"oracle" user and security

Similar Messages

• Difference between Security Oracle user and Security User

  Hi All,
  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.
  Thanks,
  Mahesh.
  Edited by: 991854 on Mar 12, 2013 1:49 AM

  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.Security > Oracle > Register:
  Use this window to register an ORACLE username with Oracle E-Business Suite. An ORACLE username grants access privileges to the ORACLE database
  http://docs.oracle.com/cd/E18727_01/doc.121/e12893/T174296T174305.htm
  Security > Oracle > Data Group:
  A data group defines the mapping between Oracle E-Business Suite products and ORACLE database IDs. A data group determines which Oracle database accounts a responsibility's forms, concurrent programs, and reports connect to. See: Defining Data Groups, Oracle E-Business Suite System Administrator's Guide - Configuration.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Security > User > Define:
  Use this window to define an Oracle E-Business Suite user. This user is an authorized user of Oracle E-Business Suite, and is uniquely identified by a username.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Thanks,
  Hussein

• MaxL command to import users and security in eas

  Hello,
  I would like to know if there is a command that allows Maxl export and then import the list of users native EAS and filters.
  In summary, I have a few applicationsversion 9 essbase to 11.1.2.2, via migration wizard. my essbase 11 is in standalone mode with SSO configuration to MSAD external authentication. In version 9 essbase security is mounted on the shared services.
  My question is, if I take my file essbase.sec version 9 and the copy in version 11, to get my native users and security filters. Will I lose my config sso?.
  Thank you in advance
  Edited by: 851398 on 25 sept. 2012 09:20

  851398 wrote:
  My question is, if I take my file essbase.sec version 9 and the copy in version 11, to get my native users and security filters. Will I lose my config sso?.It is probably not adviserable trying to copy your essbase.sec between versions or environments,
  You could look at the advanced security manager as an alternative solution to extracting the information, it is free and definitely worth a go - http://www.appliedolap.com/free-tools/advanced-security-manager
  Cheers
  John
  http://john-goodwin.blogspot.com/

• How to implement Oracle user/role security with Access front end?

  Hi,
  We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
  In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
  We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
  I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
  I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
  Can someone give me some assistance or point me in the right direction?
  Thanks in advance,
  Larry

  We had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
  In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
  We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
  We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
  In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
  The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
  The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
  Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
  For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
  After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
  This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
  The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
  Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
  I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
  Larry

• Changed Ulimits values for the Oracle user and getting error -bash: ulimit: max user processes: cannot modify limit: Operation not permitted when logging in.

  I'm trying to increate the ulimits for max user processes and open files for the oracle user.  I've set the values in limits.conf, /etc/profile and in oracle's environment scripts. Now when I log in as oracle I get the below errors. If I change the ulimits back to the original values errors go away but ulimits aren't changed.
  login as: oracle
  [email protected]'s password:
  Last login: Fri Mar  6 09:56:02 2015 from mtkadmin12
  You are logging onto an Oracle system.
  Kickstarted on: 2014-06-05
  -bash: ulimit: max user processes: cannot modify limit: Operation not permitted
  -bash: ulimit: max user processes: cannot modify limit: Operation not permitted
  [oracle@servername ~]$

  Thanks for the update.
  I modified the /etc/security/limits.d/90-nproc.conf and added a line for oracle and also modifed the oracle.sh file.  The ulimits are setting correctly when I su - oracle but they are still wrong when sshing in as oracle.
  [root@mtkdevorap11d-1 ~]# su - oracle
  [oracle@mtkdevorap11d-1 ~]$ ulimit -Ha
  core file size          (blocks, -c) unlimited
  data seg size           (kbytes, -d) unlimited
  scheduling priority             (-e) 0
  file size               (blocks, -f) unlimited
  pending signals                 (-i) 1030982
  max locked memory       (kbytes, -l) 94371840
  max memory size         (kbytes, -m) unlimited
  open files                      (-n) 65536
  pipe size            (512 bytes, -p) 8
  POSIX message queues     (bytes, -q) 819200
  real-time priority              (-r) 0
  stack size              (kbytes, -s) unlimited
  cpu time               (seconds, -t) unlimited
  max user processes              (-u) 16384
  virtual memory          (kbytes, -v) unlimited
  file locks                      (-x) unlimited
  [oracle@mtkdevorap11d-1 ~]$
  [oracle@mtkdevorap11d-2 ~]$ ssh mtkdevorap11d-1
  Last login: Mon Mar 16 13:04:16 2015 from mtkdevorap11d-2.conveydev.com
  You are logging onto an Oracle system.
  Kickstarted on: 2014-06-05
  [oracle@mtkdevorap11d-1 ~]$ ulimit -Ha
  core file size          (blocks, -c) unlimited
  data seg size           (kbytes, -d) unlimited
  scheduling priority             (-e) 0
  file size               (blocks, -f) unlimited
  pending signals                 (-i) 1030982
  max locked memory       (kbytes, -l) 64
  max memory size         (kbytes, -m) unlimited
  open files                      (-n) 4096
  pipe size            (512 bytes, -p) 8
  POSIX message queues     (bytes, -q) 819200
  real-time priority              (-r) 0
  stack size              (kbytes, -s) unlimited
  cpu time               (seconds, -t) unlimited
  max user processes              (-u) 16384
  virtual memory          (kbytes, -v) unlimited
  file locks                      (-x) unlimited
  [oracle@mtkdevorap11d-1 ~]$

• Users And Security Best Practice

  Dear Experts
  I am designing an application with almost fifty users scattered in different places. Each users should access tables according to his/her criteria. For example salessam, salesjug can see only the sales related tables. purchasedon should access only purchase related tables. i have the following problems
  Is it a best practice to create 50 users in the DB i.e. 50 Schemas are going to be created? Where are these users normally created?
  or is it better for me to maintain a table of users and their passwords in my design itself and i regulate through the front end. seems that this would be risky and a cumbersome process.
  Please advice
  thanks
  Manish Sawjiani

  You would normally create a single schema to own the
  objects and 50 users to use them. You would use roles
  and object privileges to control access.Well, this is the classic 'Oracle' approach to do this. I might say it depends a bit on what you want to achieve. Let's call this approach A.
  The other option was to have your own user/pwd table. You can create your own custom authentication but I would go for the built-in Application Express Users - authentication scheme. You can manage the users via the frontend (Application builder > manage Application Express Users) . There you can manage the groups and end users which you can leverage in your Apex app. You can even use the APIs to create the users programmatically. It is all done for you. Let's call this approach B.
  Some things to consider:
  1) You want to create a web application and also other applications that access the data stored in Oracle (another PHP / Oracle Forms / Perl ) or allow access via SQL/Plus. Then you should use approach A. This way you don't need to reimplement security for these different approaches.
  2) You want to create one (or multiple) Apex applications only. This will be the only mechanism the users will access your data. Then I would go for approach B.
  3) When using approach A some users didn't like that all users will have access to their workspace, including the sql command line and having the capability of building applications and possibly being able to change the data they have access to through the Oracle roles. Locking down this capability is possible but it takes some effort and requires an Apache as a proxy.
  4) When using approach A you will need DBA privileges to manage the users and assign the roles. This might not always be possible nor desired. Depends on who will manage the Oracle XE instance.
  5) Moving the application including the end users to another machine is a bit easier using approach B since they are exported via the application export mechanism. Using approach A you would have to do it yourself. Be aware that the passwords are lost when you install the users into a different Oracle XE instance.
  6) If you design the application using approach B you will have to design security in a way that doesn't rely on the Oracle roles / grants security mechanisms. This makes it easier to change the authentication scheme later. For example, later you want to use a LDAP directory, a different custom authentication scheme or even SSO (SSO is not available out of the box but feasible). This is directly possible.
  Using approach A you would have to recode the security mechanisms (which user is allowed to update/delete which data).
  Hope that clarifies your options a bit.
  ~Dietmar.
  Message was edited by:
  Dietmar Aust
  Corrected a typo in (5): Approach B instead of approach A , sorry.
  Message was edited by:
  Dietmar Aust

• People Picker can resolve users and security group from another domain but no validation for groups

  Dear all,
  Here is the scenario of our issue:
  We are migrating from Domain A to Domain B and in Domain A we currently have a SharePoint 2013 on which we want to set permissions for users and groups that have already migrated to Domain B.
  A bi-directional trust exist between the two domains and all applications relying on trust and resolving IDs from on domain to another are working fine (Windows RDS for instance)
  The "bug" that we have is when using the PeoplePicker, it can resolve without any issue a user account in Domain A or B, and a security group (type global, I haven't tried local or universal yet) from domain A or B. But for the security groups
  only (it works well for users), when I click on "Save" to validate the add of the group to the site permissions, I have the following error:
  I have seen a lot of similar issues on the web but no answer so far that work :( 
  Example: https://social.technet.microsoft.com/forums/sharepoint/en-US/74e8d14b-a0f4-4e21-8cfa-b1a937247160/cant-provision-security-to-old-domain-users
  If you have any question that could help you to understand it, do not hesitate. 
  Thanks a lot in advance for your help ! :)

  Can you give the snippet from the ULS log where you're seeing this error?
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Oracle users and revoking privileges

  Hello,
  To test out some error conditions in an application, I'd like to temporarily revoke a privilege on a table from a database user.
  I am trying to do that, logged into SQL*Plus as "sys" or "system", and running the command:
  REVOKE UPDATE ON USERX.TABLE_A FROM USERX;
  However, this is failing with the following message:
  ORA-01927: cannot REVOKE privileges you did not grant
  I've also tried logging into my server as oracle, typing "sqlplus /nolog" at the command line, then "connect internal as sysdba;" from the SQL*Plus prompt, and then running the REVOKE command, but that results in the same error message.
  So basically my question is: if neither the "sys" nor the "system" user is able to revoke the privilege from the "userx" user (because they did not specifically grant it), how would I determine which oracle user would be able to do this? Or how else would I go about revoking the privilege?
  I'm running Oracle8i Enterprise Edition Release 8.1.6.1.0 on Linux.
  Thanks for your help with this. I am not very familiar with Oracle DBA concepts.

  Hello,
  I am fully agree with Eric....Yes! a User created a table means...the User is OWNER of the table....and that means......the User is by default having the privilege of DML operations...i belive...OK
  And the privilege which you have not granted...then how could you revoke them...Whether it may b e SYS or SYSTEM or for that matter any User a/c.
  If you really want to restrict the restrict option on table owned by your User, then i can suggest to put a Schema Level Trigger on DML action. This will be fired when update in invoked on table by the user and there you can have your STOP mechanism.....BUT..this is not really suggested.
  Regards,
  Kamesh Rastogi
  Oracle - DBA

• Portal groups/users and security

  Hi,
  I have created an application and that application has forms, reports, meunes, page with three tabs for Admin, Librarian and Reports. I put some portlets of Forms etc in different tabs. Now i want that the Admin can access and see all tabs, Librarian can access and see Librarian and Reports tab while Users just can see and run Reports. For that i created three groups
  Admin_group, Librarian_group and user_gropus. For each group i created test users and attach or add these users to the group. To each group i gave execute permission of the application. After that i went to the page and on the page i assign follwoing permission to the tab.
  Reports: all three groups(view only)
  Librarian: Librarian_group and admin_group view_only
  Admin: Admin_group view_only.
  Then i log on as a test user of the User_groups but i was just able to see the report tab but not the menue (which is portlet in this page). Same with other tabs and users. I want to know what i am missing.
  Your help will be highly appreciated.
  Thanks
  Muhammad Ejaz Azimi
  null

  All the groups has execute permissions of application. Can you please tell me for any documentation for Portal Security i.e group and user management or if possible you can little explain ?
  Your help will be highly appreciated.
  Thanks
  Muhammad

• Check number of users and security

  Gurus,
  In our EPM environment (system 11.1.2), we have four different applications/databases (planning and essbase included) and i need to list the total users in all of the applications and see what there provisioning and security are. How could I be able to do that?
  Do I need to export security on all of them and filter them or is there any way to check the users in all of the applications at once?
  Thanks

  hyperion start wrote:
  Thanks for your reply Celvin
  Is there any way I can view a list of users by department?
  Is there any thing like that to sort by group/department.
  ThanksList of users by department - There are groups in Shared Services, are your groups arranged by department? if the answer for that is "Yes", then yes, the export of all Groups from Shared Services will list the children (member) of each group.
  I don't think there is a sort in Shared Services, however once the csv file is exported, you can do the sorting.

• Oracle users and application users

  Hi All,
  I'm currently developing a small application, probably 50 users max. I'm still having a hard time as to how I should create and manage the application users. I've thought of 2 ways but not really sure which will be the best approach.
  Approach 1: 1 application user = 1 oracle user.
  - This way I can create roles with specific privileges and grant them to particular users.
  - I won't have to manually configure/grant users access to specific modules in the application.
  - Each user will have their own connection since they will use their username and password to build the connection string.
  - I will be able to use the auditing feature.
  Approach 2: Create 1 user/schema with all the objects needed for the application then create my own users_tbl to store user credentials such as username/password etc.
  - Manually configure access to users on specific modules.
  - All users will use 1 connection string.
  - Will not be able to use auditing feature.
  can anyone else suggest any other approach or comment on my 2 approach.
  also, i will be using vb.net using vs 2005 to develop the application for my oracle 10g express edition database.
  thanks.

  Hello,
  Just to throw something into the hat....have you considered using the already installed APEX development environment that already comes with your XE?
  Much of this sort of 'connection pooling/handling' disappears using the APEX environment as it is all automatically-handled for you (which means you can then concentrate on the really important stuff).
  John.
  http://jes.blogs.shellprompt.net
  http://apex-evangelists.com

• Oracle User Admin -- Securing Attribute list

  Hi... does anybody hv the full list of "Securing Attributes" with explaination of how each of them are used.

  Hi,
  Do we have any profile or securing attribute in oracle that can be changed to force oracle to re-Enter password on selecting
  a particular responsibililty.I do not think such a profile exists, but you can manage the session timeout at the responsibility level -- See (Note: 412224.1 - How To Manage Timeout at Responsibility Level). A good practice is to train the end users not to leave their session open or to lock their workstations before leaving it!
  Regards,
  Hussein

• Users and Security Levels in lookout client

  I would like to setup users with different security levels in my Lookout 6.7 client application. When I try to add a user I get an error message that says "add user operation failed. Check the system drive disk space". There is plenty of drive space, 50GB. Is it possible to have users logon to the client with different security levels?
  Thanks,
  Brad Adams
  Communications Group Inc.
  Solved!
  Go to Solution.

  Run the User Manager in Administrator mode
  C:\Program Files (x86)\National Instruments\Shared\Logos
  Right click "usrmgr.exe", select Run as Administrator
  Forshock - Consult.Develop.Solve.

• I am a new egyption oracle user and i need some help....plz

  plz when i mack 2 windows in the developer i can exit the form but can't exit any window ..
  for example :- i macked 2 blocks and but each block in difrent window the 1st window called (zz) and the 2nd called (ww) now i can exit the form at all but can't exit (zz) or (ww) alone ..........
  plz help me thanks
  a.sherif

  You sound like you are using Oracle developer tools - the forums you need are on technet.oracle.com
  I am sure that if you post the query there you will get a response on a developers forum

• SSO, the enteprise user and the RAD in the DAS with oracle forms

  Hi,
  my environment is like this :
  databse :9.2.0.6
  OAS 10G (904)
  I follow the metalink note 185275.1
  and the link http://www.oracle.com/technology/obe/start/as.html
  * clik on oracle application server 10g(904)
  * clik on manage users and secure oracle application server 10g
  * creationg enterpise user using enterprise security manager
  I have create an enterprise user and map it to an database globa user and after this I created a enterprise role and map it to the a database role.
  My OID nad database are configured with ssl, and the ldapbind is successfull, and I can make a sqlplus connection, all thing are OK.
  My problem occur when I use my SSO config to launch my forms application (oracle forms)
  my config
  [sso_oid]
  sso_mode=true
  it popup me a logon screen to enter .
  Then must I create a RAD(resource acess descriptor) for each enterprise or one RAD for all enterprise user, but how to management the item menu depending the user has or not to this item menu.
  please helpe me.

  Wolfram,
  I think the answer to your question is going to be no, but can you explain your requirements in detail? I don't understand what you want to do.
  Scott