Sapstar user is accessing in production

Similar Messages

• How can I allow users to access SQLPLUS?

  Hi everyone,
  I have been charged with the task of creating an Oracle server on a CentOS VM. Installation and configuration is complete and SQL is working fine for the database admin user "oracle." I copied the environment variables to the .bashrc file for "oracle" and SQLPLUS starts without a hitch.
  Here is where I need a little guidance...
  I need to create basic Linux user accounts that will have access to the database, so they can then in turn log into their SQLPLUS accounts. The problem is, all of the database files and software are in located in the user "oracle's" directory. This means that no one but "oracle" and root have access to these files because they are the only ones with proper permissions.
  Before I put a ton of time into this, I thought I would pose these questions to the Oracle Linux community:
  1) Could I enable a specific Linux group (ex. "Oracle Users") to have access to the main database folder or possibly all folders along the path? I am hoping this would allow any users I put in the group access to the folders, and essentially the SQLPLUS application. (here is ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1)
  2) If that is not an option, will I need to make a completely new database and locate it in a location that all users can access?
  I understand that my first idea may not be the SAFEST method, but this is only for a small class of students learning how to use SQL and writing queries. There will be no sensitive information at risk. This would be a quick fix until I learned more about Oracle and how to use it.
  Thank you everyone.

  It certainly is rather a question for the General Database forum, though I doubt you will get a lot of happy replies for such a basic question.
  You can use / as sysdba OS authentication through SSH or using the server console, provided the user's account belongs to the "dba" user group. For remote connection through sqlnet you need create a $ORACLE_HOME/dbs/orapw$SID password file.
  If you would like to know more about this:
  Connecting / as sysdba is used for OS authentication. It ignores password credentials stored in the database and allows any user belonging to the OSDBA system group to connect to the database. Connections as sysdba will always connect to the SYS schema of the database, regardless of any username or password specified. Using OS authentication relies on the BEQ protocol, which connects to the database directly, without using the Oracle Listener process.
  The "oinstall" group will give access to the database software repository. There could be different oracle home installations, each with a different oracle user/owner like "oracle_prod1" and "oracle_prod2", but both users must be able to read/write the shared oraInventory, in which case both users must have read and write access to the oraInventory directory, hence the oinstall group.

• Help needed restricting users admin access to devices using ACS 4.2

  I have users that access the network via a VPN client to a PIX 515 which authenticates to the ACS (using the default group for unknown users) which uses an external Active Directory Database.
  The problem I have is that as the ACS authenticates these users, it now allows them admin access to the PIX. How do I restrict access? I have looked at NARs using the 'All AAA clients, *, *' approach but that just stops their VPN access. ( I have a separate group called 'PIX ACCESS' which will contained only defined users for admin access).
  Incidentally I have other devices on the network which are AAA clients, in particular Nortel switches. I can set the group settings for that RADIUS set up to 'Authenticate Only' (RADIUS Nortel option) and that works fine, I was expecting the ACS to have a similar setting for TACACS+.
  So how do I allow the unknown users to authenticate to their AD database but restrict them admin access to the AAA clients?

  Very common problem. I've solved it twice over the last 6 years with ACS. I'm sketchy on the details. But here goes. First option to explore is using RADIUS for VPN access, then TACACS on all the Cisco switches and PIX firewall. That would make it alot easier. I think that with TACACS, you can build a NAR based on TCP port number instead of IP address....
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml
  So you'd have a group with 3-4 Administrators that can access PIX CLI, and another group of VPN users that can't access the PIX but can VPN in. So on the VPN group, put a NAR that restricts access to SSH/Telnet TCP ports?
  This comes up everytime I install an ACS server, (every 2-3 years), and it's always a trick.
  Please let me know if this works for you. And if it doesn't, let us know how you fixed it. I think I can get back into the ACS I last did this with and take a look, but I'd have to call up and make a special trip.

• Utilizing SQ01 SQ02 for user report generation of production data

  I am interested in utilizing sap query transactions SQ01, SQ02, and SQ03 to create and customize end user reports that will be used  by our audit team to analyze SAP data in our production environment. My objective would be to have one person with authorization to run SQ01,02,03 and have that user create all the reports that would be required for the team to use. This way there isn't a bunch of users out there using SQ01 indiscriminately or perhaps not using it at all. I currently have authorization to run SQVI but it is limited. From what I understand there is more flexibility with SQ01 because they allow you to create calculated fields and offer more formatting options. Most of these reports would be related to finance, sales, vendor, customer, etc.
  My question is this. How do I create these custom queries and allow multiple users to access and run them? Are the queries created directly in production? Are they created in DEV and then tested in QA before being transported to Prod? I understand you can map an sap query program to a transaction and then add that to a role but isn't the program name generated by SQ01 different in every instance? I would like this code to be reproducible as I have 5 different SAP instances in which these reports would be used. Same reports, different data.
  I am looking to leverage the power of SAP query to produce meaningful reports for our team without having to use programmers to develop them from scratch. What is the optimal approach to doing this without creating a lot of hassles and without creating additional security risks?
  If I create a query based on SAP tables I have access to does the general user also have to have authorization to those tables in order for the query to run for them? In theory the entire team should have authorization to the same standard SAP tables because we all have the same roles assigned but I may have some additional tables assigned to me because I am the IT auditor. Just confirming.
  I appreciate any and all suggestions. I would like to proceed with the best solution as soon as possible.
  Thank you very much.
  Mark

  Hi Mark,
  It is best to create queries in dev rather than doing it in prd directly.
  Query user group can be used to control the access in production.
  You can have one query administrator with access to sq01,2,3 and sqvi who will assign query user group to respective users in prd so they can run these.
  BR,
  Mangesh

• USERS and access to OWB

  Hi
  I am a dba with no warehousing experience. I have been asked to configure and support an OWB installation v9.0.2.0.8. I have installed the server side runtime repository and target schema's - and have run the service_doctor.sql and evrything appears fine.
  I have the following accounts now
  1 x OWBRUNREP user (runtime repository schema)
  1 x OWRUNACCES user (runtime access user)
  1 x OWB9iDEV user (design repository user)
  3 x target schema's (for data and deployment)
  My question is - my users connecting through the client on their pc can only connect to the Design Rrepository user OWB9iDEV - is this normal ??? All other connections fail ???
  I am assuming they have to connect to the design user --> then deploy into runtime environment using deployment manager for example ???
  So is everything alright - or do I have a problem ??? I can;'t decide from the last 8 hours of reading docs ??
  Any help greatly appreciated
  [email protected]

  Hi!
  Yes, the first time Runtime Repository Assistant is run it needs to be run on the host where OWB Runtime is installed. That's because the Runtime Service starts a java process that runs on the OS and not in the database. Subsequent operations of the Runtime Repository Assistant (such as to add more target schemas) can be remote.
  The association of the Target schema with a Runtime Repository happens when you create a Target Schema using the Runtime Repository Assistant, which is why this is the only way to create a target schema, i.e. you cannot just start using any arbitrary schema as target schema for OWB if it hasn't been created this way.
  Here is a good resource for your and others future reference. The OWB Architecture Wite Paper http://www.oracle.com/technology/products/warehouse/pdf/Architecture%20_White_Paper.pdf provides a condensed version of the architecture information contained in the Installation Guide. I personally found it the easiest way to make sense of the architecture.
  Nikolai Rochnik

• Is there an app or way for multiple users to access contact info?

  We are a small business that maintains a contact list of leads and clients in a MS word file. We can access those word files via our iphones, but only view them. Is there an app or way to have one person in the office maintain a database of leads and clients that a few users can access via iphone and simply touch the phone number to call them or touch the address for directions/map?
  We know we could each input the info in each of our phones independently, but that is dumb - given someone in the office maintains such info as part of their job and updates it weekly/monthly whatever. Do you see what I mean? I cannot believe there is nothing out there for this.
  Basically we are looking for a continuously updatable, multiple user, remotely accessible, interactive contact database with name, address, and phone number. I think that is what I would call it.

  I can access phone numbers directly from our client list in word.
  And that solves your quest looking for "a continuously updatable, multiple user, remotely accessible, interactive contact database with name, address, and phone number"?
  Wow... I never know Microsoft Word could do so much!

• I am trying to allow guests on windows to connect to shares on my Lion server but it keeps asking for a password for guest. I have allow guest users to access this share enabled but it still does not work.

  I am trying to allow guests on windows to connect to shares on my Lion server but it keeps asking for a password for guest. I have allow guest users to access this share enabled but it still does not work.

  Ditto. Guest accounts shouldn't have a password. No way to enter one in System Prefs...

• User cannot access

  hi,
  i  am new to this forum,i have one doubt,
  user cannot access one authorization field , how can i analysis this issue, i know su 53 for find the authorization field...but user have 100 roles... how can i find the which role and object...plz help me..

  Hi Hassan,
  This is not the correct category. This message should be opened under security item. However, you can find the whole required authorization objects list, by using ST01 trace.
  Best regards,
  Orkun Gedik

• How can I restrict more then one user to access the table?

  Hi !
  I have a problem and two solutions and I am a bit confused as to
  which one is the best one and/or can there be any better way of
  handling the problem ?
  Problem : I have to update a key field of a table when I update
  it in the form 5.0 screen. I am basically doing a maintenance of
  a table and if a certain field is updated then the change has to
  be reflected in two more tables. But the issue is that the field
  is a part of the key in those two tables. So all I can think of
  is that I need to insert new set or rows for that new value of
  the field and delete the old set of records for old values of
  the field.
  There are two ways of doing it;
  1.One option can be to explicitely define two cursors separately
  and fetch the values in them one by one and then insert the new
  records and then delete the old records in both the tables. This
  I feel will be a cumbersome process both in terms of processing
  time and the coding.
  2.Second option I was thinking can be to create two flat tables
  (without keys) and insert the values in them and update the
  changed field there and then insert the rows in the respective
  tables. Delete the old records in the main tables and delets the
  records in these flat tables. This is a bit more faster and
  easier to predict and code. This seems to be a better option for
  me.
  Any comments on these ?
  In both the cases I was thinking of making some provision so
  that more then one person can't update the table simultaneously.
  Since if there are more then one persons doing the processing
  then some inconsistency might creep into the whole process.
  This is easier to do in the second process as if I check the
  data in the flat tables and if there is some data then I can
  presume that some one is doing the processing and I can ask the
  other person to hold for a while. But in this case how can I
  stop more then two people to simultaneously check for the empty
  table and start inserting the record ?
  I was just thinking of having a sepatare table having only one
  field and this will be a key field and as the process begins the
  process will insert a fix value say 'Y' in the key field and at
  the end of the process the record will be deleted and this way
  we can restrict the user to access the process more then one at
  a time..? Since you can't have same value of the key in a table
  more then once.
  Any better way of handling it will be deeply appreciated.
  How about locking the table at the begining and releasing the
  lock at the end ? Will there be any issue in that? since I am
  inserting and deleting the rows in the same transaction.
  Comments welcome,
  Shobhit
  null

  How about performing the update IN the database using a stored
  procedure?
  By using non-database fields on your form to get the
  information, you can then call the procedure in the database to
  perform the updates. If an error occurs in the procedure you
  rollback, if necessary, and send a message or status back to the
  form. If it succeeds you might wish to commit and then re-
  execute the form's query -- using either the original key values
  or the new key values...
  null

• How can i save music and pictures so all users can access them?

  how can i save music and pictures so all users can access them?

  Hi, this should be your answer as for sharing music. For photos though, I would assume you can do the same thing. Hope it helps!
  http://support.apple.com/kb/ht1203

• How do I allow another user to access my pictures, etc?

  Hi
  still getting used to the Mac feel, after switching over from Windows, and I have a question that I can't seem to find an answer to.
  I have the following issue:
  Under my account, I have all our family photos and documents. I have also set up a user account for my wife. When she logs on, she can't access our photos, etc., because she has no read/write rights. (Which is logic, since they are my "private" folders.
  I have then logged on myself, used the "info" button on the respective folders in order to give her user the rights to access my folders, but I can't seem to "allow everyone" to access the folder(s). What are the settings I need to use?
  Thanks
  MN
  Imac 24"   Mac OS X (10.4.9)  

  Hi,
  I have tried to recreate this myself, and your right even after changing ownerships and movie the iPhoto library to the public folder ( Harddrive/Users/Sharing) the second account is still not allowed to access the library. This is strange behaviour because moving the iTunes Music Library to Sharing does allow all users to access the library.
  All I can suggest is that you deselect the option in iPhoto preferences (Advanced) to "copy files to iPhoto library" then store your photos in a folder that resides in the Harddrive/Users/Sharing folder - then your wife can use the import command to add them to her copy of iPhoto (she should also deselect the copy to library option)
  Regards

• User cannot access redirected Documents folder, but can connect to share in Windows Explorer and access folder on server

  I am in the final stages of a cross-forest migration.  Users have Windows 7 workstations with redirected folders on a Windows Server 2012 box running in the old forest.  User accounts were not migrated.  The accounts in use have always
  been in the "new" forest.  One of our challenges was the large volume of data in redirected folders.  I made sure users in the target forest had continued to have access to their redirected folders in the old forest and robocopied
  the entire users share, copying the permissions with the files.  By doing incremental robocopies, we can get a final copy done now in about six hours.  The plan was simple: copy the files, do an incremental copy every night, on the night of the cutover
  change the folder redirection policy Documents path from
  \\oldserver\users\%USERNAME% to
  \\newserver\users\%USERNAME%. The policy is configured to NOT copy user files from the existing folder to the new redirected folder.  Everything was going well until I tested the policy change.  After the folder redirection policy is updated
  and applied, the user cannot access the private Documents folder.  For example, user Chester Tester logs on as ctester.  I open Windows Explorer and click the Documents shortcut.  I see one subfolder, which is subfolder of Public Documents. 
  So I can look at Public Documents but when I click on the Documents folder (Under the Documents library link) I get an access denied error.  Now for the kicker, if I open another Windows Explorer window and edit the address bar to
  \\newserver\users\ctester, I can navigate the Documents folder tree and see my thousands of documents. What the ....?
  I'm hoping this is something really simple to fix!
  TIA

  HI Vivian,
  Thank you for your reply.  Yes, the path in Group Policy Folder Redirection Root Path was updated to
  \\NEWSERVER\users.  I had planned to point this to the distributed file system, so the first used was actually
  \\domain\dfs\users.  To simplify things I have backed off to copying to just a normal share
  \\newserver\users. 
  We are using BASIC folder redirection and we create a folder for each user under the root path. 
  We did not want the policy to move content, as we were seeing users requiring 15-20 minute logon times  (or higher) after the policy is changed.
  Grant the User exclusive right to Documents - Disabled
  Move the contents of Documents to the new location - Disabled
  Related folder settings
  Video - Follow Documents
  Music - Follow Documents
  Pictures - Follow Documents
  Now when I change the folder redirection from old server to new server I now have TWO My Documents folders in the user's redirection folder on the server.  The redirected Documents points to an empty folder set.  The copied folders with all user
  data are there, but folder redirection refuses to recognize the original folder.
  I am looking at the full view of the folder, nothing hidden, so I'm wondering how a folder can have two subfolders with the exact same name.  For now, I just want the redirection to move from the old server to the new server properly.  I deleted
  the new My Documents folder, rebooted the user's workstation and tried again.  The behavior repeats itself, i.e., a new My Documents folder is always created when the redirection policy is changed from the old server to the new server.  The environment
  has about 1500 users with approximately 1.3TB of data in the redirected Documents folders.  OUCH!

• How can I export an entire album to my desktop so any user can access my photos?

  Is there an easy way to export photos from my iPhoto library so that other users can access them without needing a Mac or iPhoto?

  But if it's a big album, be sure to create a new folder on the desktop first, to export them into. Having hundreds of individual photos on your desktop will slow your computer to a crawl.

• How can I check if an user has access to an url within my web app?

  Hi,
  I have a web application where I allow the users to set their startup page by presenting them a list of startup pages. However, some startup pages can accessed only by certain users, so I want to present the user only those pages the user has access to.
  How can I do this with weblogic?
  One way is to read the web.xml file and determine the roles that have access to the page, then check whether the user has any of those roles.
  Is there a better way eventually using some weblogic api?
  Thanks

  Just for the record, I decided to parse the web.xml file and to simulate whatever the container does.

• Multiple Users CANNOT access folders

  I recently created multiple users on my IMAC G4 (10.3.9). The additional users CAN access applications when logged in to their individual accounts. They CANNOT create new folders or access USB drives. The new folder command is dimmed. Recommendations?
  Thanks!

  Hi Appleallie, and a warm welcome to the forums!
  From the Account that can, in the Finder, do a Get info on the places/locations/drives that the others cannot access/ create in, report the 3 Permissions at the bottom.