Oracle user ID Role

Similar Messages

• Oracle User/Schema Role?

  For a long long times before, I created a schema named "kennam" (kennam/kennam007@kennam), but it having system tables like "SMP_VDM_ADDRESS" on Oracle SQL Developer.
  I don't want to see system table(s). What should I do?
  Also, why I created a new user/schema "koonhey", recently (koonhey/koonhey007@koonhey) is NO system table .

  Did you (or somebody else) by any chance run 9.x EM Config Assistant, EM Trace Data Viewer or other tools from EM packs while loggeed in as that database user?
  Run this query:
  select owner,substr(object_name,1,4) tabgroup, count(*) numof_couldbe_emrepobjs from dba_objects
  where object_name like 'SMP\_%' escape '\' or object_name like 'EPC\_%' escape '\'
  or object_name like 'EVT\_%' escape '\' or object_name like 'VD_\_%' escape '\'
  group by owner, substr(object_name,1,4);
  I suspect that abbreviations such as these could belong to OEM (OMS repository):
  EPC = EM Trace Data Viewer (Event Performance Collector)
  EVT = EM Events
  SMP = EM general repository
  VD? = EM framework
  You could check your listener.log to find programs that have connected to your database.
  Message was edited by:
  orafad

• How to implement Oracle user/role security with Access front end?

  Hi,
  We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
  In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
  We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
  I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
  I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
  Can someone give me some assistance or point me in the right direction?
  Thanks in advance,
  Larry

  We had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
  In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
  We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
  We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
  In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
  The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
  The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
  Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
  For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
  After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
  This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
  The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
  Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
  I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
  Larry

• How to use the user and role API's and where to use it

  Hi All,
  I have configured SSO for my UCM11g. Now my application authenticates through the Oracle SSO login page. Currently it is working with SQL authenticator.
  Now, i have to use LDAP authenticator. when i will configure the LDAP authenticator, i have to use the user and role API's to fetch the user profile information from LDAP. i have got the API's which will be used to fetch the respected information, but i am not getting as where i will write those java programs and how this API will be used in my application. what settings i need to do on it so that application uses the API's. ?
  Please can anyone help me on this.
  thanks,
  Saurabh

  Hi, Mithu,
  Thanks a lot for your help in advance.
  I have carefully read the document: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6b66d7ea-0c01-0010-14af-b3ee523210b5.
  Now, I think I have to set the processor of every actions in every process if I use the GP for processing the workflow.
  I am better to hope that I can set the processor to the role for every actions in every process in the runtime through get the organizational structure in the WDA(webdynpro for java or webdynpro for java). Thus, the customer don't set the processor to the role for every action in every process when runing in the GP.   I don't know how to do this. 
  Whether the function is not supported in the GP? If so, I have to config two organizational structure: in the R/3 and in the Portal. I don't think our customer don't receipt this solution.
  Do you give me some hints? Thanks a lot.  My email: [email protected]
  Thanks again.
  Thanks & Regards,
  Tao

• During import ora-01917 user or role does not exist "High Priority"

  Hi,
  When i import the data the following error occured.
  imp system/[email protected] fromuser=dmv_ace_ruh touser=dmv_ace_ruh file=F:\dmvaceruh.dmp log=F:\dmvaceruhimp.log ignore=y
  fromuser=dmv_ace_ruh (exported by another database i.e database name is ACE)
  OS = Sun solaris
  touser=dmv_ace_ruh (database name is SAI)
  OS = windows server 2003
  Database Common 10g
  Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
  With the Partitioning, OLAP and Data Mining options
  Export file created by EXPORT:V10.02.01 via direct path
  Warning: the objects were exported by DMV_ACE_RUH, not by you
  import done in AR8MSWIN1256 character set and AL16UTF16 NCHAR character set
  export client uses WE8MSWIN1252 character set (possible charset conversion)
  . importing DMV_ACE_RUH's objects into DMV_ACE_RUH
  . . importing table "DMV_COVER_RISK_SMI_DISC_LOAD" 0 rows imported
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT ALTER ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT DELETE ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT INDEX ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT INSERT ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT SELECT ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT UPDATE ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT REFERENCES ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT ON COMMIT REFRESH ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  ORA-01917: user or role 'PREM_ACE_RUH' does not exist
  IMP-00017: following statement failed with ORACLE error 1917:
  "GRANT QUERY REWRITE ON "DMV_COVER_RISK_SMI_DISC_LOAD" TO "PREM_ACE_RUH""
  IMP-00003: ORACLE error 1917 encountered
  Regards
  S.Azar
  DBA
  Edited by: azarmohds on Oct 5, 2009 5:11 AM

  oradba wrote:
  What's not clear with this error message? The mentioned role ''PREM_ACE_RUH' does not exist in the target database. So granting privileges to this role cannot work.
  Werner''PREM_ACE_RUH' this is one of the user of ACE database. but i exported DMV_ACE_RUH user data only...
  but i cannot import the dmv_ace_ruh data to same user name of SAI database..
  regards
  S.azar

• Changing passwords of oracle users

  Dear all
  I wander is there any problem if changing password of oracle users SAPOWNER, system,sys . (I guess command for that is brconnect -u system/<password> -f chpass -o <sapowner> -p <password>
  ). What about sys and system. (I hope that after changing passwords the system will be functional)
  Which user is used when "sqlplus / as sysdba"
  thank you in advance

  Hello Jan,
  I wander is there any problem if changing password of oracle users SAPOWNER, system,sys
  Well we already discussed the SAPOWNER here: http://forums.sdn.sap.com/message.jspa?messageID=10814500#10814500
  If you change the password of SYSTEM or SYS there will be no problem at all. These users/password combination is not used in a SAP environment unless you explicitly specify the SYSTEM user and password in some BR*Tools calls like brconnect. If you just use the "/" default approach, the OS authentication mechanism (OSDBA) is used - so no issue there at all.
  @Orkun:
  This is not a user, but a role. So when you connect to the database by using "/as sysdba" you will be able to connect to the system by sysdba role not by a user.
  If you use this apporach you are connected with the user SYS - so you are using a user for sure (and btw. you can only logon with SYS by using SYSDBA role). The only difference between "sqlplus / as sysdba" and "sqlplus SYS as sysdba" is, that you are using the specified OSDBA group with the first approach (so no password is required).
  shell> pwd
  /oracle/<SID>/11202/rdbms/lib
  shell> grep dba config.s
  #  SS_DBA_GRP defines the UNIX group ID for sqldba adminstrative access.
          .rename H.16.ss_dba_grp{TC},"ss_dba_grp"
          .globl  ss_dba_grp{RW}
  T.16.ss_dba_grp:
          .tc     H.16.ss_dba_grp{TC},ss_dba_grp{RW}
          .csect  ss_dba_grp{RW}, 3
  # End   csect   ss_dba_grp{RW}
          .string "dba"
  shell> sqlplus / as sysdba
  SQL> SELECT sys_context('USERENV', 'SESSION_USER') FROM DUAL;
  SYS_CONTEXT('USERENV','SESSION_USER')
  SYS
  shell> sqlplus SYS as SYSDBA
  Enter password:
  SQL> SELECT sys_context('USERENV', 'SESSION_USER') FROM DUAL;
  SYS_CONTEXT('USERENV','SESSION_USER')
  SYS
  Regards
  Stefan

• Developing Custom User and Role Providers

  Hi
  I am new to Fusion Middleware and trying to develope a Custom User and Role Providers based on the pdf "Oracle® Fusion Middleware Application Security Guide 11g Release 1 (11.1.1) E10043-06"
  It mentioned a sample code "sampleprovider.zip" in chapter 18.10.7 Example: Implementing an Identity Provider
  I couldn't find this zip file anywhere, Can someone know this please let me know how to get this zip?
  Many Thanks
  djia002

  URL:
  http://download.oracle.com/docs/cd/E14571_01/core.1111/e10043/devuserole.htm#CHDEBAEB
  18.10.7.1 About the Sample Provider
  The sample provider is bundled in <b>sampleprovider.zip</b>. Unzip the file. It should generate the following structure (...)

• APEX installation failed. ORA-01917: user or role 'FLOWS_FILES' does not...

  Hey All,
  The following environment:
  - RedHat Enterprise Linux AS Update 4
  - Oracle DB EE 10.2.0.1.0
  - OHS 10.1.2.0.0 (Standalone Companion CD)
  * No errors with any of the installs. All working order.
  Application Express 2.2 installation:
  When I ran apexins.sql and passed the following six arguments in the order shown:
  @apexins password adde addeData TEMP /i/ NONE
  I noticed the following set of errors in the error logs:
  grant connect, resource to flows_files
  ERROR at line 1:
  ORA-01917: user or role 'FLOWS_FILES' does not exist
  ... and it goes on and on about the user/role.
  After post installation tasks have been completed, visits to
  http://hostname.domain:port/pls/apex
  result in the following error being displayed:
  wwv_flow.app_not_found_footer_err
  wwv_flow.err      wwv_flow.app_not_found_err
  *Note: My URL shows
  http://hostname.domain:port/pls/apex/apex
  Any ideas or suggestions? I am afraid I have a necessary database account locked, the documentation is off, or I have misconfigured a necessary step.
  Thanks!
  Daniel Nguyen

  You should also double check that the tablespace named addeData actually exists in your database. If it does not, the FLOWS_FILES user will not be created, and that will result in a failed installation.

• Extract Users and Roles

  Hi,
  I would like to move my users and roles from one system to another . Is there a way i can export and import the data back into the system.
  I have already tried to export the repository schema and it did not give the necessary output.
  I am working in 5.5 SP6 version
  Regards,
  Vignesh

  Hi
  You can do at Data base level using DML Queries, follow the below links.
  How to Create Mass Users/Roles in SAP MDM Repository Running On Oracle Database
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a0daad81-6a4b-2c10-9cb8-9586b0ebfb28?quicklink=index&overridelayout=true
  How to Create Mass Users/Roles in SAP MDM Repository Running On SQL Database
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f0224edf-bf37-2c10-228f-c16415815c5f?quicklink=index&overridelayout=true
  regards
  Sowseel

• Minimum rights needed for Oracle user to run BO

  Hi team,
  One of my customer here made connection from BO XI installer to oracle database with this user B_A. Say this user is the admin user of CMS db. Now he finds that the user B_A  user has schema role rights which customer doesn't want
  and he wants to remove those rights.
  he wants to know what are the minimum privileges or rights oracle user needs to keep BO XI running without problem and if he can remove those excess schema rights from that.
  could some one please help me
  Regards,
  DV

  Well, Oracle DBA should be able to answer all those questions for the customer.
  I'm not a DBA, so my unerstanding of Role is that they are the predefined collections of rights users have on the DB according to the usual roles users play.
  So when DBA's are managing Oracle DB they don't have to assign each user every single right, but can just assign Roles, which will include most common rights....
  If we're talking rights alone - BOE CMS DB user need create, delete, modify, expand, write, insert etc... 
  There is absolutly no reason why CMS DB schema owner cannot have all the default rights that come with Resource and Connect roles.

• Move grid standalone installation under oracle user

  Dear Experts,
  I have a requirement from the customer to move a recent 11gR2 grid standalone infrastructure from grid os user to Oracle os user.
  We don't want to disturb the installed database and ASM.
  I am wondering if there is any easy / quick way to do it? For example make the grid user equivalent to the oracle user ? Kindly provide the steps.
  My OS is Redhat Linux 5.
  Best Regards,
  D
  PS: I know Oracle recommends role separation grid vs Oracle os user. But that's a customer requirement

  Thank you. I understand of that I have to deinstall and make new fresh install of grid standalone under oracle user. Is it correct?

• Oracle users and application users

  Hi All,
  I'm currently developing a small application, probably 50 users max. I'm still having a hard time as to how I should create and manage the application users. I've thought of 2 ways but not really sure which will be the best approach.
  Approach 1: 1 application user = 1 oracle user.
  - This way I can create roles with specific privileges and grant them to particular users.
  - I won't have to manually configure/grant users access to specific modules in the application.
  - Each user will have their own connection since they will use their username and password to build the connection string.
  - I will be able to use the auditing feature.
  Approach 2: Create 1 user/schema with all the objects needed for the application then create my own users_tbl to store user credentials such as username/password etc.
  - Manually configure access to users on specific modules.
  - All users will use 1 connection string.
  - Will not be able to use auditing feature.
  can anyone else suggest any other approach or comment on my 2 approach.
  also, i will be using vb.net using vs 2005 to develop the application for my oracle 10g express edition database.
  thanks.

  Hello,
  Just to throw something into the hat....have you considered using the already installed APEX development environment that already comes with your XE?
  Much of this sort of 'connection pooling/handling' disappears using the APEX environment as it is all automatically-handled for you (which means you can then concentrate on the really important stuff).
  John.
  http://jes.blogs.shellprompt.net
  http://apex-evangelists.com

• Identify system defained roles and user defained roles

  Hi,
  I have an issue.
  Oracle Version : 9.2.0.1.0
  Operating system: Windows 2000 server
  How can we identify system defained roles and user defained roles?
  Please help me to solve this.
  Regards,
  Mat.

  Check yourself these views
  DBA_ROLES
  DBA_ROLE_PRIVS
  USER_ROLE_PRIVS
  ROLE_ROLE_PRIVS
  ROLE_SYS_PRIVS
  ROLE_TAB_PRIVS
  SESSION_ROLES
  For default predefined roles in the database, take a look at the below url.
  http://youngcow.net/doc/oracle10g/network.102/b14266/admusers.htm#i1008784
  Regards,
  Sabdar Syed.

• Welcome to the new Oracle User Group Community

  Welcome to the new Oracle User Group Community. Whether you landed here via the redirect from the previous community site - IOUC.org - or navigated here directly, welcome. This new platform brings new community features to enhance the way you connect with user group peers and with Oracle, as well as make it easier for you to find information through a more intuitive interface. We invite you to provide your feedback on the new site. Log in using your OTN Forum credentials and join the discussion here. If you do not yet have OTN Forum log in credentials, navigate to http://community.oracle.com/community, click on the "Register" link in the upper right corner of the page and create your account.
  We look forward to hearing from you.

  Hi Kashif,
  Glad you like the new Community. Communication among user group leaders works a little differently on this site than on the previous site. Rather than having communication focus around e-mail distribution lists, communication now is focused within the site itself. The intent is that this will provide users the one place to come for information, rather than having to sort through lots of e-mail threads. That doesn't mean that e-mail is completely out of the picture though. Users can opt-in to receive e-mail notifications when an individual piece of content is changed, or when content is posted to a space. Look for the "Receive email notifications" link under "Actions" to start receiving notices. To stop receiving notices, go back to the same content/space and click "Stop email notifications".
  Your Relationship Manager will be talking with you and the other leaders in your region over the next few days and weeks regarding how you and your group of leaders want to communicate.
  Best regards,
  Oracle User Group Team

• ORA-20160: Encountered an error while getting the ORACLE user account.

  when users trying to apply for the leave . Once they apply for the leave and the respective manager approves it.
  They get an notification mail with the error message The changes were not applied because ORA-20160: Encountered an error while getting the ORACLE user account for your concurrent request. Contact your system administrator. ORA-06512: at "APPS.ALR_PER_ABSENCE__800_53447_IAR", line 3 ORA-04088: error during execution of trigger 'APPS.ALR_PER_ABSENCE__800_53447_IAR'
  EBS : 12.1.2
  Database : 11.2.0

  We are also facing the same issue , with the following error.
  The Changes were not applied because ORA-20160: Encountered an error while getting the ORACLE user account for your concurrent request, Contact your system administrator. ORA-06512: at “ APPS.ALR_PAY_ELEMENT_801_53338_IAR”, line 1 ORA-04088: error during execution of the trigger ‘APPS.ALR_PAY_ELEMENT_801_53338_IAR’
  Dear Hussein ,
  As per your suggestion , if we disable the trigger , does it workflow goes ahead without any problems ?
  By Disabling the trigger , what would be the impact ? I mean does we are going to loose the data that was supposed to be updated the trigger.
  And basically please educate me . what is the use of this APPS.ALR_PAY_ELEMENT_801_53338_IAR’ ?
  Regards
  Raghu