Problem creating Network ACL for a ROLE in Oracle 11gR2

Similar Messages

• Creating Network homes for Users in AD

  I am trying to create some Network Homes to use for our Macs on campus. I have created the share and everything, but when I go to "Create Home Now" inside of Workgroup Manager it always gives me an error. The error is very generic so I am not sure what it means. All of our Users are stored in AD and OD just authenticates through AD. Is this a problem? Can you not create network homes for AD users?

  Here is the error I get in Console when I try:
  3/8/11 8:44:37 AM Workgroup Manager[49785] void -[UserVolumesPluginView(PrivateMethods) gotServerError:forTransaction:](UserVolumesPluginView*, objc_selector*, objc_object*, XSAdminTransaction*): got error kGotAuthenticationFailure from request (null)

• Network ACL for two specific ports

  As far as I can tell there is no way to set Network ACLs such that only two specific ports are available. I'm using Oracle 11gR2.
  I'd like a HTTP port and an SMTP port open for the local loopback address. These are ports 7777 and 25. It's my understanding that you can have only one ACL per host. While it seems you can create more, any additional ACL's for the same host don't always work as expected. So does anyone have any advice as how I can do this? I'd rather not have every port between 7777 and 25 available but this is what I currently have...
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(
  acl => 'local_loopback.xml'
  , host => '127.0.0.1'
  , lower_port => 25
  , upper_port => 7777
  );

  Billy  Verreynne  wrote:
  As far as I can tell there is no way to set Network ACLs such that only two specific ports are available. I'm using Oracle 11gR2.>Not so in my experience. An ACL can be for a specific target, but contain multiple ports for that target.
  E.g. I assign ports 80, 7777, 8080, and a few others, in a single web-acl.xml, to a network target (host or domain).
  Read the usage notes in Oracle® Database PL/SQL Packages and Types Reference.>Thanks I'll try that. I think we had problems in the past with separate ACL's containing rules for the same host, the response we got back from support was not to do that. This way didn't occur to me.

• Is there an easy way of creating an ACL for denying users?

  Hi All,
  I like to create an ACL that would prevent about 50 users from accessing a particular network in our MPLS network.  I do not want to create another vlan for this. 
  Let's say I want to deny this range 10.12.16.20 - 50   from accessing 10.3.0.0 network but allow then access to everthing else.  Is this how to do it?
  Access-list 101 deny 10.12.16.20  0.0.0.0  10.3.0.0  0.0.255.255
  Access-list 101 deny 10.12.16.21  0.0.0.0  10.3.0.0  0.0.255.255
  Access-list 101 deny 10.12.16.22  0.0.0.0  10.3.0.0  0.0.255.255
  -- this will go continue down to .50
  Access-list 101 permit ip any any
  Can I do something like this?
  Access-list 101 deny 10.12.16.20 - 50  0.0.0.0 10.3.0.0  0.0.255.255
  Access-list 101 permit any any
  Thanks

  Disclaimer
  The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
  Liability Disclaimer
  In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
  Posting
  What Karsten has suggested, would be the "cleanest" approach, but if the IOS doesn't support it, what Rick suggested would be the way to do it using the fewest ACEs.
  If using Rick's approach, as he mentioned you can set ACEs on binary boundaries, variations on the "theme" might be to include a bigger block than needed, if the overage isn't harmful.  For example, when trying to exclude hosts 20 .. 50 one ACE could block 0 .. 63.
  Also remember you can mix permits and denies.  So say you wanted to block just 8 .. 63, you could permit 0..7, block 0..63 and then permit any.  Depending on your requirement, mixing permits and denies might require the fewest ACEs in your ACL.
  Of course the disadvange of a complicated ACL, it's harder to understand.  However, on a sofware based router, the shorter ACL might perform better.

• Problem creating transactional iview for BW system

  Hi gurus
  We are facing one problem creating a transactional iview for a BW 3.5 system . We wanto to call transaction SU01 in our BW system using an iview. When we use SAP for html, we have all the menu on the iview , I mean the same result as if we use smen, not SU01.
  And if we use SAP GUI , we are always having the same GUI Error
  Sapgui 640 [Build 8986] Wed Apr 01 12:25:05 2009
  : 'service '' unknown
  Time          Wed Apr 01 12:25:03 2009
  Component     NI (network interface)
  Release          640
  Version          37
  Module          ninti.c
  Line          505
  Method          NiPGetServByName2: service '' not found
  Return Code     -3
  System Call     getservbyname_r
  Counter          1
  Please, can you help us?
  Thanks in advance and best regards.

  Thanks Bala for your quick reply. I´ve tried with function module RSBB_URL_PREFIX_GET  and all the settings were OK. Still the same result.
  Adding more information. We have another WAS 6.40 server with different Module(we have RM and XRPM , not BW) and we are having the same problems. I am wondering if its related with some special config or activation 
  Maybe  I´ve forgot some service activation in SICF? I´m able to reach the SMEN, but not the SU01
  or I´m missing some config elsewhere?
  Thanks in advance.
  Best regards.
  Edited by: Jose Ignacio Arlandis on Apr 2, 2009 8:41 AM

• Problem creating T-Code for report(type Form-report)

  Hi all,
  Can T-Code be created for reports which are of type'form report '.
  Here is the problem in detail :-
  I have to use transaction 'CJE3' where four reports got created.These reports are  of type 'form report'.Currently I am not able to create the transaction for the reports in se93 transaction.
  Please advice on how I can create T-Code for these reports.
  Regards,
  Anirban

  Hi Dutta ,
  this report is created by Report painter for this Reports if u want to create tcode please follow the steps.
  se93 ---> take option parameter transaction .
  1.default valuse for transcation is START_REPORT
  2.skip initial Scree =  kich this one
  3.screen = 0.
  4.kich all GUI check boxes
  5.last one , u have to entry values like this
  D_SREPOVARI-REPORTTYPE =  report Type
  D_SREPOVARI-REPORT     = name of the report in the bottom scree.
  Regards
  Prabhu

• PFCG, derived roles, create inheritance relation for existing roles

  Dear reader,
  We have many roles that differ only in the organisational levels, but were not created using the Transaction Inheritance functionality.
  Because of the sheer number of these similar roles, making a change in a non-organisational field in these roles is quite laborious.
  Such a change is much easier when there is an inheritance relation between a template and all dependent roles.
  Is there a way to set up the inheritance relation between a template and it's dependent roles after their creation ?
  Kind Regards,
  John Hermans

  My own thinking what will happen if we combine so and so roles....
  I have a other basic question regarding the field values of a A.object.As we know the one particular A.object is related to so many T.codes.Eg:assigning just 1 tcode to a role which contains 5 A.objects(those 5.A.objects are related to so many different T.codes).If we generate the profile for the role it will bring up all the mandatory field values for that specific T.code which is added.Suppose if we assign some values in the fields which are blank(maintain) or even changing the standard values(01,02 standard but deleting those values and assigning 03,04).Will the user gets accesss for the maintained/changed field values ? The reason for asking is ,as we are deleting the mandatory field values of the tcode and assigning some other values which are standard values for some other Tcodes (which are not added in the menu)
  Pls excuse me if it confuses ....

• "Create" Datasource Privilege for Deployer Role

  Hi,
  We want to enable the "create" datasource privilege for the Deployer Role, after reading some information for this role looks like they are only allow to modify or delete datasources, but not create them. Admin privilege is not a good option for this group.
  Any ideas or suggestions...

  BoopathyVasagam wrote:
  Thank you for your answer. So should I issue the below statement? (Since I dont have dba privs i couldn't test this)
  GRANT CREATE VIEW to P_ETL_TEST_VIEW;
  I doubt that above will prevent the error from being thrown.
  prior to running anonymous block again; just do as below
  SET ROLE NONE;
  doing so should result in same error being thrown when invoking
  BEGIN 
     p_etl_test_view; 
  END; 

• Problem creating a swatch for rich black (c50 m50 y0 k100)

  When I manually create a swatch for rich black (c50 m50 y0 k100) in Illustrator CC (17.1.0) and assign as a fill or stroke, it is getting changed back to ordinary black (c0 m0 y0 k100). That is, I create the swatch as above, select an object and click to assign the rich black swatch. The swatch appears to be assigned to objects stroke or fill as expected. However, if I then reselect that object, the rich black has been reset to the standard black – c0 m0 y0 k100. I'm sure I've done this before without a problem, but not since I upgraded to Illustrator CC. As a workaround, for the piece I'm working rigth now, I created a swatch for c50 m50 y0 k99 – as this holds. Any ideas?
  Kind regards
  Tim

  At the time I was getting the decribed behaviour, I was working on a project destined for an online print service called PrintCarrier, for which I had a particular profile based on the FOGRA39 profile: Eurostd (Coaed) 15% GCR Medium. The latter was causing Illustrator to not retain rich blacks. When I reverted to my usual profile (ISO Coated v2 300% (ECI)) rich blacks were retained – that is Illustrator behaved normally with regards honouring the rich black assignments.
  Not sure why the different profile was causing that to happen in Illustrator. I know that under the same profile in InDesign, rich blacks assigned within that application behave correctly, and don't reset as in Illustrator.
  Is this a bug getting triggered or am I missing something in the way profiles handle black/rich black?
  Kind regards
  Tim

• Problem creating cache group for a table with data type varchar2(1800 CHAR)

  Hi,
  I am using TimesTen 7.0 with Oracle 10.2.0.4 server. While creating Cache Group for one of my table I'm getting the following error.
  5121: Non-standard type mapping for column TICKET.DESCRIPTION, cache operations are restricted
  5168: Restricted cache groups are deprecated
  5126: A system managed cache group cannot contain non-standard column type mapping
  The command failed.
  One of my filed type in oracle table is Varchar2(1800 CHAR). If I change the filed size to <=1000 it (E.g. Varchar2(1000 CHAR)) then the Create Cache command works fine.
  MyDatabase Character Set is UTF8.
  Is it possible to solve without changing the filed size in the Oracle Table?
  Request your help on this.
  Thanks,
  Sunil

  Hi Chris.
  The TimesTen server and the Oracle Client is installed on a 32-bit system.
  1. ttVersion
  TimesTen Release 7.0.5.0.0 (32 bit Linux/x86) (timesten122:17000) 2008-04-04T00:09:04Z
  Instance admin: root
  Instance home directory: /appl/TimesTen/timesten122
  Daemon home directory: /var/TimesTen/timesten122
  Access control enabled.
  2. Oracle DB details
  SQL> select * from v$version;
  BANNER
  Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bi
  PL/SQL Release 10.2.0.3.0 - Production
  CORE 10.2.0.3.0 Production
  TNS for Linux: Version 10.2.0.3.0 - Production
  NLSRTL Version 10.2.0.3.0 - Production
  Oracle Client - Oracle Client 10.2.0.4 running in a 32 bit Linux/x86
  3. ODBC Details
  Driver=/appl/TimesTen/timesten122/lib/libtten.so
  DataStore=/var/TimesTen/data
  PermSize=1700
  TempSize=244
  PassThrough=2
  UID=testuser
  OracleId=oraclenetservice
  OraclePwd=testpwd
  DatabaseCharacterSet=UTF8
  Thanks,
  Sunil

• NTP(Network Time Protocol) Error whil installing Oracle 11gR2 RAC

  Dear Friends,
  I have installed oracle 11gr2 clusterware software in two node RAC. While i run the CLUVFY.SH, It shows error in NTP configuration.
  1)I add "-x" parameter in "/etc/sysconfig/ntp" configuration file. and start the ntpd service and run the cluvfy.sh . then i got the below error.
  Check: CTSS state
  Node Name State
  rac2 Observer
  rac1 Observer
  CTSS is in Observer state. Switching over to clock synchronization checks using NTP
  Starting Clock synchronization checks using Network Time Protocol(NTP)...
  NTP Configuration file check started...
  The NTP configuration file "/etc/ntp.conf" is available on all nodes
  NTP Configuration file check passed
  Checking daemon liveness...
  Check: Liveness for "ntpd"
  Node Name Running?
  rac2 no
  rac1 no
  Result: Liveness check failed for "ntpd"
  PRVF-5415 : Check to see if NTP daemon is running failed
  Result: Clock synchronization check using Network Time Protocol(NTP) failed
  PRVF-9652 : Cluster Time Synchronization Services check failed
  Post-check for cluster services setup was unsuccessful on all the nodes.
  =============================================================================================
  2)Down the ntpd service in both nodes and run the CLUVFY.SH.
  Check: CTSS state
  Node Name State
  rac2 Observer
  rac1 Observer
  CTSS is in Observer state. Switching over to clock synchronization checks using NTP
  Starting Clock synchronization checks using Network Time Protocol(NTP)...
  NTP Configuration file check started...
  The NTP configuration file "/etc/ntp.conf" is available on all nodes
  NTP Configuration file check passed
  Checking daemon liveness...
  Check: Liveness for "ntpd"
  Node Name Running?
  rac2 no
  rac1 yes
  Result: Liveness check failed for "ntpd"
  PRVF-5415 : Check to see if NTP daemon is running failed
  Result: Clock synchronization check using Network Time Protocol(NTP) failed
  PRVF-9652 : Cluster Time Synchronization Services check failed
  Post-check for cluster services setup was unsuccessful on all the nodes.
  ==========================================================================
  3)Based on some website advice, I down the ntpd service and move the "/etc/ntpd.conf" to another location.Then i got the below error.
  Result: Query of CTSS for time offset passed
  Check CTSS state started...
  Check: CTSS state
  Node Name State
  rac2 Observer
  CTSS is in Observer state. Switching over to clock synchronization checks using NTP
  Starting Clock synchronization checks using Network Time Protocol(NTP)...
  NTP Configuration file check started...
  ERROR:
  PRVF-5402 : Warning: Could not find NTP configuration file "/etc/ntp.conf" on node "rac2"
  PRVF-5405 : The NTP configuration file "/etc/ntp.conf" does not exist on all nodes
  rac2
  PRVF-5414 : Check of NTP Config file failed on all nodes. Cannot proceed further for the NTP tests
  Result: Clock synchronization check using Network Time Protocol(NTP) failed
  PRVF-9652 : Cluster Time Synchronization Services check failed
  =============================================================
  What should i do to solve this issue?? Please help me ...

  Hi,
  I start the ntpd start the service in both node and done the CLUVFY.SH.
  The output is below,
  Checking if CTSS Resource is running on all nodes...
  Check: CTSS Resource running on all nodes
  Node Name Status
  rac2 passed
  rac1 passed
  Result: CTSS resource check passed
  Querying CTSS for time offset on all nodes...
  Result: Query of CTSS for time offset passed
  Check CTSS state started...
  Check: CTSS state
  Node Name State
  rac2 Observer
  rac1 Observer
  CTSS is in Observer state. Switching over to clock synchronization checks using NTP
  Starting Clock synchronization checks using Network Time Protocol(NTP)...
  NTP Configuration file check started...
  The NTP configuration file "/etc/ntp.conf" is available on all nodes
  NTP Configuration file check passed
  Checking daemon liveness...
  Check: Liveness for "ntpd"
  Node Name Running?
  rac2 yes
  rac1 yes
  Result: Liveness check passed for "ntpd"
  Checking NTP daemon command line for slewing option "-x"
  Check: NTP daemon command line
  Node Name Slewing Option Set?
  rac2 yes
  rac1 yes
  Result:
  NTP daemon slewing option check passed
  Checking NTP daemon's boot time configuration, in file "/etc/sysconfig/ntpd", for slewing option "-x"
  Check: NTP daemon's boot time configuration
  Node Name Slewing Option Set?
  rac2 yes
  rac1 yes
  Result:
  NTP daemon's boot time configuration check for slewing option passed
  NTP common Time Server Check started...
  PRVF-5410 : Check of common NTP Time Server failed
  PRVF-5416 : Query of NTP daemon failed on all nodes
  Result: Clock synchronization check using Network Time Protocol(NTP) passed
  Oracle Cluster Time Synchronization Services check passed
  ========================================================================================
  [oracle@rac1 ~]$ /u01/app/grid/oracle/product/10.2.0/db_1/bin/cluvfy comp clocksync
  Verifying Clock Synchronization across the cluster nodes
  Checking if Clusterware is installed on all nodes...
  Check of Clusterware install passed
  Checking if CTSS Resource is running on all nodes...
  CTSS resource check passed
  Querying CTSS for time offset on all nodes...
  Query of CTSS for time offset passed
  Check CTSS state started...
  CTSS is in Observer state. Switching over to clock synchronization checks using NTP
  Starting Clock synchronization checks using Network Time Protocol(NTP)...
  NTP Configuration file check started...
  NTP Configuration file check passed
  Checking daemon liveness...
  Liveness check passed for "ntpd"
  NTP daemon slewing option check passed
  NTP daemon's boot time configuration check for slewing option passed
  NTP common Time Server Check started...
  PRVF-5410 : Check of common NTP Time Server failed
  PRVF-5416 : Query of NTP daemon failed on all nodes
  Clock synchronization check using Network Time Protocol(NTP) passed
  Oracle Cluster Time Synchronization Services check passed
  Verification of Clock Synchronization across the cluster nodes was successful.
  [oracle@rac1 ~]$
  ================================================================================
  I hope the problem solved. Am i correct??

• Problem with Edit option for a role created in GRC 10.0

  Hello Experts,
  I created a role in GRC 10.0 , I see my newly created role in the list of roles . If I want to Edit the role I select the row and click " OPEN" and edit the role.
  But when I click the role directly and enter the role , the "EDIT"  button is disabled and even maintain authorization button is disabled.
  Did SAP defined in such  a way that we should selct the role and click OPEN then only we can Edit or is this a Bug??
  Please let me know if any one of you faced the same problem.
  Regards,
  Jagadish Bhandaru

  Hi,
  Sabita is correct.
  Here is the link to the documentation
  SAP Access Control 10.0
  Simon

• ASA 5520: Create Network Object for range of hosts?

  Hi,
  I'm new to Cisco Firewalling. I'm migrating our network objects from our current firewall to a new ASA 5520 configuration. I'm using ASDM 6.4 for configuration.
  We have a range of IP addresses for hosts that we need to add to a firewall rule/ACL. In the previous FW software I could create an object that was a range of IP address. For example there is an object called emailservers that is defined as 192.168.2.25-192.168.2.50.
  Is there a way to do a similar thing on the ASA 5520?
  I can see how to create subnets, but in this case I only have a range of IP addresses, no subnet mask.
  Any help greatly appreciated.

  Sure there is,
  hostname(config)# object network TEST2
  hostname(config-network-object)# range  10.1.2.1 10.1.2.70
  No need for subnet masks, this will be a Object network, not an Object-group of type network. Now in 8.3 they are a lot different.
  http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_objects.html
  Check this doc for reference.
  Cheers,
  Mike

• Problem creating a new Glassfish 4 server with Oracle Tools for Kepler

  Hello,
  I installed Oracle Tools for Kepler with no problem. But when I want to create a new server and fill in the directory to the server (which is valid, C:/glassfish4/glassfish), nothing happens. I can only click 'back' or 'cancel'.
  There is no error message.
  Is this a bug in Eclipse or Oracle Tools, or do I do something wrong ?
  Thanks in advance for help.

  Hi,
  Could you let us know where you installed the GlassFish tools plugins from ?
  Glassfish 4 support in OEPE has been available since Glassfish was released in June. But it looks like a bug may have been introduced in the latest build  available on  http://download.java.net/glassfish/ which does not exist in the version available at http://download.oracle.com/otn_software/oepe/12.1.2.1/kepler/repository
  The workaround on the version you are running is to enter a dummy password value and this should allow you to create the Glassfish 4 server.
  I will be filing a bug to track this issue
  thanks
  Raj

• Problem Creating Partner Link for Adapter Integrating with Tuxedo using JCA

  Hi All,
  This is the first time that I am working on integration tools. I will explain in brief the problem.
  There will be a legacy system (Tuxedo) running which connect to legacy database for requests. I am able to connect to that legacy system using Attunity Studio for getting the response back. Which is working fine.
  Now I want that to integrate with BPEL PM 10.1.2 using JCA. For this I followed this URL (http://www.oracle.com/technology/tech/java/oc4j/904/how_to/oc4j-jca-tux/onjava-jca.html). What happens here is, a simple servlet invokes a Session Bean that interacts the Attunity Server using the JCA. For that I am using oc4j container of BPEL PM 10.1.2. I could able to work it fine.
  For working with BPEL, I have created synchronous process, when try to create Partner link using Adapter service from WSIL browser, it is not coming in.
  Am I missed any important configuration at BPEL PM end.
  For doing this a followed the "tutorial 2" @ http://www.oracle.com/technology/products/integration/adapters/dev_support.html
  In exact way, above provided tutorial 2 PDF, I failed at step "Configuring a BPEL Service to invoke the above Adapter Service" on page 11.
  Your help is highly appreciated
  Thanks
  Venkata

  Something to note. I tried adding the same BPEL services as partner links to a new application and new project on two other developer's workstations, and the creation of the partner links were successful.