Prevent user from update view  object

Similar Messages

• To prevent user from droping any object from a sepacific schema

  Dear User
  I have a database user like "aaa" in oracle 7.3.4.0.1 database.i do not want user "aaa" to drop his own schema objects like table and any other objects that he is owner.Do i have any system privilege to stop this user from doing so.User should be able to create objects and modify object but not to drop any object.For this purpose i have created a database trigger at database level to stop user "aaa" for doing above action.this trigger is giving me error on creation in oracle 7.3.4.0.1 .But when i tried same trigger in oracle 8i and 9i it work well.In oracle 8i and 9i it is preventing user from droping his own objects but i get other errors also along with raised error in trigger which i want to stop .The error which i am raising in trigger is
  ORA-20001 INVALID COMMAND BUT OTHER TWO ERRORS THAT R RAISED AUTOMATICALLY ARE
  ORA-00604 ERROR OCCURED AT RECURSIVE SQL LEVEL 1
  AND
  ORA-06512 AT LINE 8
  I WANT TO STOP THESE TWO ERRORS .
  PLZ HELP ME IN THIS REGARD AS SOON AS POSSBILE .
  Thank u.

  Given that you have not posted your code it is very difficult to know why you are getting these errors.
  Howver, I can take a guess. If I were trying to implement this functionality I would build a database event trigger that fired whenever a DROP command was issued and cause that command to fail. If this is the approach you've taken I think you are out of luck, as I belive DDL triggers were introduced in Oracle 8.
  Mind you, it's been a long time since I worked on Oracle7, so I might be wrong. In which case post your code, don't make me guess again.
  Cheers, APC

• [E2013][C#] How to prevent user from updating its own events on Exchange

  Hi everybody,
  I hope you can help me. I have a system based on Exchange / Outlook 2013, and I would like to put on user's calendar some events that they can't delete nor update. I have tried to create appointments using
  Exchange EWS with an administrator account, but the problem is that those events can be deleted or updated by users. This is because the events are on user's own calendar, so usually user can update them. 
  How can I have "some" events to be readonly for a user, but must be visibile in its own calendar? (No other calendar overlay). Is there a way to throw an exception or something similar on Exchange Server when a user modify those events
  (some custom property must identify them, of course)? I have looked at transport agents, but I haven't found any example for managing calendar items server side. 
  I cannot use only an Outlook plugin because users could connect to exchange with smartphone, and they could update appointments from there. I have to prevent updating (from Outlook and from smartphone, basically from everywhere except for
  an administrator user) for some events (programmatically created by EWS, for example) which are in user's calendar. Can you help me?
  Thanks, 
  Antonio

  Hi Antonio,
  bad news for you: It's impossible. A User always has full control over all items in his or her mailbox (including his calendar), no matter what you do.
  If it's important enough to you, you can write a service that monitors all those specific appointments and undos all changes the user applies to them (it won't keep the user from changing the Appointment, but it will not have effect for long. Your users
  may feel a bit upset about that though).
  Cheers,
  Fred
  There's no place like 127.0.0.1

• Prevent user from the view on demand connection in the desinger but not XI

  When I give an user/group view on demand access to a connection (universe connection), they can refresh the webi report sucessfully. But this also opens up the connection in the designer for the user/group. This might allow them to build additional universe based on various tables the connection may have access to.
  How do I prevent an user seeing/using the view on demand connection in the desinger?

  HI
  Can we try this?
  Open java administration launchpad.
  Select Business Objects enterprise Applications.
  Select "Designer"
  It will show the rights for the group\user, place the cursor and click advanced under "net access"
  The advanced right windows open expand "Designer" and find Create,Modify,Or delete connections
  Set the right to "Explicitly denied" .Apply ok
  The new and edit buttons will now be grayed out for the particular user\group.
  Hope this will help
  Regards
  Kultar

• CE10 how to prevent user from view hostrical instance

  hi,
  We are currently using CE10. One of our user used search functionality in enterprise to search for reports start with 'employee' and it came  back with all the crystal reports on the server that  started with employees, even the one the user doesn't have access to.  My greatest concern about this is that users can view historical instance and it is sensitive data.  Does anybody know whether or not this is a bug in CE10?  Is there a patch/fix for this?  Is there any configuration change that I can make to
  prevent users from being able search all the reports on the server rather just their own reports?  Any help is greatly appreciated.
  Regards,
  Susan

  hi,
  I have an EVERYONE group with limited access(view object), and EVERYONE group is added to each folder with NO ACCESS.  If I revoke view object(explicitly denied) privilege from EVERYONE group, do I still need to remove EVERYONE group from each folder?  When I'm at folder level in CMC, I see EVERYONE GROUP added, but when I tried to remove the EVERYONE GROUP, the EVERYONE group is not an option for removal.  What am I missing?
  Thanks for your help!
  Regards,
  Susan Johnson

• How do I prevent users from being able to update Firmware

  I have several users (14) with iPad 2 and they rely on an in-house developed App. we have yet to test this App on iOS 5.1 and therefore want to avoid any of the users updating the iPads at all cost!
  this question is in two parts:
  How can I prevent users from upgrading firmware themselves short of just asking nicely?
  How can I stop the iPad from automatically downloading the Upgrade when I deploy a Policy using the iPhone Configuration Utility?
  Any advice would be great!

  We've been looking at the AirWatch mdm and have been told it has this capability.  Not sure if it would be justified from an economic standpoint for you, however. 

• How to prevent multiple users from updating the same data in coherence

  Hi,
  I have a Java Web Application and for data cache am using coherence 3.5. The same data maybe shared by multiple users which maybe in hundreds. Now how do I prevent multiple users from updating the same data in coherence i.e. is there something in coherence that will only allow one user a time to update. If one user is in a process of updating a data in coherence and some other user also tries to update then the second user should get an error.
  Thanks

  I have a question on the same line. How can I restrict someone from updating a cache value when I a process is already working on it. I tried locking the cache key but it does not stop other process to update it , it only does not allow other process to get lock on it.

• Prevent multiple users from updating coherence cache data at the same time

  Hi,
  I have a web application which have a huge amount of data instead of storing the data in Http Session are storing it in coherence. Now multiple groups of users can use or update the same data in coherence. There are 100's of groups with several thousand users in each group. How do I prevent multiple users from updating the cache data. Here is the scenario. User logs-in checks in coherence if the data there and gets it from coherence and displays it on the ui if not get it from backend i.e. mainframe systems and store it in coherence before displaying it on the screen. Now some other user at the same time can also perform the same function and if don't find the data in coherence can get it from backend and start saving it in coherence while the other user is also in the process of saving or updating. How do I prevent this in coherence. As have to use the same key when storing in coherence because the same data is shared across users and don't want to keep multiple copies of the same data. Is there something coherence provides out-of-the-box or what is best approach to handle this scenario.
  Thanks

  Hi,
  actually I believe, that if we are speaking about multiple users each with its own HttpSession, in case of two users accessing the same session attribute in their own session, the actually used cache keys will not be the same.
  On the other hand, this is probably not what you would really like, you would possibly like to share that data among sessions.
  You should probably consider using either read-through caching with the CacheLoader implementor doing the expensive data retrieval (if the data to be cached can be obtained outside of an HTTP container), or side caching with using Coherence locks or entry-processors for concurrency control on the data retrieval operations for the same key (take care of retries in this case).
  Best regards,
  Robert

• To prevent user from droping his own object .

  Dear User
  I have a database user like "aaa" in oracle 7.3.4.0.1 database.i do not want user "aaa" to drop his own schema objects like table and any other objects that he is owner.Do i have any system privilege to stop this user from doing so.User should be able to create objects and modify object but not to drop his own objects.For this purpose i have created a database trigger at database level to stop user "aaa" for doing above action.this trigger is giving me error on creation in oracle 7.3.4.0.1 .But when i tried same trigger in oracle 8i and 9i it work well.In oracle 8i and 9i it is preventing user from droping his own objects but i get other errors also along with raised error in trigger which i want to stop .The error which i am raising in trigger is
  ORA-20001 INVALID COMMAND BUT OTHER TWO ERRORS THAT R RAISED AUTOMATICALLY ARE
  ORA-00604 ERROR OCCURED AT RECURSIVE SQL LEVEL 1
  AND
  ORA-06512 AT LINE 8
  I WANT TO STOP THESE TWO ERRORS .
  PLZ HELP ME IN THIS REGARD AS SOON AS POSSBILE .
  plz tell me is there any system privilege to stop user from droping his own object or any other way along with trigger at database level.
  Thank u.

  Hi
  DBAs can use PRODUCT_USER_PROFILE (in system schema) to disable certain SQL and SQL*Plus commands in the SQL*Plus environment on a per-user basis. SQL*Plus, not Oracle, enforces this security. DBAs can even restrict access to the GRANT, REVOKE, and SET ROLE commands in order to control users' ability to change their database privileges.
  The PRODUCT_USER_PROFILE table enables you to list roles which you do not want users to activate with an application. You can also explicitly disable use of various commands, such as SET ROLE. For example, you could create an entry in the PRODUCT_USER_PROFILE table to:
  read more about this at
  http://download-west.oracle.com/docs/cd/B10501_01/server.920/a90842/ch10.htm#1005648

• Is it possible to prevent users from viewing a page in Edit Mode?

  Hello everyone,
  I would like to know if it is possible to prevent users from accessing a portal page in Edit Mode. Currently, the users do not have access to any links that take them to edit mode, but if they add &_mode=16 to the end, they view the page in edit mode. Granted, they don't have permissions to add or edit content, but I would like to keep them from seeing this.
  I am using 9.0.4.1
  Any help or suggestions would be greatly appreciated!
  Jim

  hi jim,
  you cannot really configure this in portal. if somebody manually appends &_mode=16 we display the default edit mode, but fully enforce security. this means that the user cannot see anything he is not allowed to see: like pending items, hidden, expired or deleted items. as you said he also cannot add, edit or delete any items.
  regards,
  christian

• Prevent user from deleting someone else data

  I have a table
  create table T(
  infoID number primary key,
  info varchar2(4000),
  user varchar2(1)
  and users a,b,c with object priveleges on table T.
  What is the best way to prevent user from deleting someone else data?
  1. Create a view for each user to interacat with ( where user='a') and revoke privileges from table T.
  2. Use procedures or trigers to catch a bad user.
  3. ?

  Leo is certainly correct that VPD will solve the issue you have described. however another option also exists without the need to create a separate view for each user (as you described) or the use of VPD, the option would be to do something like the following.
  create user ownera identified by ownera;
  create user usera identified by usera;
  create user userb identified by userb;
  create user userc identified by userc;
  grant connect, resource to ownera;
  grant create view to ownera;
  grant connect to usera, userb, userc;
  conn ownera/ownera
  create table mytable ( id number primary key,
  userid varchar2(8) not null, mod_date date not null, text varchar2 (100));
  create sequence mytable_seq;
  create or replace trigger biu_mytable_trg
  before insert or update on mytable
  for each row
  begin
       select mytable_seq.nextval into :new.id from dual;
       :new.userid := user;
       :new.mod_date := sysdate;
  end;
  create or replace view v_mytable as
  select * from mytable where userid=user;
  grant select, insert, update, delete on v_mytable to usera, userb, userc;
  try inserting and selecting as the various userX users.
  Good luck.

• How to prevent users from running PRC: Transaction Import from WebADI form?

  Hi,
  We are 12.1.3 and trying to create a workflow to approve Project transactions coming through web ADI before they become effective. To this end, we want to prevent users from running the PRC: Transaction Import from the Web ADI.
  I know that if the checkbox Automatically run transaction import is not checked, the program does not run. But we want to hide this checkbox and not allow the possibility that the program could get triggered.
  To this end, we updated the BNE_INTEGRATORS_B with source='C'. This allows you to edit the integrator from Desktop Integration Manager.
  UPDATE BNE_INTEGRATORS_B SET SOURCE ='C' WHERE  INTEGRATOR_CODE ='PAXTTRXB'
  In the 4th step, where the value for Uploader Parameters is set, we have set boolean value to No. These are the fields on the page:
  Parameter Name: bne:import
  Display Name: Start Transaction Upload
  Data Type: Boolean
  Category: Field
  Default Value: Boolean Flag: No
  Description: start Transaction Import Concurrent Request
  Display Options: Displayed: Unchecked
  Display Options: Enabled: Checked
  Display Options: Required: Checked
  Prompt Left: Automatically submit Transaction import
  Display Type: Check Box
  Maximun Size: 100
  Display Size:100
  Now the checkbox is not appearing for the user to check it, But the program is automatically running when you hit Upload in the WebADI. 

  Hi ,
  Try removing the PRC: Transaction Import Program from the request group for the responsibility used by customers to submit the WebADI and then check if the program launches.
  Regards,
  Raghavan

• How to prevent users from saving and emailing intranet documents externally

  Someone in our company needs to upload a pdf to our sharepoint intranet site for internal-only use. How can I prevent users from downloading it and emailing it externally?
  I mean, a user could screenshot it I guess, but I need to give management a due diligence answer.

  You would need to look into a reverse proxy/firewall that had the ability to block access based on content. This isn't something you can accomplish out of the box with SharePoint (even with AD RMS).
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• GPO to prevent users from accessing the root folder of their profile doesn't work

  Hi,
  Here's the scenario:
  In a Windows 2012 RDS I created two groups called RemoteApp users and remote desktop users.
  These groups are defined in the collection for the corresponding RD Session hosts.
  These groups are not included in any other group, but they are located under an OU -called  Remote Users.
  In the domain controller I have created a GPO named "Restrict access to root drive"  which is linked to the Remote Users OU.
  The GPO I selected is - "Prevent users from adding files to the root of their users files folder"
  This doesn't seem to work. I have waited more than a few hours to allow the 90 minutes update, plus used the gpupdate /force
  but when a user clicks on the RemoteApp (Excel in this example) then access to the C: drive (which is the root folder of the user's profile) is enabled, and the user can create folders and save files under C:.
  I tried to run gpresult for the specific user but the GPO I created wasn't mentioned.
  I thought this would be a straight forward mechanism, but somehow it looks like something is missing.
  I have read about loopback and expanding, but not sure if this is what needs to be done, and if yes - I'd appreciate if I can get  step by step instructions. Everything I found so far was VERY vague.
  Thanks !
  One more detail that may be relevant - the DC is a Windows Server 2012, and the session host is a Windows 2012 R2.

  > These groups are not included in any other group, but they are located
  > under an OU -called  Remote Users.
  >
  > In the domain controller I have created a GPO named "Restrict access to
  > root drive"  which is linked to the Remote Users OU.
  >
  The USER accounts need to be in the OU your GPO is linked to. Despite
  their name, GPOs do NOT apply to groups, but to users (and computers).
  Groups only provide an additional layer of filtering...
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Prevent user from deleting rows from all tables in his own schema

  Hi,
  How can I prevent user from deleting rows in all tables in his own schema.
  I want the user to not able to delete rows from any existing or new tables that might be added in the future.
  The user does not have the "DELETE ANY TABLE" system privilege.
  Please advise.
  Thanks.

  Nowadays, I'd also avoid triggers (if possible).
  Sometimes, when I daydream, I'm rewriting a few applications that I've contributed to as a newbie, and I'm very ashamed of it nowadays.
  From what I've experienced, in retrospective, the emphasis on teaching 'Oracle stuff' has been lying far too much on PL/SQL row-by-row oriented processing instead of letting Oracle 'crunch' sets at once.
  Most of my debugging hours ended up in discovering one or more database triggers 'doing stuff automagically'.
  Another nice blogpost: http://rwijk.blogspot.com/2007/09/database-triggers-are-evil.html
  Regarding OP's question:
  I would just rethink/reconsider this requirement completely.
  Correctly implementing privileges and roles seems the best way to go, yes.
  Triggers? Nah...
  pre-post-edit, noticed thread got updated just before posting
  Don't know what you mean with 'namedropping', but I think it's legitimate to point other readers to interesting Oracle related opinions/articles that do have a technical background and lots of interesting examples.
  post dreaded OTN outage edit (from here)
  Again: I would just rethink/reconsider this requirement completely.
  Both trigger/vpd are being used to hide a design flaw here.