Run Apache as non Oracle user

Similar Messages

• Running opmnctl as non-oracle user

  hi
  We have a requirement for support people to run stop/start/status on opmnctl command when there are issues. I can't get this to run under any other user than oracle - "opmn may not be running" message. Is there anyway I can entitle another user to run this command ? Its 10g app server.
  Thanks
  Elaine

  [email protected] wrote:
  hi
  We have a requirement for support people to run stop/start/status on opmnctl command when there are issues. I can't get this to run under any other user than oracle - "opmn may not be running" message. Is there anyway I can entitle another user to run this command ? Its 10g app No, opmn should be fine if you run it from any account having local administrator privileges.
  This 'opmn may not be running' message comes when it is down and not because of the privileges.
  Just have any account that has local admin privilege on the server, define oracle_homes properly, and run opmn. you should be fine.
  AMN

• How to set "administration" privileges to a non-oracle user

  Hi, I like to know if exist any paper or best practice to set administation privileges to a non-oracle user.
  Where I work, I've the oracle user and I can run any administration task, but I want, for example, that any developer can deploy a war in the "developer environment", whatever I wan't they can change opmn.xml setting or touch another instance in the same server.
  I 've looking in this forum and another sources but not found anything.
  Really Thanks

  We are using iAS v9.0.4 on AIX 5L (64 bits).
  Isn't there a way for automatically deploy ears, just by putting them on a specific disk directory ?
  Thanx
  José Viegas

• Linux non-oracle user cannot connect to database using TNS

  LS,
  I've installed Oracle 11gR2 on a linux box (name="ilmserver") running CentOS 5.4 (based on RHEL).
  Created user "oracle" and groups "oinstall" and "dba".
  Installation under user "oracle" went fine, and logged in as "oracle" user I can - naturally - access the database easily (via SQL+, or using SQL Developer it works via Basic, TNS, and Advanced (=jdbc)).
  I have a second user on the linux box called "informatica", on which I have installed Informatica ILM 5.3.2, which uses the Oracle database as its repository.
  The "informatica" user has been granted the same groups as the "oracle" user, i.e. "oinstall" and "dba".
  I have severe problems accessing the Oracle database as the "informatica" user.
  Using SQL Developer I can access the database using the "Basic" method, but not TNS.
  But guess what: for ILM to work to its fullest extent I need to implement an environment variable called TNS_ADMIN.
  I have implemented it, it sits in bash_profile and as such works fine:
  +[informatica@ilmserver ~]$ echo $TNS_ADMIN+
  +/home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin+
  But as for being able to access it:
  +[informatica@ilmserver ~]$ cat $TNS_ADMIN/tnsnames.ora+
  cat: /home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora: Permission denied
  Somehow I thought that granting "oinstall" group to "informatica" user would take care of this. Obviously it doesn't. I also granted "dba" group to "informatica", to no avail apparently.
  This is then - I assume - also the reason that when I want to connect using TNS from within SQL Developer, the dropdown list is empty (because it's not able to read TNSNAMES.ORA).
  Does anyone know how to resolve this issue?
  Thanks heaps!
  Cheers, Patrick

  Just ran all+ commands for oracle user:
  *[oracle@ilmserver ~]$ id*
  uid=502(oracle) gid=504(oinstall) groups=503(dba),504(oinstall),505(asmdba),506(asmadmin) context=user_u:system_r:unconfined_t
  *[oracle@ilmserver ~]$ env | sort*
  COLORTERM=gnome-terminal
  CVS_RSH=ssh
  DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-m8BEsoxTeM,guid=7c9a73a7390af7742e606e004e571934
  DESKTOP_SESSION=default
  DESKTOP_STARTUP_ID=
  DISPLAY=:0.0
  G_BROKEN_FILENAMES=1
  GDMSESSION=default
  GDM_XSERVER_LOCATION=local
  GNOME_DESKTOP_SESSION_ID=Default
  GNOME_KEYRING_SOCKET=/tmp/keyring-TQlAPU/socket
  GTK_RC_FILES=/etc/gtk/gtkrc:/home/oracle/.gtkrc-1.2-gnome2
  HISTSIZE=1000
  HOME=/home/oracle
  HOSTNAME=ilmserver
  INPUTRC=/etc/inputrc
  JAVA_HOME=/usr/java/jdk1.7.0
  LANG=en_US.UTF-8
  LESSOPEN=|/usr/bin/lesspipe.sh %s
  LOGNAME=oracle
  LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:
  MAIL=/var/spool/mail/oracle
  ORACLE_BASE=/home/oracle/app/oracle
  ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1
  ORACLE_HOSTNAME=ilmserver
  ORACLE_SID=orcl
  PATH=/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/oracle/bin:/usr/java/jdk1.7.0/bin:/usr/sbin:/sbin:/home/oracle/app/oracle/product/11.2.0/dbhome_1/bin
  PWD=/home/oracle
  SESSION_MANAGER=local/ilmserver:/tmp/.ICE-unix/14477
  SHELL=/bin/bash
  SHLVL=2
  SSH_AGENT_PID=14513
  SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
  SSH_AUTH_SOCK=/tmp/ssh-INwup14477/agent.14477
  TERM=xterm
  TNS_ADMIN=/home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin
  USERNAME=oracle
  USER=oracle
  _=/usr/bin/env
  WINDOWID=24117329
  XAUTHORITY=/tmp/.gdm9ITN0V
  XMODIFIERS=@im=none
  *[oracle@ilmserver ~]$ ls -l /home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora*
  -rw-r----- 1 oracle oinstall 879 Aug 24 21:39 /home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin/*
  drwxr-xr-x 3 oracle oinstall 4096 Aug 24 21:39 /home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin/
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/app/oracle/product/11.2.0/dbhome_1/*
  drwxr-xr-x 74 oracle oinstall 4096 Aug 23 19:00 /home/oracle/app/oracle/product/11.2.0/dbhome_1/
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/app/oracle/product/11.2.0/*
  drwxr-xr-x 3 oracle oinstall 4096 Aug 23 18:21 /home/oracle/app/oracle/product/11.2.0/
  [*oracle@ilmserver ~]$ ls -ld /home/oracle/app/oracle/product/*
  drwxr-xr-x 3 oracle oinstall 4096 Aug 23 18:21 /home/oracle/app/oracle/product/
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/app/oracle/*
  drwxr-xr-x 10 oracle oinstall 4096 Aug 24 17:29 /home/oracle/app/oracle/
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/app/*
  drwxr-xr-x 4 oracle oinstall 4096 Aug 23 18:21 /home/oracle/app/
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/*
  drwx------ 22 oracle oinstall 4096 Aug 25 20:55 /home/oracle/
  Naturally the "oracle" user has full access to its own directories.
  A thought just occurred to me. I assume that theoretically it's possible to grant read privilige to informatica user on all these directories... would that do the trick?
  But even if so, makes me wonder whether that is "best practice".
  Also, I cannot imagine I'm the first person to encounter this scenario, and therefore there must be some standard approach to enable this.
  Any suggestions/thoughts?
  As for the TNSNAMES.ORA suggestion, I guess that is possible. Makes administration of TNSNAMES a bit more cumbersome though, as in, 2 files to maintain... risk of getting out of sync when making 'quick and dirty' changes without thinking things through too much (which shouldn't happen... but sometimes does anyway).
  I'd prefer a solution where "informatica" has genuine access to TNSNAMES.ORA.
  Thanks, Patrick
  ps the bold bits with env.var LS_COLORS are unintentional, but don't know how to turn that off

• Cannot run privoxy as non-root user

  Hi all,
  I am having some problems running privoxy as a non-root user.  I am not quite sure where to look as I simply get a return / exit status of 1.  I didn't see what that maps to on privoxy's site.  As an aside, privoxy works fine in my regular install, but in my USB thumbdrive install with AUFS overlay, that is where I am having issues.  It might be a filesystem permission issue, but I don't see anything with journalctl -xn or dmesg or privoxy's logs that tells me anything.
  Does anyone have any ideas what else to look for?
  Thanks,
  Walter

  Hi,
  Thanks for your reply - AUFS is a filesystem (I am running ArchLinux off of an SD card where the rootfs is squashfs with an AUFS overlay).  I've had issues with it in the past which turned out to really be permission issues.  I had an issue before where CUPS was unable to print because of the permissions, but it fixed itself after an upgrade.
  I don't have any error messages to review to make solving the problem any easier.  The only thing I verified was I took the systemd unit file and ran the same command as root and privoxy and it worked under root, but failed under privoxy.
  Walter

• Creating a package such that its postinstall script runs as a non-root user

  The pkgmap(4) man page I have (says "Last change: 30 Apr 1999"; from SUNWman 42.6,REV=6.1) says of the owner and group fields in a pkgmap entry line:
  "This field is not used for linked files or non-installable files. It is used optionally with a package information file. If used, it indicates with what [owner/group] an installation script will be executed."
  The pkgmap file I get after running pkgmk on my prototype file contains a line like
      1 i postinstall 292 23672 1166416139for the postinstall script. The man page quote above suggests that if I want the script to be run with user and group fred/staff (say), I can hand-edit this line to instead be
      1 i postinstall fred staff 292 23672 1166416139However, pkgadd doesn't like this, complaining and failing thus:
      pkgadd: ERROR: bad entry read in pkgmap
          pathname=postinstall
          problem=extra tokens on input line
      pkgadd: ERROR: unable to process pkgmapFurthermore, there doesn't seem to be anything I can put in my prototype file to get these fields into the generated pkgmap. The corresponding owner/group fields are syntax errors for a package information file in a prototype file.
  All this, and the wording in the Application Packaging Developer's Guide, suggest that the pkgmap man page is wrong and there isn't a way to specify a non-root user and group as which you want your package's install scripts to run.
  On the other hand, the pkgadd confirmation "This package contains scripts which will be executed with super-user permission during the process of installing this package. / Do you want to continue with the installation of <PCBBserv> [y,n,?]" suggests that there might be some way to make a package such that it contains scripts which will be executed with ordinary user permissions, and thus not warrant a confirmation.
  Any suggestions?
  Thanks,
  John

  tpolich wrote:One more quick question, is rc.local run the backround or say if I asked for input would the system boot hang?
  Yes, rc.local itself would hang, but if you background the process inside rc.local using the '&' symbol at the end of the command, then that command will be backgrounded and rc.local can continue.

• Cannot run tmux as non-root user.

  I'm not certain if this is the correct section for this.
  I have a cloud server that I recently created that doesn't have a swap partition.  I migrated the home directory for this user from another server to this new server.  The appropriate permissions are set.
  I attempted to strace this to look at the system calls for this when running it.
  strace -fs 4000 -o strace.txt tmux.
  I'm abridging some of this.  These are part of the last 50 lines.
  5758 close(10) = 0
  5758 close(9) = 0
  5758 clock_gettime(CLOCK_MONOTONIC, {...}) = 0
  5758 gettimeofday({...}, NULL) = 0
  5758 clock_gettime(CLOCK_MONOTONIC, {...}) = 0
  5758 gettimeofday({...}, NULL) = 0
  5758 poll([?] 0x1c33820, 4, 995) = 2
  5758 clock_gettime(CLOCK_MONOTONIC, {...}) = 0
  5758 gettimeofday({...}, NULL) = 0
  5758 writev(8, [?] 0x7ffffe287c80, 1) = 73
  5758 sendmsg(7, 0x7ffffe284460, 0) = 8236
  5758 clock_gettime(CLOCK_MONOTONIC, {...}) = 0
  5758 gettimeofday({...}, NULL) = 0
  5758 clock_gettime(CLOCK_MONOTONIC, {...}) = 0
  5758 gettimeofday({...}, NULL) = 0
  5758 poll([?] 0x1c33820, 4, 994 <unfinished ...>
  5756 <... poll resumed> ) = 1 ([{fd=6, revents=POLLIN}])
  5756 clock_gettime(CLOCK_MONOTONIC, {521260, 588392101}) = 0
  5756 gettimeofday({1384888944, 278223}, NULL) = 0
  5756 recvmsg(6, {msg_name(0)=NULL, msg_iov(1)=[{"\323\0\0\0\30 \0\0\10\0\0\0\377\377\377\3771\0\0\0\0\0\0\0create session failed: : Operation not permitted\n\fi\200v\177\0\0\36\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0\300\247\301\1\0\0\0\0\2701\303\1\0\0\0\0\300\247\301\1\0\0\0\0P\3146\200v\177\0\0@\5\304\1\0\0\0\0\260](\376\377\177\0\0000M(\376\377\177\0\0 \1\304\1\0\0\0\0 \1\304\1\0\0\0\0@\5\304\1\0\0\0\0\260L(\376\377\177\0\0A\334A\0\0\0\0\0"..., 65535}], msg_controllen=0, msg_flags=0}, 0) = 8236
  5756 write(2, "create session failed: : Operation not permitted\n", 49) = 49
  5756 poll([{fd=4, events=POLLIN}], 1, 0) = 0 (Timeout)
  5756 clock_gettime(CLOCK_MONOTONIC, {521260, 588816739}) = 0
  5756 gettimeofday({1384888944, 278647}, NULL) = 0
  5756 fcntl(0, F_GETFL) = 0x8c02 (flags O_RDWR|O_APPEND|O_NONBLOCK|O_LARGEFILE)
  5756 fcntl(0, F_SETFL, O_RDWR|O_APPEND|O_LARGEFILE) = 0
  5756 exit_group(1) = ?
  5758 <... poll resumed> ) = 1
  5758 clock_gettime(CLOCK_MONOTONIC, {...}) = 0
  5758 gettimeofday({...}, NULL) = 0
  5758 recvmsg(7, 0x7ffffe2863a0, 0) = 0
  5758 ioctl(8, TIOCGWINSZ, 0x7ffffe288450) = 0
  5758 ioctl(8, SNDCTL_TMR_START or SNDRV_TIMER_IOCTL_TREAD or TCSETS, 0x7ffffe288400) = 0
  5758 write(8, 0x1c412a0, 7) = 7
  5758 write(8, 0x1c3d340, 3) = 3
  5758 write(8, 0x1c3d440, 6) = 6
  5758 write(8, 0x1c3d380, 7) = 7
  5758 write(8, 0x1c38ca0, 7) = 7
  5758 write(8, 0x1c3d610, 6) = 6
  5758 write(8, 0x1c38cc0, 12) = 12
  5758 write(8, 0x46c5dc, 24) = 24
  5758 write(8, 0x1c3d360, 8) = 8
  5758 fcntl(8, F_GETFL) = 0x8402 (flags O_RDWR|O_APPEND|O_LARGEFILE)
  5758 fcntl(8, F_SETFL, O_RDWR|O_APPEND|O_LARGEFILE) = 0
  5758 close(8) = 0
  5758 close(5) = 0
  5758 close(7) = 0
  5758 exit_group(0) = ?
  5758 +++ exited with 0 +++
  5756 +++ exited with 1 +++
  So I see that a write on a certain file was supposed to happen but it failed due to the operation not being permitted.  I speculated that the tmp folder for that tmux session for that user may have not had the correct permissions.
  drwx------  2 sword sword   60 Nov 19 19:22 tmux-1000/
  I was incorrect about that.  Is there something else I'm missing here?

  alphaniner wrote:Is this relevant?
  Yes.  That worked actually.  Thanks.  Solved.

• Run cmdlets from non AD users? Is it possible?

  Hello!
  I call powershell script from local user and obviously get access error. For example I need to get this info from AD:
  (Get-MailBox -database DB2 -resultsize unlimited | Get-MailBoxStatistics | Add-Member -MemberType ScriptProperty -Name TotalItemSizeinGB -Value {$this.totalitemsize.value.ToGB()} -PassThru | measure-object -property TotalItemSizeinGB -sum).Sum
  I can use “-credential $Cred” only with Get-Mailbox. What about the others  cmdlets?
  Anyway, there is a huge similar cmdlets giving access error if I don’t use AD user with proper permissions.
  I need this for monitoring system which works from LocalSystem account.
  Could somebody advice please?

  Here is how to access Exchange via EWS:
  $usermailid='[email protected]'
  add-type -path 'C:\Program Files\Microsoft\Exchange\web services\2.2\Microsoft.Exchange.WebServices.dll'
  $ews=New-Object Microsoft.Exchange.WebServices.Data.ExchangeService -ArgumentList Exchange2013
  $cred=(Get-Credential $usermailid).GetNetworkCredential()
  $ews.Credentials=New-Object System.Net.NetworkCredential($cred.UserName, $cred.Password)
  $ews.AutodiscoverUrl($usermailid,{$true})
  $iv=[Microsoft.Exchange.WebServices.Data.ItemView]100
  $results = $ews.FindItems('Inbox',$iv)
  $results.Items|
  ForEach-Object { $_.Subject }
  Any valid user can remote this way.
  ¯\_(ツ)_/¯

• Setting previleges to a non-root user account to access ports

  Hello ,
  I am tring to do an icmp-ping to a machine in the network from an application by connecting to icmp port through a raw socket.
  My question is i am able to connect to icmp port using raw socket only in root user account. But my application should run under a non root user account and do the ping for me.
  1)How do i set previleges to a particular user to access icmp port?
  I am running the application on solaris 9
  2)I read a paper on net saying ports from 0 to 1024 can only be accessed by a root user account?
  Why is this and what can be done for a non-root user account to access these ports.
  3) Is this possible in solaris 9.
  Thanks in Advance,
  cheers,
  pal

  There is only one solution: create a new Standard user account and set it as your auto login account, if you use that feature.
  Using what you describe is mostly a false sense of security. Were someone to hack into the computer they could hack into the standard account, so you would not wish to keep any sensitive data in that account. Other things to consider:
  Turn on your Firewall in Security & Privacy preference panel.
  Use software to mask your online presence such as ProxyCap 2.03, MacProxy, Proxifier, or Hotspot Shield.

• Getting file descriptor counts as a non-root user

  I have a number of scripts running on Solaris 8 and Solaris 10 systems that currently run as root in order to read file descriptor counts from various processes. currently they do something like: ls /proc/$PID/fd | wc -l to get a count of file descriptors for a given process $PID.
  These scripts need to be migrated to run as a non-root user. This means that my method for obtaining file descriptors will only work if the script owner and process owner are the same - this is not always the case however.
  For Solaris 10, I can assign the privilege proc_owner to the script owner - this works fine.
  For Solaris 8 I'm stuck.
  Does anyone have any idea how I can read a file descriptor count from an arbitrary process as a non-root user on Solaris 8 ?
  Thanks,
  Nick

  For Solaris 8 I'm stuck.
  Does anyone have any idea how I can read a file descriptor count from an
  arbitrary process as a non-root user on Solaris 8 ?As I'm sure you suspect there isn't a way to get around the all privileges
  or none arrangement in Solaris 8. One workaround option though is the
  recently announced Solaris 8 Migration Assistant 1.0 which allows you to
  run a Solaris 8 container on Solaris 10 SPARC systems. A good collection
  of the relevant links are here:
  http://blogs.sun.com/dp/entry/solaris_8_migration_assistant_1
  With this option your Solaris 10 script process with the proc_owner
  privilege could also be run against the processes in the Solaris 8
  container.
  Hope this helps.
  Brent

• Can I run as a non-administrator?

  I run on a Windows XP user account that does not have administrator priveledges. The administrator installed ADE and I can run it. However, if I attempt to get a book from Adobe's web site, it wants me to install ADE. Of course, if I try to install it, that fails with a message indicating I need "administrator access". Is there any way I can run as a non-administrator user (so not being able to install a program), but still download books?

  Hi,
  All that one need to run application in NWDS is the SDM password to deploy the applications .
  who ever know the SDM password can simply install NWDS on thier PC , deploy and run applications.
  Regards,
  Satya.
  Edited by: Satya on Jul 17, 2009 12:24 PM

• Install AM in JES WS container with JES WS installed using non-root user

  Does anyone know how to make Access Manager work when the Sun JES Web Server is installed using a non-root user? Is this even possible?

  Basically it is documented in JES install guide
  Sun Java Enterprise System 2005Q1
  Access Manager Configured to Run as a Non-root User Example . . . . . . . . . . . . . . . . . . . . . . . . . 120

• Non-root user can't start Apache on port 443

  Today I've been attempting to get SSL working for my Oracle Applications 11i (11.5.10.2) installation and I just hit a small problem. I've followed all of the Oracle literature I've come across, which instructed me to create a new (non-root) user to own the database tier and the applications tier. I've also followed the instructions for configuring SSL ([Doc 123718.1|https://metalink2.oracle.com/metalink/plsql/f?p=130:14:6976756808231635106::::p14_database_id,p14_docid,p14_show_header,p14_show_help,p14_black_frame,p14_font:NOT,123718.1,1,1,1,helvetica]) and the SSL wizard in OAM defaults to the standard HTTPS port (443). However, because 443 is a privileged port, a non-root user cannot bind to it. In other words, the Oracle literature itself has led me to an impossible situation. This is what I see in the Apache error log:
  [Fri May 15 15:05:03 2009] [crit] (13)Permission denied: make_sock: could not bind to port 443
  At this point, I see two choices:
  1. Run the application tier services as root.
  2. Change the SSL port to something greater than 1024 (i.e. 4443).
  I'm leaning towards option #2, since option #1 negates the advantage of using a non-root user to begin with. Does anyone have any other suggestions? Does Oracle have any recommendations for this scenario?

  Hi,
  You just need to start Apache as root (not all the application services). For Option 1, the application tier files should be owned by applmgr/oracle user (not root), and for Option 2, you do not need to change the port (though it is valid option). Just follow the steps in the following document.
  Note: 356080.1 - How to run Apache on Port 80 in Apps 11i
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=356080.1
  BTW, this is mentioned in the document "if you have chosen port 443 (or any port under 1024) for your SSL port, you will have to start Apache as root".
  Regards,
  Hussein

• Grants for non-apps user to view APIs in oracle application module browser

  Hi,
  Im trying to make a connection with E-Business Suite using the Oracle Applications Adapter and the Enterprise Service Bus. I follow all the steps for creating the connection pools, connection data sources and connection factories using the standar apps user. After setting up the environment I can drag the oracle applications adapter to a ESB project and choose from all the modules available the especific functionality I want.
  The problem comes when I try to use a user different from apps. When I try to set the connection with other user no E-Business Suite modules are display in the Adapter wizard.
  Are there any specific privileges I should set up to this database user (non-apps) to give him acces to API, XML Gateways, Tables/views,Business Events, etc??.

  Could you let me know the procedure/steps to assign privileges and/or responsibilities for new oracle apps userI understand this is for an application user.
  when I am trying to import a journalAgain, you have to run this as an application user.
  Same import is working fine with default Oracle applications 11i "APPS" user.APPS is a database user (NOT an application user). So, the Application user you want to create and assign him responsibilities has nothing to do with the database user. If you assign the same responsibilities which the other user has (the one which you use to import journals) to the new application user, then you should be able to do the task successfully.

• APEX with non-Oracle Apache

  Is it a good idea or bad idea to integrate Apex Oracle 10g SE1 on Windows to a production instance Apache (Windows) from a source other than Oracle's Companion CD? Any good guides or tips?

  Hi Jes,
  I am a newbie to apex and apache.
  I’d like to build an apex application for account administrators to sporadically manage the look-up reference data. We already have apache, tomcat and jboss running for the primary application and I’d like to use the same server and services to keep from buying a new machine or stealing from resources (RAM & CPU) because of setting up a second companion instance of apache.
  Is there a compatibility issue with using a non-Oracle version of apache? Will it play fair with existing apache applications? Am I better off installing the Companion CD apache on the database server to reduce network I/O; or will it steal resources from the dbms? I'd also like to keep complexities to a minimum so I can stay focused on my DBA role.
  TIA,
  Steve