Role Question

Similar Messages

• Managed Roles Question

  I have just a basci question. If I have a role in the form of :
  cn=MDMS, ou=Industrial, dc=test, dc=com
  Does the organization Industrial have to exist soemwhere in LDAP as a real ou?
  I am using the Java API and I need to associate the cn with an organizational unit, but I do not want to have
  someone phisically managing these groups.
  And if this can be done, are there any drawbacks and or gotchas that I need to be aware of.
  Thanks in advance...

  You can do this, there should be no gotchas.

• Privilege and roles Question

  Hi All
  I did a queries
  SELECT GRANTEE, PRIVILEGE,GRANTABLE FROM DBA_TAB_PRIVS
  WHERE TABLE_NAME='TABLE1' AND GRANTEE IN ('USER1', 'USER_ROLE');
  GRANTEE        PRIVILEGE       GRANTABLE
  USER1 SELECT NO
  USER1 INSERT NO
  USER1 DELETE NO
  USER1 UPDATE NO
  USER_ROLE SELECT YES
  USER_ROLE INSERT YES
  USER_ROLE DELETE YES
  USER_ROLE UPDATE YES
  SELECT 'ROLE' TYP, GRANTEE, GRANTED_ROLE, ADMIN_OPTION FROM DBA_ROLE_PRIVS WHERE GRANTEE ='USER1';
  TYP      GRANTEE   GRANTED_ROLE   ADMIN_OPTION
  ROLE USER1 CONNECT NO
  ROLE USER1 RESOURCE NO
  ROLE USER1 USER_ROLE NO
  My question is since the USER1 is granted the role of USER_ROLE, will it cause conflict to the table privilege?
  Because I can't perform Insert when I'm using USER1. It give me an error of ORA-01031L insufficent privileges SQL source: ..

  Since you did not mention how you are performing the Inserts/DML's on the TABLE1, and you are facing privileges issues, I presume you are performing it from a PL/SQL Block. However, the priviliges acquired via a Role are not valid in Function/Procedure. You need to have explicit privileges to perform an action in Function/Procedure.
  Even without the privilege, you would be able to perform the Inserts/DML's as in static SQL statements that are not contained in PL/SQL blocks.
  Try:
  grant insert on table1 to user1;

• Certificate Authority CA Role question

  Well I haven't asked a question on here in quite some time.
  Does anyone know if I can export my CA role and cert from first primary servwer ZEN internal CA store and import on another primary for redundant internal zen CA servers?
  Not sure if this is supported or even works in case one bites the dust.
  Thanks in advance

  Originally Posted by mark7508
  Well I haven't asked a question on here in quite some time.
  Does anyone know if I can export my CA role and cert from first primary servwer ZEN internal CA store and import on another primary for redundant internal zen CA servers?
  Not sure if this is supported or even works in case one bites the dust.
  Thanks in advance
  No, you can't have "redundant".
  But the CA server is only needed when Generating Certs such as when building a new Primary or configuring an Auth Satellite.
  I've seen folks lose their CA server and not know it for a year or more )
  Simply make sure you have followed the steps for backup up your CA and if you ever lose your CA server permanently, you can use those files to install the CA service on another server.

• "SUIM User Users by Complex Selection Criteria by Role" question

  Hi all,
  Suppose the situation is:
  Composite role ZCR contains single role ZSR (profile T-001) . Composite role ZCR assigned to below two users with different expire date (both users are not locked and not expire):
  UserA - 01.01.2013
  UserB - 01.01.2024
  (Case 1) SUIM -> User -> Users by Complex Selection Criteria -> by Role (either specify ZCR or ZSR) the result is:
  UserA
  UserB
  (Case 2) SUIM -> User -> Users by Complex Selection Criteria -> by Profiles (T-001) the result is:
  UserB
  Is SUIM has error or other assumption on Case 1?   I expected the result is UserB only.
  I knew there is program PRGN_COMPRESS_TIMES to remove assignment which have already expire and all the related tables.  Please let me know if the result in case 1 is SAP standard or can be fixed by OSS notes?  Thanks.
  Regards,
  Donald

  Hi Donald,
  If the user having validity expired role in his user master SU01, then the expired role can be seen under 'Role' tab in SU01 with 'Valid to' date, but the role relevant profile will be removed from user at the time of role expiration date.
  So when you search for users based roles (Case 1), the SUIM lists all users who are assigned to that particular role, irrespective of expired role assignments. So in Case 1, please follow below step for accurate results.
  1.  (Case 1) SUIM -> User -> Users by Complex Selection Criteria -> by Role (either specify ZCR or ZSR) the result is:
  UserA
  UserB
  2. Then select all users in SUIM output (UserA & UserB), and click on 'In Accordance with Selection' button. So that you can see the users and the (ZCR) ZSR role 'Valid to' (End Date) date for each user.
  By doing second step here, you will get the accurate results. This is how the SUIM works.
  Thanks
  Sridhar
  >point begging removed by Moderator - last warning!<

• BEx Roles question

  /thread/750293 [original link is broken]
  Edited by: sam on Feb 20, 2008 4:18 PM

  Hello Sam,
  You have to create Roles in PFCG and assign appropriate reports authorization to the roles. For example you can create roles for End User , Power User etc.
  Once this is done, then assign the user to the Roles.
  For more details
  [Advanced Features of SAP BW Reporting Authorizations|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06]
  [Authorizations in a SAP Business Information Warehouse Project|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/adeac294-0501-0010-5a97-9ac5d562b1be]
  [SAP NetWeaver 2004s BI Authorizations for Reporting - Webinar Powerpoint|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a6c54319-0e01-0010-20a4-fb81ad32f330]
  [Authorizations in a SAP Business Information Warehouse Project|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b014a2fa-fc1c-2a10-6ab2-e8e288de0e08]
  [Field Based Authorizations in BW BEx Queries|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4753ed83-0e01-0010-e186-f98413f868cb]
  [An Expert Guide to new SAP BI Security Features|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea]
  Hope it helps
  Thanks
  Chandran

• Mitigated Role Question

  I have created a mitigating Control for a role and added the specific Risk ID.  If I run Risk Analysis on the role; it now shows up clean.  But if I run Risk Analysis on the users that have the role; the still show the risk.  Do I need to create the mitigating control for the role as well as each user that has the role?
  Thank You,

  Hi Ryan,
  When you run the risk analysis on user level, did you selected the option "Exclude mitigated risks"?
  In addition, you have set the configuration parameter "Include Role/Profile Mitigating Controls in User Analysis"
  to YES by going to Configuration -> Additional Options.                                                                               
  In the configuration -> Risk Analysis -> Default Values -> Exclude Mitigated Risks needs to be set to YES.          
  In addition put * after the risk((ex: F001*) in your mitigation control.
  Hope this helps.
  Best Regards,
  Sirish Gullapalli.

• ACE Role question

  Just a clarification about ACE roles. Why does the predefined "Admin" role have any rules beyond:
  1. Permit Create all
  Why are the other 3 rules necessary?
  2. Permit Create user access
  3. Permit Create system
  4. Permit Create changeto
  thanks,
  marty

  The ACE provides role-based access control (RBAC), which is a mechanism that determines the commands and resources available to each user. A role defines a set of permissions for accessing the objects and resources in a context and the actions you can perform on them.

• Platform Role Question.

  I've got a Dell Windows 8.1 tablet which seems to be suffering something of an identity crisis.
  It's showing it's Platform Role as Mobile rather than Slate so some features aren't working properly. So far I've not been able to find a way to override this setting and manual set it to Slate.
  Anybody got any idea how or even if this is possible?
  Thanks
  Steve

  Hi Steve,
  According to your description, I suggest you ask your IT admin for help to see if there is any restriction for tablet.
  In addition, what's the box for inputting the Server name? What function did you want to achieve?
  Karen Hu
  TechNet Community Support

• User admin role questions

  Does one really have to individually give User Admin status to each user
  in order for them to be able to change their own data? I was not able to
  select a group to assign to the role.
  Also, having assigned users to this role, can they then modifiy any
  other user's info? (This seems to be implied by the docs.)
  Tia,
  Ken
  Ken McLeod
  The Delphian School
  http://www.delphian.org

  Ken,
  It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com/ to search the knowledgebase and check the other support options available on that page under "Self Support" and "Support Programs".
  - You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
  If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Sync Role questions

  Hi, in an iPlanet cluster what is the difference between a sync alternate
  and a sync local other than the fact that sync alternates can be promoted
  while sync locals cannot?
  According to iPlanet documentation, sync alternates and sync locals behave
  similarly aside from sync alternates' ability to be promoted. So why would
  you ever have sync locals in your cluster and not just have all sync
  alternates?
  Also, if you have multiple sync backups, do they both sync with the sync
  primary or just the higher priority one? Again, if only the higher priority
  one syncs with the sync primary, what is the difference between having two
  sync backups with a sync alternate versus one sync backup with two sync
  alternates?
  Thanks,
  Linc

  Hi, in an iPlanet cluster what is the difference between a sync alternate
  and a sync local other than the fact that sync alternates can be promoted
  while sync locals cannot?This is the only difference.
  >
  According to iPlanet documentation, sync alternates and sync locals behave
  similarly aside from sync alternates' ability to be promoted. So why would
  you ever have sync locals in your cluster and not just have all sync
  alternates?Generally, you wouldn't ever designate a machine as a SyncLocal. The only case
  where you might is if you had one machine in the cluster that was so
  underpowered that it couldn't handle the load of being a DSYNC server.
  >
  Also, if you have multiple sync backups, do they both sync with the sync
  primary or just the higher priority one?They both sync with the primary.
  Again, if only the higher priority
  one syncs with the sync primary, what is the difference between having two
  sync backups with a sync alternate versus one sync backup with two sync
  alternates?
  Having two sync backups would double the overhead of maintaining backups.
  Having two sync backups is not generally recommended, since it is only an
  advantage if you have two Primary failures before the new Primary can create a
  new backup.

• I can't open a file in OS 922 that was created in OS X.

  The web-pages I downloaded while in OS X (and stored in the HD) appear blank, (white, no logo) when I am booted in OS 922. When I try to open them, I receive a message "Sorry, could not open because the application that created it could not be found".
  So OS 922 cannot find an application (in this case do they mean Safari or OSX ?) that created the file. Sounds logical since OS X didn't exist when OS 922 was created. And Safari neither I think (if that plays any role)
  Question: does the Internet connection (Internet Explorer vs. Safari play any role ?)
  I have no problem whatsoever with files downloaded with Internet Explorer (5.1.6 or previous versions I had). Or from OS 9.0.4 to 9.2.2.
  Nor do I with photos (even with Safari and OS X) .
  Only web-pages and documents (including TextEdit) done with OS X. And not all files but half of them.
  G4   Mac OS X (10.4.7)  

  Hi, I need -
  OS 9's Finder uses File Type and Creator codes embedded in files to determine how the file should be handled - what program to use to open it, and how that program should process the file.
  OSX uses filename extensions rather than File Type and Creator codes.
  As a result, it is not uncommon for a file created in an OSX environment to be displayed as a generic unknown-type document when the machine is booted to OS 9; and for Finder to not know how to handle it when it is double-clicked.
  If you know that a certain program in OS 9 should be able to open a file, try dropping that file onto the icon for that program (or on an alias to that program) - some programs are capable of trying to open a file done that way; others won't even try.
  In most cases, a file created by an OSX app will not be openable by an OS 9 app - this is understandable, given that newer programs often use more advanced formats than older ones, even versions of the same program.
  If you know that you will be transporting a file from OSX to OS 9, try saving it in a form accessible by OS 9 - many programs will offer a list of alternate file formats when you do a Save As of the file, or (in some cases) an Export of it.
  Question: does the Internet connection (Internet Explorer vs. Safari play any role ?)
  It certainly can. If Safari saves a file in a proprietary format, then IE will probably not be able to open it. However, a file saved in plain html should be openable by most any browser.
  You might experiment with the settings in OS 9's File Exchange control panel, particularly the ones listed under PC Exchange. Adjusting some of these, or creating new linkages, may allow OS 9 to handle files which are openable by your OS 9 programs, but which are not identifiable by Finder.

• Tomact examples and form base authentication

  I am looking at the tomcat examples web.xml security constrains and login info settings:
  <security-constraint>
  <display-name>Example Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>Protected Area</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
  <url-pattern>/jsp/security/protected/*</url-pattern>
       <!-- If you list http methods, only those methods are protected -->
       <http-method>DELETE</http-method>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
       <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
  <!-- Anyone with one of the listed roles may access this area -->
  <role-name>tomcat</role-name>
       <role-name>role1</role-name>
  </auth-constraint>
  </security-constraint>
  <!-- Default login configuration uses form-based authentication -->
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>Example Form-Based Authentication Area</realm-name>
  <form-login-config>
  <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
  <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  As we can see form-login page and form-error page uri match url-pattern settings.
  url-pattern: /jsp/security/protected/*
  form-login page: /jsp/security/protected/login.jsp
  form-error page: /jsp/security/protected/error.jsp
  There is no binding of unauthenticated user to ether one of specified roles
  Question: What place in the servlet spec allows serving secured resource for a user without appropriate role association?

  Kinda then beat the the whole idea of authentication then, if you allow a user in that is not assigned to a security role? Anyway, I think you are looking to send the user to another page if they are not in a role but have an id, correct? Well, first it has to be a page outside the secure directory/ies. The error it generates is a 403. So add to your web.xml:
      <error-page>
         <error-code>403</error-code>
         <location>/403.jsp</location>
      </error-page>Anytime a user who is not a member of the allowed roles attempts a login, they will be redirected to this page.
  Ross

• Identification user login in db

  Hi All,
  I want to ask You, how should I solve the problems with identification user login in database.
  Presumption:
  -     user has own login (e.g. johnQ)
  o     in application was selected &lsquo;authentication scheme &ndash; database account&rsquo;
  o     this user has assigned any db roles
  Question:
  How I could recognize login of the user? Till now I have used function SYS_CONTEXT('USERENV','SESSION_USER') which returned me login and I could worked with this value - e.g. insert it into log columns when was changed row or check in package roles assigned, etc.etc.
  Problem is that this function returned me any default APEX user ('APEX_PUBLIC_USER') now and I don&rsquo;t know how I could set up any context to this function will return me correct value or if there is any other functionality to solve this problem.
  Once more time I am apologize for question which should be often but I really can&rsquo;t find solution.
  Thank You for Your help
  Alesh

  Hello Alesh,
  You can use :APP_USER (or v('APP_USER')) instead.
  Greetings,
  Roel
  http://roelhartman.blogspot.com/
  You can reward this reply by marking it as either Helpful or Correct ;-)

• How does Azure Compute Emulator (or the Azure one) determine if a role is web project or something else ("The Web Role in question doesn't seem to be a web application type project")?

  I'm not sure if this is F# specific or something else, but what could cause the following error message when trying to debug locally an Azure cloud service:
  The Web Role in question doesn't seem to be a web application type project.
  I added an empty F# web api Project to a solution (which adds Global.asax etc., I added an OWIN startup class Startup etc.) and then from an existing
  cloud service project I picked Roles and
  chose Add
  -> Web Role Project in solution, which finds the F# web project (its project type guids are 349C5851-65DF-11DA-9384-00065B846F21 and F2A71F9B-5D33-465A-A702-920D77279786),
  of which the first one seem to be exactly the GUID that defines a web application type.
  However, when I try to start the cloud project locally, I get the aforementioned error message. I have a C# Web Role project that will start when I remove the F# project. I also have F# worker
  role projects that start with the C# web role project if I remove this F# web role project. If I set the F# web project as a startup project,
  it starts and runs as one would expect, normally.
  Now, it makes me wonder if this is something with F# or could this error message appears in C# too, but I didn't find anything on Google. What kind of checks are there when starting the emulator and which one needs
  failing to prompt the aforementioned message? Can anyone shed light into this?
  Sudet ulvovat -- karavaani kulkee

  Sudet,
  Yeah you are right, the GUID mentioned seems to be correct and the first one i.e. {349C5851-65DF-11DA-9384-00065B846F21} means the web application project which compute emulator uses to determine while spawning up role instances.
  You might want to compare the csproj of your C# and F# web projects which might give some pointers.
  Are you able to run your F# web project locally in IIS? If yes then you will definitely be able to run it on azure so I will recommend to test it in IIS Express first.
  Here are some other tips which you can refer or see If you are yet to do those settings
  1. Turn on the IIS Express - You can do it by navigating to project properties
  2. Install Dependent ASP.NET NuGets / Web Api dependencies (If there are any missing), Reference System.Web assembly
  Also I will suggest to refer this nice article about how to create a F# web Api project
  http://blog.ploeh.dk/2013/08/23/how-to-create-a-pure-f-aspnet-web-api-project/
  Hope this helps you.
  Bhushan | http://www.passionatetechie.blogspot.com | http://twitter.com/BhushanGawale