Oracle users and revoking privileges

Similar Messages

• Difference between Security Oracle user and Security User

  Hi All,
  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.
  Thanks,
  Mahesh.
  Edited by: 991854 on Mar 12, 2013 1:49 AM

  Can anyone give me the difference between Security-> Oracle -> user and Security-> User in System Administrator Resp of oracle apps R12.Security > Oracle > Register:
  Use this window to register an ORACLE username with Oracle E-Business Suite. An ORACLE username grants access privileges to the ORACLE database
  http://docs.oracle.com/cd/E18727_01/doc.121/e12893/T174296T174305.htm
  Security > Oracle > Data Group:
  A data group defines the mapping between Oracle E-Business Suite products and ORACLE database IDs. A data group determines which Oracle database accounts a responsibility's forms, concurrent programs, and reports connect to. See: Defining Data Groups, Oracle E-Business Suite System Administrator's Guide - Configuration.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Security > User > Define:
  Use this window to define an Oracle E-Business Suite user. This user is an authorized user of Oracle E-Business Suite, and is uniquely identified by a username.
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156461.htm
  Thanks,
  Hussein

• Script to list the users and their privileges in a database

  Hi Team,
  Can someone provide me a script that list all the users and their privileges in a database?
  DB version:11.2.0.2
  OS:AIX

  Osama_mustafa wrote:
  Why you create your own script
  SELECT * FROM USER_SYS_PRIVS;
  SELECT * FROM USER_TAB_PRIVS;
  SELECT * FROM USER_ROLE_PRIVS;
  That won't tell him what privileges a user has via a role. It will only tell him what privilges were granted directly, and what roles were granted directly. But those roles have privileges, and may have other roles, which have still more roles and privs, etc. It's a recursive issue and a simple select from user__privs won't get it.
  Pete Finnigan has a good script for reporting the entire picture. I leave it as an exercise for the student to use google to find it. I have already given all the information needed to complete that exercise.

• User and Group privileges Migration

  Hi All,
  I am using OBIEE10g. I have created 2 users in RPD.2 Groups in RPD.same group name in Answer catalog.
  then we created 2 dashbords.
  We implimented below security,
  "Dashboar1 for group1 and Dashboard2 for Group2."
  Now,We have to migrate 2 dashboards and users and Group with privileges.
  Could you please let me know how will do.
  Thanks
  Gram.

  Hi,
  If your production doesn't has any obiee contents.
  Then, this would be your 1st rpd, catalog which moves on production, this can be done simply by copying contents to the same locations in the production server.
  i.e. copy rpd, catalog to the production server (Rpd goes in Oraclebi - server - repository and change rpd in nqs config) and (catalog goes to oracle bi data - web - catlog and change the instance config catlog path).
  If your production has any previous contents.
  Then, you need to merge the exisiting ones. So, check for repository merge and catalog merge.
  http://www.eeblog.org/index.php/obiee-10g-repository-and-catalog-migration-merging/
  Thnk u.

• Oracle users and application users

  Hi All,
  I'm currently developing a small application, probably 50 users max. I'm still having a hard time as to how I should create and manage the application users. I've thought of 2 ways but not really sure which will be the best approach.
  Approach 1: 1 application user = 1 oracle user.
  - This way I can create roles with specific privileges and grant them to particular users.
  - I won't have to manually configure/grant users access to specific modules in the application.
  - Each user will have their own connection since they will use their username and password to build the connection string.
  - I will be able to use the auditing feature.
  Approach 2: Create 1 user/schema with all the objects needed for the application then create my own users_tbl to store user credentials such as username/password etc.
  - Manually configure access to users on specific modules.
  - All users will use 1 connection string.
  - Will not be able to use auditing feature.
  can anyone else suggest any other approach or comment on my 2 approach.
  also, i will be using vb.net using vs 2005 to develop the application for my oracle 10g express edition database.
  thanks.

  Hello,
  Just to throw something into the hat....have you considered using the already installed APEX development environment that already comes with your XE?
  Much of this sort of 'connection pooling/handling' disappears using the APEX environment as it is all automatically-handled for you (which means you can then concentrate on the really important stuff).
  John.
  http://jes.blogs.shellprompt.net
  http://apex-evangelists.com

• Call PL/SQL Package to Create DB User and assign Privileges

  Hi All,
  I'm sure this has been covered before but I couldn't find anything relevant....
  I'm calling a PL/SQL Process from within an Apex (version 2.0) Page, that ultimately Creates a New DB user.
  I am receiving an ORA-01031: insufficient privileges error. My Application User and the Package owner both have privileges to Create a DB user.
  What am I missing?
  Thanks,
  Mike

  Never, ever grant additional privileges to the apex_public_user account. It achieves nothing and makes the account over-privileged. The only privilege it needs is CREATE SESSION.
  Mike - Your application's parsing schema (I assume that's the package owner) needs to be granted privileges directly and not through roles. I don't know what you mean by your application user's privileges. Those users are not database accounts (unless you are using a dedicated DAD, etc.).
  Scott

• Changed Ulimits values for the Oracle user and getting error -bash: ulimit: max user processes: cannot modify limit: Operation not permitted when logging in.

  I'm trying to increate the ulimits for max user processes and open files for the oracle user.  I've set the values in limits.conf, /etc/profile and in oracle's environment scripts. Now when I log in as oracle I get the below errors. If I change the ulimits back to the original values errors go away but ulimits aren't changed.
  login as: oracle
  [email protected]'s password:
  Last login: Fri Mar  6 09:56:02 2015 from mtkadmin12
  You are logging onto an Oracle system.
  Kickstarted on: 2014-06-05
  -bash: ulimit: max user processes: cannot modify limit: Operation not permitted
  -bash: ulimit: max user processes: cannot modify limit: Operation not permitted
  [oracle@servername ~]$

  Thanks for the update.
  I modified the /etc/security/limits.d/90-nproc.conf and added a line for oracle and also modifed the oracle.sh file.  The ulimits are setting correctly when I su - oracle but they are still wrong when sshing in as oracle.
  [root@mtkdevorap11d-1 ~]# su - oracle
  [oracle@mtkdevorap11d-1 ~]$ ulimit -Ha
  core file size          (blocks, -c) unlimited
  data seg size           (kbytes, -d) unlimited
  scheduling priority             (-e) 0
  file size               (blocks, -f) unlimited
  pending signals                 (-i) 1030982
  max locked memory       (kbytes, -l) 94371840
  max memory size         (kbytes, -m) unlimited
  open files                      (-n) 65536
  pipe size            (512 bytes, -p) 8
  POSIX message queues     (bytes, -q) 819200
  real-time priority              (-r) 0
  stack size              (kbytes, -s) unlimited
  cpu time               (seconds, -t) unlimited
  max user processes              (-u) 16384
  virtual memory          (kbytes, -v) unlimited
  file locks                      (-x) unlimited
  [oracle@mtkdevorap11d-1 ~]$
  [oracle@mtkdevorap11d-2 ~]$ ssh mtkdevorap11d-1
  Last login: Mon Mar 16 13:04:16 2015 from mtkdevorap11d-2.conveydev.com
  You are logging onto an Oracle system.
  Kickstarted on: 2014-06-05
  [oracle@mtkdevorap11d-1 ~]$ ulimit -Ha
  core file size          (blocks, -c) unlimited
  data seg size           (kbytes, -d) unlimited
  scheduling priority             (-e) 0
  file size               (blocks, -f) unlimited
  pending signals                 (-i) 1030982
  max locked memory       (kbytes, -l) 64
  max memory size         (kbytes, -m) unlimited
  open files                      (-n) 4096
  pipe size            (512 bytes, -p) 8
  POSIX message queues     (bytes, -q) 819200
  real-time priority              (-r) 0
  stack size              (kbytes, -s) unlimited
  cpu time               (seconds, -t) unlimited
  max user processes              (-u) 16384
  virtual memory          (kbytes, -v) unlimited
  file locks                      (-x) unlimited
  [oracle@mtkdevorap11d-1 ~]$

• Tracing all users and their privileges

  Hi everbody!
  I want to trace all users(online/offline) and those user's given privileges as a system dba. Are there any data dictionary views to trace it ?
  i.e.
  we have 3 users and 3 of them have connect,resource. How can we know who have which privs ?
  i checked dba_role_privs, nothing to solve my prob.
  thanks.

  You should never assign CONNECT or RESOURCE to anyone.
  Determine what privileges each connected user requires and create a role that contains the actual privs required.
  System and Object privileges may be granted explicitly or in roles and roles can be granted to roles. Check here too:
  all_tab_privs_made
  all_tab_privs_recd
  all_col_privs_made
  all_col_privs_recd

• "oracle" user and security

  I am running Oracle 10g XE on a Linux machine (RHEL 4.0).
  I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:
  Authentication Failures:
  unknown (200.3.248.22): 4159 Time(s)
  oracle (200.3.248.22): 36 Time(s)
  How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.
  Can I change the password to something strong without affecting my system?
  Thanks!

  Can I change the password to something strong without affecting my system?
  I just wonder if it will cause any problems if I change the password? I don't want to mess up my system.Well for Oracle SW (and whole local OS) there is no problem. Problem could be if you are using some external scripts that you are using on remote machine (and which using login password sequence to access the OS).
  How do I know that the password for the "oracle" user is secure? I didn't create it and I don't even know what it is.To check the password strength you can use some utilities. For example John is very good for that: http://freshmeat.net/projects/john/
  I am fairly new to Linux. In the LogWatch report I receive every day, I notice that hackers are trying to log in as the "oracle" user, e.g.:Why aou are running your database in untrusted network segment (internet). Best practice is to place such system to secured segment (DMZ, VLAN). If the reason is that your 3rd party partner needs to connect to database you can do IPSEC tunnel.
  Of course don't allow to connect anyone to your machine and to any port. So the recommendation about iptables (netfilter) is appropriate.

• Create user and session privilege

  Hi everyone. I connected to database as SYSTEM and created new user (Tom):
  CREATE USER Tom IDENTIFIED BY Tom
  Then using SQL Developer tried to connect to the database as Tom and got error, that Tom lacks CREATE SESSION privilege. How to give him it?

  You need to give a certain quota to that user, or that role. For example,
  ALTER USER <username> QUOTA UNLIMITED ON <tablespace_name>;
  You can also specifiy a set amount in place of the unlimited keyword.
  ALTER USER <username> QUOTA 500M ON <tablespace_name>;
  If you create a role, then assign the privileges to that role you can group your privileges together. When you create a new user just assign the role to the user. You can then just add privileges or remove them from the role and this will take affect for all the users that have that role.

• I am a new egyption oracle user and i need some help....plz

  plz when i mack 2 windows in the developer i can exit the form but can't exit any window ..
  for example :- i macked 2 blocks and but each block in difrent window the 1st window called (zz) and the 2nd called (ww) now i can exit the form at all but can't exit (zz) or (ww) alone ..........
  plz help me thanks
  a.sherif

  You sound like you are using Oracle developer tools - the forums you need are on technet.oracle.com
  I am sure that if you post the query there you will get a response on a developers forum

• How to set "administration" privileges to a non-oracle user

  Hi, I like to know if exist any paper or best practice to set administation privileges to a non-oracle user.
  Where I work, I've the oracle user and I can run any administration task, but I want, for example, that any developer can deploy a war in the "developer environment", whatever I wan't they can change opmn.xml setting or touch another instance in the same server.
  I 've looking in this forum and another sources but not found anything.
  Really Thanks

  We are using iAS v9.0.4 on AIX 5L (64 bits).
  Isn't there a way for automatically deploy ears, just by putting them on a specific disk directory ?
  Thanx
  José Viegas

• Create user with dba privileges

  How do I create a user with DBA privileges in Oracle? The user should be able to create, insert, delete, truncate and other functions without any limits. Do I have to issue GRANT statements?

  Hi,
  I don't believe there's any way to create a user and grant privileges in one command.
  First, create the user:
  CREATE USER  foo  IDENTIFIED BY  bar;Then grant the privileges. There's a pre-defined role called DBA that has all the privileges you mentioned.
  GRANT  dba  TO  foo;It's easy to write a script to do these two commands together, so you could say
  @CREATE_USER  foo  bar  dba

• ORACLE - How to GRANT privilegies on ALL the tables belonging to a schema

  Is there a way to grant to a user the same privilegies on ALL the tables belonging to the same schema, so that, in case a new table is created afterwards, the grant is automatically given ?
  Thanks in adance for any reply

  Yes of course ! Just do the same as Oracle Applications: an end user has no Oracle account, the application code connects with the Oracle account that is the schema owner:
  no more grant needed ... That's a joke but it's also true ! In this case, your application must implement its own security (password management, audit, privileges) and you will not be able to use Oracle privileges, auditing and advanced security features ... just like Oracle Applications.
  The above answers are of course correct. You can also create an Oracle role that you can grant to the Oracle users and grant the privileges to this role everytime a new table is created to avoid granting privileges for each new object to each user.

• Oracle user can't execute grid owned asmcmd

  11.2.0.2 in RHEL 5.4
  In my shop, OS user grid manages Grid Infrastructure.
  I don't have the password for grid user.
  As oracle user , I was trying to invoke asmcmd. But it errored out with the below error. Is this normal ?
  It seems that Oracle installs its own perl binary in GI Home.
  I can run crsctl which run from GI home though.
  ## Currently connected as oracle user
  $ id
  uid=555(oracle) gid=56(oinstall) groups=55(dba),56(oinstall),57(oper),58(asmadmin),59(asmdba)
  # oracle user has execute privileges on crsctl binary (because oracle belongs to oinstall group )
  $ ls -alrt `which crsctl`
  -rwxr-xr-x 1 grid oinstall 8260 Jun  1  2011 /u01/app/grid/product/11gR2/bin/crsctl
  # Attempts to invoke asmcmd command from oracle user fails because it doesn't have execute privilege on perl and asmcmd binaries in GRID_HOME/bin
  $ echo $ORACLE_SID
  +ASM1
  $ asmcmd
  /u01/app/grid/product/11gR2/bin/asmcmd: line 123: /u01/app/grid/product/11gR2/perl/bin/perl: Permission denied
  /u01/app/grid/product/11gR2/bin/asmcmd: line 146: /u01/app/grid/product/11gR2/perl/bin/perl: Permission denied
  /u01/app/grid/product/11gR2/bin/asmcmd: line 146: exec: /u01/app/grid/product/11gR2/perl/bin/perl: cannot execute: Permission denied
  $ ls -alrt /u01/app/grid/product/11gR2/perl/bin/perl
  -rwx------ 1 grid oinstall 1424555 Sep  3  2009 /u01/app/grid/product/11gR2/perl/bin/perl
  $
  $ which perl
  /usr/bin/perl
  $ ls -alrt /usr/bin/perl
  -rwxr-xr-x 2 root root 19208 Jul  2  2009 /usr/bin/perl
  # oracle user doesn't have execute privileges on asmcmd
  $ ls -alrt `which asmcmd`
  -rwxr-x--- 1 grid oinstall 5469 Apr 21  2010 /u01/app/grid/product/11gR2/bin/asmcmdIn my previous shops, oracle user managed both RDBMS and GI homes.
  So, I would like to know ; In a typical RAC setup where grid user manages GI , what are the grid owned binaries that oracle user cannot execute ?

  As oracle user , I was trying to invoke asmcmd. But it errored out with the below error. Is this normal ?yes as asmcmd suppose to be run from grid user after setting the oracle env variable.
  -rwx------ 1 grid oinstall 1424555 Sep 3 2009 /u01/app/grid/product/11gR2/perl/bin/perl-rwx------
  user under oinstall group doesn't have permission to execute file under above location.
  only grid can execute it.
  so login with grid and run asmcmd cmd.