Privileges required for a user to run a form with menu security with ROLES?

Similar Messages

• Privileges require for a user to create CONTEXT indexes

  Hi all,
     RDBMS: 11.2.0.3
     SO.......: OEL 6.3
     What are the necessary privileges that have to be granted to a user to be able to create CONTEXT Indexes, for example. I have granted the CTXAPP to my user, but when i tryied to create the CONTEXT Index with the command bellow, i got an "insufficient privilege" error message.
     CREATE INDEX USR_DOCS.IDX_CTX_TAB_DOCUMENTOS_01 ON USR_DOCS.TAB_DOCUMENTOS(DOCUMENTO) INDEXTYPE IS CTXSYS.CONTEXT PARAMETERS ('SYNC (ON COMMIT)');

  It depends on whether the user is trying to create the index on his own table in his own schema or on somebody else's table in somebody else's schema.  The following demonstrates minimal privileges (quota could be smaller) for user usr_docs to create the index on his own table in his own schema and for my_user to create the index on usr_docs table in usr_docs schema.
  SCOTT@orcl> -- version:
  SCOTT@orcl> SELECT banner FROM v$version
    2  /
  BANNER
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  PL/SQL Release 11.2.0.1.0 - Production
  CORE    11.2.0.1.0    Production
  TNS for 64-bit Windows: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production
  5 rows selected.
  SCOTT@orcl> -- usr_docs privileges:
  SCOTT@orcl> CREATE USER usr_docs IDENTIFIED BY usr_docs
    2  /
  User created.
  SCOTT@orcl> ALTER USER usr_docs QUOTA UNLIMITED ON users
    2  /
  User altered.
  SCOTT@orcl> GRANT CREATE SESSION, CREATE TABLE TO usr_docs
    2  /
  Grant succeeded.
  SCOTT@orcl> -- my_user privileges:
  SCOTT@orcl> CREATE USER my_user IDENTIFIED BY my_user
    2  /
  User created.
  SCOTT@orcl> GRANT CREATE SESSION, CREATE ANY INDEX TO my_user
    2  /
  Grant succeeded.
  SCOTT@orcl> -- user_docs:
  SCOTT@orcl> CONNECT usr_docs/usr_docs
  Connected.
  USR_DOCS@orcl> CREATE TABLE tab_documentos (documento  CLOB)
    2  /
  Table created.
  USR_DOCS@orcl> INSERT ALL
    2  INTO tab_documentos VALUES ('test data')
    3  INTO tab_documentos VALUES ('other stuff')
    4  SELECT * FROM DUAL
    5  /
  2 rows created.
  USR_DOCS@orcl> CREATE INDEX USR_DOCS.IDX_CTX_TAB_DOCUMENTOS_01
    2  ON USR_DOCS.TAB_DOCUMENTOS(DOCUMENTO)
    3  INDEXTYPE IS CTXSYS.CONTEXT
    4  PARAMETERS ('SYNC (ON COMMIT)')
    5  /
  Index created.
  USR_DOCS@orcl> DROP INDEX usr_docs.idx_ctx_tab_documentos_01
    2  /
  Index dropped.
  USR_DOCS@orcl> -- my_user:
  USR_DOCS@orcl> CONNECT my_user/my_user
  Connected.
  MY_USER@orcl> CREATE INDEX USR_DOCS.IDX_CTX_TAB_DOCUMENTOS_01
    2  ON USR_DOCS.TAB_DOCUMENTOS(DOCUMENTO)
    3  INDEXTYPE IS CTXSYS.CONTEXT
    4  PARAMETERS ('SYNC (ON COMMIT)')
    5  /
  Index created.

• What are the minimum db user privileges required for CDC?

  What are the minimum privileges required for the source data server user in order to to successfully implement CDC
  Currently I'm getting an "Insufficient privileges" error when trying to start a CDC journal on a model. The error is happening on the step that creates a trigger on the table in the source schema.
  Here's the situation:
  The data server uses the user "ODI_TEMP" for its connection. ODI_TEMP has been granted select privileges on the desired tables in the source schema. When starting the CDC journal on the model for the source schema, ODI tries to create a trigger on the source tables. This fails since the ODI_TEMP user can't create triggers on anything outside of it's own schema. For obvious fundamental security reasons, we cannot give the ODI_TEMP user the CREATE ANY TRIGGER system privilege on the data source.
  Journalizing is set up using JKM Oracle Consistent. ODI is 11g, DB is 11g.

  Hi,
  You can go for this
  Grant CREATE ANY TRIGGER system privilege to ODI_TMP
  Start the Journal , it will create triggers in ODI_TMP schema for the tables present in your source schema.
  Now revoke CREATE ANY TRIGGER system privilege from ODI_TMP.
  It will continue to work .. only when you are restarting the journal (due to adding or removing some tables in CDC) , you will be requiring CREATE ANY TRIGGER privilege.
  Thanks,
  Sutirtha

• WHY  PGA  IS  REQUIRED  FOR  EVERY USER  ?

  Good Morning Everyone ;
  I have a question  about PGA.
  WHY  PGA IS REQUIRED FOR  EVERY USER ?
  What i got from google ..
  Even though the parse information for SQL or PL/SQL may already be available in library cache of shared pool,
  the value upon which the user want to execute the select or update statement cannot be shared.
  I cant realize it   Can anyone show clear  example , if  possible ?
  DB Version is  10.2.0.4.0
  OS : oracle linux 5.5
  Thanks in advance ..

  Thanks aman and heok.
  My Question :
  Your explanation is clear. I think i am getting little bit confused.
  Could you please clarify little more ?
  >> session 1 :
  user is HR
  SQL>select * from tab1  ORDER BY name;
  >> session 2 :
  user is scott
  SQL>select * from tab1 where ORDER BY name;
  >> session 3 :
  user is USER1
  SQL>select * from TAB1 where ORDER BY name;
  >> session 4 :
  user is USER2
  SQL>select * from TAB1 where ORDER BY name;
  IS this right aman ?
  Already sql statements are avail in SGA ,Even though all above users needs same information.
  Oracle does sorting operation in PGA. If PGA exceeds , oracle will use temporary tablespace .
  Thanks heok and aman.

• Starting a privileged task for one user at logon

  I am not a virus writer of any kind. I need to start a toolbar I wrote years ago in VB. Due to enhanced (yuck-I'm about as unexcited about this as I can be) security for 8.1. My user written toolbar now needs to be privileged. How do I start it in 8.1 with
  privileges? Formerly I started it in the registry and then with the Task Scheduler. Now neither method will start it privileged in 8,1 ultimate. Of course the toolbar maybe built with the "ReqireAdministratot" option and is, as a matter of fact but
  that doesn't get me privileges,
  Renee
  "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

  Hi,
  I sorry for not clear what's your exactly means. Did you mean that start a task without need Administrator rights?
  What's the type of your current user account? Is it Administrator?
  As far as I know, when you create new task in Task Scheduler, there is an option called "Run with hightest privileges".
  In addition, you can set whitelist of UAC for cetain APP in Group Policy.
  1. Click the Start Orb.
  2. Type in the search, "sec" and point to "Local Security Policy"
  3. Open the following directory trees: Local Policies>Security Options.
  4. Scroll down to the area, "User Account Control" and adjust your settings.
  5. The setting you are most interested in will be called: User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode.
  6. Set it to "Elevate without prompting"
  Roger Lu
  TechNet Community Support

• Privileges required for database backup with RMAN

  Hello,
  We have 10g R2 on Solaris box. We use RMAN for backup and use the SYS account on the database to connect and take the backup.
  Are there specific privileges that are required to take the database backup , so that I do not use the SYS account or the syspassword in the RMAN script.
  I want to create an account and give only the privileges required to take the database backup and recover .
  Thanks

  I think RMAN needs the SYSDBA privilege, so you won't gain much by switching from SYS to another user.
  You don't need to store sys/password in a script. You can just :-
  rman target / catalog xxx/yyy@catalog

• Minimum rights needed for Oracle user to run BO

  Hi team,
  One of my customer here made connection from BO XI installer to oracle database with this user B_A. Say this user is the admin user of CMS db. Now he finds that the user B_A  user has schema role rights which customer doesn't want
  and he wants to remove those rights.
  he wants to know what are the minimum privileges or rights oracle user needs to keep BO XI running without problem and if he can remove those excess schema rights from that.
  could some one please help me
  Regards,
  DV

  Well, Oracle DBA should be able to answer all those questions for the customer.
  I'm not a DBA, so my unerstanding of Role is that they are the predefined collections of rights users have on the DB according to the usual roles users play.
  So when DBA's are managing Oracle DB they don't have to assign each user every single right, but can just assign Roles, which will include most common rights....
  If we're talking rights alone - BOE CMS DB user need create, delete, modify, expand, write, insert etc... 
  There is absolutly no reason why CMS DB schema owner cannot have all the default rights that come with Resource and Connect roles.

• Help required for the users  report requirement

  Hello,
  User requirement is to get the report as follows
  Period            planned order     Production order      Backlog
  Feb2008          15                           3                      18
  March2008      4                            11                     15
  Backlog is the formula for planned order & production order.
  My problem is that, In the cube the data for planned order is the char value 'X' or a blank.
  It has to count the total of planned order for the entire month of feb,& print the value counting the number of 'X',here as shown as 15.
  Planned order, Production order are in rows & are chracteristics.
  Is thr any solution to count master data which has a char value(X).
  I have tried using the formula variable.I had created the new formula.Then using the data functions as count(Formula variable),using the replacment path.But it did not work
  Help me out to find the total for the char value of the master data.
  Help would be rewarded!

  Hello,
  For BACKEND:
  1) Create a normal KF say counter and include it in the cube.
  2) Now you can populate the value for this KF via end routine in transformation.
  3) You need to check whether the value for planned order is X. If yes then update KF with value 1.
  4) I hope you can take care of this routine part. Once this is done the data in the cube might look in below manner:
  Month Planned-Order Counter
  Feb 2007 | X | 1
  Feb 2007 | X | 1
  Feb 2007 |  | 0
  Feb 2007 | X | 1
  Feb 2007 |  | 0
  Mar 2007 |  | 0
  Mar 2007 | X | 1
  Mar 2007 |  | 0
  Mar 2007 |  | 0
  Mar 2007 | X | 1
  Now in the report if you include month and counter the report will look like
  Month Counter
  Feb 2007 | 3
  Mar 2007 | 2
  If you see the counter is getting aggregated to give you the sum against the value of planned order as X against month.
  I think this should work.
  If this dosent work let me know i will let you the alternate solution for frontend. but for that too you need to make the above backend changes.
  So do the backend changes and try to use counter KF for showing planned orders and i think it should work fine.
  Regds,
  Shashank

• Permissions required for an user to create a View in Oracle 10.2.0.1.0

  Hi,
  I am facing one serious issue with Oacle 10.2.0.1.0.
  I have an user (Atlas) created with below permissions.
  grant connect to atlas;
  grant resource to atlas;
  grant create public synonym to atlas;
  grant select any dictionary to atlas;
  grant query rewrite to atlas;
  I will create my database schema on this user Atlas. All my scripts are executing properly with Oracle 9i and 10g version 10.1.0.2.0. But when it comes to Oracle 10g version 10.2.0.1.0 the views creation is throwing an error saying that Insufficient Priviliges.
  I didn't get why this error is coming.
  What previliges does an user should require for creating a view in Oracle 10.2.0.1.0 version?
  I have installed Enterprise version of Oracle 10.2.0.1.0. Please suggest me with this.
  Thanks
  Rao

  CREATE VIEW was taken away from connect or resouce in 10.2.x. It has to be explicity granted... Not sure what this has to do with XML per-se :)

• Authorization Required for RFC user  in R/3-APO system.

  Could you please help regarding one authorization issue. I want to know the authorization required for one RFC user. Now this RFC user used for RFC connection of SAP R/3 - SAP APO system. user type is given dialog type and SAP_ALL profile has been given to this user  id. Now I have to remove SAP_ALL from this user id in R/3 and APO system and  provide the required the authorization in R/3 and APO system.
  Regard
  Auroshikha

  The RFC authorisation depends completely on what the user is doing (ALEREMOTE?).  We can't tell you what RFC auths your connection requires. 
  There is a guide to doing this here: https://wiki.sdn.sap.com/wiki/display/Security/BestPractice-HowtoanalyzeandsecureRFC+connections

• Default Privilege Level for ASA users authenticated by Radius or TACACS when using ASDM

  Hello,
  I'm trying to figure out what the default privilege level is for users that are authenticated to the ASA via a remote authentication server when using the ASDM.
  the command "aaa authentication http console TACACS+ LOCAL" is used in the ASA config.
  The remote server is NOT setting any privilege levels for users.  There are also no aaa authorization commands present in the config.
  So what privilege level do the users receive when they login with the ASDM?  I'm being told that the users receive admin access which includes config write, reboot, and debug.  But I cannot find any documentation stating hte default level.
  Please advise.  And providing links to cisco documentation would be great too.
  Thanks,
  Brendan

  Hi Berendan,
  Hope the below exerpt from document clarifies your query. also i have provided the link to refer.
  About Authorization
  Authorization controls access per user after users authenticate. You can configure the security appliance to authorize the following items:
  •Management commands
  •Network access
  •VPN access
  Authorization controls the services and commands available to each authenticated user. Were you not to enable authorization, authentication alone would provide the same access to services for all authenticated users.
  If you need the control that authorization provides, you can configure a broad authentication rule, and then have a detailed authorization configuration. For example, you authenticate inside users who attempt to access any server on the outside network and then limit the outside servers that a particular user can access using authorization.
  The security appliance caches the first 16 authorization requests per user, so if the user accesses the same services during the current authentication session, the security appliance does not resend the request to the authorization server.
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/aaasetup.html
  Regards
  Karthik

• Authorization-problem for standard users when running WDR_TEST_ZCI

  hi
  we've developed a WDA application incorporating several interactive forms. it all runs fine in QA--environment when a user with developer-role are running the application, but when standard users are running it, it fails.
  the same happens with the demo-app WDR_TEST_ZCI.
  i so belive this to be caused by missing authorizations for the users. can anyone shed any light on which these might be?
  the error as reported in the browser:
  The following error text was processed in the system Q97 : Access via 'NULL' object reference not possible.
  The error occurred on the application server xx-x168_Q97_05 and in the work process 0 .
  The termination type was: RABAX_STATE
  The ABAP call stack was:
  Method: PARSE_XML_SCHEMA of program CL_WD_ADOBE_SERVICES==========CP
  Method: GET_SCHEMA_VERSION of program CL_WD_ADOBE_SERVICES==========CP
  Method: CONSTRUCTOR of program CL_WD_ADOBE_SERVICES==========CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/LADOBE==================CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/LADOBE==================CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L7STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  any input appreciated.
  cheers
  tom

  Hi Tom,
  When you are familiar with authorizations in PFCG trabsaction you are finaliar with S_DEVELOP if not ask the authorization team on your project.
  Basically this authorization object handles the read/write etc authorization related to devlopment objects. If you implement Adobe forms you will probably develop your own forms or at least copy the SAP forms to customer namespace.
  For Adobe you will therefore have 2 custom development objects (1 for the form and 1 for the interface that is automatically generated). The end-user shoulf have at least READ access to these objects. If not the portal will trow an error on this.
  To determine the tech names of the objects find the form and related interface in transaction SFP. These should be inserted in the object S_DEVELOP in the role for the end users.
  You may want to consider to put the value Z* in the object which will give authorization for all the custom developed objects.
  If you can't find the object reply again and i will send a screenshot.
  Finally, make use of the splended transaction ST01!! It will make your life a lot more easy in portal! It traces all the authorizations needed and missing for any user you specify. After activating the trace and running a portal scenario the log will tell you want went OK and what not on an authorization object level.
  Good luck,
  Thomas
  ps. Thanks for the appreciation you gave in my other thread. Now we have the answers in both threads as well. Take Care.

• Is it OK for hobbyist users to run Solaris 10 w/o a support contract?

  There's been a lot of talk recently about changes to licensing polices regarding Solaris 10 and I just had a quick question: what does this mean for those of us who are primarily hobbyists and not using the system in a commercial context. I know that hobbyist users are "supposed" to use OpenSolaris, but Solaris 10 has some cool legacy stuff like XSun (AFAIK the only X server around that still has Display PostScript, which I need to display some antique apps and games that I've got running on my SIMH VAX system) and CDE (outdated, but still somehow cool) in it that I just can't get in OSOL. Does anybody know if the new licensing restrictions are only for commercial users or if they mean that folks like my have to scrounge for new solutions for our nerdy hobbies?

  There's been a lot of talk recently about changes to licensing polices regarding Solaris 10 and I just had a quick question: what does this mean for those of us who are primarily hobbyists and not using the system in a commercial context. I know that hobbyist users are "supposed" to use OpenSolaris, but Solaris 10 has some cool legacy stuff like XSun (AFAIK the only X server around that still has Display PostScript, which I need to display some antique apps and games that I've got running on my SIMH VAX system) and CDE (outdated, but still somehow cool) in it that I just can't get in OSOL. Does anybody know if the new licensing restrictions are only for commercial users or if they mean that folks like my have to scrounge for new solutions for our nerdy hobbies?

• Minimal PC requirements for EP users

  Is there any link or document <b>from SAP</b> with minimal requirements for user PC?
  Something like this: Celeron 1GHz, 256 RAM, Windows XP SP2, MS IE 6.0 etc.

  Dear Alex,
  I've been monitoring this topic and all the answers provided by the SDN members are valid, nevertheless if you need an SAP official statement, this is not the right place.
  For an SAP official statement, please open a customer message at http://service.sap.com/message under component EP-PIN (Portal Infrastructure) and then you will get it.
  Best Regards,
  Luis

• Account field required for some users, not for others in URM when checking

  I am running into a real show stopper. I have been working in our development database, and have tested checking in content multiple times with no problems. I recently turned it over to my users to begin testing and they can not even check in one document, because they receive an error stating that the account is required. I know just enough to be dangerous, so I am not quite sure how to solve this one. It makes no sense to me that on my check in screen, account is not required and yet on all of my users check in screens, not only is it required, but nothing they enter is accepted as a valid value, so they can't even get past it. I would just as soon not have account show up or be required, but have struggled with making that happen, since it is not a custom metadata field. It appears to be a delivered field used for security purposes? any help would be appreciated! Thanks.
  One more thing that I noticed that may be helpful in diagnosing this is that my profile has no accounts, just #none,#all
  whereas the user's profiles have a number of different accounts listed in their profile. Could this be part of the reason that they are forced to enter an account when checking in content and I am not?
  If so, how can I get around this?
  Edited by: user10985708 on Apr 7, 2009 12:21 PM

  That´s a little strange behaviour becouse normally the account field is not required as default.
  You could try a global rule setting the Account field not to be required with some IDOC.
  But as you say you´re not using accounts anyway i´d suggest removing it from your server instance.
  In the server\config\CONFIG.CFG file look for UseAccounts=true set it to false and the field won´t bother you anymore.