exist, if not do nothing.*/
IF NOT EXISTS (select * from syslogins where name = @Guardium_user)
BEGIN
PRINT ''
PRINT '************************************************************************'
PRINT '*** ERROR: Could not find the login: ''' + @Guardium_user + ''''
PRINT '*** Please add the login and re-run this script.'
PRINT '************************************************************************'
PRINT ''
END
ELSE
BEGIN
DECLARE @counter AS smallint
set @counter = 0
-- This loop runs 4 time just to make sure that the @Guardium_user gets added to all db.
-- 99% of the time, this is totally unnecessary. But in some rare case on SQL 2005
-- the loop skips some databases when it tried to add the @Guardium_user.
-- After two to three executions, the user is added in all the dbs.
-- Might be a SQL Server bug.
WHILE @counter <= 3
BEGIN
set @counter = @counter + 1
set @databaseName = ''
set @executeString = ''
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases
where not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'/*Check if the login already has access to this database */ ' +
'IF EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'/*Check if login already have gdmmonitor role*/ ' +
'IF NOT EXISTS (SELECT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr WHERE usr.uid = mbr.memberuid ' +
'AND mbr.groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'AND usr.name = ''' + @Guardium_user + ''') ' +
'BEGIN ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END ' +
'END ' +
'IF NOT EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'PRINT ''==> Adding user [' + @Guardium_user + '] to database: ' + @databaseName + ''' ' +
'execute sp_adduser [' + @Guardium_user + '] ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END '
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
END -- end while
-- Required for Version 2005 or greater.
IF (@dbVer != '2000')
BEGIN
-- Grant system privileges to the @guardium_user. This is a requirement for >= SQL 2005
-- or else some system catalogs will filter our result from assessment test.
-- This will show up in sys.server_permissions view.
PRINT '==> Granting catalog privileges to: ''' + @Guardium_user + ''''
execute ('grant VIEW ANY DATABASE to [' + @Guardium_user + ']' )
execute ('grant VIEW ANY DEFINITION to [' + @Guardium_user + ']' )
END
PRINT '<<<==================================================================<<<'
PRINT '<<< Finished Adding and Granting gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '<<< on all databases.'
PRINT '<<<==================================================================<<<'
PRINT ''
END
GO

Thanks a lot Sir... it worked.
Can you also help me in troubleshooting below issue?
This script is working fine on all databases except one MS SQL 2005 database. build of this database is 9.00.3042.00
SA account with highest privileges is been used for script execution. errors received are as follow:
>>>==================================================================>>>
>>> Creating role: "gdmmonitor" at the server level.
>>>==================================================================>>>
==> Granting MSSSQL 2005 and above setupadmin server role
==> Starting MSSql 2005 role creation on database: master
(0 row(s) affected)
==> Dropping the gdmmonitor role members on: master
==> Creating the role gdmmonitor on: master
Msg 15002, Level 16, State 1, Procedure sp_addrole, Line 16
The procedure 'sys.sp_addrole' cannot be executed within a transaction.
==> Granting common SELECT privileges on: master
Msg 15151, Level 16, State 1, Line 117
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 118
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 119
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 120
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 121
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 122
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 123
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 124
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 125
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 126
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
==> Granting common EXECUTE privileges on: master
Msg 15151, Level 16, State 1, Line 130
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 131
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 132
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 133
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 134
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 135
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 136
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.

HT204053 hi, I'm a pc user and have just created an apple id and password. I have also downloaded the icloud for pc, as I need to access an ical on there. When it comes to signing in with my apple id, I get the message that the apple id is valid but not a

Hi, I'm a pc user and am trying to access an ical via the icloud. This ical houses information about work etc and it is quite important that I can gain access to it. To that end I have created an apple id and password and downloaded the icloud for the pc. However , when I get to the sign in page and use my apple id, I get a message to the effect that my apple id is ok, but its no good for an icloud account/ or I dont have an icloud account. I've trawled thru lots of help pages and nothing points me in the right direction. I've been on this for over 3 hours today and getting nowhere....Can somebody please help, I'm starting to lose the will to live over this
Steve,
Devizes
Wiltshire

You must create the account using an Apple device, a Mac (Lion or greater) or an IOS device (IOS5 or greater). Having done that you will be able to sign in from your Windows machine.
FYI, iCal is an application that can display calendars from iCloud (and others) it is not a calendar itself, merely a calendar client. In Windows Outlook is the calendar client.

Modifying Create User Dialog to enforce password rules

Similar Messages

Maybe you are looking for