Roles base user access
hi gentlemen(n surely women too;)),
First.......I wanna control users procesing in forms-6i so that the users belonging a specific role can process specific commands(either thru buttons or menus), plzzz tell me that how can I do it.
Secondly, I'm trying Dev10g too, I wanna know that if I install an application in a multi-user environment, then which r the oracle tools I will have to install on a client machine to run oracle reports & forms from a web-browser.
I hope these things will not create any difficulty for u n reply me soon,take care,bye.
Hi,
1. Forms allows you to use database roles to secure menus. I suggest however, to create access control tables for your applications and check these tables before executing command sin Forms. So basically its a custom solution you have to build.
2. Oracle JInitiator or teh Java Plugin 1.4. JInitiator installs itself the first time the user requets a Forms link.
Frank
Similar Messages
-
Role Base Data Access in Report
Hi ,
I am looking to acress only that data in my report which is relevent to my role. i.e. If I am looking for New Opportunity report I need that only those opportunities should referect which are relevent to me .
Regards,
RohitHi Rohit,
You have to set up the Restricted Read Access with Restriction Rule (choose the one relevant for you) in Business Role Access Restrictions tab then you will see the same restricted data in report as well.
Regards,
Shobhit -
How to implement Oracle user/role security with Access front end?
Hi,
We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
Can someone give me some assistance or point me in the right direction?
Thanks in advance,
LarryWe had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
Larry -
How can I see which roles or users have access to a table?
How can I see which roles or users have access to a table?
For a given table, how can I see the grants, who and what?
Many thanksdba_tab_privs.
Grantee can be a role or an user, as roles are fake users.
Sybrand Bakker
Senior Oracle DBA -
Best Practice - Securing Schema from User Access
Scenario:
User A requires access to schema called BLAH.
User A is a developer that built an application using this schema in a separate development environment, although has the same privileges mirrored to production (same roles etc - required for operation of the application built).
This means that the User has roles that grant Select, Update etc rights for the schema / table in order to use (and maintain) the applications.
How can we restrict access to the BLAH schema in PRODUCTION, enforcing it to only be accessible via middle tier / application (proxy authentication?)?
We've looked at using proxy authentication, however, it's not possible to grant roles and rights to the proxy account and NOT have them granted to the user (so they can dive straight in using development tooling and hit prod etc)>
We've tried granting it on a session basis using proxy authentication (i.e. user a connects via proxy, an we ENABLE a disabled role on the user based on this connection), however, it causes performance issues.
Are we tackling this the wrong way? What's the best practice for securing oracle schemas (and objects in general) for user access where the users actually get oracle user account (or even use SSO) for day to day business as usual.
To me this feels like a common scenario, especially where SSO comes into play ...What about situations where we have Legacy Oracle Forms stuff? In these cases the user must be granted select etc rights to particular objects, as this can't connect via a middle tier.
The problem we have is that our existing middle tier implementation is built expecting the user credentials to be passed to it during initial authentication and does not use a proxy, or super user style account. We have, historically, been 100% reliant on Oracle rights and controls to validate and restrict access to our underlying data. From what you are saying, we should start to look at using proxy or super user access and move this control process further up - i.e. into Code or Packages ? If so, does this mean that there is no specific way to restrict schema access to given proxy accounts and then grant normal user accounts to connect through these to get access (kind of a delegated access scenario), without using disabled roles? -
Can multiple XP users access the same iTunes library?
Because I'm having a REALLY hard time getting that to work at all. I've moved my entire iTunes folder into 'Shared Documents' so that all users should be able to access it and changed the option in iTunes Preferences to the correct 'all users' path, but iTunes still tries to find the info in 'my' (sal's) documents instead of 'all.'
Anyone figure this out, or does it somehow break the EULA and isn't supported? The wife and I just want to use the same library since we're on one computer. Seems silly to not allow a user with admin rights to allow other users access.
Thanks,
Sal
Windows XPSal,
As this article in the Apple Knowledge Base explains the trick is to move the iTunes Music folder, not the entire iTunes folder, to "a publicly accessible location" and I believe they mean to suggest C:\Documents and Settings\All Users\Documents\My Music as a good place.
It is important that the iTunes Library files remain in Sal's Documents and Sal's Wife's Documents. -
Hi Experts,
I want my service desk users login on Solman and they can update Msg status and ther remarks.
so what are auth. object needs on there profile, please suggest.
Can we block users access in such a way , they are not able to do add change on other users issue msg.
bcoz , if i give access on crm_dno_monitor to any user, he may access and process all issue tickets.
Thanks
AndrewAndree,
Actually we provide variants for crm_dno_monitor.
so they have option of seeing only tickets belonging to themselves only
For e.g create a variant of crm_dno_monitor by choosing mine and then save it and create a ztcode in se93 for the same.
assign this tcode for the user menu to the respective role of the user.
So whn this user logs in and click on the link he sees only mine tickets or tickets belonging to him..he doesnt hav access to crm_dno_monitor.
Pls assign pts. -
Even if I've got no DBA permission (for example I don't see the v$session table), have I got any way to trace the users accessing the DB? How can I do? I was told about trace but can someone tell me more? I'd like to know the user accessing the DB and the operation that he's launching. Is it possible?
Thanks!Anything is possible if you have the correct privileges. But then you probably don't have those privileges, and probably for a reason, as you probably also don't have the DBA role for a reason.
If you are to enable trace in a different session, you would need execute access on an Oracle provided package, which differs by version, and of course you assume Oracle never changes, and there is only one version out there: yours.
For a DBA it would be the easiest to grant you the select_catalog_role and the execute_catalog_role.
But then again one would ask why you think you should spy on him, and why you don't cooperate with him and/or try to convince him.
Sybrand Bakker
Senior Oracle DBA -
Assigning roles to users programmatically
Hi,
I want to programmatically create roles, assign roles to users etc.
I saw at this thread
ADF Security Policy Store
the folowing scriptlet by Frank Nimphius
try {
IdentityStore idstore = JpsCommonUtil.getValidIdStore("idstore.xml.provider").getIdmStore();
try {
UserManager userManager = idstore.getUserManager();
RoleManager roleManager = idstore.getRoleManager();
Role adminRole = idstore.searchRole(Role.SCOPE_APPLICATION,"admin");
// create user
//TODO check for empty username and password
User newUser = userManager.createUser(this.username,this.password.toCharArray());
roleManager.grantRole(adminRole,newUser.getPrincipal());
} catch (IMException e) {
// TODO
} catch (JpsException e) {
// TODO
return null;
this is a TP3 scriptlet, is it still working on the 11g production?
I try it and i get a JpsException
oracle.security.jps.JpsException
at oracle.security.jps.internal.common.util.JpsCommonUtil.getValidIdStore(JpsCommonUtil.java:1004)
do I have to replace "idstore.xml.provider" with something else depending on my configuration?
thanks
TilemahosHi Frank thanks for the answer,
I check this functionality at WLS embeded LDAP and I shaw your "How-to configure OID for authentication in WebLogic Server" post.
I manage to add users and assign them roles that i created at my application.
But what if I want to have a super user that can create new roles and assign them member roles?
eg.
Developer created roles (policy store):
accessPage1 ( granted all the necesery principals to access page1 )
accessPage2 ( granted all the necesery principals to access page2 )
Super user created roles
Role1 member roles :accessPage1,accessPage2
If i want my application to have that functionallity i must create roles programmatically wont I?
If there another way?
By the way I followed the advices at the following useful links
Chris Muir: http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html
Frank Nimphius's How-to configure OID for authentication in WebLogic Server
Edwin Biemond's Using OpenLDAP as security provider in WebLogic
Andrejus Baranovskis: Practical ADF Security Deployment on WebLogic Server
And I manage to add users of the Microsoft LDAP at the WLS
but I could't mekae them group members of my application groups (roles)
is this possible?
Thanks -
Backend BW roles for users needed when running reports in infoview?
Hello all,
We are using SAP BI Queries as the sources of our universes, the user is going to logon to infoview to run report in webi. We have created some access levels in CMC to restrict users, the question is - the user will still need some kind of backend BW roles to have access to the BI query that is developed in BW system right? That way the user can fetch data?
Let me know
Thanks in advance.Hi,
If you are using SAP Authentication and Single sign on option in universe connection, the users must have sufficient roles to access SAP BW database.
if not, the only user login which you create during connection creation having roles to access to BW database is enough. In this case, the user can login to Infoview using any user and can access the report if he has priveleges to the report.
Hope this helps! -
Problem in assigning roles to users
Hi
I created Role in EP, which i want to assign to the users. i assigned that role to user. the user i not able to access the particular iviews. i attached some R/3 transactions iviews to that role. it says unable to lookup the system or system alias. when i assign that role to me, i'm able to access that iviews(R/3).
i have superadmin role permissions.
what default roles and permissions need to assign for users.
suggest me
thx
pradeepHi Pradeep,
In SP9 apart form creating a System, we need to assign permissions for users.
Follow this path:
System Administration -> Permissions -> <select your System in Portal Content> -> Open Permissions <on right click>. This would take you to the Permission Editor.
Here you need to add the user and assign permissions.
Please check this and let me know if its working.
Awaiting Reply.
Warm Regards,
Ritu -
What is the best approach to store "dynamic" user accessibility ?
Hi all,
We are implemennting security in our ADF BC + Faces application. There is always requirement to hide/disable functionalities that a user is not allowed / authorized to access.
Usually we do this during development time, based on what role the user is in. Using this approach, there is no way to change that , or give access to new role during runtime (after the deployment). This is what I call "static accessibility".
In our apps, we need the give / revoke access to some functionalities during runtime. This is what I call "dynamic accessibility".
One approach that comes to my mind is :
We define the accessibility to each function that we want to protect (hide/unhide) in database tables. Then every time a use enter a page, read these tables through JDBC calls then store tha data in Managed Bean.
Has anybody here implement this "dynamic accessibility" ?
Is there a better approach ?
Thank you very much,
xtantoSaeed,
SRDemo uses a managed bean that checks is user in role when called and returns true or false. Another approach - more elegant - is the use of a security property resolver as available
http://jsf-security.sourceforge.net
Regarding dynamic permissions, the use of JAAS seems to be a good solution. ADF Security uses JAAS permissions to assign component access to users.
E.g. if the user role manager has access to edit the salary column, then the security constraint added to the update button could be
#{!bindings.<attribute binding>.updateable}
Note that ADF Security sets the updateable flag on an attribute.
Or you use
#{bindings.<iterator binding>.permissionInfo.create}
#{bindings.<attribute binding>.permissionInfo.update}
#{bindings.permissionInfo['pageDefName'].view}
etc. to determine what a user can do or can't.
Note that I haven't tested if the permissions are cached for a specific application or if they are checked each time again. If they are checked each time then this would be a performance penalty but allows to dynamically set permissions to user groups as obviously needed in your applications.
No, we don't have tutorial for this. But a Oracle By Example for end-to-end security implementation is on my collateral plan for JDeveloper 11 (just need to write a doc writer ;-) )
Frank -
WebLogic 10.3.0 WLI Domain - Microsoft AD administrator user access issue.
Hi SOA Experts,
We are facing issue of getting noaccess exception on console (below) when doing datasource testing using Microsoft AD administrator user. The same works fine when testing using WLS embedded LDAP administrator user in WLI domain. In plain WLS 10.3.0 domain (without WLI) with same Microsoft AD configuration they do not see this issue, they are able to successfully test data source using both embedded WLS administrator and Microsoft AD administrator user.
I enabled security ATN and ATZ debug flags and below is my observation.
In plain WLS 10.3.0 domain I see that default weblogic administrator user in embedded LDAP is part of administrators group. Microsoft AD administrator user is part of Administrators group from MS AD.
Whereas in WLI domain I see that default weblogic administrator user is part of Administrators & IntegrationAdministrators groups. In WLI domain Administrators group is again part of IntegrationAdministrators group (below is debug logs).
Below is Plain WLS Domain Debug log
####<Dec 6, 2010 5:20:14 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)
'> <<WLS Kernel>> <> <> <1291674014123> <BEA-000000> < Subject: 2
Principal = weblogic.security.principal.WLSUserImpl("weblogic")
Principal = weblogic.security.principal.WLSGroupImpl("Administrators")
Below is WLI Domain Debug Log
<> <1291669863989> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
####<Dec 6, 2010 4:11:03 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
<> <1291669863989> <BEA-000000> < Subject: 3
Principal = weblogic.security.principal.WLSUserImpl("weblogic")
Principal = weblogic.security.principal.WLSGroupImpl("Administrators")
Principal = weblogic.security.principal.WLSGroupImpl("IntegrationAdministrators")
The issue of Microsoft AD administrator user not able to test datasource in WLI domain seems to be happening because of IntegrationAdministrators group which comes by default with WLI domain (in plain WLS domain we do not have this group). Looks like the datasource which is being created in WLI domain seems to be being treated as WLI resource and user accessing it is being checked if it part of IntegrationAdministrators group. In this case weblogic default administrator user is part of IntegrationAdministrators, for which we do not see issue where as Microsoft AD administrator user which is not part of IntegrationAdministrators seems to be having problem.
Below is snipper of Microsoft AD administrator user in Debug logs
####<Dec 6, 2010 4:13:31 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
<> <1291670011687> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
####<Dec 6, 2010 4:13:31 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
<> <1291670011687> <BEA-000000> < Subject: 2
Principal = weblogic.security.principal.WLSUserImpl("MSADAdminUser")
Principal = weblogic.security.principal.WLSGroupImpl("Administrators")
Also one more observation about datasource which is created is in plain WLS & WLI domain created datasource resource type is shown as “jdbc” which is expected, but in addition in WLI domain I observe that created datasource resource type is marked as JMX and DS is being considered as application (below), not sure if this has something to do with the issue.
Below is WLS domain debug log, below you can see that datasource is being treated as JDBC resource which is expected.
####<Dec 6, 2010 5:21:03 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1291674063776> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Resource=type=<jdbc>, application=, module=, resourceType=ConnectionPool, resource=testDS, action=reserve>
Below is WLI domain debug log, below you can see that datasource is being treated as application and it says resource type as JMX
####<Dec 6, 2010 4:12:17 PM EST> <Debug> <SecurityAtz> <slsol10> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1291669937755> <BEA-000000> < Resource: type=<jmx>, operation=get, application=testDS, mbeanType=weblogic.j2ee.descriptor.wl.JDBCDataSourceBean, target=Name>
I created user in embedded LDAP in WLI domain with same name as MS AD administrator user and assigned it to Administrators group, that obviously works but is not acceptable solution.
Below is exception thrown on console when testing datasource using Microsoft AD administrator user.
weblogic.management.NoAccessRuntimeException: Access not allowed for subject: principals=[MSADAdminUser, Administrators], on Resource weblogic.management.runtime.JDBCDataSourceRuntimeMBean Operation: invoke , Target: testPool at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:205) at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222) at javax.management.remote.rmi.RMIConnectionImpl_1030_WLStub.invoke(Unknown Source) at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978) at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544) at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380) at $Proxy92.testPool(Unknown Source) at com.bea.console.actions.jdbc.datasources.testjdbcdatasource.TestJDBCDataSource.begin(TestJDBCDataSource.java:114) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:870) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306) at
- BoyelTThis issue has been resolved.
The problem of Microsoft active directory administrator user not able to test the datasource in WLI domain is caused because of IntegrationAdministrators group & IntegrationAdmin role which comes in WLI domain. Assigning the Microsoft Administrator group to IntegrationAdmin role from WebLogic console has resolved the issue.
Below are steps for assigning the MS AD administrator group to IntegrationAdmin role from console in WLI domain.
======================================================
- Login to console and click on "Security Realms" and "myrealm"
- Go to "Roles and Policies" tab and expand "Global Roles" tree and "Roles" tree view under it.
- Click on "View Role Conditions" link for "IntegrationAdmin" role.
- Click on "Add Conditions" button select Group (default) for "Predicate List" drop down box and click Next button.
- Specify MS AD admin group name for "Group Argument Name" text box and hit on Add button.
======================================================
- BoyelT
Edited by: BoyelT on Dec 20, 2010 1:36 PM -
How to determine ADF roles a user is in - before fully authenticated
[JDev/ADF v11.1.1.5.0]
I am trying to intercept a user's login to our ADF application (to log it to a database). I have written a custom login page and backing bean to handle the login using:
mySubject = login(this._username, this._password);
HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
ServletAuthentication.runAs(mySubject, request);
ServletAuthentication.generateNewSessionID(request);
// determine what ADF 'Application Roles' the user has
// log to database here
// ... [code removed] ...
HttpServletResponse response = (HttpServletResponse)ctx.getExternalContext().getResponse();
RequestDispatcher dispatcher = request.getRequestDispatcher("/adfAuthentication");
dispatcher.forward(request, response);
What I need to do, however, is determine what roles a user has in the app, at the "???" point in the above code. If I interrogate the 'mySubject' object, it lists the groups from our authentication source that the user is a member of. In ADF Security, I've mapped these "Enterprise Roles" to "Application Roles", and need to get access to the Application Roles before redirecting them to the adfAuthentication servlet.
I've tried using ADFContext.getCurrent().getSecurityContext().getUserRoles() where the '// ???' is, but it returns the 'anonymous' user (and associated roles). It appears that even though I've switched to runAs the authenticated user (via ServletAuthentication.runAs), ADF still thinks I'm running as the initial (anonymous) user.
Is there a way to tell ADF to 'refresh' who it thinks I am now, so it will see me as the (now-authenticated) user, with their roles, etc.? Or, is there some other way to determine what (Application) roles a user has given their username?
Thanks!
Edited by: Karl C on Nov 27, 2012 12:28 PMJust checked code.
Sorry, in our code we test enterprise roles(and not application roles) because we are using ReadOnlySqlAuthenticator to retrieve db users/roles.
Set<Principal> allPrincipals = mySubject.getPrincipals();
for (Principal principal : allPrincipals) {
if(principal instanceof WLSGroupImpl ) {
roles.add(principal.getName());
}Dario -
Differences between Roles, Schemas, Users and Logins.
I need differences between Roles, Schemas, Users and Logins. Can anyone help me. Thanks in advance
Roles:
I think of creating roles in the database to group users of like
function. Roles are granted certain permissions in the database. You
should become familiar with the fixed database roles since these will be
utilized once you start creating users within the database. Also, once
you see the type of permissions that are granted to each role, is makes
more sense.
Schema: there can be several schemas in a database,
which will house different types of objects such as tables, indexes,
stored procedures, functions, etc. Users own schemas. Looking into
the AdventureWorks database illustrates this concept, with several
schemas like HR, Production, etc.
Login: Think about login as
gaining access to the SQL Server instance. If a user account is not
granted any permissions within the instance, you basically just were
able to unlock the door and enter the room, by creating a user you then
grant access to the database objects or principals, and can begin to
work with them.
Users: Users own schemas, and as such will be
able to manipulate the objects they own. Some of the manunipulations
are very permissive, such as creating tables, indexes, stored
procedures, functions, etc. These are developers and administrators.
Users
are created and granted permissions for application use, which will
have select, update, insert, and delete and execute permissions to a
finite set of objects in the schema, for which the application will need
to function properly.
In a client server database, as an
example, of the structure. Roles were defined which provides the
permissions to the database objects in the database, which only has one
schema 'dbo'. One SQL server login was created with the same username,
and dbo is the assigned default schema, and the roles assigned to that
username.
In the application, each specific user is given there own
"application" login which is mapped to the one defined sql server
login.
Ahsan Kabir Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread. http://www.aktechforum.blogspot.com/
Maybe you are looking for
-
On the morning of a charity event that I was running for 350 inner school children my phone asked if I wanted to do an update. I clicked yes and life as I know it has changed. The whole charity event was messed up because I had everyone’s assignme
-
i just updated to OS 10.9.2. i can't open iTunes; it says i need 64 bit. it refers be to info for iTunes and to uncheck 32 bit. the problem is is it's already unchecked. what do i do? thanks to all.
-
Hi I have installed Solaris 9 12/04 on E450 Server . when i try to start SMC from /etc/init.d/init.wbem i am getting a message " Exception in thread "main" java.lang.NoClassDefFoundError : com/sun/management/viperimpl/server/ViperServer.I have Solari
-
Hello all, We have installed a Developer Workplace SR2 on our local machines. Before our temporary license was about to expire (Aug 27), we requested for a permanent license. Awkwardly enough, the 'permanent' license's expiration is set to August 28.
-
Hi, I'm on my way to install UCM(webcenter content) on my local machine. I'v already installed weblogic server 10.3.6 and Oracle DBserver Express edition 11g. But, when I continue with installing RCU, I get the following error when i click on "rcu.ba