Restrict SQL output by User

In the sample sql below, I figured out how to be able to restrict output to terms that end with a 5 for a specific user and would like to know if there is a more compact way to write this or is this the best way. This sql will only list out terms that end with a 5 if the user = 'MYSELF', otherwise if a different user is logged in, then they would see all the terms within the range.
with ODP as
(select distinct user, case when user = 'MYSELF' then
                       substr(term,1,5)|| '5'
             else term
      end as ODPTerm
from status_table
where substr(term,6,1) = '5'
select distinct user, term, odpterm
from status_table
left outer join ODP
on term = ODPTerm
where (user = 'MYSELF' AND ODPTerm IS NOT NULL)
OR (user !='MYSELF' AND term between '201220' and '201245') There are many issues with how security was set up and the actual query will be used in an Oracle Report that is run via a URL. We were told that ITS prefers we create a separate report and restrict on term rather than trying to identify by user, however, that method would require we maintain several reports since users are able to enter parameters at run time. We thought that since at this point there are only two users (Non Employees) who need the restriction, this would be better at our end for report maintenance. The other reason is that eventually, we will be converting this report to another reporting tool, which would have a different security arrangement, so wouldn't be a long term issue about maintaining the hard coded user exclusion in the SQL statement.

Hi,
Here's one way of doing it:
SELECT DISTINCT
        user
,     term
,     term     AS odpterm
WHERE     (    user          = 'MYSELF'
     AND  SUBSTR (term, -1)     = '5'
OR     (    user          != 'MYSELF'
     AND  TERM          BETWEEN     '201220'
                         AND     '201245'
;If you'd care to post some sample data (CREATE TABLE and INSERT statements), then I could test this.
If you're using Oracle Enterprise Edition, then you can create a row-level security policy, such that limitations like this automatically apply to any query done on the table. Look up Virtual Private Database (or VPD ) and the Oracle-supplied package dbms_rls for more.
Edited by: Frank Kulash on Oct 26, 2011 6:47 PM

Similar Messages

  • How to restrict manual setting of User Status?

    Hi,
    I have created an User Profile where a particular User Status is "set" based on the Business Transaction "Release".
    However, we are also allowed to set this User Status manually without carrying out the Business Transaction "Release".
    How do I restrict manual setting of those User Statuses that are "set" based on a Business Transaction?
    Raj

    Pete,
    I did read that post. But it is about providing authorisation to set a Status for an User.
    The case I am referring is, an User Status is auto set by a Bus. Trans Release. But I am also permitted to set the status transition manually. This way, Users tend to skip Releasing the Service Order. This is affecting upstream processes.
    Is there a way where we can restrict manual setting of User Statuses that have to be normally auto set by Bus. Transactions?
    Raj

  • How to migrate sql server 2000 user defined function returns table

    Hi,
    How do I capture the SQL Server 200 user defined function that returns table? Is this supported in the current version of Oracle Migration Workbench? I am using the latest version - Release 9.2.0.1.0 with SQL SERVER 2000 plug-in.
    I was able to capture the SQL Server 2000 user defined function that returns string and smalldatetime but not the functions return table during the migrate data source stage.
    Thanks in Advance,
    Susan

    Susan,
    This is not currently supported. The next release of the Oracle Migration Workbench (due very soon), will do a better job of catching this mad reporting an error. We are looking into a suitable mapping and have created bug # 2355073 - TABLE DEFINITIONS NOT ACCEPTED FOR TABLE FUNCTIONS to track this issue.
    Once possible solution we are looking into is using the object type to emulate. Here is an example from the bug:
    Original table
    SQL> create table tabela (a number, b number, c number, d number);
    SQL> insert some values...
    SQL> select * from tabela;
    A B C D
    1 1 1 1
    2 2 2 2
    3 3 3 3
    4 4 4 4
    SQL Server 2000 code
    CREATE FUNCTION FUNCRETORNATABELA()
    RETURNS TABLE
    AS
    RETURN SELECT A,B,C,D FROM TABELA
    SELECT A,B,C,D
    FROM FUNCRETORNATABELA()
    ORDER BY A
    Oracle code (workaround)
    SQL> create or replace type MyObjType as object (
    2 a number, b number, c number, d number);
    3 /
    Type created.
    SQL> create or replace type MyTabType as table of MyObjType;
    2 /
    Type created.
    SQL> create or replace function teste return Mytabtype pipelined as
    2 aa MyObjType := MyObjType(null, null, null, null);
    3 cursor c1 is select a,b,c,d from tabela;
    4 begin
    5 open c1;
    6 loop
    7 fetch c1 into aa.a, aa.b, aa.c, aa.d;
    8 exit when c1%NOTFOUND;
    9 pipe row (aa);
    10 end loop;
    11 close c1;
    12 return;
    13 end;
    14 /
    Function created.
    SQL> select * from table(teste);
    A B C D
    1 1 1 1
    2 2 2 2
    3 3 3 3
    4 4 4 4
    SQL> select a, c from table(teste) order by c desc;
    A C
    4 4
    3 3
    2 2
    1 1
    Donal

  • Restriction in Output on transaction VF03 - Display Billing Document

    Hi Experts,
    Is there any way to restrict the Output on transaction Display Billing Document, I mean, on transaction VF03 and after you select a Billing document (Document number), go to Billing Document -> Issue Output to. This is because we currently have an Output Selection with two message types and what we need is to restrict one of the message types for a group of persons.
    Can this be restricted using authorizations? Is there any way to restrict this?
    I made some tests using system trace (ST01) but I couldn't find the way to restrict this.
    Can somebody help please?
    Best Regards,
    Erik Espinosa

    The message types are invoice forms.
    We have implemented an electronic invoice schema in our organization, and now when you want to print an invoice the system gives you two options for printing a document. Each of the options are message types that manage certain values and put them in a print form, so what we want to do is that only managers can access to option1 and the rest of the organization can access option2.
    This means that when managers try to print the invoice using option2 the system won't let them. They only will print invoices from option1.
    I tried to look for an authorization object in order to try to force the restriction with it, but I couldn't find one.
    This objects are called output types and what we need to do is restricting the use of the output types based on values for option1 and option 2 using Z roles.
    Regards,
    Erik
    Edited by: Erik Fernando Espinosa Zambrano on May 16, 2009 9:59 AM
    Edited by: Erik Fernando Espinosa Zambrano on May 16, 2009 10:01 AM
    Edited by: Erik Fernando Espinosa Zambrano on May 16, 2009 10:03 AM

  • How to restrict report output?.

    Hi
    how to restrict report output?.
    My Query:
    select a.deptno,b.empno,b.ename,b.hiredate from dept a,emp b
    Based on the following condition i have to generate the report.
    for each record
    if hiredate < '10-oct-03' then
    select count(*) from xyz where abc_date <= emp.hiredate
    else
    select count(*) from xyz where pqr_date <= emp.hiredate
    end if
    if count(*) = 0 then
         generate report
    end if
    end each record

    Hi friend,
    For your case, I think set up an authority-object is suitable.
    You can have a look at this http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c&overridelayout=true
    Good luck,
    Thanks,

  • Column Level restriction on Oracle 9i User

    i want to implement the column level restriction on oracle 9i users but it is not implementing. can u help me in this regard.

    Use Fine-Grained Access Control/Virtual Private Database (VPD)
    http://download-east.oracle.com/docs/cd/B10501_01/appdev.920/a96590/adgsec02.htm

  • Task restricted to one particular user

    Hi,
    I just want to have a task restricted to one particular user only so that no other user can have access to that task.How is possible to restrict to one particular user only?I want that the other user cannot see the task given to him.
    Thanks and Regards,
    Manish.

        Hello cselby11,
    Text messages are an important form of communication and I definitely want to assist you in getting this resolved. Are you now using the stock application or a different third party application for messages? Is your girlfriend having an issue receiving text messages from other contacts or is it just from your number? Are you able to receive her text messages? What zip code are you located in? If you have a signature enabled on your messages please remove and retest. Let me know if you continue to experience difficulties so I can further assist.
    DaisyP
    VZWSupport
    Follow us on Twitter @VZWSupport

  • Restricting  Access for SQ01 User Group

    Hi ,
    Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
    Thank you
    Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

    Hi,
    Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
    If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

  • Output a user's full name in SCCM

    All,
    I am looking for a way to output our users' Full Name in a query that I am writing.
    So for instance, I can compose a query which shows the computer name, memory installed, processor installed, version of windows, last logged in username, etc ... but I would like to also output not just the user's username, but their Full first and last name as well.
    Does anyone know how to do that?
    Thanks,
    Systems Admin

    Hello Bree08,
    Thank you for posting.
    This forum is focus on management questions of Windows Server system. From your description, it seems that demand can be achieved by SCCM. For better and accurate answer to the question, I would like to suggest you initial a new thread in one of our System Center Configuration Manager forum. The support professional and community members there are more familiar with it and can help you in a more efficient way.
    System Center Configuration Manager
    http://social.technet.microsoft.com/Forums/en-US/category/configurationmanager
    Hope this can be helpful.
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • Adobe Reader doesn't remember the output method user authentication

    Here's the setup:
    We use a network printer that is set up only using user inboxes with user authentication. There's no normal printing.
    The printers are set up on the mac computers using output method > user authentication > userid and password.
    This works fine for every application, but somehow it doesn't for Adobe Reader. It 'forgets' the password every now and then,
    even if when you look at the user authentication, the setting is still checked, and the password is still filled in.
    if I reinsert the password, and press OK, then press Print, the task is sent to the printer again, only this time, it actually prints.
    I can't think of a reason why Adobe Reader won't remember the settings.

    Merry Christmas!
    I currently only have Adobe Reader 9 installed.
    I did uninstalled Adobe and Acrobat, run a registry clean up....then installed Adobe Reader 9.
    but still not working.
    Very strange that everytime i open the program from Start-->Adobe-->Adobe Reader 9, then it starts install Reader.....it says please wait while Adobe install, it takes another 2 minutes then it opens.
    If I open by double click on the.pdf file, it then ask what program do you want to open this file.  I selected Adobe Reader 9, then it opens without any installation windows.

  • How to restrict the EBS end users to run only two same reports at a time?

    Hi,
    We are using EBS 12.0.6 and database 10.2.0.3.
    Is it possible to restrict the end business users to run only two reports at a time?
    OR
    Is it possible to restrict the end business users to run only two same reports at a time?
    Thanks.

    Is it possible to restrict the end business users to run only two same reports at a time?It is not possible.
    You can either make the report "incompatible" to itself (this means only one user in your company can run it at a time)
    Or not make it incompatible. (That means any user can run it any number of times)
    Incompatibility is a way of specifying which requests cannot be run under which circumstances.
    See http://download.oracle.com/docs/cd/A60725_05/html/comnls/us/fnd/incomp.htm
    You can use Hussain's suggestion to use Concurrent: Active Request Limit profile. You can set this profile value at each user level. But if you decide to set it at global level, remember to keep it a higher value for sysadmin kind of users that run scheduled jobs.
    Hope this helps,
    Sandeep Gandhi

  • Crond error: unable to exec /usr/sbin/sendmail: cron output for user .

    I have cronjobs running as a normal user.
    shadyabhi@ArchLinux ~/cronjobs $ crontab -l
    #CronJobs located in $HOME/cronjobs/*
    0 * * * * /home/shadyabhi/cronjobs/snailmail.sh
    * 5 * * * /home/shadyabhi/cronjobs/backup_pkgs.sh
    * 5 * * * /home/shadyabhi/cronjobs/backup_songs.sh
    shadyabhi@ArchLinux ~/cronjobs $ sudo tail -f -n 10 /var/log/crond.log
    Oct 16 09:00:12 ArchLinux crond[13410]: unable to exec /usr/sbin/sendmail: cron output for user shadyabhi /home/shadyabhi/cronjobs/snailmail.sh to /dev/null
    Oct 16 09:40:01 ArchLinux crond[1552]: FILE /var/spool/cron/root USER root PID 13622 job sys-hourly
    Oct 16 10:00:01 ArchLinux crond[1552]: FILE /var/spool/cron/shadyabhi USER shadyabhi PID 13739 /home/shadyabhi/cronjobs/snailmail.sh
    Oct 16 10:00:13 ArchLinux crond[13806]: mailing cron output for user shadyabhi /home/shadyabhi/cronjobs/snailmail.sh
    Oct 16 10:00:13 ArchLinux crond[13806]: unable to exec /usr/sbin/sendmail: cron output for user shadyabhi /home/shadyabhi/cronjobs/snailmail.sh to /dev/null
    Oct 16 10:40:01 ArchLinux crond[1552]: FILE /var/spool/cron/root USER root PID 14418 job sys-hourly
    Oct 16 11:00:01 ArchLinux crond[1552]: FILE /var/spool/cron/shadyabhi USER shadyabhi PID 15527 /home/shadyabhi/cronjobs/snailmail.sh
    Oct 16 11:00:13 ArchLinux crond[15593]: mailing cron output for user shadyabhi /home/shadyabhi/cronjobs/snailmail.sh
    Oct 16 11:00:13 ArchLinux crond[15593]: unable to exec /usr/sbin/sendmail: cron output for user shadyabhi /home/shadyabhi/cronjobs/snailmail.sh to /dev/null
    Oct 16 11:07:01 ArchLinux crond[1552]: reading /var/spool/cron/cron.update
    ^C
    shadyabhi@ArchLinux ~/cronjobs $ pacman -Q | grep sendmail
    sendmail 8.14.4-1
    shadyabhi@ArchLinux ~/cronjobs $
    Why am I getting that error?

    loafer wrote:The AUR package doesn't install the sendmail binary  for some reason.  There are quite a few comments about this on the AUR page.  I just built it myself.  The sendmail binary is there in the src but it doesn't get installed as part of the package.  Better ask the maintainer about why this is.
    But, I have sendmail binary in /usr/sbin
    shadyabhi@ArchLinux ~ $ whereis sendmail
    sendmail: /usr/sbin/sendmail /usr/share/man/man1/sendmail.1.gz
    shadyabhi@ArchLinux ~ $

  • Restrict access of "domain user" to specific computer

    I need to restrict access of "domain user" to a specific computer in the domain/
    I try to Do it by using "Active Directory Administrative Center"
    In Computers\Computer name\Properties\Extensions\Security
    I add the name of user and I marked deny to all and I canceled inheritance
    And yet the user can login to the computer
    I searched Policy that contradicts the security and I not found.
    With the "gpo" I was able to block, but I need necessarily used the Security
    Because of Security can be partial restriction.

    Hi,
    Based on your description, I understand that you want to allow some certain users to access specific domain
    computers.
    Please open ADUC (Activity Directory Users and Computers) and click User container. Then select that specific
    user account, open its Properties and navigate to Account tab. Please click
    “Log On To…” option to open Logon Workstations panel. In Logon Workstations panel, please change
    This user can log on to: All computers to The following computers. Then type the specific computer names. Please check if this can help you to achieve target.
    If anything I misunderstand or any update, please don’t hesitate to let me know.
    Hope this helps.
    Best regards,
    Justin Gu

  • Restrict the number of users logging onto the JAVA engine

    hi
    IS it possible to restrict the number of users logging on the JAVA Engine, if YES, how ?
    Thanks
    Jonu Joy

    Thanks for the replies, here's a little more info...
    We're working on project which allows a company to buy user licenses to access our portal.  So if a company has bought 5 licenses, the 6th user for that company will not be able to login.
    *Note: We treat each Access Key in the portal as a company.
    The way we determine if the user belongs to a company is by the AccessKey that is assigned to that user. We're not depending on IP addresses at all.
    Hope this clears the issue !
    I think we'll have to write some custom code to accomplish this.
    Thanks,
    harman

  • SPOOLING SQL output using Shell script

    Hi all,
    Is that Possible to Customize the SQL output in EXCEL using SET commandsby spooling
    Desired Output in Excel sheet:
    Counts           Original Query
    236487 Select *..............
    Can anyone plzz help me...Thanks

    Krux_rap wrote:
    Hi all,
    Is that Possible to Customize the SQL output in EXCEL using SET commandsby spooling
    Desired Output in Excel sheet:
    Counts           Original Query
    236487 Select *..............
    Can anyone plzz help me...Thanks
    SQL and PL/SQL FAQ
    What problem are you really trying to solve?

Maybe you are looking for