Question: 9i- 10g

Hi all,
What does anyone know or have an opinion regarding 10g's ability with Virtual Private Databases/Row level security and Unix based servers providing client-server forms and reports services to browser based windows and unix clients?
My organisation has been stuck in Forms 6 land because of heavy limitations of Forms 9's ability to handle row level security in this situation and I was curious to know if anyone has upgraded to 10g and resolved any issues in that regards.
Thanks all.

This is another article:
TECHNOLOGY: Security
Keeping Information Private with VPD
By Arup Nanda
Oracle's row-level security gives users their own virtual private databases.
Ensuring appropriate information privacy is a pressing concern for many businesses today, given privacy legislation such as the United States' HIPAA (Health Insurance Portability and Accountability Act), Gramm-Leach-Bliley Act, Sarbanes-Oxley Act, and the EU's Safe Harbour Law. Other privacy mandates, such as Visa's Cardholder Information Security Program (CISP), also require businesses to ensure that access to information is tightly controlled.
Oracle has always included the ability to grant (or deny) users access to database objects, but these privileges are defined at the object levelfor an entire table, not for specific rows in that table. Although that approach is sufficient for many applications, any application touching on financial, health, or other kinds of personal information usually requires more-discrete controls over access and authorization.
Oracle's row-level security (RLS) feature, introduced in Oracle8i, provides fine-grained access controlfine-grained means at the individual row level. Rather than opening up an entire table to any individual user who has any privileges on the table, row-level security restricts access to specific rows in a table. The result is that any individual user sees a completely different set of dataonly the data that person is authorized to seeso the overall capabilities are sometimes referred to as Oracle's virtual private database, or VPD, feature.
Using Oracle's VPD capabilities not only ensures that companies can build secure databases to adhere to privacy policies but also provides a more manageable approach to application development, because although the VPD-based policies restrict access to the database tables, they can be easily changed when necessary, without requiring modifications to application code.
For example, say a bank's account managers (AMs) provide personal customer support to high-net-worth account holders. AMs use a custom banking application to help them check their customers' balances, deposit or withdraw funds, and decide on loan requirements, for example. At one time, the bank's policy was to allow all AMs to access all account holder information, but that policy was recently changed. Now, AMs are assigned to a particular set of customers, and they need to be able to access information pertaining only to those customers. The policy change needs to be reflected in the application, which currently shows all customer information to each AM, not just information on the customers to whom each particular AM is assigned.
To make the application comply with the new privacy policy, the bank has three choices:
Modify the application code to include a predicate (a WHERE clause) for all SQL statements. This option doesn't ensure privacy policy enforcement outside the application, however, and if there are other changes in the future, the code will once again have to be modified, so this is not a good approach in the long term.
Leave the application intact, creating views with the necessary predicates and creating synonyms with the same name as the table names for these views. This option is better from the perspective of application changes and security, but it can be difficult to administer, because of the potentially large number of views to track and manage.
Create a VPD for each of the AMs by creating policy functions that generate dynamic predicates, which can then be applied across all objects, regardless of how they are accessed, by setting up policies with the row-level-security built-in package (DBMS_RLS).
This last option offers the best security without administrative overhead and ensures complete privacy of informationall the account managers see a different view of the table, according to their own credentials.
This article shows you how to set up a VPD security model. It goes through the process by using the foregoing bank scenario to create policy functions, define policies, and then test results. (Note that the tables are not completely defined, to keep the example simple.)
Basic Setup for the Example Application
Briefly, here are the basic assumptions about the example bank application:
A BANK schema owns two key tables that make up the applicationa CUSTOMERS table:
Name Null? Type
CUST_ID NOT NULL NUMBER
CUST_NAME NOT NULL VARCHAR2(20)
and an ACCOUNTS table:
Name Null? Type
ACCT_NO NOT NULL NUMBER
CUST_ID NOT NULL NUMBER
BALANCE NUMBER(15,2)
Listing 1 comprises the SQL script for creating and populating these two basic example tables.
User SECMAN (security manager) owns an ACCESS_POLICY table that identifies the AMs and their respective customer accounts:
Name Null? Type
AM_NAME NOT NULL VARCHAR2(20)
CUST_ID NOT NULL NUMBER
ACCESS_TYPE NOT NULL CHAR(1)
The AM_NAME column stores the user ID of the account manager; CUST_ID identifies the customer; and ACCESS_TYPE defines the specific access entitlementS (SELECT), I (INSERT), D (DELETE), or U (UPDATE). Some example records from the ACCESS_POLICY table follow:
AM_NAME CUST_ID ACCESS_TYPE
SCOTT 123 S
SCOTT 123 I
SCOTT 123 D
SCOTT 123 U
SCOTT 456 S
SCOTT 789 S
LARA 456 I
LARA 456 D
LARA 456 U
LARA 456 S
As you can see, SCOTT, the AM for customer 123, has all privilegesS, I, D, and Uas does LARA for customer 456. Also, because SCOTT can confirm account balances for one customer of LARA, he has S privileges on customer 456.
Step 1. Create a Policy Function
The bank's access rules (contained in the ACCESS_POLICY table) must be applied somehow, dynamically, whenever an AM tries to look into customer account information. The first step is to create a policy function that returns the appropriate predicate to be applied to the table. As with the ACCESS_POLICY table, the policy functions are created and controlled by user SECMAN, for security purposes. It's best to keep privacy rules separate from the tables to which they apply.
Let's examine the policy function, get_sel_cust_idshown in Listing 2 in detail:
Accepts exactly two parameters: the schema name (p_schema in varchar2) and the table name (p_table in varchar2)
Returns one value only, a stringreturn varchar2 as l_retstr varchar2(2000);comprising the predicate that will be appended to every query on the table
Uses a cursor routinefor cust_ rec into get the list of values, because each user may have several cust_ids listed in the table
Returns a constructed stringl_retstrto be used as a predicate whenever any user attempts to access the underlying table
The function returns the predicate where cust_id in with the appended list of customer accounts (cust_id), separated by commas, that the user (am_name = USER) is allowed to see.
Note that before entering the loop that builds the list of cust_ids for the user, the code in Listing 2 checks to see if the user is the table owner BANK, in which case the function returns a NULL predicate, as follows:
if (p_schema = user) then
1_retstr := null;
After building this function, you want to make sure it returns the appropriate predicate, by testing some sample data. Connect to the database as SECMAN, and insert some records into the ACCESS_POLICY table, giving SECMAN read privileges on a few sample accounts, as follows:
insert into access_policy values ('SECMAN',123,'S');
insert into access_policy values ('SECMAN',456,'S');
insert into access_policy values ('SECMAN',789,'S');
Now execute the function:
select get_sel_cust_id
('BANK','CUSTOMERS') from dual;
The function returns a string that will be applied as a predicate, as shown in the following sample output:
GET_SEL_CUST_ID('BANK','CUSTOMERS')
CUST_ID IN (123,456,789)
You need to create similar functions for the other types of access. For simplicity's sake, create a single function for all the other access typesUPDATE, DELETE, INSERTas shown in Listing 3. However, note that for a real-world application, each type of access should have its own individual function defined, to ensure appropriate privacy.
The policy function in Listing 3 is nearly identical to the policy function in Listing 2, except that the predicate is further qualified by use of the information from the ACCESS_CONTROL table:
and access_type in ('I', 'U', 'D')
Creating a policy function is just the first step. You now need to ensure that the function will be used, by defining the policy that should control its use in your system.
Step 2. Define a Policy
Policies are defined with the DBMS_RLS package, which is Oracle-supplied. Be aware that the policies themselves are not database objects owned by any user (schema); they are logical constructs. Any user who has the execute privilege on the DBMS_RLS package can modify or drop a policy created by another user. Privileges to DBMS_RLS should be judiciously controlled and granted with caution.
In the following example, user SECMAN is granted execute privileges (by SYS) on the DBMS_RLS package:
grant execute on dbms_rls to secman;
Listing 4 creates a policy named CUST_SEL_POLICY on the table CUSTOMERS of schema BANK. This policy applies the predicate returned by the function GET_SEL_CUST_ID (which is shown in Listing 2) owned by schema SECMAN to all SELECT statements on the table.
Similarly, you place another policy on the table for other access types, as shown in Listing 5. This policy applies to inserts, updates, and deletes in the CUSTOMERS table.
It is almost identical to the SELECT policy, except that this policy includes a check that ensures that the policy will remain compliant even after an update:
update_check => TRUE
Data cannot be added to the table unless it adheres to the policy.
Step 3. Test the Setup
Now that the building blocks are in place, let's see how they work. Connecting as user BANK and issuing a simple select * from customers; query displays the following:
CUST_ID CUST_NAME
123 Jay Kulkarni
456 Wim Patel
These two records are the full contents of the CUSTOMERS table, and both records are shown because BANK owns the table, so the predicate clause is NULLthat is, no predicate is applied. However, when user LARA makes the same query, she sees the following:
select * from customers;
CUST_ID CUST_NAME
456 WIM PATEL
LARA sees only CUST_ID 456, not 123, because that is the row she is authorized to see, as determined by the ACCESS_ POLICY table. Note that the query has no WHERE clause but that the selection from the table is automatically filtered to show only the authorized rows.
If user SCOTT makes the same query, his results are different from the results for LARA: select * from customers;
CUST_ID CUST_NAME
123 Jay Kulkarni
456 Wim Patel
User SCOTT sees both rows, because he is authorized to do so, as shown in the ACCESS_POLICY table. When user LARA issues the query, the policy function get_sel_cust_id returns the predicate where cust_id in (456). Lara's original query select * from customers is rewritten as
select * from
(select * from customers)
where cust_id in (456)
The predicate is automatically appended to the user's original query. The same thing happens when the user updates the table:
SQL> update bank.customers
2 set cust_name = 'PAT TERRY';
1 row updated.
Note that in this example, only one row is updated, even though there are actually two rows in the underlying table. The policy (CUST_IUD_POLICY) appends the predicate where cust_id in (456) to the update statement. Similarly, while the table is being deleted, only the rows for which the user is authorized are deleted.
Attempting to insert a row containing data for which the user is not authorized results in an error message. For example, in this query, LARA is attempting to add a record to the CUSTOMER table for an account not under her purview: Next Steps
READ more about
VPD Oracle9i Supplied PL/SQL Packages and Types Reference
Oracle Privacy Security Auditing
SQL> insert into bank.customers
2 values (789,'KIM PARK');
insert into bank.customers
ERROR at line 1:
ORA-28115: policy with check option
violation
According to the ACCESS_POLICY table, Scott has SELECT privileges on account 789no other privileges for any other AM are listed in the table.
Using policies in conjunction with functions ensures authorized access to specific records of a table. The rules are applied regardless of how the table is accessed, whether through an application or directly through an ad hoc query tool, such as SQL*Plus. Users see only rows for which they have been authorized.
Policies can be applied to multiple tables, and a single policy function can be used by any number of policies. Listing 6 shows a policy on an ACCOUNTS table that uses the get_sel_cust_id function initially created for use with the CUSTOMERS table.
Arup Nanda ([email protected]) is the chief database architect at Proligence Solutions ( Printer View
http://otn.oracle.com/oramag/oracle/04-mar/o24tech_security.html
Joel Pérez
http://otn.oracle.com/experts

Similar Messages

Good questions on 10g

i need some information on what types of questions come in 10g which a 10g person should be knowing.
Any web-site or documentation will be helpful.
I hope, my question is clear. Please help, in solving the doubt.
regards.

Hi,
As Frank just told you.
Here you have the link to get every doc. about AS
http://www.oracle.com/technology/documentation/appserver.html
I hope U have enough on this information otherwise let me know.
Cheers,
Hamdy

Frmwebutil.jar Question w/ 10g (9.0.4)

All over the Oracle documentation w/ Dev Suite and Webutil configurations it refers to frmwebutil.jar and sometimes f90webutil.jar.
My question is, are we to use both files in various places w/ 10g (version 9.0.4) or use one or the other exclusively?
If we are to use f90webutil.jar then I assume every reference directing us to frmwebutil.jar, we replace w/ f90webutil.jar, including signing the jar files adding to registry, .cfg files, etc...correct?
thank you.

Hello,
using one of them is enough,Oracle Developer Suite 10g Release 2 (10.1.2) uses frmwebutil.jar. and the earlier release uses dev suite f90webutil.jar
I think in your case you can use frmwebutil.jar alone.
Regards
Mohan

Upgrade question from 10g to 11gr1

Hi All
Planning to upgrade 10.2.0.4.0 to 11.1.0.7.0
After executing utlu111i.sql
SQL> @utlu111i.sql
Oracle Database 11.1 Pre-Upgrade Information Tool    07-19-2011 10:56:38
Database:
--> name:          TEST
--> version:       10.2.0.4.0
--> compatible:    10.2.0.1.0
--> blocksize:     8192
--> platform:      Linux x86 64-bit
--> timezone file: V4
-----Truncated-----------------
Components: [The following database components will be upgraded or installed]
--> Oracle Catalog Views         [upgrade] VALID
--> Oracle Packages and Types    [upgrade] VALID
--> JServer JAVA Virtual Machine [upgrade] VALID
--> Oracle XDK for Java          [upgrade] VALID
--> Oracle Workspace Manager     [upgrade] VALID
--> OLAP Analytic Workspace      [upgrade] VALID
--> OLAP Catalog                 [upgrade] VALID
--> EM Repository                [upgrade] VALID
--> Oracle Text                  [upgrade] VALID
--> Oracle XML Database          [upgrade] VALID
--> Oracle Java Packages         [upgrade] VALID
--> Oracle interMedia            [upgrade] VALID
--> Spatial                      [upgrade] VALID
--> Data Mining                  [upgrade] VALID
--> Expression Filter            [upgrade] VALID
--> Rule Manager                 [upgrade] VALID
--> Oracle OLAP API              [upgrade] INVALID
**********************************************************************My question is Oracle OLAP API is invalid. Shall i go ahead with the upgrade or do i need to make it valid before upgrade? if so how?
Thanks
Ak

ok So now getting
--> Oracle Packages and Types [upgrade] INVALID
Components: [The following database components will be upgraded or installed]
--> Oracle Catalog Views         [upgrade] VALID
--> Oracle Packages and Types    [upgrade] INVALID
--> JServer JAVA Virtual Machine [upgrade] VALID
--> Oracle XDK for Java          [upgrade] VALID
--> Oracle Workspace Manager     [upgrade] VALID
--> OLAP Analytic Workspace      [upgrade] VALID
--> OLAP Catalog                 [upgrade] VALID
--> EM Repository                [upgrade] VALID
--> Oracle Text                  [upgrade] VALID
--> Oracle XML Database          [upgrade] VALID
--> Oracle Java Packages         [upgrade] VALID
--> Oracle interMedia            [upgrade] VALID
--> Spatial                      [upgrade] VALID
--> Data Mining                  [upgrade] VALID
--> Expression Filter            [upgrade] VALID
--> Rule Manager                 [upgrade] VALID
--> Oracle OLAP API              [upgrade] VALID
**********************************************************************

Beginning Design question - Forms 10g

This is the first form I have been asked to develop. I am designing a forms 10G application. It is to be a read only interface to multiple history tables in a 10 R2 database. I want to be able to have the user select a year and then populate the form with that year's data. Will I have to create a form for each year? or is there a way to pass the year as a parameter and then select a datablock built from each table and associate that datablock with just 1 form. OR, if that is a lousy design, what is the best approach?

Hi,
You just need one form, but some datablocks (maybe).
If you have a database table for each 'year' then you need a datablock for each year.
Create a stacked canvas for each datablock.
To change beetwen blocks use:
go_block('block_name');If you have just one table then you can use set_block_property
set_block_property('block_name', default_where, 'where clause');
Hope it helps!
Edited by: Ruddy Guerra on 14-abr-2011 21:03

Questions on 10g AS Clustering

I worked on non-cluster AS environment but not on cluster environment and need your help/advice on this. Suppose I have 5 machines:
One machine will have Metadata/Database.
Two machines will be part of WebCache/SSO Cluster.
Two machines will be part of OC4J/OID Cluster.
Where & how can I know details on clustering, e.g. how to implement this?
I have UNIX systems.
Thanks.

These articles will get you started for oracle app server clustering.
First read the first article and figure out which archtecture fits your envirnoment. http://www.oracle.com/technology/pub/notes/technote_sowa.html
http://download.oracle.com/docs/cd/B14099_07/core.1012/b13998/toc.htm

Question about 10g EM w/ 2 databases

I've got 2 databases on one machine. How is EM supposed to be configured properly to see both of them?
Right now I've got 2 directories under $ORACLE_HOME/<hostname>_<SID>, one per SID.

Add the service names to OEM. You have to look for that option.
Joel Pérez

10g Personal Edition Question

I am newbie and have a question regarding 10g personal edition. I see that this version supports one user connection but I am trying to find out if the user connection can be remote (from another workstation) or if it has to be local.
I have (2) XP boxes and want to install 10g personal edition on one XP box then access the DB from the other XP box. Can this be done?
Thanks in advance for any input!

Like the original poster, I too am a total Oracle newbie, considering migrating to Oracle from the outstandling but comparatively feature-poor PostgreSQL, and I'm trying the downloadable version of the Personal Edition database 10gR2, and I cannot for the newbie life of me figure out how to use this thing remotely, so that I can have Oracle running on my server at home and use it/develop with it using Enterprise Manager and SQL Developer from, say, a coffeeshop or other remote location via the Internet. (Exception: remote control software--RADMIN works well--but this is not a good non-emergency solution.)
Ultimately, it would also need to be secure (SSL or something), but at this point, I cannot get it to work at all. I know how port-forwarding and other firewallish things work, but I suspect the problem is that the Personal Edition uses a local loopback connection which may be inaccessible from the Net?
Of course I'm perfectly willing to buy the product if I can be assured that this will ultimately work reliably--is that's what's necessary to get it to work (the downloadewd version being crippled somehow?), or to get any support (folks say Metalink is helpful)?
Usually, the documentation is all I need to make something go, but the Oracle documentation I've looked at so far is at once incredibly expansive and not very helpful to me. (I may not know enough for it to be helpful: most of the documentation seems to assume you're already fully immersed in the Oracle world, and little of it seems specific to the Personal Edition's quirks.)
Any pointers to explicit documentation, let alone some step-by-step "here's what you have to do" instructions, would be tremendously appreciated.
Thanks!

Oracle 10g on SLES9 AMD64

Hi All,
i have tried to set up a system SLES 9 AMD64 for testing Oracle 10g for AMD 64 .
After installing the operating system, I added this package
rpm -Uvh orarun-1.8-109.5.i586.rpm
and enabled the user oracle.
I you login as user oracle, the following error message is displayed :
error while loading shared libraries : librt.so.1 : cannot open shared object files : no such fileSuse support answers to this question : Oracle 10g is certified on SLES9, but the orarun package is only supported for SLES9 i386 ?
This is correct, but did not help me to continue my installation.
Any ideas ?
Best regards
Werner

Try: comment the following line in /etc/init.d/oracle and /etc/profile.d/oracle.sh:
#test -d /lib/i686 && export LD_ASSUME_KERNEL=2.2.5
Post your question on [email protected] for faster response :)
You may find http://www.gesinet.it/oracle/oracle10gonsles9amd64.html useful.
-Arun

10g: 3 problems

My over-all impression is that the JDev team has done a very good job with this version. It contains lots of usefull improvements. Here are some problems I have noticed:
1) The filechooser is some times really slow, when I browse the file system. I am using Red Hat 9.0 WS and the Gnome filemanager is not slow at all.
2) New Gallery => Web Tier => web.xml is grayed out. Orion and weblogic web.xml is not grayed out. But in this project I want to deploy to Tomcat.
3) Like several others have written I do hope that the team are are working on the Look & Feel on Linux. The 3 possibilities at the moment are just .... Take a look at Eclipse it looks great at both Windows and Linux.
---Flemming

More questions about 10g on Linux:
a) When working in the code editor the current linie number and column number is not shown in the IDE's status bar. As this a configurations issue? As far as I recall from my 9.0.3 installation on W2K these numbers are shown in the statys bar.
b) As one adds new views to the Navigator the new tabs become smallere than the first tabs. Should all tabs not size equal across the natigator window?
c) I downloaded the full preview zip file, and the directory <JDEV_HOME>/jdec/doc contains non empty directories: hosted, ohj and welcome, but I cannot lauch Index Search, Glossery and so on directly. However, some tumbnails show up above the Navigator. I can lauch the Help from Wizards and other pop-ups.
--Flemming

New to 10g

Hi,
We plan to migrate our appliction consisting of forms 6i(Reports,Graphics,Forms) and Oracle 9i database to Oracle 10g.
I have a couple of questions about 10g which I couldn't find in the PDF's I am reading.
1)Does Oracle 10g Application Server include Forms and Reports Services or is it a seperate add-on that has to be downloaded and installed?
2)Does Oracle 10g Application Server include OC4J bundled in it?
3)we have a couple of graphics files(OGD),where do I find the 10g graphics services? Is it part of Forms and Reports Services?
4)Where do I find the Forms Migration Assistant? ( Is it part of Application Server? )
Thanks

Certainly this is not the right place to post Application Server threads. I advise you to post it at the AppServer forum.
Forms & Reports are included in AppServer (disks, not licenses), OC4J is embedded, the forms migration assistant is included in the binaries.
Hi,
We plan to migrate our appliction consisting of forms
6i(Reports,Graphics,Forms) and Oracle 9i database to
Oracle 10g.
I have a couple of questions about 10g which I
couldn't find in the PDF's I am reading.
1)Does Oracle 10g Application Server include Forms
and Reports Services or is it a seperate add-on that
has to be downloaded and installed?
2)Does Oracle 10g Application Server include OC4J
bundled in it?
3)we have a couple of graphics files(OGD),where do I
find the 10g graphics services? Is it part of Forms
and Reports Services?
4)Where do I find the Forms Migration Assistant? ( Is
it part of Application Server? )
Thanks

Can Oracle Database 10g and Oracle Database 10g Express Edition co-exist ?

I just installed Oracle Database 10g Express Edition. But I also want to access isql*plus for study purposes.
Can I download/install Oracle Database 10g without removing Oracle Database 10g Express Edition ?

I decided to download and install Oracle 10g myself and it was pretty quick to install. So I answered my own question : Oracle 10g Express is definitely able to co-exist with Oracle 10g no problem.
I want to post/share this answer for others who started with Oracle 10g express first - the journey I started.
The url isql*plus is displayed near the end of the installation together with the enterprise manager url. Pretty cool.
Now I can learn both Oracle 10g enterprise edition and Oracle 10g Express which is based on apex engine.

Career Change - Question

Hello.
Cut & Dry.
Network Administrator at a defense company for 4.5 years.
Exposure to sql 2000 for roughly 2 years.
Received an opportunity at a globally known company.
Now working in an area with opportunity given, to study/learn/work in an environment that has an Oracle 10g db.
I am very interested in pursuing a certification, now here's the question. 10G or 11G? What would any of you recommend.
My degree is going to be in Management Information Systems, within the next 1.5 years.
At one point I held ccna/ccnp certifications from Cisco but let them expire. Revenue ceiling from those certs was low. Oracle on the otherhand, ceiling is alot higher.
Any recommendations? I have all the time in the world to study , and go head first. What study paths, any particular material in general. Need a basic/clean/cut&dry path to study, before taking a 10g or 11g certitficiation test for OCA.

There is a (somewhat well hidden) [certification forum|http://forums.oracle.com/forums/forum.jspa?forumID=459] where you may want to post this sort of question.
That said
- Are you talking about DBA track? Developer track? Something else? There are a lot of different Oracle certification paths out there. If you haven't already, I'd make sure to take a good look around [Oracle's certification website|http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=50].
- Whether to pursue 10g or 11g certification is something that you probably need to discuss with your boss. If you are going to be working with a 10g database for the next N years, and you expect to get certified in the next 6 months, I'd stay with the 10g path. If you're going to be moving to 11g soon, you may want to start studying on the 11g track despite the fact that some of the information you're studying about is going to be features added in 11.1 and not available for your day to day work.
- Just about anything you'd want to learn about Oracle is on [http://tahiti.oracle.com|http://tahiti.oracle.com]. That's an excellent place to start. There are also plenty of OCA/ OCP study guides out there that do an adequate job of preparing you for the exam itself. If the intention is to learn about Oracle, I'd focus on tahiti.oracle.com. If the intention is merely to pass the exams, any study guide from a reputable publisher is probably sufficient.
Justin

Secure OSB10g with owsm 10g

Hi,
I have a customer who have some flows exposed as webservices via proxy services on OSB 10g, he would like to implement authentication and authorisation, what is the best architecture to do it ? he is thinking to use OWSM 10g but don't know what is the best implementation architecture ?
He is also asking this questions : OWSM 10g is it compatible with OSB 10g or not ?
Thanks for your help.

OSB 10g is compatible with OWSM ( 10.1.3.x and later & 11.1.1). Please refer to the following links for more details:
http://docs.oracle.com/cd/E13159_01/osb/docs10gr3/security/owsm.html
http://docs.oracle.com/cd/E13159_01/osb/docs10gr3/interopmatrix/matrix.html (Refer to Platform Interoperability section)
Hope this helps.
Thanks,
Patrick

Problem while Migrating user data from 10g to 11gR2

Hi experts,
I am trying to Migrate users data(including password and security questions) from 10g to 11gR2 what approach i have followed is..
From 10g using API i retrieved users data including password and security questions and i stored all information into hashmap. This is one java program.
And then i am trying to create that user in 11gR2 using API which i retrieved from 10g . From this 11g program i am creating object of 10g and i am using that hash map to retrieve user information.But i am not getting connection to 10g , it is throwing exception like unknown application server.Both sides i used API only as it is recommended to use API instead of JDBC connection.
Help me in this regard ASAP and suggest if there is any other approach to Migrate users data.
Thanks in Advance

By using Trusted Recon, you won't be able to Fetch Password as it is.
Since your goal is to fetch passwords too, please follow another approach.
You won't be able to get connection to both 10g and 11g simultaneously in the same program.
So, break this task in 2 phases. First connect with 10g, fetch user data in CSV format and then connect with 11G and read this CSV to create users.
Once users are created properly, use APIs for creating challenge questions and answers.
I think, you are getting exception like unknown application server because you are trying to connect to both 10g and 11g environments simultaneously.
Follow the following steps:-
(1) By using 10G APIsyou can't obtain password of user profile in decrypted form. So, Fetch password by using tcDataProvider. It will give you plain text password.
(2) In a custom scheduler written in 10g, retrieve this data in CSV. After all you can't store this info in
String query = "SELECT USR_LOGIN, USR_PASSWORD, USR_FIRST_NAME, USR_LAST_NAME FROM USR";//Add all fields which you want to retrieve from your 10G
(3) Use this query, tcDataProvider, tcDataSet and Java I/O (or any other CSV Third Party tool like the ones obtained in csv.jar in XL_HOME/ext folder) fetch this info in a CSV.
(4) Once CSV is generated, 10g machine is no more needed. Connect with 11g using 11g APIs. Write your custom 11G scheduler in order to read this CSV and use 11g APIs and create users for each record.
(5) Once user records are created in 11g, the difficult part is done. Transfer the Security questions too by using this CSV technique.
Please share results with us.

Question: 9i- 10g

Similar Messages

Maybe you are looking for