Row level commit using DB adapter

Similar Messages

• Implement row-level security using Oracleu2019s Virtual Private Databases (VPD)

  Environment: Business Objects XI R2; Oracle 10g
  Functional Requirement:
  Implement row-level security using Oracleu2019s Virtual Private Databases (VPD) technology. The restriction is that the Business Objects Universe connection should use a generic/u201Capplicationu201D database user account. This will allow the organization to avoid the situation where the Business Objects password and the Oracle password need to be kept in synch.
  What do we need from the Business Objects support team?
  1.     Review the 2 attempted solutions that we have tried to implement
  2.     Propose solutions/answers to open questions for each of the attempted solutions
  3.     Propose any alternate solution that will help us implement the Function Requirement stated above
  Attempted Solution 1: Connection String uses Oracle Proxy User
  The connection string that is specified in the Universe is the following:
  app_user[end_user]/app_user_pwdarrobaDatabase.WORLD
  app_user = generic application user
  end_user = the oracle account of the end user which is set using arrobaVariable('BOUSER') app_user_pwd = password of the generic application user
  We have tried and implemented this in our test environment. However, we have some questions and concerns around how the connections are reused in a connection pool environment.
  Open Question for Solution 1:
  i. What happens when multiple proxy users try to connect on at the same time?  Business Objects shares the generic app_user connect string.  However, every user that logs on will have their own unique proxy user credentials.  Will there be any contention involved?  If so, what kind of errors can we expect?
  ii. If a user logs on using his credentials (proxy user), and business objects opens up a connection to the database using that user's credentials (as the proxy user but logging in through the generic app user). Then the user exits out --> based on our test today, it seems like the database connection remains open.  In that case, if another user logs on similarly with their credentials, will business objects simply assign the first users connection to that second user?  If so, then our security will not work.  Is there a way that Business Objects can somehow ensure that everytime we close a report, the connection is also terminated both at the BO and DB levels?
  iii. Our 3rd question is general high level -> How connection pooling works in general and how it is implemented in BO, i.e. how are new connections assigned, how are they recycled, how are they closed, etc.
  Attempted Solution 2: Using the ConnectInit parameter
  Reading through a couple of the Business Objects documents, it states that u201CUsing the ConnectInit parameter it is possible to send commands to the database when opening the session which can be used to set database specific parameters used for optimization.u201D
  Therefore, we tried to set the parameter in the Universe using several different options:
  ConnectInit = BEGIN SYSTEM.prc_logon('arrobaVARIABLE('BOUSER')'); COMMIT; END; ConnectInit = BEGIN DBMS_SESSION.SET_IDENTIFIER('arrobaVariable('BOUSER')'); COMMIT; END;
  Neither of the above iterations or any variation of that seemed to work. It seems that the variable is not being set or being u201Cexecutedu201D on the database.
  One of the Business Objects documents had stated that Patch ID 38, 977, 350 must be installed in our BO environments. We have verified that this patch has been applied on our system.
  Open Questions for Solution 2:
  How do we get the parameter ConnectInit to work? i.e. what is the proper syntax to enter and what other things do we need to check to get this to work.
  Note: Arroba word is being used instead of the symbol in order to avoid following error message:
  We are sorry but your message can not be posted since you have included an email address. Please remove the email address and re-post.

  the connectinit setting should look something like this:
  declare a date; begin vpd_setup('@VARIABLE('BOUSER')'); Commit; end;
  The vpd_setup procedure (in Oracle) should look like this:
  CREATE OR REPLACE procedure vpd_setup (p_user varchar)IS
  BEGIN
    DBMS_SESSION.set_vpd( 'SESSION_VALUES', 'USERID', p_user );
  END vpd_setup;
  Then you can retrieve the value of the context variable in your vpd functions
  and set the vpd.

• How to do the Record Level commit in DB Adapter

  Hi,
  I am using Oracle JDeveloper 11.1.1.6.0 and SOA server 11.1.1.6
  Problem Description_
  I am fetching multiple records using File Adapter in BPEL process, After Fetching I am writing those records in Database using Database Adpter.
  If any error records comes the database adpater rollback the complete transaction and none of the records is inserted into the Database.
  **Can anyone please tell me how to do the record level commit in Database Adapter so that All the success records can be inserted into the database except the Failure record*.*
  I dont want to call the Database adpater in loop multiple times to insert each record as it hampers the performance.
  Thanks in Advance
  Sunil

  I believe you are polling a file and inside the BPEL, inserting the records into the database using the database adapter.
  so according to your requirement you can do any one of the following things...
  1. Instead of using the database adapter for inserting the record, you can call a Stored Procedure which it takes the record fields as input and it inserts the record into the table and does a commit at the end. when you follow this approach, make sure your data source is defined as Non-XA, otherwise you will face some errors.
  2. If you are using the database adapter insert operation only, inside the BPEL, for the partnerlink of the database adapter, go to the properties and for the property "idempotent", give a value of false.
  by doing this, what happens means, after calling the database adapter from BPEL through the invoke activity, the transaction is committed and from the next activity i mean after the invoke, a new transaction will be started but it will use the same thread though
  3. If you are using the database adapter insert operation only, inside the BPEL, for the partnerlink of the database adapter, go to the properties and for the property "NonBlockingInvoke", give a value of true.
  by doing this, what happens means, the database adapter insert operation will happen in a separate transaction and it will be committed, inside the BPEL after the invoke activity, a new thread and transaction will be started
  4. Also, if you are using the database adapter insert operation, don't follow the steps as mentioned in either 2 or 3, you can simply put a dehydrate activity after the invoke activity.
  According to your requirement, all the four approaches works. But my personal feeling, don't go for 4, instead 1 is better, 2 or 3 is also good.
  Hope this helps,
  N

• How to implement row level security using external tables

  Hi All Gurus/ Masters,
  I want to implement row level security using external tables, as I'm not sure how to implement that. and I'm aware of using it by RPD level authentication.
  I can use a filter condition in my user level so that he can access his data only.
  But when i have 4 tables in external tables
  users
  groups
  usergroups
  webgrups
  Then in which table I need to give the filter conditions..
  Pl let me know this ...

  You pull the Group into a repository variable using a session variable init block, then reference that variable in the data filters either in the LTS directly or in the security management as Filters. You reference it with the syntax VALUEOF("NQ_SESSION.Variable Name")
  Hope this helps

• Row Level Security using BO SDK - Dynamic Group and Criteria (where clauses)

  To the Universe Gurus out there:
  I have a rather daunting task of implementing a Row Level Security on a number of tables within our project using BO XI R2 SP2 with SQLServer 2005. Given the nature of the requirements around this (listed below), I am going to go with BO SDK to accomplish the creation of Restrictions. That said, I need some insight into some of the problem areas I have listed below. Any help is much appreciated.
  Background:
  We have 11 tables that are to be restricted.
  Each table is accessible to potentially 1..* group of users only.
  For eg SALES is accessible to ALL_SALES members only.
  Each row within each table is accessible to 1..* groups of users only. The restriction will occur on 2 columns Jurisdiction and LineID on SALES table.
  For eg
  1)Rows with NY Jurisdiction and LineID=123 are accessible to NY_SALES_ADMIN group only initially.
  2)NY_ADMIN will then approve that the above rows be open to NY_SALES_INTERNAL group only. This approval in turn will call upon the BO SDK to add a new restriction for the group with appropriate where clause.
  3)At a later point, the above rows will be opened to NY_SALES_EXTERNAL group also.
  This same concept holds good a number of jurisdiction (more or less static) and a dynamic number of LineIDs. So, if 10000 rows of data corresponding to new LineID 999 and Jurisdiction AK are in the table now, they are initially accessible only to AK_SALES_ADMIN group only. No one else should be able to access it.
  Results:
  1) With the way I laid out the business rules above, I am ending up with 528 groups.
  2) There is a restriction created for a unique combination of Jurisdiction and LineID for each table.
  Problems/Questions:
  How can I restrict access to the new rows to one group only. I know that I can let a certain group only look at certain data but how can I restrict that all others cannot look at the same.
  AK_SALES_ADMIN can look at LineID=999 and Jurisdiction='AK'.
  Do I use an Everyone group based restriction? If so, my Everyone group will end up with tons of restrictions. How will they be resolved in terms of priority.
  Am I even thinking of this the right way or is there a more noble way to do this?
  Regards

  the connectinit setting should look something like this:
  declare a date; begin vpd_setup('@VARIABLE('BOUSER')'); Commit; end;
  The vpd_setup procedure (in Oracle) should look like this:
  CREATE OR REPLACE procedure vpd_setup (p_user varchar)IS
  BEGIN
    DBMS_SESSION.set_vpd( 'SESSION_VALUES', 'USERID', p_user );
  END vpd_setup;
  Then you can retrieve the value of the context variable in your vpd functions
  and set the vpd.

• How to eliminate inserting  Duplicate rows into database using JDBC Adapter

  File->Xi->JDBC
  In above Scenario if the file has two rows their values are identical, then how can we eliminated inserting  Duplicate rows into database using JDBC Adapter

  Database is a consumer of a SERVICE (SOA!!!!!!).
  Database plays a business system role here!!!!
  Mapping is part of an ESB service
  Adaptor is a technology adapted to ESB framework to support specific protocol.
  ESB accomplish ESB duties such as transformation, translation, routing. Routing use a protocol accepted by the consumer. In a JDBC consumer it is JDBC protocol and hence it a JDBC adaptor.
  There is clear separation on responsibilities among business system and ESB. ESB do not participate in business decision or try to get into business system data layer.
  So who ever are asking people to check duplicate check as part of mapping (an ESB service) may not understand integration practice.
  Please use an adaptor module which will execute the duplicate check with business system in a plug and play approach and separate that from ESB service so that people can build integration using AGILE approach.
  Thanks

• Row By Row File Processing using File Adapter

  Hi,
  Can any one explain that how can a read a file row by row using File adapter in BPEL?
  Like ...When One row is executed completely only then second row starts........
  Regards,
  En
  Edited by: Enceladus on Apr 16, 2013 11:55 AM

  For This ...you need to make you service Synchronus by adding a reply in interface WSDL of BPEL process.
  Regards,
  En

• Row Level Security - using a policy function.

  Hi,
  I am trying to implement RLS within our database and am getting the following error message:
  ORA-28112: failed to execute policy function
  Looking around the web, these seems to point to un-handled exception in my function, but I cannot seem to find anything untoward.
  I have tested the function and can confrim that it is returning the desired predicate where appropriate..
  Here is the function..
    FUNCTION Fnc_Rls_Control(Pin_Schema IN VARCHAR2) RETURN VARCHAR2 IS
      -- Author:  MLLOYD
      -- Purpose: Policy function that supplies a predicate to limit access to tables based
      --          on the site code
      -- Created: 30/12/2010
      -- Revision History
      -- Date            Version        Comments
      -- 30/12/2010         1           Created
      CURSOR Cur_Rls_Site IS
        SELECT s.Site_Code
        FROM   All_Users u
        INNER  JOIN Rls_Discoverer_User_Role Ur
        ON     Ur.User_Id = u.User_Id
        INNER  JOIN Rls_Discoverer_Roles r
        ON     r.Role_Id = Ur.Role_Id
        INNER  JOIN Rls_Discoverer_Role_Sites Rs
        ON     Rs.Role_Id = r.Role_Id
        INNER  JOIN Commons.t_Site_Codes s
        ON     s.Siteid = Rs.Site_Id
        WHERE  u.Username = USER;
      Rec_Rls_Site Cur_Rls_Site%ROWTYPE;
      Lcl_Predicate    VARCHAR2(2000);
      Lcl_Return_Value VARCHAR2(2000);
    BEGIN
      Lcl_Predicate    := NULL;
      Lcl_Return_Value := NULL;
      -- CHECK IF USER IS OWNER OF SCHEMA, IF SO, NO PREDICATE 
      IF Pin_Schema = USER THEN
        Lcl_Return_Value := NULL;
      ELSE
        -- OBTAIN SITE CODES AVAILABLE TO USER
        OPEN Cur_Rls_Site;
        LOOP
          FETCH Cur_Rls_Site
            INTO Rec_Rls_Site;
          EXIT WHEN Cur_Rls_Site%NOTFOUND;
          Lcl_Predicate := Lcl_Predicate || q'(')' || Rec_Rls_Site.Site_Code ||
  q'(')' || ',';
        END LOOP;
        IF Lcl_Predicate IS NULL THEN
          Lcl_Return_Value := NULL;
        ELSE
          -- REMOVE TRAILING COMMA
          Lcl_Predicate := Rtrim(Lcl_Predicate,
          -- BUILD FINAL PREDICATE
          Lcl_Return_Value := 'SITE_CODE IN (' || Lcl_Predicate || ')';
        END IF;
        CLOSE Cur_Rls_Site;
      END IF;
      RETURN Lcl_Return_Value;
    EXCEPTION
      WHEN OTHERS THEN
        IF Cur_Rls_Site%ISOPEN THEN
          CLOSE Cur_Rls_Site;
          RETURN Lcl_Return_Value;
        END IF;
    END Fnc_Rls_Control;
    -- ************************************************************************************I have applied this to a specifc table using the following:
  -- ADD POLICY
  BEGIN
    DBMS_RLS.ADD_POLICY (
      object_schema    => 'REPORTING',
      object_name      => 'URS_OP_VISIT_STATISTICS',
      policy_name      => 'ACCESS_POLICY',
      function_schema  => 'REPORTING',
      policy_function  => 'PKG_REPORTING.FNC_RLS_CONTROL',
      statement_types  => 'SELECT'
  END;Have I missed anything obvious?
  Regards
  Mark

  Policy function must have two IN paranters on varchar2 type and return varchar2 .
  So add second parametr to you function.
  Simple example
  CREATE OR REPLACE FUNCTION auth_orders(
  schema_var IN VARCHAR2,
  table_var  IN VARCHAR2
  RETURN VARCHAR2
  IS 
  return_val VARCHAR2 (400);
  BEGIN
  return_val := 'SALES_REP_ID = 159';
  RETURN return_val;
  END auth_orders;
  /First parametr is schema_name second parametr is object name. So you can have one universal function that on IN parameters return appropriate where condition.

• Row-level Security Filters applied to Columns and Tables only? no Areas?

  Good day all,
  Just quick question (obiee 10.3.3.2) - Is there a way to edit row-level security using Whole subject areas (instead of bringing in the individual Fact tables and applying filters by copying/pasting them).
  Follow up question - if I have nested facts in presentation layer (ones preceding with "-" - do I specifically add them to conditions, or would they be inherited by only including parent fact)?
  Thanks!
  Message was edited by:
  wildmight

  I'm not sure how that would help; by using the Faculty_ID Session Variable I can identify the CRN and Term of all courses a faculty member is teaching. But I don't think that has to do with the problem I am having?

• Setting row level field in table using jQuery

  Hi,
  I'm utilising the following to read and then set values in the same row within a report.
  Re: Referencing a row level field value in an Interactive Report using jquery
  Consider the following snippet
  // read information eg
  var row = $x_UpTill(this.triggeringElement, 'TR');
  var dateCompleted = $('input[name="f03"]', row)[0];
  console.log(dateCompleted.value);
  // write information eg
  var dateBooked = $('input[name="f02"]', row)[0];
  //dateBooked.value = 'xyz'; // sets to xyz, as expected
  dateBooked.value = return_date; // sets the actual code, not returning stringAll works as I'd expect except the last line. I have a js function returning a formatted string (Set Date With Javascript but in this case my field now contains the actual code definition, not the date string the function actually returns.
  I'm thinking I'm just misunderstanding a simple concept for JavaScript here?
  A simple workaround could be to create field P0_SYSDATE, calculated to TO_CHAR(SYSDATE,:F_DATE_FORMAT), then apply
  dateBooked.value = $v('P0_SYSDATE');but I'm trying to improve my understanding of javascript/jQuery...
  Cheers,
  Scott

  So are you saying that return_date is an actual javascript function that returns the formated string/date you want?
  If so, then I think you simply need parenthesis to run the function:
  dateBooked.value = return_date();Or... am I missing something here?
  Thanks
  -Jorge

• Use User Defined Tables in a Marketing Document on Row Level

  Hello All,
  Is there a way to use the fields from a User Defined Table in a Marketing Document on a row level such as for example Purchase Order.
  If this is not possible directly, any known work-arounds?
  Thanks for your effort,
  gr.
  Freek

  Thanks for your idea/workaround. To be more precize, we don't want to pull information from a UDT field into a marketing document, but from the row-level  we like to write information to an UDT field.
  Any idea?
  gr.
  Freek

• Row-level security problem using VPD

  Hi all,
  I've implemented row-level security for my application using the following procedure:
  1) Created a procedure for setting the context for the application:
  PROCEDURE set_empno
  IS
  emp_id NUMBER;
  BEGIN
  BEGIN
  SELECT empno
  INTO emp_id
  FROM SCOTT.EMP
  WHERE upper(ename) = SYS_CONTEXT('USERENV', 'SESSION_USER');
  DBMS_SESSION.SET_CONTEXT('emp_sel_context', 'empno', emp_id);
  EXCEPTION
  WHEN OTHERS THEN emp_id := 0;
  END;
  END;
  2) Created the application context:
  CREATE CONTEXT emp_sel_context USING secman.app_security_context;
  In which secman is my security schema and app_security_context is the name of above procedure package.
  3) Created a function to access the application context:
  FUNCTION emp_sec(E1 VARCHAR2, E2 VARCHAR2) RETURN VARCHAR2
  IS
  e_predicate VARCHAR2(2000);
  BEGIN
  e_predicate := 'empno = SYS_CONTEXT(''emp_sel_context'', ''empno'')';
  RETURN e_predicate;
  END;
  END;
  4) Created a logon trigger:
  CREATE OR REPLACE
  TRIGGER INIT_CONTEXT AFTER
  LOGON ON DATABASE
  BEGIN
  SECMAN.APP_SECURITY_CONTEXT.SET_EMPNO;
  END;
  5) Added a policy on scott.emp like this:
  begin
  dbms_rls.add_policy (
  object_schema => 'SCOTT',
  object_name => 'EMP',
  policy_name => 'EMP_SEL_POLICY',
  function_schema => 'SECMAN',
  policy_function => 'EMP_SECURITY.EMP_SEC',
  statement_types => 'SELECT',
  update_check => TRUE
  end;
  My problem is that when a user queries the EMP table the above procedure does not work and 'no rows selected' is returned for each user that queries the table. Does anybody know which part of my procedure is wrong?
  Any helps is really appreciated.
  S/\EE|)

  i,
  I suggest:
  create another table emp1(logon with scott),this table only include empno,ename,then insert a few record,then modify
  procedure set_empno as
  PROCEDURE set_empno
  IS
  emp_id NUMBER;
  BEGIN
  BEGIN
  SELECT empno
  INTO emp_id
  FROM SCOTT.EMP1
  WHERE upper(ename) = SYS_CONTEXT('USERENV', 'SESSION_USER');
  DBMS_SESSION.SET_CONTEXT('emp_sel_context', 'empno', emp_id);
  EXCEPTION
  WHEN OTHERS THEN emp_id := 0;
  END;
  END;
  certainly ,you should grant select on emp1 to the user who will be test.
  lixinzhu
  2007/09/17

• Row Level Security in OBIEE using OID as authentication Mechanism

  Hi OBIEE Gurus,
  I am trying to implement Row Level Security in OBIEE . Currently I have setup OBIEE to have OID do the user authentication.
  I want to implement RLS by doing the following :
  1. Have Security Groups defined in OID and assign users with group membership.
  2. Import these Security Groups into OBIEE metadata
  3. Apply filters to these Security Groups
  4. Run Answers requests to see if RLS works or not
  Please let me know if this approach works. If this is not the right way or most efficient way to do this, please let me know if there is any document I can follow to accomplish this.
  Appreciate your help.
  Edited by: drakesh on Sep 26, 2008 7:09 AM

  Follow the steps in the following link to set up OID and Row level security:
  http://www.rittmanmead.com/2007/05/21/using-initialization-blocks-with-ldap-and-database-queries-to-control-authentication-and-authorization/
  Instructions for the link above:
  1.In place of Edit Data Source as database you have to select LDAP,define the groups and default initializer as filter expression.
  2.A more simpler approach ,is to create the groups explicitely using the Security Manager in BI Administrator, add filters to those groups, and assign users to those groups.
  Otherwise follow Matt's view
  Thanks,
  Amrita

• Row level security without using VPD

  I am wondering if there is a way to have row level security in APEX without having to use the virtual private database (VPD). I cannot afford the Enterprise Edition license that is required for VPD.
  I need a way to customize the list of rows that appear for each user on a report page.
  For example, I only want managers to be able to see their employees and not employees of other managers.
  Thanks for your help !
  -Reid

  While it wont provide all the features that Oracle RLS does, you can leverage Oracle 'Contexts' to provide a form of Row Level Security.
  This article describes how
  http://www.dbazine.com/oracle/or-articles/jlewis15
  Within APEX you can set your application to call the 'context' setting function in the 'VPD' section of the 'Edit Security Attributes' page.
  Varad

• Suggestion required for using row level security

  We have a scenario to provide row level security to some of the transaction tables like HR_EMPLOYEE which has a foreign key column DEPT_ID to HR_DEPARTMENTS table. This table may grow up to about 5 million records. There could be regular SELECT operations on this table and not so frequent UPDATES compared to the SELECT operation.
  We were looking at the following approaches...
  Table :
  HR_EMPLOYEE
       EMPNO
       DEPT_ID
       LAST_NAME
       FIRST_NAME
  1. Enable Oracle Label Security policy on this table and use static predicates.
  In this approach we add the OLS policy column (POLICY_COLUMN) and add predicate to access data.
  e.g. we will be giving access to global data by predicate like
  OR POLICY_COLUMN =CHAR_TO_LABEL('POLICY_NAME','C::DEPT1')
  where C::DEPT is the OLS Label
  2. Using VPD policy. We donot add any column, instead use the existing column DEPT_ID to provide row label security. In this approach the DEPT_ID is to be compared against an additional table and DOMINATES function will be used to verify the permission for the user to access the data.
  e.g. In this approach, the policy function is like
  'DOMINATES(char_to_label(''POLICY_NAME'', SA_SESSION.LABEL(''POLICY_NAME''))
  ,char_to_label(''POLICY_NAME'', POLICY_PKG.GET_LABEL_FROM_DEPTID(DEPT_ID))) = 1'
  The GET_LABEL_FROM_DEPTID function returns the OLS label for the corresponding department. This is compared with the user's session label and appropriate rows are given access.
  Can someone suggest on which of the above approaches is more performance effective considering the number of records and the additional OLS column added to the table.

  Hi there,
  would you be able to describe as detailed as possible what you want to achieve? From my first glimpse at your code, it seems as if you are using both OLS and VPD in a rather extraordinary way.
  Best, Peter