Oracle User Admin -- Securing Attribute list

Similar Messages

• Drilldown depending on the oracle application user's securing attributes

  Hi all,
  I created a html table and I have a specific column that is allowed to drilldown to details but I would like also make this drilldown be depended on the user's securing attributes. If the person has permission the he will see the value and can enter in details, but if he doesnt have the permission he just see the value.
  Any ideas?!?!
  Thanks in advanced,
  Adolfho

  Hi Adolfho,
  you could try binding the Read Only attribute of this item/region through SPEL. For example, if you have a profile and need to give permission only to users that have the "Y" value on this profile, you can add this to the select clause of your VO:
  SELECT fnd_profile.value("profile_name") = 'Y' AS PROF_VALUE
  and then you can put the following expression on the Read only attribute of the region:
  ${!ProfValue}
  You can also do this on the controller by getting a reference to the respective OA Bean and calling setReadOnly(boolean) or setAttribute(READ_ONLY_ATTR, Object)...
  Hope it helps
  Thiago

• "oracle" user and security

  I am running Oracle 10g XE on a Linux machine (RHEL 4.0).
  I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:
  Authentication Failures:
  unknown (200.3.248.22): 4159 Time(s)
  oracle (200.3.248.22): 36 Time(s)
  How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.
  Can I change the password to something strong without affecting my system?
  Thanks!

  Can I change the password to something strong without affecting my system?
  I just wonder if it will cause any problems if I change the password? I don't want to mess up my system.Well for Oracle SW (and whole local OS) there is no problem. Problem could be if you are using some external scripts that you are using on remote machine (and which using login password sequence to access the OS).
  How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.To check the password strength you can use some utilities. For example John is very good for that: http://freshmeat.net/projects/john/
  I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:Why aou are running your database in untrusted network segment (internet). Best practice is to place such system to secured segment (DMZ, VLAN). If the reason is that your 3rd party partner needs to connect to database you can do IPSEC tunnel.
  Of course don't allow to connect anyone to your machine and to any port. So the recommendation about iptables (netfilter) is appropriate.

• Difference between Security Oracle user and Security User

  Hi All,
  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.
  Thanks,
  Mahesh.
  Edited by: 991854 on Mar 12, 2013 1:49 AM

  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.Security > Oracle > Register:
  Use this window to register an ORACLE username with Oracle E-Business Suite. An ORACLE username grants access privileges to the ORACLE database
  http://docs.oracle.com/cd/E18727_01/doc.121/e12893/T174296T174305.htm
  Security > Oracle > Data Group:
  A data group defines the mapping between Oracle E-Business Suite products and ORACLE database IDs. A data group determines which Oracle database accounts a responsibility's forms, concurrent programs, and reports connect to. See: Defining Data Groups, Oracle E-Business Suite System Administrator's Guide - Configuration.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Security > User > Define:
  Use this window to define an Oracle E-Business Suite user. This user is an authorized user of Oracle E-Business Suite, and is uniquely identified by a username.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Thanks,
  Hussein

• How to implement Oracle user/role security with Access front end?

  Hi,
  We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
  In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
  We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
  I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
  I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
  Can someone give me some assistance or point me in the right direction?
  Thanks in advance,
  Larry

  We had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
  In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
  We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
  We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
  In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
  The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
  The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
  Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
  For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
  After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
  This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
  The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
  Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
  I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
  Larry

• Security attributes, qfp and un-authenticated users

  Hi,
  I have some observations regarding security attributes, query filter plugins and un-authenticated users that I would like your comments on.
  I am developing a custom crawler, a will be using OID for authentication. Not all users will be authenticated (hence they should only have access to content considered public). Authorization is done by the document source (using the option "ACLs controlled by the source").
  I am quite sure that I have read somewhere that not adding a security attribute for a certain document leads to the document being treated as public.
  Observations:
  A) Query filter plugins will only be called for authenticated users
  B) At crawl-time, not adding a defined security attribute leads to the document not being indexed
  Observation B means that my security attribute has to be added for every document (for the public documents populated with a value representing public access). Observation A means that the query filter will not be invoked for un-authenticated users (hence, they won't see any of the indexed documents, since all have security attributes).
  Question:
  How should I ensure that the documents considered public are available for unauthenticated users?
  Regards,
  Rune

  Hi all,
  I seem to have had inaccurate logging , so my assumption A is false.
  Then I have a simple workaround (add a special security attribute value for public documents), and you can forget about my question.
  regards,
  Rune

• User/Admin guide after upgrade database for recover db provided by Oracle?

  Does anyone has a user/admin guide which is provided by oracle about using RMAN and how to use RMAN to RECOVER database tailor make for after upgrade database? I have been searching for a long time and don't find this document.
  Anyone has this, please share.
  FAN

  Look in the Backup & Recovery section:
  http://www.oracle.com/pls/db102/portal.portal_db?selected=4

• List users and their attributes

  Hello,
  We are on SRM 5.0 and I am looking for a report which lists users and their attributes. So for instance  username / position and all catalogs assigned to them.
  Thanks for your help!

  Hi Antoinette,
  There are no standard reports for this requirement. I have already posted a code sample for this requirement.
  https://wiki.sdn.sap.com/wiki/display/SRM/CodeSample2-Reporttodisplayuserattributes
  Hope this solves your problem.
  Regards
  Kathirvel

• Need attribute list for User object

  Hi All,
  Where can I find the attribute list for the object "User"? I need this for silent mode domian configuration.
  Thanks!

  Hi All,
  Where can I find the attribute list for the object "User"? I need this for silent mode domian configuration.
  Thanks!

• How to get list of FMs while creating Contact Person from User Admin Link

  Hi Experts,
  We are implementing SAP ECommerce for my SAP ERP. In one of our requirements, we need to develop MASS UPLOAD program which will take input as Contact Person's first name, last name, address and authorization details and create new Contact Person as it is done through User admin link.
  To develop above tool, I want to trace all the Function Modules which are called while creating new Contact Person from User admin link.
  Please provide your inputs on how I can get the trace of FMs.
  Thanks,
  Keya

  Hi Keya,
  For a B2C eCommerce solution, you are looking at FMs BAPI_CUSTOMER_CREATEFROMDATA1 and ISA_USER_CREATE and the table USAPPLREF which holds the reference to the customer and user.
  To get the FMs called, you would have to do a session trace during B2C user registration / B2B user creation from UME. You could search this forum on a 'how-to' for doing a session trace or lookup the development and extension guide that provides a lot of useful information.
  Cheers,
  Ashok.

• Oracle user, password and admin privileges

  Hi,
  The "ReleaseNotes.pdf" document says:
  - create the user account "oracle" with the password "oracle"...
  Is the password "hardcoded" in oracle's scripts and one can't use another one? (I don't like the idea that anybody reading the documentation could login on my server)
  - Set auto login for user "oracle"
  Why such a setting? To simplify the install process?
  - Enable OS X administrative privileges for user "oracle".
  Is this setting only needed for the installation process or should the oracle user allway have administrative privileges?

  These are not hard requirements. It is documented this
  way to make installation process simple for first
  time users.

• Security Attributes with Multiple/NULL values

  I have a couple of situations where I can't seem to get the authorization component working as I need it to work for a database source.
  1) In the first case, I have two attributes set for "grant security attributes" in the data source, one of which has a single attribute value, and the other which has multiple values, e.g.
  I want to set "grant security attributes" to something like "client_id role_id" where for my dataset, client_id will always be a single numeric value, but I might have multiple role_ids that can view this record. How do I specify in my data source query those multiple attribute values? I tried separating them with spaces, e.g.
  SELECT ...
  'A B' role_id
  FROM
  where "A" and "B" represent unique values (looking to match A OR B). I also tried delimiting them with commas, but neither spaces nor commas seems to work consistently.
  On the authorization end, using oracle.search.plugin.security.auth.db.DBAuthManager as the authorization plug-in, I have the authorization query set as
  SELECT client_id, security_lvl as role_id from test_user_id where user_id = ?
  Each user may have more than one role, so in the above query, security_lvl could be something like "B C"; I'm assuming from the documentation that the delimiter for attribute values in this case should be a space.
  The crawler logs make it appear that everything is getting indexed, so I suspect the issue is on the authorization front.
  2) In the second case, one of my security attributes for the data source may be NULL, meaning that there's no particular authorization restriction on a particular record, so to use the same example as in #1,
  role_id might be NULL for some records, in which case, I want those records returned in the search if the client_id matches, but I can't get the records with the NULL role_id to be returned at all. Again, the crawler logs indicate that everything is being indexed, and I'm not sure if there's a log where I can further troubleshooting authorization issues.
  Any guidance would be appreciated.
  Thanks

  1) The security attributes are OR'd together so if the user has any ONE of the attributes (either client ID or role ID), the document can be seen by the user. What I would try is to create a view to call rather than directly against the table. The view can then leverage a PL/SQL function and encapsulate the logic behind the security tokens to return.
  So the view would look like this...
  CREATE OR REPLACE VIEW USER_SECURITY_V AS
  SELECT
  USER_T.ID,
  MY_SECURITY_FUNCTION(USER_T.ID) AS AUTH_ID
  FROM
  USER_T
  The PL/SQL function would look something like this...
  CREATE OR REPLACE FUNCTION MY_SECURITY_FUNCTION(USER_ID NUMBER) RETURN VARCHAR2 IS
  -- Do whatever you need to do to build a single space-deliminted list of tokens for both Client and Role ID "CLIENTID4 ROLEID5 ROLEID9" then return
  END;
  The data source authorization query then would look like this...
  SELECT AUTH_ID FROM USER_SECURITY_V A WHERE A.ID = ?
  Using a PL/SQL Function to control the tokens gives you the flexibility of modifying security without having to touch the data source directly
  2) I don't quite follow. If any ONE of the tokens match, the document is returned. If the role ID is null, you might try stamping each document a "master" security token indicating it's open to everyone such as "ALL". Then in the PL/SQL Function, return "ALL" in front of the actual values.
  The crawler logs will only tell you what is indexed at crawl time, not how searching is actually working. Try checking the server logs. These should be under something like oracle/ses/seshome/search/base_domain/servers/AdminServer/logs
  Hope this helps!

• Schedules & Users in Security Center  is not enable in BI Publisher OBI10g

  Hi All Experts,
  *1.* I want to create a new user in Oracle BI Publisher but in security center there is no option to create user, with the name Users
  I am getting below options .
  Admin --> Security Center
  1. Security Configuration
  2. Roles and Permissions
  3. Digital Signature
  Users is not available
  *2.* When I log in into BI Publisher not getting Schedules Tab Enable
  only two tabs are available to make changes Reports and Admin
  Reports Schedules Admin
  So please suggest me how I can create users and schedule reports. My OBIEE Version is *10.1.3.4.1*
  Thanks
  Edited by: Raj M on Aug 28, 2011 10:08 AM

  Hi,
  Did you follow all the steps in the Install guide:
  http://download.oracle.com/docs/cd/E12844_01/doc/bip.1013/e12690/T434820T487784.htm
  Regards,

• Getting Active Directory Users in UCM User Admin - Users Tab

  Hello All
  We have integrated WLS with our Active Directory. And we are getting all the active directory users under Security Realms >myrealm >Users and Groups tab in WLS Console.
  We are also able to login to webcenter spaces and Content server using those userid and credentials. But our problem is in UCM under Admin Applets - User Admin - Users tab all the active directory users are not listed. So we are not able to assign particular roles to the users.
  When a particular Active Directory user logins in UCM (First Time) after that the admisistrator (weblogic) is able to get that user under Admin Applets - User Admin - Users tab. And also it comes as an External user so we are not able to assign role.
  So basically UCM requires a login to get all the users listed in users tab.
  Our requirement is we want all the Active Directory users to get listed in UCM without the condition that the users has to login in content server once.
  Thanks

  Hi Navin ,
  First and foremost the requirement that you have posted is not possible and the reason for that is :
  Users are created on AD which is outside the realm of UCM hence there is no way that the users created on AD will be shown up under Users tab without they login atleast once . UCM does not know which all users are part of the realm until and unless the AD users login in atleast once .
  Secondly external users cannot be assigned roles from UCM because when the Auth type is set to External UCM sees it as external entity hence not giving it any way to relate roles / groups from UCM . As a workaround you can change the AuthType for the External users to Global from User Admin applet after the users login for the first time . This will enable you to assign roles / groups for the AD users .
  Hope this helps .
  Thanks
  Srinath

• Oracle user installation issue

  I followed the instructions from
  http://docs.oracle.com/cd/E16655_01/install.121/e17752/usr_grps.htm#BACGFIFJ
  on my Solaris 11.1 VirtualBox box.
  Since i used the Solaris 11.1 - Text install, i don't have a graphical interface (no X11)
  i created an oracle user, as per the documentation instructions, using the command:
  # /usr/sbin/useradd -u 54321 -g oinstall -G dba,oper oracle
  The instructions in the following section http://docs.oracle.com/cd/E16655_01/install.121/e17752/usr_grps.htm#BABBHHAD
  say i should modify the .bash_profile file (which i assume is in the user's home directory)
  The problem is that the oracle user created using the earlier command has no home directory. Actually, after logging in as oracle, i get the following message:
  No directory! Logging in with home=/
  # grep oracle /etc/passwd
  oracle:x:54321:54321::/export/home/oracle:/usr/bin/bash
  but /export/home/oracle does not exist.
  When i try to mkdir /home/oracle i get:
  mkdir: Failed to make directory "/home/oracle"; Operation not applicable
  Needless to say, i cannot follow the rest of the Installation guide since user oracle has no home.
  I understand that this is mostly a Solaris admin question, but my issue is with the installation guide for not being clear about its assumptions, which is why i posted this here.
  Edit:
  some more output:
  root@solaris:~# ps -alfe | grep auto
  0 S     root  2293     1   0  40 20        ?   2500        ? 23:53:30 ?           0:00 /usr/lib/autofs/automountd
  0 S     root  2294  2293   0  40 20        ?   2573        ? 23:53:30 ?           0:00 /usr/lib/autofs/automountd
  root@solaris:~# uname
  SunOS
  root@solaris:~# uname -a
  SunOS solaris 5.11 11.1 i86pc i386 i86pc
  root@solaris:~# cat /etc/release
                               Oracle Solaris 11.1 X86
    Copyright (c) 1983, 2012, Oracle and/or its affiliates.  All rights reserved.
                             Assembled 19 September 2012
  after some digging, i found that this is a known bug, included in Solaris 11.1's Release notes.
  Funny thing, this bug is listed as "Previously Documented Bug, Fixed in Solaris 11.1
  7070558 When the automount Service Is Disabled, useradd Creates Users With Inaccessible Home Directories

  Finally found my answer in another document. Setting Up and Managing User Accounts by Using the CLI - Managing User Accounts and User Environments in Oracle Solaris …
  Apparently, with Solaris 11.1 one must use the -d and the -m switches when creating a new local user.
  So the correct command to have issued is this:
  /usr/sbin/useradd -u 54321 -g oinstall -G dba,oper -d localhost:/export/home/oracle -m oracle
  Once the command was issued, the /export/home/oracle directory was created, (due to the -m switch), and because the user's home directory contains the hostname: part, this means that the /etc/auto_home file was updated.
  Once i logged in into the oracle account, the /home/oracle directory was created by autofs.
  The Oracle 12c documentation concerning the Solaris 11.1 OS should be updated to include the -d and -m switches.