OC4J PUBLIC Role

Similar Messages

• Public role in Rooms

  Hi everybody,
  I want to know if the collaboration rooms works as it follows:
  If you use the role public and you create a public room the user that gets in will have the initial role, however if the room is set full access the user will get the public role.
  In short,
  Room with Full Access = Public Role
  Room without Full Access = Initial Role
  Is this ok?
  If this is correct, is there anyway to set full access automatically?programmatically?
  Thanks in advance.

  Hi,
  don't confuse the room role named "public" with the room access type "public".
  A public room works in this way: Everybody can enter the room and gets member of the room automatically. Automatically the initial room role (e.g. Member) is assigned to him.
  With the room role pubic you define the public content of a room. This is content which can be accessed without being member of the room. Normally public room content only makes sense for restricted rooms. (because private rooms are not listed for non-members and public rooms are public anyway).
  Regards,
  Sascha

• SQL 2000 public role

  Hi~ When we create a new login on SQL 2000 server. It will DEFAULT group into 'public' role on Database master, msdb,.......
  is it possible to take out the new login from the role 'public' of msdb ??

  Thats a default role, you can revoke access it.
  Also, if you want to check assigned permissions to public role than use below query:
  SELECT o.name AS
  [Object], p.permission_name
  AS [Type]
  FROM sys.all_objects o
  INNER JOIN sys.database_permissions p
  ON o.object_id = p.major_id
  INNER JOIN sys.database_principals u
  ON u.principal_ID = p.grantee_principal_id
  WHERE u.name =
  'public'
  Refer below article:
  http://www.sqlservercentral.com/blogs/basits-sql-server-tips/2013/04/04/the-public-role-do-not-use-it-for-database-access/

• To find which packages the PUBLIC role has execute privileges on

  Hi Experts:
  I need to find which packages the PUBLIC role has execute privileges on, since an Audit has revealed there are "there were execute privileges on 2 packages granted to the PUBLIC role"
  How can I find these? I have queried, in different ways, dba_tab_privs and dba_sys_privs but I cant get a way to see
  execute privileges on packages / procedures.
  Thanks,
  10.2.0.4
  Linux RH 4.
  Edited by: user11981168 on 30-Apr-2010 04:12

  SELECT table_name
  FROM dba_tab_privs p
  ,dba_objects o
  WHERE p.owner=o.owner
  AND p.table_name = o.object_name
  AND p.owner = 'SYS'
  AND p.privilege = 'EXECUTE'
  AND p.grantee = 'PUBLIC'
  AND o.object_type='PROCEDURE'; --PACKAGE,FUNCTION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• Public/Role Based Lists

  Do you know if/how it is possible to create a new role based list and assign that list to multiple roles (keeping the same/identical name)?
  For example I want to create a list named Open Opportuntiies. I want to use slightly different criteria and create the same named list for just roles 2 and 3 ... and assign the original one to role 1 only. Can this be done? Seems that the list name must be unique. Is that true?

  Hi,
  Yes the list name has to be unique. You'll need to create different list names here
  Thanks
  Oli @ Innoveer

• How to make a table of the user to non public privilege?

  Hi all,
  im working with an RAD program and using oracle as the database. currently im on db 10g. I am able to connect to the db but the problem is it shows other users table. It is not only showing the tables of the user i connected to.
  this is a problem since it will load other users' table which i dont need in my project.
  now i've post around the forum of the RAD program regarding this and a particular user mentioned that he had the similar problem and it's probably because the all those tables showing up is public.
  im getting tables from sys,sytem,syman and other preinstalled db user which i dont need to list out for my project.
  is there really a condition where these tables are public? if so, how can i change it to private? any appropriate query would help.
  i dont want it to show up on my RAD program all those unnecessary tables when i connect to one user for example user1.
  anyone can help me out?
  Thnx.

  T101_cyberdyne wrote:
  Balazs Papp wrote:
  in Oracle, there is a special role, called PUBLIC
  anything granted to this role will be applied to every user (obviously, its PUBLIC)
  for example SYSTEM.HELP is a "public" table, every user can read it without any permissions granted
  you can check this with a query like this:
  select * from dba_tab_privs where grantee='PUBLIC' and table_name='HELP';
  revoking such permissions from the PUBLIC role is not recommended at all, as they are required for basic operation
  disabling the PUBLIC role for a specific user is not possible as per the following note: Is it possible to exclude a user from PUBLIC scope? [ID 156303.1]So are you saying i'm stuck and there's nothing i could do to prevent these public table from showing?
  well,this is dissapointing.I guess you need to step back and ask why this is a "problem". So far you've only indicated that you consider to BE a problem, but not WHY. Perhaps you are starting from a flawed assumption.

• Issue with session.invalidate() in OC4J

  Ok, here's the thing- I've got a servlet that autogenerates
  pages to the client via XSL; so far so good. However whenever
  the login page is displayed, we would like to "logout" the
  current user if there is one and start fresh, as it were. All of
  our persistent data is stored via the user's session object so
  we are doing something like this:
  public void doGet( HttpServletRequest request) {
  HttpSession session = request.getSession();
  // Some misc. stuff happens here;
  // Nothing is written to the session, however
  if ( page == LOGIN_PAGE) {
  session.invalidate();
  session = request.getSession();
  String info = session.getAttribute( "INFO");
  As soon as we request the attribute, after performing the
  session invalidation & re-obtaining a new session the system
  bails with an IllegalStateException: Session invalidated
  exception.
  Note that the exact same code works under the Sun Reference
  Implementation (Apache Groups Tomcat 4.0) and is pretty much
  verbatim from Jason Hunter's book Java Servlet Programming 2nd
  Edition pg. 220.
  Any ideas for a fix and/or workaround?

  Hi
  This works, here is a sample I've run on OC4J
  public class SessionTestServlet extends HttpServlet
  private static final String CONTENT_TYPE = "text/html";
  HttpSession sess = null;
  private static boolean login_page = true;
  public void init(ServletConfig config) throws ServletException
  super.init(config);
  public void doGet(HttpServletRequest request,
  HttpServletResponse response) throws ServletException,
  IOException
  sess = request.getSession(true);
  try
  if (login_page)
  if(sess != null)
  sess.invalidate();
  sess = request.getSession(true);
  sess.setAttribute("name","kalle");
  catch(Exception e)
  e.printStackTrace();
  response.setContentType(CONTENT_TYPE);
  PrintWriter out = response.getWriter();
  out.println("<html>");
  out.println
  ("<head><title>SessionTestServlet</title></head>");
  out.println("<body>");
  out.println("<p>Session: "+ sess+"<p>Name: "+
  sess.getAttribute("name"));
  out.println("</body></html>");
  out.close();
  Regards
  //Mike

• Expanding "Roles" to edit ADF BC Entities using ADF BC Security

  hi,
  I created a test application using the ADF Business Components Technology stack.
  I wanted to use "ADF BC Security" instead of "ADF Security" as we encountred problems with "ADF Security" ...
  I also configured the ADF BC module to enforce the security etc... as mentionned in the JDev developer's guide.
  the problem:
  I wanted to edit the authorization for a given BC entity, by right clicking on the entity then choosing edit > authorization > new > read, update, update when new > chose "role"
  the problem is that I always find 6 roles:
  oc4jadmin, as_control ,etc.....
  I edited the system-jazn-data.xml to add my "own" roles , but they do not appear in the list of choice of roles, when I want to edit the entities authorization as mentionned above.
  can someone help please?
  thank you.

  thank you Frank for the answer. but it does not solve the problem.
  I know where tofind the system-jazn-data, i even find 3x "system-jazn-data.xml" in the JDev 1032 folder. I even inserted my "own" roles into these 3 files to see, maybe it works. but not.
  after restarting JDev 1032 , the problem persists, I still can not list my own roles when I edit the authorization of an ADF BC Entity.
  can somenone help please?
  thank you.
  PS: here the extract of my system-jazn-data.xml, with the "own roles" in bold:
            <roles>
                 <role>
                      <name>oc4j-administrators</name>
                      <display-name>OC4J Admin Role</display-name>
                      <description>Administrative role for OC4J</description>
                      <guid>5280445217CB11DCAF10CD54D443D9D4</guid>
                      <members>
                           <member>
                                <type>user</type>
                                <name>oc4jadmin</name>
                           </member>
                           <member>
                                <type>user</type>
                                <name>JtaAdmin</name>
                           </member>
                      </members>
                 </role>
                 <role>
                      <name>ascontrol_appadmin</name>
                      <display-name>ASControl App Admin Role</display-name>
                      <description>Application Administrative role for ASControl</description>
                      <guid>5280445617CB11DCAF10CD54D443D9D4</guid>
                      <members>
                      </members>
                 </role>
                 <role>
                      <name>users</name>
                      <display-name>users</display-name>
                      <description>users role for rmi/ejb access</description>
                      <guid>5280445417CB11DCAF10CD54D443D9D4</guid>
                      <members>
                      </members>
                 </role>
                 <role>
                      <name>ascontrol_admin</name>
                      <display-name>ASControl Admin Role</display-name>
                      <description>Administrative role for ASControl</description>
                      <guid>5280445517CB11DCAF10CD54D443D9D4</guid>
                      <members>
                           <member>
                                <type>user</type>
                                <name>oc4jadmin</name>
                           </member>
                      </members>
                 </role>
                 <role>
                      <name>ascontrol_monitor</name>
                      <display-name>ASControl Monitor Role</display-name>
                      <description>Monitor role for ASControl</description>
                      <guid>5280445717CB11DCAF10CD54D443D9D4</guid>
                      <members>
                      </members>
                 </role>
                 <role>
                      <name>my_own1</name>
                      <guid>E460913021EA11DC8F0A77098E9E0856</guid>
                      <members>
                      </members>
                 </role>
                 <role>
                      <name>oc4j-app-administrators</name>
                      <display-name>OC4J Application Administrators</display-name>
                      <description>OC4J application-level administrators</description>
                      <guid>5280445317CB11DCAF10CD54D443D9D4</guid>
                      <members>
                      </members>
                 </role>
            </roles>

• Connection problem to 10.1.2 OC4J mbeanserver

  Hi All -
  I am trying to connect to OC4J mbean server in OAS 10.1.2. I found the reqd code in the oracle docs.
  //Import the JSR-160 classes and interfaces from jmx_remote_api.jar
  import java.io.IOException;
  import java.net.MalformedURLException;
  import java.util.Hashtable;
  import java.util.Iterator;
  import java.util.Set;
  import javax.naming.Context;
  import javax.management.MBeanServerConnection;
  import javax.management.remote.JMXConnector;
  import javax.management.remote.JMXConnectorFactory;
  import javax.management.remote.JMXServiceURL;
  public class OC4j
  public static void main( String[] args )
  OC4j oc4j = new OC4j();
  oc4j.oc4jstat();
  private void oc4jstat(){
  String url="service:jmx:rmi:///opmn://localhost:6003/home/";
  JMXConnector jmxCon = null ;
  try {
  // Define the connection target
  JMXServiceURL serviceUrl = null;
  try
  serviceUrl = new JMXServiceURL(url);
  catch ( MalformedURLException e )
  // TODO Auto-generated catch block
  e.printStackTrace();
  // Use to pass environment properties to be used while
  // retrieving a connection
  Hashtable env= new Hashtable();
  // Define the provider root package
  env.put(JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES,
  "oracle.oc4j.admin.jmx.remote");
  Hashtable credentials= new Hashtable();
  // Connect using the oc4jadmin super-user administrator account
  credentials.put(Context.INITIAL_CONTEXT_FACTORY, "com.evermind.server.ApplicationClientInitialContextFactory");
  credentials.put(Context.PROVIDER_URL,url);
  credentials.put(Context.SECURITY_PRINCIPAL,"oc4jadmin");
  credentials.put(Context.SECURITY_CREDENTIALS,"password");
  //credentials.put("login","ias_admin");
  //credentials.put("password","ias_admin1");
  // Specify the login/password to use for the connection
  env.put(JMXConnector.CREDENTIALS, credentials);
  // env.put(JMXConnectorConstant.PROPRIETARY_MBEANSERVER_DOMAIN_NAME, "default");
  // Get an instance of the JMXConnector interface for OC4J's rmi protocol
  // User is not yet connected
  try
  jmxCon = JMXConnectorFactory.newJMXConnector(serviceUrl, env);
  catch ( IOException e )
  // TODO Auto-generated catch block
  e.printStackTrace();
  // Connect to the target OC4J instance defined in the JMXServiceURL
  try
  jmxCon.connect();
  catch ( IOException e )
  // TODO Auto-generated catch block
  e.getLocalizedMessage();
  // Retrieve the MBeanServerConnection instance that acts as a proxy
  // for the OC4J MBeanServer we are connecting to.
  MBeanServerConnection con = null;
  System.out.println("jmxcon :"+jmxCon);
  try
  con = jmxCon.getMBeanServerConnection();
  System.out.println("Connection Succeeded..");
  catch ( IOException e )
  System.out.println("Connection failed\n");
  e.printStackTrace();
  // Use the MBeanServerConnection instance to perform remote
  // operations on the OC4J MBeanServer. This call retrieves
  // all MBeans registered with the server.
  Set mbeans = null;
  try
  mbeans = con.queryNames(null, null);
  catch ( IOException e )
  e.printStackTrace();
  Iterator iter = mbeans.iterator();
  // Display each MBean's ObjectNameIterator iter= mbeans.iterator();
  while(iter.hasNext())
  System.out.println(iter.next().toString());
  // Important!!! Release the connection, ideally using a Finally block
  finally {
  if(jmxCon!=null)
  try
  jmxCon.close();
  catch ( IOException e )
  // TODO Auto-generated catch block
  e.printStackTrace();
  Since , i am using 10.1.2 i am not able to use the jar file adminclient.jar whic is required for oracle.oc4j.admin.jmx.remote.api.JMXConnectorConstant class.
  Hence i used this way of connecting.
  I also tried out this way :
  //credentials.put("login","ias_admin");
  //credentials.put("password","ias_admin1");
  But i am not able to get any connection either way to the oc4j instance.
  This is the error that i am getting:
  java.io.IOException: Not connected
  jmxcon :javax.management.remote.rmi.RMIConnector: jmxServiceURL=service:jmx:rmi:///opmn://localhost:6003/home/OC4J_BPEL
  Connection failed
       at javax.management.remote.rmi.RMIConnector.getMBeanServerConnection(RMIConnector.java:353)
       at javax.management.remote.rmi.RMIConnector.getMBeanServerConnection(RMIConnector.java:337)
       at OC4j.oc4jstat(OC4j.java:102)
       at OC4j.main(OC4j.java:24)
  Exception in thread "main" java.lang.NullPointerException
       at OC4j.oc4jstat(OC4j.java:117)
       at OC4j.main(OC4j.java:24)
  Am i missing something here ?
  Thanks
  Ajay

  jgrocock,
  even though Jdev 1013 is production, BPEL PM 10.1.3 is not yet production, and so is the BPEL Designer for JDev - this is the reason for little issues like this here .. I would recommend (as you are writing a label, looks like you work for ORacle) to go ahead and file a bug that we can ensure in the QA cycle it's fixed..
  thx clemens

• Role in Collaboration Room

  Hi
  I have duplicated the Collaboration Room Template "SAP_Information_Site" and created a new CR based on the duplicated template. Three roles are defined in that template: admin, content manager, public
  I assigned my own admin-user the admin-role in this CR.
  But every other user entering this room has automatically been assigned to the "content manager"-role, although he should be assigned to the "public"-role! I always delete the user from the Member-list in the Administration of this CR. But everytime the user enters the room, he´s assigned to the content manager-role again!!!!
  Can anybody help me?
  We´re on SAP EP 6.0 SP 13
  Thanks
  Sven
  Message was edited by: Sven Keller

  Hi Vasu
  Sorry, but that url doesn´t help. I know the procedure of assigning PORTAL (!!!) roles. The problem is, that within the collaboration room the ROOM (!!!) role "content manager" is assigned
  autmatically to EVERY user entering the room. I can´t control that.  
  Normally every user should have the room role "Public"!
  Regards,
  Sven

• Public, Server Permissions, and Endpoints

  I am seeking a good discussion of how to handle the impact of revoking connect to endpoint permissions for the public role. Up to this point, I've encountered several resources, including the Microsoft documentation, that recommend removing all server
  permissions from public. I find this amusing due to the fact that all other logins inherit their permissions on the various endpoints from public. Of course, if I revoke connect for the endpoints from public, only system administrators can connect.
  None of the sources that I've found address handling this issue. This reminds me a bit of the old South Park episode with the Underpants Gnomes and their business plan: Step 1 - Underpants, Step 2 - ?, Step 3 - Profit! In this case, it is
  Step 1 - Revoke rights from public, Step 2 - ?, Step 3 - Security!
  There is a comment on the SQL Server 2008 on-line documentation that recommends granting connect to endpoint to specific logins, but it does not supply any detail. I understand that Step 2 is highly dependent on factors that vary from location to location,
  and application to application.
  My question is whether there is a resource that details the considerations for granting connect to endpoint for the various endpoints and logins? I am looking for answers to questions like:
  Is there a case in which one would have a login that was not granted connect to any endpoint?
  Do logins like ##MS_PolicyTsqlExecutionLogin## need these rights, and if so, to which endpoints specifically?
  I have a number of others, but I was hoping someone could provide me with a resource from which I could draw this information without having to chase all over the documentation. Thanks in advance!

  Rick,
  First, thanks so much for the helpful reply! It validates what I was thinking.
  For versions 2008, 2008 R2, and 2012, if you follow Administer Servers by Using Policy-Based Management -> Monitor and Enforce Best Practices by Using Policy-Based Management -> Server public Permissions, it advises, "Do not grant server permissions
  to the server public role." The links below are for the 2012 version of this page:
  http://technet.microsoft.com/en-us/library/cc645930.aspx
  http://msdn.microsoft.com/en-us/library/cc645930(v=sql.110).aspx
  You and "Quantum John" are listed as authors of a comment on the 2008 version of this page (http://technet.microsoft.com/en-us/library/cc645930(v=sql.100).aspx) that acknowledge
  this problem. The last part of that comment is:
  However, as mentioned in Harry Zheng's post on Dosql (http://dosql.com/cms/index.php?option=com_content&view=article&id=96:sql-server-best-practice-policy-public-not-granted-server-permissions&catid=40:microsoft-sql-server&Itemid=41),
  executing the following command:
  REVOKE CONNECT ON ENDPOINT::[TSQL Default TCP] FROM public
  while best practice, is nevertheless liable to get you in deep trouble on a production server unless you also execute:
  GRANT CONNECT ON ENDPOINT::[TSQL Default TCP] to [loginname]
  for each of your logins, because without this, no-one except sysadmins will have permission to connect to your instance via TCP.
  It refers to performing the revoke connect on endpoint as best practice, which we agree is arguable. Unfortunately, Harry Zheng's post is a dead link. None of the later editions of this page are commented on in any way.
  Further, the policy referenced by this documentation, "Public Not Granted Server Permissions," is distributed with SQL Server and evaluates @PublicServerRoleIsGranted. It flags this policy as failed if any connect to endpoint is granted to public.
  Fortunately, I'm one of those that insists on testing before moving forward with any change. I also cannot leave gaps in my knowledge unfilled, which is why I posted. Again, thanks for the assistance!

• ADF security roles

  Security roles, created for my application in web.xml file aren't shown in authorithation editor for container neither in Authorithation tab for model components !
  Where the problem could be?

  Hi Frank!
  oc4j-app-administrators is a role in system--jazn-data.xml and my roles manager and staff also. I don't know where to switch between global OC4J user/roles settings and workspace specific but my roles are present in both places of Embeded OC4J server preferences( in system-jazn-data.xml and in <My project>-jazn-data.xml ).
  But my roles still unvisible in "Authorization editor" .

• After revoked UTL_FILE from PUBLIC, found problem...

  Hi All
  I created new role that is "UTL_PUBLIC" and granted below package to new role and grant new role to all users in database after that revoke below roles from PUBLIC.
  UTL_FILE
  UTL_TCP
  UTL_SMTP
  UTL_HTTP
  DBMS_LOB
  DBMS_SQL
  DBMS_JOB
  DBMS_SCHEDULER
  DBMS_XMLGEN
  But I got the problem when export data that show about package error. So I granted above package back to PUBLIC and export again that was work.
  My question is Can I grant above package to new role and grant to db user instead of PUBLIC role? If yes, How will I do ? If no, please explain the reason.
  Thank you,
  Hiko

  Oracle support confirmed about this already.
  I cannot grant privilege execute on those packages via roles that will have troubles with procedures and packages.
  Only one solution, I must grant to users directly.
  Thank you
  Hiko

• Migrating JAAS LoginModule from oc4j to WLS

  Hi,
  We are trying to migrate oc4j enterprise web service application to weblogic which implements JAAS LoginModule.
  Followed Weblogic Docs for :
  Developing Custom Security Providers
  http://download.oracle.com/docs/cd/E12890_01/ales/docs32/dvspisec/progrmng.html
  CustomAuthProvider (SecurityProvider) class points to the LoginModule which references to
  application-specific classes.
  Following are the issues we are dealing with:
  1.Security Provider exist at the global-context means every request to WLS is going to hit to the provider
  which we do not want, we need LoginModule to work at the application-context and not the global
  weblogic context.
  2. Clearly there is a disconnect if LoginModule resides in EAR (web app) and standalon MBean jar is
  trying to invoke the LoginModule. It can't find the LoginModule.
  so, the question is how can we have the JAAS LoginModule implemented in Weblogic
  at the application (EAR) level and not at Weblogic server global level
  (by MBean JAR) as it used to be in oc4j
  public class CustomAuthProviderimplements AuthenticationProviderV2 {
      public AppConfigurationEntry getLoginModuleConfiguration() {
          System.out.println("Inside getLoginModuleConfiguration.");
          return new AppConfigurationEntry("com.test.security.loginmodule.CustomLoginModule",
                                           LoginModuleControlFlag.REQUIRED,
                                           new HashMap());
  }OC4J Doc Reference : Packaging Login Modules
  http://download.oracle.com/docs/cd/B31017_01/web.1013/b28957/loginmod.htm#BABCFADI
  Here's how it used to be done in oc4j
  http://download.oracle.com/docs/cd/B14099_19/web.1012/b14013/loginmod.htm#i1006128
  Thank you
  Edited by: 877976 on Aug 8, 2011 11:11 AM

  There is a WebLogic Server release specific for running Oracle Forms and Reports that is available for you to switch to from Oracle AS if you are current on your support and version. Just an FYI
  Edited by: ChrisBaker on Jan 4, 2010 5:33 AM

• PUBLIC pseudo user

  select table_name, grantor, privilege from dba_tab_privs where GRANTEE='PUBLIC';
  If we run this query, we can see so many privileges given to pseudo role PUBLIC.
  And also by default, all users have the privileges which are given to PUBLIC. If we connect to the database useing 3rd party tools, like the BO XI, it shows all the schemas and the privileges which are there with PUBLIC.
  can we do something in which, the users dont use the privileges granted to PUBLIC.
  thanks!

  thanks a lot! it sounds great!
  the thing is that in business object, they have a kind of universe, where they create roles and sub roles and integrate it to the WINDOWS AD. so the users of the active directory have automatically the privileges assigned at the BO level.
  that is the middle tier..
  at the database level, i have created a user for the BO as BOE and gave SELECT privilege on some objects from a schema. Apart from these SELECT privileges on 50 objects in a schema, the only other privilege given to BOE is CONNECT.
  so as far as oracle database is concerned, there are only
  SELECT on 50 OBJECTS in a schema
  CONNECT role
  Now when we connect the user from the BUSINESS OBJECT, we can see a whole bunch of tables from SYS, DBSNMP, CTXSYS, ALL_ and USER_ views.
  so i was shocked, that when i gave only SELECT on 50 objects, how come the user can see all teh tables and views from almost all the schemas in the database.
  Then from my search, i think it is because of the privileges given to the PUBLIC role which is automatically granted to all the users, it could see all that...
  so i just wanted to restrict those views to the user BOE, so that it should not see more than what i give him the privileges.
  thanks!