Proxy user with limited privileges
Hi Expert,
Wanted to know if there is any way to restrict proxy user with certain privileges.
For an example, If i'm logging in as fnadvi[scott]/password....in this certain circumstances, fnadvi would override all the privileges from SCOTT user.
And can do insert/update/delete/select whatever under schema SCOTT.
<quote>
BANNER
Oracle Database 11g Release 11.2.0.2.0 - 64bit Production
PL/SQL Release 11.2.0.2.0 - Production
CORE 11.2.0.2.0 Production
TNS for Linux: Version 11.2.0.2.0 - Production
NLSRTL Version 11.2.0.2.0 - Production
</quote>
Is there any way, that I can setup for user:fnadvi to select certain tables, update certain tables and so on?
The default proxy user can do anything as SCOTT can do.
Thanks
Nadvi wrote:
Hi Expert,
Wanted to know if there is any way to restrict proxy user with certain privileges.
For an example, If i'm logging in as fnadvi[scott]/password....in this certain circumstances, fnadvi would override all the privileges from SCOTT user.
And can do insert/update/delete/select whatever under schema SCOTT.
<quote>
BANNER
Oracle Database 11g Release 11.2.0.2.0 - 64bit Production
PL/SQL Release 11.2.0.2.0 - Production
CORE 11.2.0.2.0 Production
TNS for Linux: Version 11.2.0.2.0 - Production
NLSRTL Version 11.2.0.2.0 - Production
</quote>
Is there any way, that I can setup for user:fnadvi to select certain tables, update certain tables and so on?
The default proxy user can do anything as SCOTT can do.
ThanksThe short answer is NO.
With Oracle everything is prohibited, except that which is explicitly GRANTED.
Similar Messages
-
InDesign crashes when opening with users with limited privileges
InDesign opens and when the page where you choose to start a project loads, it crashes.
I have unloaded the plugins but nothing changes. This happens with the final users of the computers.
As administrator I can run it perfectly.
I need to solve this because I have 250 students waiting to use this softwareNo, PC
Problem signature:
Problem Event Name: APPCRASH
Application Name: InDesign.exe
Application Version: 8.0.0.370
Application Timestamp: 4f72c3ee
Fault Module Name: MSVCR100.dll
Fault Module Version: 10.0.40219.325
Fault Module Timestamp: 4df2be1e
Exception Code: 40000015
Exception Offset: 0008d6fd
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 2058
Additional Information 1: 7f56
Additional Information 2: 7f56d5316922f11d9c19960fa530c768
Additional Information 3: 1720
Additional Information 4: 1720f133ce639c9412106776314a8c8e -
Create user with dba privileges
How do I create a user with DBA privileges in Oracle? The user should be able to create, insert, delete, truncate and other functions without any limits. Do I have to issue GRANT statements?
Hi,
I don't believe there's any way to create a user and grant privileges in one command.
First, create the user:
CREATE USER foo IDENTIFIED BY bar;Then grant the privileges. There's a pre-defined role called DBA that has all the privileges you mentioned.
GRANT dba TO foo;It's easy to write a script to do these two commands together, so you could say
@CREATE_USER foo bar dba -
How to create full new user with all privileges
how to create full new user with all privileges?
and how to delete existing users?
Thanks in advance..Common solution is probably to use sudo for privilege elevation, wiki should help
-
Install for users with limited rights.
Is there a way to install Flash player so users with limited rights can perform updates? I don't want to touch hundreds of machines each time a minor upgrade is released. Security policies dictate that users cannot have local admin rights.
Hi, not that I have heard of. If you can't update, then most likely you are under Group Policy and the IT Department would be in charge of that.
If it is possible, then someone else would need to reply to you.
Thanks,
eidnolb -
Using an NT user with DBA privileges does not permit to create schema : why ?
Hi,
I use an Oracle 8 on an Windows NT server.
I have two NT users with DBA privileges.
But, when I use the migration workbench to create the oracle schema, my users are not granted.
Why ?
Regards.
PascalPlease clarify your problem.
The workbench creates users (which are visible in the oracle model within the tool) with the password oracle .
I am not sure if you are asking about accessing the database using your OS user identity, or have you found that the users exist but do not have dba privileges.
Turloch
Oracle Migration Workbench Team
null -
Shockwave shows no content when run with limited privileges
Hi,
We're deploying showckwave player in our company.
When installing shockwave player on windows 7 wirh IE9 shockwave shows only content when IE9 is run in Administrative Mode. If IE9 is run with limited privileges which is default shockwave shows no content (i.e. http://www.adobe.com/shockwave/welcome/).
Any solution for this?the ipod touch and iphone where fully functional before the 2.0 update, but since than it seems like everything has gone to crap, it seems like apple can't make any good firmware anymore, iTunes 7.7.1 (which causes the app failures and the music being deleted, and iphone 2.0.2, didn't fix anything for me, man i can't wait to get the new ipod touch, maybe all these problems will be fixed by then
-
[OIM] Proxy User with groups
Dear people,
I have a scenario where there is a resource with an approval workflow, with 2 steps: in the first the Manager of the requester is the one who must approve. In the second step, a group is assigned as the one who has to make the approve.
I give a proxy to the Manager and another proxy to one of the group members.
When the workflow reaches the Manager approval step, it is automatically assigned to the proxy (what I expected).
The problem arises when the workflow reaches the group approval step, the assignment is still made to the user that is member of the group, not to his proxy user. Is this an OIM limitation? Some workaround?
Thanks!Hi,
when we assign the task to a group then if the proxy user is the part of that particular group then he has that task automatically why to duplicate the task and if proxy user is not the memeber of the group then he is not authorize to have that task because he is not the member of that group. As user set him as proxy user for him not for group.
I hope this answer your query....
Regards
Alabhya Goel -
We have a Webservice deployed on a Sharepoint 2010 deployment with a method as follows:
public static string ensureParentFolder(SPWeb parentSite, string destinationUrl)
destinationUrl = parentSite.GetFile(destinationUrl).Url;
int index = destinationUrl.LastIndexOf("/");
string parentFolderUrl = string.Empty;
if (index > -1)
parentFolderUrl = destinationUrl.Substring(0, index);
SPFolder parentFolder
= parentSite.GetFolder(parentFolderUrl);
if (!parentFolder.Exists)
SPFolder currentFolder = parentSite.RootFolder;
foreach (string folder in parentFolderUrl.Split('/'))
try
currentFolder = currentFolder.SubFolders.Add(folder);
catch (Exception ex)
FINEOSLogger.Medium(LoggerCategory.FINEOSToSharePointDMS, "User could not create SP folder so elevating permissions");
SPSecurity.RunWithElevatedPrivileges(delegate()
currentFolder = currentFolder.SubFolders.Add(folder);
return parentFolderUrl;
When invoked by a User with only Contribute rights the SubFolders.Add( ) call appears to fail and the
SPSecurity.RunWithElevatedPrivileges
code is invoked, which also fails.
1. So the first question is should you be able to invoke SubFolders.Add() with only Contribute? It works with Design privileges for the Customer. You can add folders on the Sharepoint website as a Contribute user so why not on the API.
Customer raising this as a security concern.
2. Also why would the
SPSecurity.RunWithElevatedPrivileges
part fail, is the syntax incorrect for Sharepoint 2010? We migrated this code from Sharepoint 2007 project.
The error I get when I try run the code as a Contribute user is
com.fineos.ta.dms.external.DMSException: The exception [A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".] was caused by the exception [A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".]., Ta Exception info,Exception Class=class com.fineos.ta.dms.external.DMSException,Root cause ID=10,Root cause host=IEL163,Localized message=A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18"
at com.fineos.integration.dms.internal.thirdparty.GenericDMS.add(GenericDMS.java:149)
at com.fineos.frontoffice.documentmanager.DocumentManager.saveToThirdPartyDMS(DocumentManager.java:280)
at com.fineos.frontoffice.documentmanager.fileupload.UploadDocumentWidget.save(UploadDocumentWidget.java:401)
at org.apache.jsp.sharedpages.documentmanager.fileupload.uploaddocumentpage_jsp._jspService(uploaddocumentpage_jsp.java:77)
Caused by: com.fineos.integration.dms.external.services.SharePointDmsException: A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".
at com.fineos.integration.dms.external.services.GenericDMSClient.uploadDocument(GenericDMSClient.java:139)
at com.fineos.integration.dms.internal.thirdparty.GenericDMS.add(GenericDMS.java:132)
... 88 more
Caused by: org.apache.axis2.AxisFault: Error_occured_sharepoint [Message Details = An Exception occurred in SharePoint; System.UnauthorizedAccessException: <nativehr>0x80070005</nativehr><nativestack></nativestack>Access denied.
at Microsoft.SharePoint.Library.SPRequest.AddOrDeleteUrl(String bstrUrl, String bstrDirName, Boolean bAdd, UInt32 dwDeleteOp, Int32 iUserId, Guid& pgDeleteTransactionId)
at Microsoft.SharePoint.SPFolderCollection.AddInternal(String strUrl, Int32 userId)
at FINEOSIntegration.FINEOSToSharePointDMS.SharePointDMSUtilities.<>c__DisplayClass9.<ensureParentFolder>b__5()
at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.<RunWithElevatedPrivileges>b__2()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
at FINEOSIntegration.FINEOSToSharePointDMS.SharePointDMSUtilities.ensureParentFolder(SPWeb parentSite, String destinationUrl)
at FINEOSIntegration.FINEOSToSharePointDMS.FINEOSToSharePointDMS.uploadDocument(String UserName, String FolderPath, String Filename, Byte[] File, DocumentProperties DocumentProperties, Boolean NotifyFINEOS, Boolean NotifyFINEOSSpecified, Boolean OverwriteIfExists, Boolean OverwriteIfExistsSpecified, String& DMSDocType)]
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at com.fineos.frontoffice.thirdpartydms.operationtypes.ThirdPartyDmsServicesStub.uploadDocument(ThirdPartyDmsServicesStub.java:761)
at com.fineos.integration.dms.external.services.GenericDMSClient.uploadDocument(GenericDMSClient.java:119)
... 89 more
Note that the user SPWeb being passed into the method is from an impersonated user, don't know if that matters.
So the webservice payload contains the id of the user who wants to do the Sharepoint work while the webservice is invoked by anonymous or some other service user. We then impersonate the user specified in the webservice payload like follows and use
that web SPWeb from then on in the webservice methods:
userToImpersonate = currentWeb.AllUsers[user];
site = new SPSite(fileUrl, userToImpersonate.UserToken);
web = site.OpenWeb();
Any help appreciated.
Thanks,
Ruairi.Ideally, a user with Contribute permissions should be able to add folders. Not sure what is the issue there. But I can see that SPSecurity.RunWithElevatedPrivileges is not written properly. You must create a new SPSite object inside the delegate
because SPSite objects created outside do not have Full Control even when referenced inside the delegate. Use the using keyword to ensure that the object is disposed in the delegate. Example:
SPSecurity.RunWithElevatedPrivileges(delegate()
using (SPSite site = new SPSite(web.Site.ID))
// implementation details omitted
});See this for more information about SPSecurity.RunWithElevatedPrivilegeshttps://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges%28v=office.12%29.aspx?f=255&MSPPError=-2147217396
Blog | SharePoint Learnings CodePlex Tools |
Export Version History To Excel |
Autocomplete Lookup Field -
Create user with DBA privileges with a restriction to access user data
Hi
I need to create a user with all DBA privileges with a restriction to access all user schemas
Thanks,
BalajiUse Database Vault - http://download.oracle.com/docs/cd/E11882_01/server.112/e16544/toc.htm
HTH
Srini -
Create user with select privilege only one schema
can someone tell me how i can create user with select priviliges only one schema.
i don't want the user to have any select privileges with other schema.
can someone advise me.
ThanskIn general, you would do something like
CREATE ROLE abc_read_only;
FOR x IN (SELECT * FROM dba_tables WHERE owner='ABC')
LOOP
EXECUTE IMMEDIATE 'GRANT SELECT ON abc.' || x.table_name || ' TO abc_read_only';
END LOOP;
CREATE USER your_user ...;
GRANT abc_read_only TO your_userYou create a role, grant the role SELECT access to all the tables in the ABC schema (you can extend this to grant access to views, functions, etc depending on the requirements), and then grant that role to your user.
Justin -
Creating portal users with owner privileges?
Hello,
I need to let local adminstrators create users in the portal.
This is based on instance-specific privileges, not global.
Setting them to 'owners' of the group in the portal should let them add users.
Once created and I log in as one of them I do not have the privileges of being an
'owner', eventhough it's visible in the portal that I am an owner.
Anybody?
/Hi,
To make the problem a little clearer.
I want to have "local adminstrators" that can manage portal users i.e; delete, insert and update portal users.
However I do not want these "local administrators" to be "Full administrators"- too dangerous.
The "local adminstrators" should belong to the same group as the users they are set to administer. The
only difference between a "local administrator" and a user of a group is that the "local administrator" have privileges
to manage the other users of the group. If I have understood the concept right an owner have these privileges.
I made them owners of the group, but this did not enable them to manage users.
This must be a rather common approach, to have some users being able to administer other users without being a fullfledge DBA.
Right now I'm looking into mapping them(the local administrators) to a different database schema with rights to manage users.
I realize that to map them to another schema, then the checkbox "Use this schema for Portal Users" have to be checked when creating the
schema. How do I check if this was checked and if it wasn't checked can I alter it now?
Another thought is to dynamically upon meeting certain conditions making them Full Administrators, then after finishing the task
reinstating them as normal users.. but this.. well hmm
Thanks.
/ -
I have a 2007 iMac running OS X Lion, all latest updates and patches applied.
My daughter has an account on the system, which I have limited to only being able to be used for a few hours a day.
The problem arises when she leaves herself logged in, but walks away, and the time runs out. When I sit down at the console, the first thing that happens is that the cursor disappears, and the systems starts to go into a logout. Makes sesne so far, I guess. However, the system then goes into what I can only presume is some sort of loop. The cube animation starts, and rotates back and forth several times between two screens, both equally hessian wrapped, with no distinguising features.
I can log into the system via ssh, and I can confirm that the system is spiking out on SecurityAgent:
Processes: 661 total, 5 running, 29 stuck, 627 sleeping, 2082 threads
19:59:08 Load Avg: 1.68, 3.07, 5.24 CPU usage: 43.38% user, 23.52% sys, 33.8% idle SharedLibs: 3620K resident, 1948K data, 0B linkedit.
MemRegions: 104350 total, 1295M resident, 189M private, 2974M shared.
PhysMem: 1166M wired, 3312M active, 1655M inactive, 6133M used, 9560K free.
VM: 1611G vsize, 1118M framework vsize, 34169473(356) pageins, 5796949(92) pageouts.
Networks: packets: 100372238/47G in, 162918821/146G out. Disks: 23914908/3252G read, 27697160/2570G written.
PID COMMAND %CPU TIME #TH #WQ #PORT #MREG RPRVT RSHRD RSIZE VPRVT VSIZE PGRP PPID STATE UID FAULTS
27013 SecurityAgen 98.0 37:41.27 2/1 1 88 84 508K 3904K 2664K 31M 2410M 27013 1 running 92 3028
28561 top 25.9 02:27.05 1/1 0 32 43 3752K 216K 4176K 20M 2381M 28561 28505 running 0 1924014+
1 launchd 4.6 50:43.63 3 0 3159- 343 2804K+ 2836K 2128K+ 15M+ 2405M 1 0 stuck 0 553252+
0 kernel_task 1.5 08:01:03 71/2 0 2 976 14M 0B 595M- 15M 5487M- 0 0 running 0 23008
197 WindowServer 0.7 01:57:50 5 1 6653 6448 22M+ 885M 486M+ 137M 40G 197 1 sleeping 88 25934192+
18548 Transmission 0.5 01:59:18 7 1 175 372 10M 7352K 16M- 47M 2550M 18548 282 sleeping 501 10297632
14 opendirector 0.4 02:27.27 13 13 617+ 108+ 6072K+ 1872K 6860K+ 32M+ 2417M+ 14 1 stuck 0 407028+
25117 mcxalr 0.2 00:40.33 4/1 3 43 41 200K 252K 1780K 30M 2391M 25117 1 running 54 1580
26441 SecurityAgen 0.2 00:01.55 2 1 121 245 2856K 19M 6820K 35M 2503M 26441 1 stuck 92 27427
28001 ManagedClien 0.1 00:00.11 4 3 98+ 86 1196K+ 4900K 3748K+ 31M 2413M 28001 27998 sleeping 0 3718+
294 UserEventAge 0.1 00:20.22 3 1 212 140 976K+ 3964K 2632K+ 34M 2422M 294 282 sleeping 501 294201+
28006 ManagedClien 0.0 00:00.11 4 3 97 86 1184K+ 4904K 3700K+ 32M 2414M 28006 28003 sleeping 0 3725+
28573 mdworker 0.0 00:00.41 4/1 2 55 101 8648K 6052K 13M 38M 2422M 28573 28443 running 89 4766+
27831 loginwindow 0.0 00:00.50 4 2 153+ 108+ 1692K+ 4804K 3252K+ 35M+ 2425M+ 27831 197 sleeping 0 4875+
15 configd 0.0 00:33.57 6 1 2316 230 2392K 1788K 3524K+ 27M 2420M 15 1 sleeping 0 320735+
28318 loginwindow 0.0 00:00.54 3 1 151 101 924K+ 4712K 3120K+ 33M+ 2423M 28318 197 sleeping 0 4778+
Now, obviously, because I can ssh in, I can start a clean shutdown and restart, but I'd like a way to do this that doesn't involve me bringing down the system, when the whole point of multiple users and parental controls is that a system can be shared cleanly.
Thoughts?
Thanks,
WillSee if this blog post that our support team created helps you with the connection information. This can create the desktop Access application linked up to the Access 2013 web app tables you have.
http://blogs.technet.com/b/the_microsoft_access_support_team_blog/archive/2014/03/24/how-to-make-external-connections-to-an-access-web-app-new.aspx
Also, you might just try clicking the Create Reports button in the Access web app client interface and Access will create the reporting database for you with links to the web app tables. On the File menu (when using the Access web app in client) make sure
to click the option to Allow Any Location under the Manage button. After that, just click the Create Reports button on the File menu (right above the Manage button) and wait a few seconds. Access will create a new desktop database linked up to all of the Access
web app tables. You can then create as many reports or other desktop objects as you like.
Hope that helps,
Jeff Conrad - Access Junkie - MVP Alumnus
Senior Content Developer - Office Content Development Team - Microsoft Corporation
Author - Microsoft Access 2013 Inside Out
Author - Microsoft Access 2010 Inside Out
Co-author - Microsoft Office Access 2007 Inside Out
Access 2007/2010/2013 Info: http://www.AccessJunkie.com
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/en-us/legal/Copyright/Default.aspx -
New user with sysdba privilege gets connected as user sys
hi ,
I am using oracle 10g R2 . I have a user named test . I have provided sysdba privilege to this user . Now , when I login to this user as conn tkcsowner/password
it gets connected , I created a table in that , the table data is fine . But, when I login as conn tkcsowner/password as sysdba , it connects , if I execute show user it shows "user is sys" , and the table is not here .
My question is ............
1. if I login to tkcsowner as sysdba , where do I login actually , to sys account or to tkcsowner ?
2. I want to execute some stored procedures through tkcsowner , which requires sysdba privilege . But , how can I can execute those from tkcsowner , but not from sys ?
Any additional info on this would be appreciated . thank you.My question is ............
1. if I login to tkcsowner as sysdba , where do I login actually , to sys account or to tkcsowner ?Yes, teh correct behavior. If you would use the o/s authentication, you would be connected as Sys user since Oralce would bypass the supplied username and password of yours over the prompt.
2. I want to execute some stored procedures through tkcsowner , which requires sysdba privilege . But , how can I can execute those from tkcsowner , but not from sys ?When you are going to connect with Sysdba role, you would be connected as Sys user. I am not sure what you exactly mean by saying that the procedure requires the Sysdba privilege? Procedure doesn't need any Sysdba privilege( there isn't such thing since its a role not a privilege) but the provilege of Execute on that procedure . So you do want to check it out what you are actually looking for and why?
HTH
Aman.... -
New User with All privileges of Administrator
Dear All,
We created one user USER1 in RPD.
We should give all priveliges to USER1 Like Administrator.(Answer,Dashboard,... should access to USer1)\
How to set?
Thanks
Govind RHi Raj,
Just a clarification, is your user (user1) in the RPD is grouped under Administrator?
If the user is grouped under Administrator, then we can follow a simple step in BI front end for the user to access all the front end objects.
In the BI Dashboard, click the settings there you can find manage presentation catalog groups and users. Here we can add the User 1 to presentation server Administrator group.
Make sure your Administrator user is set with all the necessary privileges to access Answers, Dashboard etc.
Thanks,
Karthikeyan V
Maybe you are looking for
-
I just tried to transfer my itunes from my old pc to new one. I have music that is downloaded to all three devices...new, old and itouch. I used the itouch to transfer the music, but now the music I downloaded with the itouch wifi disappeared. Hel
-
Hello, Please note, I could not fit the entire post in one entry...had to do it in 3 I am getting numerous errors on startup of the weblogic server. Given that I followed the instructions to a T (Quick Start Guide for Oracle® SOA Suite 11gR1 (11.1.1.
-
A simple select query taking forever
Hi All I am not able to execute a simple select query, I traced my session and here is TKPROF of that Trace. Solaris 8 , Oracle 10.2.0.4.0 TKPROF: Release 10.2.0.4.0 - Copyright (c) 1982, 2007, Oracle. All rights reserved. Trace file: 502_ora_28260.
-
Connection between 2 webdynpro inputfields
i'm making a webdynpro with 2 inputfields of solution type and solutionsubtype. this is the thing i want: when i select QM at the inputfield of the solution type then it is only possible to select solution subtypes that are only are available with th
-
Tweaking edge in keying with Keylight
Hi, I'm having trouble getting rid of a wiggling fur around my foreground subject after keying with Keylight 1.2.See screenshots in status and final result views (when I preview the outer edge comes alive in a horrible wiggle). I've tried tweaking wi