Role for system data dictionary read-only access
[NOTE: this is for 9i]
What grants must a role have to have read-only access to
the system data dictionary tables (e.g.: ALL_SOURCE,
ALL_OBJECTS, ...)?
Or, is there somewhere in the docs that talks about this
kind of role?
Thanks in advance,
Robert
Well, the answer to your explicit question would be that it would need SELECT on each of the data dictionary views that do not have SELECT granted to PUBLIC. To find out what those are, you could do:
SELECT table_name, privilege
FROM dba_tab_privs
WHERE grantee = 'SELECT_CATALOG_ROLE'however, it would probably be easier just to grant it SELECT_CATALOG_ROLE :-)
John
Similar Messages
-
Hi,
I need my mac to have full access to Data directory and for windows PC have read-only access.
I have my files under DATA directory, when I use secure disk using accounts under Time capsule and create users the files under my data directory is not visible.
When I revert the setting to have secure disk using disk password the files are visible.
Let me know how can I view my data with user accounts, do I need to repair permissions or something ?
Thanks,
Dinesh MistryHi,
Did some test and noticed :
When accounts are used a Directory name "Shared" is created under the main DATA directory / partition.
I moved the data from DATA to DATA/Shared and turned back accounts mode in Time capsule.
Now I have one user with readonly access and other with full access.
However I am not able to access the user direcroty which is outside DATA.
Anyways my data can be safe this way.
Thanks,
Dinesh -
How to create a user with read only access for ESB / BPEL Console
I need to create a user with read only access to ESB Console & BPEL Console. I have created a user
(esbreadonly) and assigned ascontrol_monitor role but user is still able to
delete services from ESB systems (such as DefaultSystem). Is there any way to
create a user that has strickly read only access to ESB Console & BPEL
Console
Thanks
Dinesh PatelCheck out this post.. I'm in the process of testing.
http://chintanblog.blogspot.com/2007/12/i-saw-numerous-people-asking-about-bpel_290.html -
How to create a read only access for database
I am developer but willing to lear some of the dba tasks. I would like to know the steps that i need to take to creat a read only access database that is going to be used for the report development.
I really appreciate if you tell me all the steps I need to create that. I have a full right to do this in the develpment database. thanksthank you for your reply but it does not tell me how i can set up a read only access acccount for the user. Do i need to create a role and assign the role to the users?
-
Read only access for objects in application designer
I want to apply read only access to all the objects in application designer. I would like to know how we can do this.
Jayaprakash TedlaJayaprakash,
On 8.48 :
1. Create a PERMISSION LIST
1.1 leave empty the navigator homepage
1.2 leave unchecked Can Start Application Server? and Allow Password to be Emailed?
1.3 On Pages tab, leave it empty
1.4 On PeopleTools tab, check Application Designer Access, then click on Definition Permissions, Tools Permissions Miscellaneous and Permissions, and put there the rights as well as you want. You can put Read Only on all component in one shot by clicking on the button, or one by one by choosing in the listbox for each type of components.
1.5 leave all other tab blank
2. Create a ROLE, and add the permission list created on step 1.
3. Create the user, and give the role created on step 2.
4. Open Application Designer, connect there with the new user, and enjoy on read-only access.
Hope this help,
Nicolas. -
How to assign read only access for a database to a single user?
Hi All,
I have created a login for one of the user , and i used deny view to deny that user access to any of the databases to be shown.Now, he cannot see any databases in the explorer window.
My question is now i want to give this user permission ( read-only) to a single database. How can i do that? I have googled around and found some solutions but nothing is working.
Can someone please help me with any suggestions.
Thanks a lot for your time and suggestions in advance.
ThanksHi Bhanu,
Thanks for your reply, I am not sure i got it. I have a user created with the name of 'msam_test' and if i login into management studio with this userid and password i dont see any databases showing up because i used the DENY View command to hide which is
working fine.Now i just want to see only 1 database named 'suresh3_test' with a read only access to this database.
I tried using your code in the below way
USE [suresh3_test]
CREATE USER [<msam_test>] FOR LOGIN [<msam_test>] WITH DEFAULT_SCHEMA=[dbo]
exec SP_ADDROLEMEMBER 'DB_DATAREADER','<msam_test>'
But i receive an error saying
Msg 15007, Level 16, State 1, Line 3
'<msam_test>' is not a valid login or you do not have permission.
Msg 15410, Level 11, State 1, Procedure sp_addrolemember, Line 75
User or role '<msam_test>' does not exist in this database.
Can you please help me on this.
Thanks -
I have read some of the other posts for people that got this error, but none seem to apply to me.
My program has been working for weeks. I made some minor changes, and started getting the error (full details below).
I did a TFS "undo pending changes" and still getting the same error, even after logging off. The one odd thing is that I did change my Windows password this week. The connection string is using a SQL user id and password that has no issues.
I'm an Admin own my own box (running WIn XP SP3). I even tried "Run as Admin" on Visual Studio.
I'm doing a Debug-Start, running a Console-Test-Program that calls a WCF service, which on local machine is hosted by "ASP.NET Development Server".
We have two other developers, one has the same problem, one does not. In theory, we have all done "get latest" and are running the same code.
The SQL Connection is related to a trace database; we are using this library http://ukadcdiagnostics.codeplex.com which has worked fine for months.
When I do "Start Run" in Visual Studio, I get this error:
{"The type initializer for 'System.Data.SqlClient.SqlConnection' threw an exception. "}
with InnerException: {"The type initializer for 'System.Data.SqlClient.SqlConnectionFactory' threw an exception."}
and it has InnerException: {"Requested registry access is not allowed. "}
Outmost StackTrace:
at System.Data.SqlClient.SqlConnection..ctor()
at System.Data.SqlClient.SqlConnection..ctor(String connectionString)
at FRB.Diagnostics.Listeners.SqlDataAccessCommand..ctor(String connectionString, String commandText, CommandType commandType)
at FRB.Diagnostics.Listeners.SqlDataAccessAdapter.CreateCommand()
at FRB.Diagnostics.Listeners.SqlTraceListener.TraceEventCore(TraceEventCache eventCache, String source, TraceEventType eventType, Int32 id, String message)
at FRB.Diagnostics.Listeners.CustomTraceListener.FilterTraceEventCore(TraceEventCache eventCache, String source, TraceEventType eventType, Int32 id, String message)
at FRB.Diagnostics.Listeners.CustomTraceListener.TraceEvent(TraceEventCache eventCache, String source, TraceEventType eventType, Int32 id, String format, Object[] args)
at System.Diagnostics.TraceSource.TraceEvent(TraceEventType eventType, Int32 id, String format, Object[] args)
at System.Diagnostics.TraceSource.TraceInformation(String message)
at FRB.EC.AdminService.AdminService.TestHelloWorldWithTrace(String name)
at SyncInvokeTestHelloWorldWithTrace(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
Second Inner StackTrace:
at System.Data.SqlClient.SqlConnection..cctor()
Third Inner StackTrace:
at System.Data.SqlClient.SqlConnectionFactory..cctor()
When I do "Run as Admin", I get this error:
{"Could not load file or assembly 'FRB.EFDataAccess, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Access is denied. "}
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at FRB.EC.AdminService.ConsoleTester.svcRef.IAdminService.GetDispositionStatusTypeList()
at FRB.EC.AdminService.ConsoleTester.svcRef.AdminServiceClient.GetDispositionStatusTypeList() in C:\SourceEagleConnect\EagleConnect\Dev\WCFServices\FRB.EC.AdminService.ConsoleTester\Service References\svcRef\Reference.cs:line 2459
at FRB.EC.AdminService.ConsoleTester.ConsoleProgram.GetDispositionStatusTypeList() in C:\SourceEagleConnect\EagleConnect\Dev\WCFServices\FRB.EC.AdminService.ConsoleTester\ConsoleProgram.cs:line 565
at FRB.EC.AdminService.ConsoleTester.ConsoleProgram.ExecuteNewRelease103QueryMethods() in C:\SourceEagleConnect\EagleConnect\Dev\WCFServices\FRB.EC.AdminService.ConsoleTester\ConsoleProgram.cs:line 189
at FRB.EC.AdminService.ConsoleTester.ConsoleProgram.Main(String[] args) in C:\SourceEagleConnect\EagleConnect\Dev\WCFServices\FRB.EC.AdminService.ConsoleTester\ConsoleProgram.cs:line 76
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
I am also posting the web.config/app.config, but I would rather not focus on that since there were absolutely no changes to it between the time it was working and the time it began failing.
Client app.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<connectionStrings>
</connectionStrings>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization impersonateCallerForAllOperations="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="FRB.AllowImpersonate">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IAdminService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="5565536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:3588/AdminService.svc" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IAdminService" contract="svcRef.IAdminService"
name="WSHttpBinding_IAdminService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
web.config of WCF service:
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="FRB.Diagnostics" type="FRB.Diagnostics.Configuration.UkadcDiagnosticsSection, FRB.Diagnostics"/>
</configSections>
<appSettings>
<!-- whatever goes here -->
</appSettings>
<!-- connection string section -->
<connectionStrings>
<add name="log" connectionString="Data Source=myserver;Initial Catalog=ECWCFLOG_SharedDev;User ID=myuser;Password=mypass;MultipleActiveResultSets=True" providerName="System.Data.SqlClient"/>
<add name="DBConn" connectionString="Data Source=myserver;Initial Catalog=ECData_SharedDev;User ID=myuser;Password=mypass;MultipleActiveResultSets=True" providerName="System.Data.SqlClient"/>
<add name="EagleConnectEntities" connectionString="metadata=res://*/EagleConnect.csdl|res://*/EagleConnect.ssdl|res://*/EagleConnect.msl;provider=System.Data.SqlClient;provider connection string="Data Source=myserver;Initial
Catalog=ECData_SharedDev;User ID=myuser;Password=mypass;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient"/>
</connectionStrings>
<!-- FRB.Diagnostics logging section -->
<FRB.Diagnostics>
<sqlTraceListeners>
<sqlTraceListener name="sqlTraceListenerSettings"
connectionStringName="log"
commandText="INSERT INTO LogStore VALUES(@Source, @ActivityId, @ProcessId, @ThreadId, @EventType, @Message, @Timestamp)"
commandType="Text">
<parameters>
<parameter name="@Source" propertyToken="{Source}"/>
<parameter name="@ActivityId" propertyToken="{ActivityId}"/>
<parameter name="@ProcessId" propertyToken="{ProcessId}"/>
<parameter name="@ThreadId" propertyToken="{ThreadId}"/>
<parameter name="@EventType" propertyToken="{EventType}" callToString="true"/>
<parameter name="@Message" propertyToken="{Message}"/>
<parameter name="@Timestamp" propertyToken="{DateTime}"/>
<!-- <parameter name="@UserId" propertyToken="{WindowsIdentity}"/> -->
</parameters>
</sqlTraceListener>
</sqlTraceListeners>
<smtpTraceListeners>
<smtpTraceListener name="smtpTraceListenerSettings"
host="vssmtp"
port="25"
from="[email protected]"
to="[email protected]"
subject="AdminService Logging Event: {EventType}, {MachineName}"
body="{Message}
=======
Process={ProcessId},
Thread={ThreadId},
ActivityId={ActivityId}"/>
</smtpTraceListeners>
</FRB.Diagnostics>
<!-- System.Diagnostics logging section -->
<system.diagnostics>
<sources>
<source name="FRB.EC.AdminService" switchValue="All">
<listeners>
<clear/>
<add name="ods"/>
<add name="smtp"/>
<add name="sql"/>
</listeners>
</source>
<source name="System.ServiceModel" switchValue="Off" propagateActivity="true">
<listeners>
<add name="ignored" type="System.Diagnostics.ConsoleTraceListener"/>
</listeners>
</source>
</sources>
<sharedListeners>
<!-- OutputDebugStringTraceListener -->
<add name="ods"
type="FRB.Diagnostics.Listeners.OutputDebugStringTraceListener, FRB.Diagnostics"
initializeData="{ActivityId}|{EventType}: {Message} - {DateTime}, Process={ProcessId}, Thread={ThreadId}"/>
<!-- SqlTraceListener -->
<add name="sql"
type="FRB.Diagnostics.Listeners.SqlTraceListener, FRB.Diagnostics"
initializeData="sqlTraceListenerSettings"
traceOutputOptions="Timestamp"/>
<!-- SmtpTraceListener -->
<add name="smtp"
type="FRB.Diagnostics.Listeners.SmtpTraceListener, FRB.Diagnostics"
initializeData="smtpTraceListenerSettings">
<filter type="System.Diagnostics.EventTypeFilter"
initializeData="Error"/>
</add>
</sharedListeners>
<trace autoflush="true"/>
</system.diagnostics>
<system.web>
<compilation debug="true" targetFramework="4.0">
</compilation>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
</system.web>
<system.serviceModel>
<services>
<service name="FRB.EC.AdminService.AdminService"
behaviorConfiguration="FRB.EC.AdminService.AdminServiceBehavior">
<!-- Service Endpoints -->
<endpoint address="" binding="wsHttpBinding"
bindingConfiguration="wsHttpEndpointBinding"
contract="FRB.EC.AdminService.IAdminService">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs.
If removed, WCF will infer an appropriate identity automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding"
maxBufferPoolSize="2147483647"
maxReceivedMessageSize="500000000">
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security>
<message clientCredentialType="Windows"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="FRB.EC.AdminService.AdminServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and
remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true.
Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
</serviceCredentials>
<!--<serviceAuthorization principalPermissionMode="UseAspNetRoles"
roleProviderName="AspNetWindowsTokenRoleProvider"/>-->
<serviceAuthorization principalPermissionMode="UseWindowsGroups"
impersonateCallerForAllOperations="true"/>
</behavior>
<behavior name="FRB.EC.AdminService.IAdminServiceTransportBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and
remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true.
Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"/>
<!--<authentication certificateValidationMode="Custom" customCertificateValidatorType="DataFactionServices.FRBX509CertificateValidator"/>-->
</clientCertificate>
<serviceCertificate findValue="WCfServer"
storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Thanks for any help.
NealI think I found it... this is sure a strange error for what is really happening.
Apparently it had happened to me before, and fortuantely, I actually added the following comment:
// Above is related to the WCFLOG SQL Diagnostics Trace
// If you get error here an inner exception "requested registry access is not allowed"
// inside exception "type initializer for System.Data.SqlClient.SqlConnection"
// then make sure you have impersonation enabled in your client.
// See AdminConsole web.config or FRB.EC.AdminService.ConsoleTester.app.config for examples
Now I think I will do a try catch and spit out the same text.
Still testing to assure that this really was the issue.
<endpointBehaviors>
<behavior name="FRB.AllowImpersonate ">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
The line below in BOLD below is what somehow seemed to disappear from my app.config - probably due to a TFS human error - still checking that also:
<client>
<endpoint address="http://localhost:4998/AdminService.svc"
behaviorConfiguration="FRB.AllowImpersonate"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IAdminService"
contract="svcRef.IAdminService"
name="WSHttpBinding_IAdminService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
Here's how I "idiot-proofed" this error for now, to give an error that actually at least points to a solution:
public SqlDataAccessCommand(string connectionString, string commandText, CommandType commandType)
try
_connection = new SqlConnection(connectionString);
// Above is related to the WCFLOG SQL Diagnostics Trace
// If you get error here an inner exception "requested registry access is not allowed"
// inside exception "type initializer for System.Data.SqlClient.SqlConnection"
// then make sure you have impersonation enabled in your client.
// See AdminConsole web.config or FRB.EC.AdminService.ConsoleTester.app.config for examples
catch (Exception ex)
if (ex.ToString().Contains("The type initializer for"))
throw new System.ApplicationException(@"
Your client app <endpoint> must be cofigured have a
'behaviorConfiguration' attribute like this:
behaviorConfiguration='FRB.AllowImpersonate'
that points back to a behavior that has this syntax:
<behavior name='FRB.AllowImpersonate'>
<clientCredentials>
<windows allowedImpersonationLevel='Impersonation'/>
</clientCredentials>
</behavior>
", ex);
else
throw ex;
_command = _connection.CreateCommand();
_command.CommandText = commandText;
_command.CommandType = commandType;
// TODO _command.CommandTimeout = ;
Neal -
XCM(Extended Configuration Management) Read Only Access for Webshop
Hi,
We dont hav e XCM admin access in our project.We need to have just the view(read only) access.This will help us immensly during any troubleshooting. Plus we will save a lot of time while troubleshooting if the view access is avaialable to us. In case of any issues in the XCM setting, we can easily pin point the issue and ask the ERP team to change it. In absence of it we can only speculate what could have gone wrong on the XCM side. Is there any role in XCM so that we can get just read only access.
RegardsHi,
The below note will help you.
Note 1014383 - Read only user in the XCM and Administration area of ISA
Regards,
Shanto Aloor -
Read only access for bpel console in SOA Suite 10.1.3.5.1(weblogic)
Hi
For SOA Suite 10.1.3.5.1 on weblogic, Is there any way to restrict certain users to some pages in bpel console.. e.g. read only access to bpel console.
I have found articles on web regarding this but they all are for SOA Suite 10.1.3.3 (and 3.4) on Oracle app server. Article provides a hack by using servlet filters.
How to do a similar thing in SOA Suite 10.1.3.5.1 on weblogic ?
Can somebody provide step by step instructions?
ThanksHi James,
I have already seen this link and several refined versions of it but it wont work for weblogic. For example
There is no j2ee/oc4j_soa/applications/orabpel/console directory (i looked into home directory as well but could not found orabpel/console dir).
So question is where to put filter class and how to make changes in web.xml as this file is not present in j2ee/oc4j_soa/applications/orabpel/console/WEB-INF/
I checked deployments in weblogic admin console and seems BPELConsole is deployed as a module under BPELPM ear.
Any idea?
Thanks. -
Implement strategy for ASA on TACACS w/ restricted read-only access
An ASA5550 will need to be configured to use TACACS AAA. Currently, the ASA is setup for local authentication. A couple of privilege 15 admin users and a few more privilege 5 read-only users.
ASA 5550
running ASA 8.2(2)
using ASDM 6.3(5)
authenticating to ACS 4.2
The admin users and read-only users already have established TACACS usernames and are in established TACACS user groups for logging into routers/switches.
What's the best way to implement configuration of the ASA and ACS server to maintain the same type of restrictions that's applied using the local database?
1. Try and avoid the creation of a second TACACS username for the admin and read-only users.
2. ACS allows restrictions on what devices can be access by users/groups. Possible to do reverse? Restrict what usernames can access a device in the ACS database.If you want to configure ASA for read-only access via tacacs then you have to do the following task
ASA/PIX/FWSM Configuration
In addition to your preset configuration, these commands are required on ASA/PIX/FWSM in order to implement command authorization through an ACS server:
aaa-server authserver protocol tacacs+
aaa-server authserver host 10.1.1.1
aaa authorization command authserver
On the ACS, you need to create command authorization set for only SHOW commands:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#scenario2
Associate command authorization set with user or group
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#asso2
Regards,
Jatin
Do rate helpful posts- -
How to configure Mailbox Read-Only access for Mailbox's owner on Exchange Server 2010?
I have to configure the Exchange Server 2010's mailbox to only grant Read-Only Access on the mailbox's owners. So they can only allowed to read their messages and cannot modify or remove them. Are there any references or methods to do?
Hi,alexchy8
We can make use of 2 PowerShell commands to achieve this goal.
Add-MailboxPermission and Add-MailboxFolderPermission.
Execute the Add-MailboxPermission command to delegate the read permission at mailbox level.
Execute the Add-MailboxFolderPermission command to delegate the required permissions on specific folders inside the mailbox.
You can read the following article as reference:
http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards. -
How enable read only access for ACS server itself
Hi,
We would like to know whether its possible to create a read only access to the ACS server. Currenlty ACS server has a generic login with full admin rights.
We need to create a login to couple of users to log into ACS to check the "Report and Activity" tab. Access to all other tabs should be disabled.
We are using ACS4.0 verison. Please let me know whether its possible.
Thanks
NachiHi,alexchy8
We can make use of 2 PowerShell commands to achieve this goal.
Add-MailboxPermission and Add-MailboxFolderPermission.
Execute the Add-MailboxPermission command to delegate the read permission at mailbox level.
Execute the Add-MailboxFolderPermission command to delegate the required permissions on specific folders inside the mailbox.
You can read the following article as reference:
http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards. -
Avoid read-only access at physical standby
Hi!
DB=11.2.0.2
when I start the standby with
SQL> startup
the db is open read-only.
Is there a way to configure the db so that startup command only mounts the db and start redo apply?
this is the config:
DGMGRL> show configuration verbose;
Configuration - w
Protection Mode: MaxPerformance
Databases:
w_01 - Primary database
w_02 - (*) Physical standby database
(*) Fast-Start Failover target
Properties:
FastStartFailoverThreshold = '30'
OperationTimeout = '30'
FastStartFailoverLagLimit = '30'
CommunicationTimeout = '180'
FastStartFailoverAutoReinstate = 'TRUE'
FastStartFailoverPmyShutdown = 'TRUE'
BystandersFollowRoleChange = 'ALL'
Fast-Start Failover: ENABLED
Threshold: 30 seconds
Target: w_02
Observer: ora
Lag Limit: 30 seconds
Shutdown Primary: TRUE
Auto-reinstate: TRUE
Configuration Status:
SUCCESS
DGMGRL> show database w_02
Database - w_02
Role: PHYSICAL STANDBY
Intended State: APPLY-ON
Transport Lag: 0 seconds
Apply Lag: 0 seconds
Real Time Query: OFF
Instance(s):
w
Database Status:
SUCCESS
br
DanielIf Data Guard is setup correctly the application is not losing data, you cannot read from it, but it will apply logs:
Ex.
/home/oracle:STANDBY >sqlplus "/ as sysdba"
SQL> select * from BIGSHOW.CUSTOMER;
select * from BIGSHOW.CUSTOMER
ERROR at line 1:
ORA-01219: database not open: queries allowed on fixed tables/views only
So even as the SYS user I cannot read from my test user's tables.
ORA-01219 is expected when the standby is in this state.
You can open READ ONLY if you have Active Data Guard, but generally that will cost you extra.
OR, you can do thing to check your data:
To open a standby database for read-only access when it is currently performing managed recovery:
Cancel log apply services:
SQL> ALTER DATABASE RECOVER MANAGED STANDBY DATABASE CANCEL;
Open the database for read-only access:
SQL> ALTER DATABASE OPEN READ ONLY;
At some point you have start the recovery again, you probably don't have an issue.
If you want more peace of mind on this you have to setup a test Data Guard system and bang on it.
Best Regards
mseberg -
Read only access to J2EE related tools
Hello,
I would like to help our auditors access everything they need to check in the Java systems, but I am not ready to give them ADMIN accounts. That`s why I need some kind of read only access for them.
So I would like to ask you if there is a SAP Note about the read only access roles for J2EE/ Java AS?
I am afraid there is no such note available, so can anybody share any experience with granting read only access to the Java system? I know how to grant access to the whole NWA, but what about the rest?
Examples:
- is there a way how to grant read only access only to the UME?
- is there a role for read only access to the portal PCD?
- is there something similar for KM access?
Or has anybody ever tried to split the admin roles into smaller pieces? Is there a description/ document how to do such thing?
Thank you for your time and effort,
cheers OttoHi,
thanks for trying, but I can use help.sap.com and was on that page before.
Maybe if there were any examples there or better: if the whole thing would be more granular (I see no point in using roles starting with SUPER, containing ADMIN or ending with ALL). I am looking for roles for surgery or for auditing. I don`t want to give anybody these super/admin/all roles just like that.
If you can suggest how to use that page, that would be cool. Otherwise I see no use.
By the way: another question of mine about surgery: How to restrict access to download/ upload UME configuration file
I would like to know how to controla access to this specific feature, nothing else.
Thanks for the time and effort,
cheers Otto -
Read only access on abc scheema to all other users
i want to give read only access on abc scheema to all other users. which command will be used.
Hi
Create a role first
CREATE ROLE ABC_SELECTONLY_ROLE IDENTIFIED BY anypassword;
Assign SELECT permissions to that role.
spool c:\grantprivs.lst
SELECT 'GRANT SELECT ON ABC.'||OBJECT_NAME||' TO ABC_SELECTONLY_ROLE;'
FROM DBA_OBJECTS
WHERE OWNER LIKE 'ABC'
AND OBJECT_TYPE IN ('TABLE', 'VIEW');
spool off
@c:\grantprivs.lst
Attach role to users (EXCLUDE USERS AS YOU LIKE. In this example we have excluded SYS, SYSTEM etc)
spool c:\attachrole.lst
SELECT 'GRANT ABC_SELECTONLY_ROLE TO '||USERNAME||';'
FROM DBA_USERS
WHERE USERNAME NOT IN ('SYS','SYSTEM',DBSNMP','SYSMAN');
spool off
@c:\attachrole.lst
You may wish to create private synonyms for the users.
CREATE SYNONYM USER1.TABLENAME FOR ABC.TABLENAME;
Regards
Adnan
Maybe you are looking for
-
Help! I loaded itunes onto my pc using the cd-rom in the box for the 30gb video ipod, but it disabled the dvd-rom / cd-rom drive. Any ideas on how to fix? Thanks
-
How to use "Order by" clause dynamically on LOV values in 10g r2 forms
Hi , I have following requirement,please guide me. 1 Create a List Of Values with 2 fields, Code and Description 2. Do not use order by clause in record Group Query 3. Attach this LOV to a field in Form 4. When user invokes the LOV user will see two
-
Hi every one, I use this sample in http://otn.oracle.com/sample_code/products/jdev/jsp/SearchSample.zip But I met error: 1. Application Error Return Error Message: JBO-27122: SQL error during statement preparation. Statement: SELECT ProductInformatio
-
under my minutes usage it shows these, and these are just a few. some show 2 calls during the same time... date..........................time....................number................minutes..............desc04/02/2009 9:40 AM 99999
-
HT5312 help! I want to remove the security questions please!
This is poor. All I want to do is spend up and lewave the extra security on this alptop is the final straw!