Portals, Disco and VPD

If I set up a 10g Portals, Disco environment with SSO, how can VPD be used? I've seen it referred to a few times on this forum, and I'm wondering if it creates some identifier for a database user logging in to Portals or Disco, and therefore a folder or view could limit on this identifier?
Any thoughts on this?
Thx.
Russ

Hi Steve
I was always told that using a VPD with public connections and Portal / Viewer is a very dangerous thing to do if web cache is in use. Of course if we turn webcache off and make sure that the VPD uses the CLIENT_IDENTIFIER then all queries will run every time they are called and be constrained via VPD.
One of the great advantages of having web cache is that it will remember the data from the last time the query was run or from when the portlet was refreshed. But if you are using a VPD, neither Discoverer Viewer nor Portal (Plus does not use web cache anyway) has any idea of what the database is up to and thus the data will be retrieved from the cache - which will certainly break the security because the new user will see the data from the previous execution. Thus, pulling data via a public connection with SSO in use must be restricted to only that data which cannot change.
On page 802 of my Discoverer 10g Handbook, I quote:
It is vitally important that you not attempt to use Web Cache with sensitive data. This is because Web Cache has no mechanism to protect its content. When a request is made to Web Cache for a page that is cacheable (as defined by the caching rules) but has not yet been cached, then Web Cache makes a request on behalf of the user to the Oracle HTTP Server (Apache). OHS has the mod_osso add-on module, whose job it is to guarantee that a user must be authorized to view a page.
The first time such a request is received, the Single Sign-On connection screen will appear and the user will need to provide his or her SSO user name and password. But, because the page is cacheable, Web Cache will keep a copy of it in memory. Then, any subsequent request from any user will deliver the user the page without authentication. This is why Oracle explains that you must cache only Discoverer Viewer content delivered through a Discoverer Public connection. The long and the short of this is that you should not cache pages in Web Cache unless it is okay for everyone to see them.
In other words - do not use a VPD when Web Cache is in use.
I hope this helps
Regards
Michael

Similar Messages

  • Portal 902 and VPD

    Hi,
    Portal 902 is supposed to be integrated with VPD. Is there any documentation on this integration? I have looked all over Technet and also the Portal online documentation, and cannot find anything, except for some stuff in Metalink on VPD in 309. Any clues anyone?
    Regards,
    Steve West

    The integration refers to the ability to DB users to Portal users. See the following note for implementation details for Portal and VPD. R2 should be no different.
    Note:177471.1

  • Jdeveloper with VPD / FGAC possible ? i.e. oracle portal tables and views

    I am trying to create some view objects based on oracle portals views and tables. However I always get the following error.
    ORA-06510: PL/SQL: unhandled user-defined exception
    ORA-06512: at "PORTAL.WWCTX_SSO", line 1407
    ORA-06510: PL/SQL: unhandled user-defined exception
    ORA-06512: at "PORTAL.WWCTX_SSO", line 1216
    ORA-06502: PL/SQL: numeric or value error
    ORA-06512: at "PORTAL.WWCTX_SSO", line 1469
    ORA-06512: at "PORTAL.WWCTX_API", line 152
    This is because I have not set the context using plsql. i.e
    portal.wwctx_api_private.set_context(p_user_name => 'PORTAL',p_update_flat => true);
    Is there a way of using portal views in jdevloper and setting the context first. I am thinking the portal database uses vpd, fine grained access control.
    Regards
    Orlando

    Hi,
    using ADF BC you can override the prepare session method on the AM to set the context.
    public void prepareSession(Session _session)
    super.prepareSession(_session);
    // some PLSQL like
    String appContext = "Begin ctxhrpckg.set_userinfo('"+getApplicationUserName()+"'); END;";
    java.sql.CallableStatement st= null;
    try
    st = getDBTransaction().createCallableStatement(appContext,0);
    st.execute();
    } catch (java.sql.SQLException s)
    throw new oracle.jbo.JboException(s);
    } finally
    try
    if (st!= null)
    st.close();
    } catch (java.sql.SQLException s2){}
    Frank

  • SSO between Portal Application and Portal Admin Tool

    Hi All,
    We have a requirement for implementing SSO between a Portal application and
    Portal admin tool.
    We are using WL Portal 8.1 SP4.
    Here is the reason for this requirement -
    A user logged-into Portal Application needs to login to Portal Admin tool to
    do some admin activity. We want to provide a link in the portal application
    using which the user can directly login to the Portal Admin tool without
    having to enter the credentials again.
    If someone has any info on how to implement this, can you please point me in
    the right direction.
    Thanks,
    ~Deepak

    Hi,
    When creating PP you have 2 options
    PP used for compiling and PP used for Building
    You create PP with all the libraries into Developing/Compiling Other DCs
    And another PP with all the libraries into can be packaged into other build results (SDAs).
    Once you have these 2 PP in place you add the DC as used DC.
    And this should resolve the issue.
    Hope this helps.
    Cheers-
    Pramod

  • How to add 1 more column in standard portal UWL and map the values.

    Hi
    I have one issue/requirement, please help me out on that also.
    In portal UWL, i want to add one more column TICKET ID COLUMN, and ticket id value I  will be putting as work item ID of abap Workflow, so whenever  approver opens his portal UWL, in first column i want to show ticket ID say 00012345, so how to add this ticket ID column in standard portal UWL and how to put/map  value of work item in that column.
    My idea behind this is, when ever say employee wants to know the status about his ticket ID, he can simply ask his manager regarding the ticket status by referring to that ticket ID which manager can easily find in his portal UWL in that extra TICKET ID COLUMN .
    Do I have to change anything in SAP inbox also ? Do i have to add 1 more colum in sap R/3 inbox also ? and will adding 1 more colum in sap inbox (R/3 inbox), will create automatically one more ticket ID colum in portal UWL also ?
    please let me know , as i do not want to add 1 extra column in R/3 inbox, just i want in portal UWL extra ticket ID column should come and i want to put workitem ID generated at the start of workflow, in that colum in portal UWL
    please help me on this.
    Thanks...
    Edited by: User Satyam on May 29, 2011 6:16 AM

    Hi Satyam,
    These are called custom attributes.  Here is a powerpoint that may be able to assist you with the documentation that the other poster gave you too.
    Always remember too when you make a change on the backend R/3 side, you must reregister your UWL connector.  And yes, the column must be available on the backend R/3 side.  We can't create on the fly columns in the UWL, that have no reference to the backend system in this case.
    Beth Maben
    EP - Senior Support Consultant II
    AGS Primary Support
    Global Support Centre Ireland
    Please see the UWL Wiki @
    https://www.sdn.sap.com/irj/scn/wiki?path=/display/bpx/uwl+faq  ***

  • Best Practice for Portal Patches and effort estimation

    Hi ,
    One of our client is applying the following patches
    1. ECC 6.0 SP15(currently SP14)
    2. ESS MSS SP15(currently SP14 with some level of functional customization )
    3. EP 7 SP18(currently SP14)
    We would like to kwow the best practice for applying portal patches and the effort estimation for redoing the portal devt on the new patch.
    o   What is the overall level of effort with applying Portal patches?
    o   How are all the changes to SAP objects handle?  Do they have to be
         manually re-entered?
    o  What is the impact of having a single NWDI instance across the
        Portal Landscape during the Patch process?
    Regards,
    Revathi Raju.

    Hi Revathi,
    o What is the overall level of effort with applying Portal patches?
    overall effort to apply the patch is apprx 1/2-1 days for NW7 system. This is exclude the patch files download because it's based on your download speed.
    o How are all the changes to SAP objects handle? Do they have to be
    manually re-entered?
    Depending on your customization. Normally it wont effect if you created the customzation application apart from SAP standard application
    o What is the impact of having a single NWDI instance across the
    Portal Landscape during the Patch process?
    Any change that related to NWDI, you might be need to re-deployed from NWDI itself.
    Thanks
    Regards,
    AZLY

  • Difference between Abstract portal Component and JSPDyn page.

    Hi Experts,
    What is the difference between Abstract portal Component and JSPDyn page.
    Thanks,
    Jay.

    Hi,
    The PDK provides two methods for creating a portal component:
    Abstract Portal Component
    The Abstract Portal Component class offers a lean method for writing HTML commands to the Web client as well as for basic event handling. It is an implementation of the IPortalComponent, which is the central abstraction of the Portal Component API.
    DynPage
    The Page Processor Component, which extends the Abstract Portal Component, returns a DynPage. It provides more sophisticated event handling. Controls that produce events (such as buttons and checkboxes) have an event attribute that contains the name of the event handling method. This event handling method is invoked by the DynPage when it occurs.
    The JSPDynPage is an implementation of the DynPage and allows the use of the DynPage in combination with JSP (Java Server Pages).
    The PDK documentation and examples focus on the DynPage. Easier event handling and the separatation of content development (JSP) from application development (Java) make the DynPage a better choice for components with interaction and changing content.
    For more details, Refer thes thread,
    https://fortress.wa.gov/dop/portal/irj/portalapps/com.sap.portal.pdk.basic.portalcomponentimplementation/docs/jspdynpage.html
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f0b3e9d5-b2af-2a10-20ba-9f6ce6b1a27f
    Hop it helps..
    GS
    Edited by: Sathishkumar GS on Apr 14, 2008 2:07 PM

  • WebDynPro ABAP iViews not picking the portal look and feel

    Hi,
    In our case , WebDynPro ABAP iViews not picking the portal look and feel.
    Is there any way to provide the custom developed portal theme link or css file to the WebDynPro application.
    Can it be done programmatically in the WD ABAP application.
    Best Regards
    Sid

    Look at the below link, it will answer your question:
    Re: EP 7 Portal stylesheet with WD ABAP
    Raja T

  • Portal look and feel?

    Hi,
    Can someone please direct me to threads/wiki/blog/sap help for customising portal look and feel like company branding logo and colour themes etc..  I have to a requirement to match SAP Portal interface to look like existing company intranet web site. 
    Also please let me know how can I transport these portal setting once configured to different environment (QA and PRD).
    Thanks
    Praveen.

    Hi Praveen,
    The questions you asked have been posted many a times before. Do search and if you dont get any good results then you may always post.
    As for know do refer to the following links:
    MastHead Change & Portal Desktop
    Portal Customizations Intro - Login Part 1
    Portal Customizations Intro - Login Part 2
    Portal Customizations Intro - Look&Feel Part 3
    http://wiki.sdn.sap.com/wiki/display/EP/LookandFeel
    For more information of Themes, Transporting themes - http://help.sap.com/saphelp_nw70/helpdata/en/f4/bb7a3b688d3c1de10000000a11402f/frameset.htm
    Thanks,
    GLM

  • Passing portal username and password as parameters in URL iview.

    Hi Gurus,
    i Have Created URL iView. i want to send the Username and password of portal to this url ,
    how can i access the portal username and password.
    Note: tried with j_user and j_password
    Regards
    K Naveen Kishore

    Hi,
    Jigar Oza
    Thanks for u r reply, i have tried with application integrator but there is a problem with usermapping.
    now what i have done is created HTTP System based on this system created URL iView,in application parameters username and password as MappedUser and MappedPassword every thing is working fine. user  logged in automatically when he logged into portal.
    there are tabs ,links in application .when i click on tabs or links it is assking to enter username and password of the application.
    did i do any thing wrong in creating HTTP system or URL iView,
    what are the necessary properties should be given.
    replys are highly appreciated.
    Regards
    K Naveen Kishore

  • How to create portal user and integrate with external appl login

    How to create portal user and integrate the user with external application for single sign-on ?
    I want to access my external application thru portal user ..?
    Shyam

    Hi Jithin,
    The link that you've shared talks about a different scenario.
    In my case, I want to pass the portal user id when the user clicks on the Help Link present in the header area.
    I am trying to pass it along with the Help Link Url property of a masthead iview but it is not getting passed to the target Url.
    I would like to know if it is possible to pass the Portal User Id in this way or not.
    Though if we create a appintegrator iview and pass the user id <User.UserID> along with the target Url, it reaches there.
    Thanks & Regards,
    Anurag

  • Oracle portal  session and pl/sql

    Hi all i use portal v.10.1.2.2.0 and i would like to play with a session variable. all i do is
    grant execute on wwsto_api_session to myportal from portal schema. and then i want to do
    l_store := portal.wwsto_api_session.load_session (p_domain, p_sub_domain);
    l_store.set_attribute ('myname', 'name');
    l_store.save_session;
    1) i do not know what is the p_domain, p_sub_domain
    2) when i do wwsto_api_session.get_sub_domain and wwsto_api_session.get_domain i get an error.
    How can i read and write to a variable session in oracle portal? to to like java set session and get session?
    Thank you in Advance,
    Antonis

    [email protected] wrote:
    Hi all i use portal v.10.1.2.2.0 and i would like to play with a session variable. all i do is
    grant execute on wwsto_api_session to myportal from portal schema. and then i want to do
    l_store := portal.wwsto_api_session.load_session (p_domain, p_sub_domain);
    l_store.set_attribute ('myname', 'name');
    l_store.save_session;
    1) i do not know what is the p_domain, p_sub_domain
    2) when i do wwsto_api_session.get_sub_domain and wwsto_api_session.get_domain i get an error."Storage is located by the combination of the domain and subdomain parameters, and the Login session ID.
    If a session store object has not previously been created for this combination of domain, sub-domain, and session ID, then an empty session store object is created and returned. "
    How can i read and write to a variable session in oracle portal? to to like java set session and get session?Hi,
    You may want to see the wwsto_api_session here in [Portal APIs|http://www.oracle.com/technology/products/ias/portal/html/plsqldoc/pldoc1012/index.html].
    "Working with the session object
    The general procedure for working with the session object is:
    1. Load the session object, with an appropriate domain and sub-domain combination, using the load_session method.
    2. Manipulate the content of the object using the set_attribute methods, or just access its content using the get_attribute methods.
    3. Force these changes to be saved, using the save_session method.
    Typically this sequence occurs within the scope of one client routine that extracts and/or sets all of the client states. For example:
    declare
    l_store portal30.wwsto_api_session;
    l_date date;
    begin
    l_store := portal30.wwsto_api_session.load_session ('PORTAL', 'TEST');
    l_store.set_attribute ('LAST_ACCESSED', sysdate);
    l_store.set_attribute ('USERNAME', 'SMITH');
    l_store.set_attribute ('COUNRTY_CODE', 1);
    l_store.set_attribute ('LOCATION', 'US');
    l_store.set_attribute ('LAST_LOGGED_ON', sysdate);
    l_store.set_attribute_as_string
    ('OFFICE_LOCATION', 'CALIFORNIA', 'US', 'STRING');
    l_store.save_session;
    end;
    The login session that creates the session storage object is defined by wwctx_api.get_sessionid. "
    ref: wwsto_api_session for Portal 10.1.2
    then, look for the functions for getting attributes as number, varchar2, string or index, etc. in the above link.
    hope that helps!
    AMN

  • Oracle portal 9 and oracle webcenter and SSO

    dear team.
    we have oracle portal 9 and oracle webcetner in my orgnization. both have different usernames/passwords. is there a way to have only one single username/password (webcenter ones) how can i do that. or even can we implement SSO thrugh windows login.
    is there a way to intergrate both in a way to have only one username/password for both.
    any hint will help as this topic new to me.
    fadi

    They are separate products.
    Oracle Weblogic Portal and Oracle Portal 11g

  • Difference between portal component and portal service?

    Hi I am kishore...
             I worked on portal components but not on portal services... Would anybody tell the difference between the portal components and portal services...? What is a portal service..?
               How we know which one to choose in the scenario.?
        Thanks in adavance

    Hi kishore,
    A portal component is custom Java code that is executed according to user requests, and generates HTML output for display on the client.
    Portal components:
    Page builder, which assembles pages
    Admin tools, such as logger, which is comprised of user interface messages.
    Pages
    Technically, the page is also an iView. A page includes iViews or pages (nested) and Layout components
    iViews
    There are two different isolation levels (iView types)
    Embedded: iViews’ html is embedded as part of page html. iViews are called synchronically on the server, and retrieved in one response, to  the client (this is the page response)..  Each iView reloading reloads all iViews on page.
    URL (Isolated): iViews are fetched by an IFRAME element in an “own” request. One response for the page followed by additional request-response for each iView (depending on browser 2-4 requests simultaneously).
    Portal Services:
    A portal service is a component that offers a globally accessible function in the portal. 
    A portal service act as the middleware, that is, interfaces that are enabled to exchange procedures and data. They offer functionality to portal components, and other services.
    There are two groups of portal services:
    Portal services (part of the PRT)     
    Caching                     
    Notification
    iView service
    Application Repository
    System Landscape
    Role, pages, worksets
    Web Services
    Unification service
    Portal services (external to the PRT)     
    Client Eventing                 
    URL generator
    Logger
    JCO client service
    Hope this helps.
    Regards
    Atul Shrivastava

  • Portal patches and effort estimation

    Hi ,
    One of our client is applying the following patches
    1. ECC 6.0 SP15(currently SP14)
    2. ESS MSS SP15(currently SP14 with some level of functional customization )
    3. EP 7 SP18(currently SP14)
    We would like to kwow the best practice for applying portal patches and the effort estimation for redoing the portal devt on the new patch.
    o What is the overall level of effort with applying Portal patches?
    o How are all the changes to SAP objects handle? Do they have to be
    manually re-entered?
    o What is the impact of having a single NWDI instance across the
    Portal Landscape during the Patch process?
    Regards,
    Revathi Raju.

    Hi Revathi,
    o What is the overall level of effort with applying Portal patches?
    overall effort to apply the patch is apprx 1/2-1 days for NW7 system. This is exclude the patch files download because it's based on your download speed.
    o How are all the changes to SAP objects handle? Do they have to be
    manually re-entered?
    Depending on your customization. Normally it wont effect if you created the customzation application apart from SAP standard application
    o What is the impact of having a single NWDI instance across the
    Portal Landscape during the Patch process?
    Any change that related to NWDI, you might be need to re-deployed from NWDI itself.
    Thanks
    Regards,
    AZLY

Maybe you are looking for

  • Which table/field holds the WF Administrator in SWDD?

    Hi all, we are in ECC 6.0. I have maintained the WF Admin is SWU3 and now we are developing other workflows and will be storing the WF Admin at the Workflow Level i.e. in SWDD; menu path Go To > Basic Data; tab Version-Dependent; tab Agents. I though

  • I cannot install or update apps on my iPad after updating to IOS 1.08

    Tonight i updated my iPad to the new update out. i now cannot do any of the 19 app updates i need to do or cannot install them. i also tried downloading a tv series and that is not working either just has been saying waiting all night. does anyone lo

  • Need info about Mat****a UJ-820S Firmware

    Hi, Does anyone know if there is a more recent firmware anywhere for the UJ-820S drive that is shipped with most toshiba laptops? Currently I have version 1.50 but my laptop is 18months old and it looks like toshiba have been using these drives for a

  • Why won't my system preferences in Lion open up?

    When I click on my system preferences icon on the dock, it jumps up once but then goes back to where it was.  There is no response and I cannot get it to open.  Has anyone else experienced this?

  • AV/C Subunit Drivers?

    Wow - i'm about to pull my hair out trying to figure out why I can't capture from my Sony HVR-A1U HD camera, but I can capture from my Sony SD camera (DCR-TRV20). When I plug in the HD camera, I get the Found New Hardware Wizard asking for drivers fo