NEED TO DETERMINE USERS THAT HAVE LOGGED IN WITH A SPECIFIC ROLE
I have a requirement to determine which users have logged in with a specific
role or accessing a specific application. I know I can use the
ORASSO.WWSSO_AUDIT_LOG_TABLE_T table to see the users that have logged in, but
need to know which table to join with in order to determine which group that a
user belongs to. It would also be nice to figure out which users are accessing
a given application.
We are running AS 9.0.4.2 with ORASSO database 9.0.1.5.
Can you identify which tables I will need to use to satisfy my requirement?
Thanks, Mike
Thanks! I modified this slightly to get what I needed but I didn't think that I could get this from dba_tab_privs. You were a huge help!
select table_name, grantee
from dba_tab_privs
where
table_name in ('UTL_FILE', 'UTL_TCP', 'UTL_HTTP', 'UTL_SMTP', 'DBMS_LOB', 'DBMS_SYS_SQL', 'DBMS_JOB', 'DBMS_BACKUP_RESTORE')
and privilege='EXECUTE'
order by table_name;
Similar Messages
-
Portlet to display all users that have manager defined as currently displayed user profile
I need to create a portlet such that when a user finds a user's profile they see all of the users defined with manager set to the value of the profile user's employeeNumber.
Example:
(Think a directory of employees)
John searches and finds user named Jack. He sees Jack's name, phone number, address, etc in the General Information section. Then he also sees a section (Portlet) that lists all of Jack's direct reports. John clicks on one of Jack's direct reports (Sam), to find this person's phone number.
The Direct Reports portlet would be a search portlet that finds all of the users that have a mangerID property set to the value of Jack's employeeNumber property and displays them sorted by LastName.
I need some direction on where to start for this.
It seems like I need to use the Plumtree Server API in order to search for all of the user objects and sort them on a particular property, .e.g IPTObjectManager.Query Method (Int32, Int32, Int32, Int32, Int32, Object[][])
A crawler seems out because, I guess that would require creating a folder for every user in the system? If I create a single folder I would need a binary tree structure to the folder. (Has anybody done this?)
I am concerned about the performance related to performing this search each time a user examines a user's profile.
Can somebody direct me to an example of a search "Portlet"? All of the examples I see are of searching external information like Google, or use PRC (do not see how that would be implemented in a portlet), or use EDK (external and does not seem to be able to do this).You don't need one workflow per user when a filtered view can do this for you. If the manager's list is the parent calendar, I'm assuming that he'll be at least using the person look-up column.
Whether this feeds through the MyCalendar or stays where it is, you can use the [Me] parameter within the filter on a new view. This will then return the assigned holiday filtering against the account that is logged in.
Steven Andrews
SharePoint Business Analyst: LiveNation Entertainment
Blog: baron72.wordpress.com
Twitter: Follow @backpackerd00d
My Wiki Articles:
CodePlex Corner Series
Please remember to mark your question as "answered" if this solves (or helps) your problem. -
Enumerate the users that have access to a particular directory
Hi, my name is Jennifer and I have been searching for an answer to my problem through several blogs. The problem is that I have a Directory of which I want to not only retrieve the users\groups that have access to it but also enumerate through the groups
to list actual users. The groups part is the main issue here. If I use get-acl, I can return any number of particular Active Directory groups that have access, however, I need to list the users inside this group and get-acl will not output an object I can
work with. I thought I could do something like this (which I may have seen on this forum before):
get-acl "C:\NestedGroupTest" | %{$_.access} \ ft -property identityreference
This will return the groups\users that have access. Example:
Domain\OU
NT Authority\system
Builtin\users
ETC...
I have tried exporting this output to a file and then trying to use get-adgroupmember (which obviously will not work on the non-AD groups) but the objects are of the wrong type so basically nothing in the Active Directory module will work...
This seems like such a simple issue but it is causing me grief to no end...please helpI can't guarantee that this will work in all cases, but it seems to work on my test domain. Warning: it's very slow and inefficient. It requires
this module (get the 3.0 test version), but you can modify the foreach block's code somewhat to get it to work with Get-Acl.
Get-Item C:\NestedGroupTest | Get-AccessControlEntry | ForEach-Object { $PropertyNames = $null }{
if (-not $PropertyNames) {
# We need to copy the property. This will get a list
# of the properties on each ACE when it encounters
# the first ACE (since the rest of this is so ineffecient,
# we can feel good that we saved some work by doing this)
$PropertyNames = $_ | Get-Member -MemberType Properties | select -exp Name
# Create a new hashtable that will be used to create a PSObject
$NewObjectProps = @{}
foreach ($CurrentProperty in $PropertyNames) {
$NewObjectProps.$CurrentProperty = $_.$CurrentProperty
# Check to see if this SID belongs to an AD group
Write-Verbose ("Current principal: {0}" -f $_.Principal)
try {
$Group = Get-ADGroup -Filter { SID -eq $_.SecurityIdentifier } -ErrorAction Stop
catch {
# Write a warning or something?
if ($Group) {
Write-Verbose " -> Group, so looking up members"
$Users = $Group | Get-ADGroupMember -Recursive | select @{N="Principal"; E={$_.SID.Translate([System.Security.Principal.NTAccount])}}, @{N="SecurityIdentifier"; E={$_.SID}}
else {
Write-Verbose " -> Not an AD group"
$Users = $_ | select Principal, SecurityIdentifier
# Go through each user/non-translated group, modify two
# hashtable properties, and create the new PSObject
$Users | ForEach-Object {
$NewObjectProps.SecurityIdentifier = $_.SecurityIdentifier
$NewObjectProps.Principal = $_.Principal
$NewObject = New-Object PSObject -Property $NewObjectProps
# This will make the new object show the module's custom formatting:
$NewObject.pstypenames.Insert(0, "PowerShellAccessControl.Types.AdaptedAce")
$NewObject
That should resemble the output that Get-AccessControlEntry would give you, but AD groups have been translated to users. If you pipe that to Export-CSV, you'd have plenty of information for each ACE, including the path, principal, security identifier, access
mask, etc. You could also pipe that to Select-Object and just ask for certain properties (try it with these properties: Path, Principal, AccessMask, AccessMaskDisplay, AppliesTo).
You can also use the Get-AccessControlEntry function's parameters to do some filtering on the ACEs that are returned (maybe you only want ACEs with FullControl, or ACEs that were not inherited...)
Give it a shot and let me know if it works for you. If you need more explanation of what's going on in the foreach-object process block, let me know and I'll try to help. It can be modified to work with version 2.1 of my module, and with Get-Acl. -
Portal users who have logged in during a specified time interval ?
Hi,
I need to know all the users who have logged in to the portal during a specific interval of time e.g during the last 10 days. Is there any provision to write code using UME api ?
Any help would be highly appreciated and rewarded.
Thanks & Regards,
SudhirHi Jaga, Thanks for your reply.
This is what i needed.
Vector v=new Vector();
IUserAccountFactory uaf = UMFactory.getUserAccountFactory();
IUserAccountSearchFilter userAccountSearchFilter=uaf.getUserAccountSearchFilter();
userAccountSearchFilter.setLoggedInBetween(fromDate,toDate);
ISearchResult sr = uaf.search(userAccountSearchFilter);
while(sr.hasNext())
IUserAccount ua = uaf.getUserAccount((String)sr.next());
IUser tmp = ua.getAssignedUser();
v.add(tmp); -
PowerShell - List all users that have access to a particular SPLIstItem
Hi there,
In PowerShell - how to list all users that have access to a particular SPLIstItem?
Thanks so much in advance.Hi frob,
According to your description, my understanding is that you want to list all users who have access to a particular SharePoint list item via PowerShell.
You can use the following PowerShell command:
$web = Get-SPWeb http://sp/sites/First
$list=$web.Lists["listV2"]
$item=$list.Items | where {$_['ID'] -eq 1}
$item | Select -ExpandProperty RoleAssignments |Select {$_.Member.DisplayName}, {$_.Member.LoginName}, RoleDefinitionBindings
In the above command, you need to change the web URL to your site's URL, change “listV2” to the name of your list, and change the ‘1’ to the ID of the list item.
The result looks like:
Best Regards,
Wendy
Wendy Li
TechNet Community Support -
I have a SharePoint InfoPath 2010 browser form with item level security. Only submitter
and approvers has access to the form. This form contains a people picker that is populated with the names of attendees
for the meeting they attended (which
I am able to store in Field2 below). I want to allow attendees to be able to view (grant view permission) the InfoPath form. Field 2 has the users in form of domain\user1;domain\user2; etc. Following the below step, I am getting error when I ADD or REPLACE
permission on current item. How do I go about assigning view permission to all the users that have been selected in contact selector?
JituHi ,
i understand that the text box and the people picker hold multiple user names and you want to grant user permission based on the user in the text box.
I have a test based on your description,the results are: When there are multiple users in the text box, the workflow will throw an error'Error Occurred'.It is the same with the people picker column.
You need to limit the peopel picker to only allow to select one user,in this way the text box will only hold one user.Then you can use the people picker or the text box to grant user permission.
Thanks,
Entan Ming
Entan Ming
TechNet Community Support -
IDM 6.0 - List users that have exclusions
For some individuals within a role, we are excluding the Active Directory resource. So what is the easiest way to generate a list of these users that have this exclusion?
Jim:
You are referring to creating forms, in IdM parlance. The specific form you are referring to is called a "User Form". When you create an administrator, you can associate a particular user form with that administrator.
The default user form is called "Tabbed User Form". The easiest way to customize a form is to copy the existing one and remove anything you do not need.
In the v6.0 manuals, there is a deployment example in "Deployment Overview" manual. Las step for the LDAP deployment is the cutomization of some of the admin forms. That should help.
It is pretty straightforward once you get the hang of it, but it takes some time to get there.
Cheers,
GB -
Users that have hit their Throttling limit
Need to be able to get a list of users that have hit their RecipientRateLimit set in the default Throttling Policy.
Hi,
I have some tests in my environment. If the recipients are more than the number of recipients in a day you have set, then this message can't be sent actually, an error (such as "The message can't be sent right now" or "This message can't be
sent") will occur when you click Send. So the send action can't be finished. Based on my knowledge, Exchange has no built-in function to get the list of users who hit their RecipientRateLimit.
Here is a blog for your reference.
Some mysteries of Throttling Policy: Recipient Rate Limit
http://blogs.technet.com/b/fun_with_powershell/archive/2013/10/04/some-mysteries-of-throttling-policy-recipient-rate-limit.aspx
Hope my clarification can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support -
We have two users that have been using Creative Cloud for almost a year. Recently, sometime in the last 4ish weeks, the users can no longer run Creative Cloud apps. (Yes, our subscription is paid.) Error simply says administrator access is required to install. The apps have already been installed. The users cannot run them unless they are in the local admin group.Using "Run as admin" does not work. It gives the same error.
I have opened a case with adobe support and was basically told to suck it up and put the users in the admin group. Actually, what was said was that it is "mandated that the users have administrative rights".
There are a couple of things wrong with this. It was working for both users until recently - a recent required creative cloud update. The users have never been local admins yet the apps were working (poorly, but working).
We are in an enterprise environment and users simply do not have administrative rights on the computers.
I have changed permissions on all adobe folders, granting users or authenticated users modify or full control rights, did the same in whatever Adobe registry HKLM keys I could find. Nothing has allowed the users to run the apps - unless they are put in the local admin group.
Someone has to have a fix for this. Adobe apps have proved to have far too many vunerabilities to even entertain the idea of elevating user rights. I can't imagine that enterprise environments are allowing this.
Any help or suggestions are greatly appreciated.Jeff,
Thank you for your response. The users in question are "standard" domain users. We do not reduce users permissions below the standard level.
The apps do not load with their current standard user permissions.
The thing that makes this odd, is that up until recently they did this issue with cloud apps. The only way I can make it work for them now is to put them in the local administrator group on their pc's - which is not going to happen.
This is what they now see. As I said before, this was not a problem up until recently they would see all their available apps. If I put them in the local admin group the apps are listed without having to install. Everything is there, just not accessible to the user. -
Data view web part to display the most frequently accessed pages based on the user that is logged in
I am working on a project in which I would like to display the top 5 most accessed pieces of content as links, based on the user that is logged in. Our MOSS 2007 implementation has subsites for all regions that we do business in, as an example North, South, East, and West. When a user visits the North region homepage, I would like a web part to display:
Hello, <username>, here is a listing of your most accessed content:
Link to One
Link to Two
Link to Three
Link to Four
Link to Five
So each user would get a customized list based on their content access. We are not using my sites, but these would not work as we want the list to display on the home page of the region site.
I am thinking that a data view may work here, but I am not sure. Any help is greatly appreciated.If you are running MOSS you may want to take a look at the Relevant Documents web part too.
http://office.microsoft.com/en-us/sharepointserver/HA102410251033.aspx
The Relevant Documents Web Part helps you create a personalized view of the documents that you create, check out, and change. In a large Document Center, the Web Part can save you time and effort by making files easier to find and use. The following figure shows the Web Part: -
Hello,
CM 2012 now has a options " Only discover computers that have logged onto Domain in given period of time". Which Active directory property it looks into. is it looking into lastpwset or some other properties. Please let me know the details of
this option, specifically what properties it looks into to find out the information.
Thank youThat would be the LastLogonTimeStamp Attribute for the computer account.
http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
Gerry Hampson | Blog:
www.gerryhampsoncm.blogspot.ie | LinkedIn:
Gerry Hampson | Twitter:
@gerryhampson -
How to Use PowerShell to Delete FIM Users That Have a Null attribute name
FIM Community Information Center Article
Wiki Page:
How to Use PowerShell to Delete FIM Users That Have a Null <attribute name>
Go to the FIM Community Information Center
Mike Crowley | MVP
My Blog --
Planet TechnologiesHave you run side-by-side metrics on this?
I've run the Delete Object method and your script against similar data sets and yours appears to take a fair bit longer. I'd have to re-run in identical circumstances, a few times, to really say for sure, but my initial impression is that it will take hours
longer.
I guess the point is somewhat moot anyway, as for me the bit that generally takes longest is the actual query, rather than the deletions.
Boy how I wish I could just enter something into the FIM Portal directly that would blast out a bunch of users matching a query. One day...
FIMSpecialist.com | MCTS: FIM 2010 | Now Offering
ECMA1->ECMA2 Upgrade Services -
I am considering installing the latest version of OSX Mountain Lion but am concerned by the number of users that have had severe problems. Has Apple sorted this out?
As I told you, you have to do some steps before upgrading to OS X Mountain Lion.
First of all, make a backup of your files using Time Machine and/or Carbon Copy Cloner. If you make both, good, but if you only make one, it's OK, too.
OS X Lion and OS X Mountain Lion aren't compatible with PowerPC applications, so you have to check if your applications are compatible > http://www.roaringapps.com If you have to update an application, do it before upgrading, because the Mountain Lion installer moves unsupported applications to a separate folder.
After doing that, open Disk Utility, select "Macintosh HD" in the sidebar and repair permissions. Then, verify the disk to check if it's OK. If everything is right, just open the App Store and purchase OS X Mountain Lion -
Query: to view all users that have been created for access to a database
Hi,
Is there a command syntax that we could give to see all the users who have been created for access to a particular database. I want to view all the users that have been created using sql* plus.
can anyone help or is it impossible?
ThanksThis is for begging:
[email protected]> select grantee, privilege from dba_sys_privs where privilege like '%CREATE%SESSION%
2 /
GRANTEE PRIVILEGE
A CREATE SESSION
AA CREATE SESSION
U1 CREATE SESSION
U2 CREATE SESSION
BD1 CREATE SESSION
DBA CREATE SESSION
EMI CREATE SESSION
MOB CREATE SESSION
ODM CREATE SESSION
OHP CREATE SESSION
SEC CREATE SESSION
SYS CREATE SESSION
TU1 CREATE SESSION
TU2 CREATE SESSION
U01 CREATE SESSION
XDB CREATE SESSION
MOBI CREATE SESSION
OHP4 CREATE SESSION
PFAY CREATE SESSION
UD01 CREATE SESSION
UR01 CREATE SESSION
ADHOC CREATE SESSION
BATCH CREATE SESSION
DEBUG CREATE SESSION
DEV01 CREATE SESSION
HRAPP CREATE SESSION
MDSYS CREATE SESSION
MOBI2 CREATE SESSION
SKING CREATE SESSION
SPACE CREATE SESSION
UPASS CREATE SESSION
WKSYS CREATE SESSION
CTXSYS CREATE SESSION
ORDSYS CREATE SESSION
PRAC01 CREATE SESSION
RTABLE CREATE SESSION
CONNECT CREATE SESSION
Than you have to select also all the users that have granted roles with this privilege
this will give you the full set of users who can connect
Best Regards
Krystian Zieja / mob -
Are there any good DVD authoring programs for Mac now that Apple has discontinued DVD Studio and iDVD? I need to make DVDs that have interactive menus and such (Final Cut X and Compressor 4's DVD option is a little cheap and doesn't provide any kind of professional DVD authoring). Any ideas?
This comes up a lot these days.
Practically speaking, there are really four options for the Mac platform: Toast (<$100), Adobe Premier Productiom ($1,600 to buy or $50/month to rent), find a copy of Final Cut Studio from 3rd party (+/- $1,000 new) or a boxed edition of iLife to get iDVD ($50 - $90 on Amazon new).
The other question everyone has is how many OS versions before iDVD or FCS breaks? No one knows, but Apple has said they're no longer supporting these legacy apps. Of course, no one is mandated to upgrade to a new OS unless they buy a new computer. So if it works on a system, stay with it as long as it makes sense.
Good luck.
Russ
Maybe you are looking for
-
Ipad not recognized by windows neither iTunes after error in the iOS5 upgrade
The iOS5 upgrade was stopped due to an error. Since then the iPad is not being recognized by windows neither iTunes. I've re-installed iTunes, the file usbaapl.sys is at windows\system32\drivers and Common Files\Apple\Mobile Device Support\Drivers fo
-
Hi, I did all setting for MM-FI integration.. I posted Purchase order.. and for Goods receipt MIGO I have entered PO No. Number.. and There is no message during the check. once if i select the save option.. i am getting dump (run time error).. plz h
-
How to stop the capture source of AudioVideoCaptureDevice
Hi. I capture video with the AudioVideoCaptureDevice API and I'm not sure if I followed the right steps to implement it. If I record a video for the first time everything works in the emulator but when I tap the record button for the second time the
-
select * from v$version; BANNER Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - 64bi PL/SQL Release 10.2.0.5.0 - Production CORE 10.2.0.5.0 Production TNS for Solaris: Version 10.2.0.5.0 - Production NLSRTL Version 10.2.0.5.0 - Pr
-
1 Time Machine/1 Computer/Several Users
I have my computer set up for various "users" - all myself - but I switch from user to user depending on which company I'm doing work for. I have backed up my computer using Time Capsule - but when i switch to another user, should I back that up to?