Security Flaw Discoverer 10g

Similar Messages

• Security issues for Discoverer 10g apps 12i

  gurus,
  I have couple of things to get it done at client.
  We are on Oracle Apps rel 12i with dicoverer 10g.
  Did anyone setup MOAC to be enabled and operational in business areas?
  Setting up secure responsibilities in discoverer for MOAC?
  Any setup needs to be done for custom report security in discoverer ?
  thx

  Hi,
  I did setup new MOAC security profiles and assigned multiple organizations to that profile for testing purpose.
  After this, I did run concurrent program "Security List Maintennce" etc...
  Tested Upding profile at user level or responsibility level.
  On APPS side fine.
  I need the some basic steps on setup of security issues for discoverer side.
  1) Business areas (any security steps need to be followed in order to access data for single or multi-org)
  2) Custom Reports ( any security setup or any moac security profile setting against responsibilty for accessing single or multi-org data)
  Since we dont have default operating unit parameter as specified in the concurrent program, how do you restrict data?
  3) Reconciling security approach r12 with discoverer (any steps need to be followed here after r12 configuration with security issues)
  4) Custom Views ( any steps to be followed for single or multi-org data as security aspect)
  Looking for info on these setups.
  Thx

• Tables or views to be included in Discoverer 10g

  Hi,
  In our test environment we have migrated to R12 and using Discoverer 10g (10.1.2.55.26). Since there is a way the security has changed I require some help.
  In production we are using 11i and the same version of Discoverer. In production I could use the "_v" views or tables where there was in-built security. When a user queries in discoverer, the user would be able to view data only pertaining to his/her responsibility.
  In our test environment please can someone help me for the following (R12 with Disc 10g)
  Which is the "_v" views or tables or "where clause to restrict the access" to user in discoverer wherein based on the users responsibility, the data will be displayed.
  GL Balances
  GL Hearder & Details
  AR Balances
  Receipts
  AR Invoice header & lines & distribution
  AP Balances
  AP Invoice header & lines & distribution
  Payment Overview
  Prepayment Enquiry
  Kindly note, regardless of the security setup in the R12, I would want a "_v" views or tables or "where clause" which can be used always.
  If there is solution based on "_v" views or tables and a solution also based on "where clause", which would be ideal to use in terms of performance.
  Any help will be highly appreciated.
  Thanks.
  Ajay

  You can use the eTRMs to get this information.
  Follow this link https://etrm.oracle.com/pls/trm11510/etrm_fndnav.ls_apps or search for eTRM in Metalink (you'll need a Metalink login to access the eTRMs).
  Go to the FND tab and choose the product OTA - Learning Management. This will give a list of all the relevant tables. OTA_EVENTS and OTA_DELEGATE_BOOKINGS would be a good place to start.
  Hope this helps,
  Kim

• Is it possible to run Discoverer 10g non apps on an Applications database

  Hello,
  I am currently working with a customer whose Discoverer implementation was originally implemented with Discoverer 3.1.36 before apps mode existed.
  It was installed on an Apps database (Financials).
  It was then upgraded to 4 - still in non apps mode and all was ok.
  However, now they need to upgrade to 10g, and rather than go through all the rewriting of their security etc (they have an awful lot of custom folders etc), they have asked if they can upgrade their Discoverer 4 non apps EUL to Disco 10g non apps.
  However, during some preliminary testing, it seems that some views are not returning data - for example, fnd_flex_values_vl.
  If they log in to the test env with Discoverer 4, the data returns with no issues, however with Discoverer 10g (and the same user) it does not.
  They are logging in with the eul owner both times and this user contains both the Disco 4 and Disco 10 tables in its schema, so the grants etc are identical.
  Is there a technical reason that whilst this worked at 4, it no longer does in 10?
  Kind regards

  What happens if they log in as an application user (rather than EUL owner) to retrieve data from these VL views ?
  MOS Doc 431001.1 - How Discoverer Uses Business Views Security
  HTH
  Srini

• Privilege issues in Discoverer 10g

  Hi All,
  For some weired reason, I am encountering these problems using discoverer 10g:
  1) two identically set up/privileged users one working (can see business areas) and one not (cannot see business areas) ?
  2) BA viewable in web client but not desktop?
  Please let me know if you have any more questions.
  Thanks.

  Thx for the response Tamir. Yes the security and the privileges have been set up as expected using Tool -> options.
  We use db users since its a stand alone set up. The BA's have been shared to both the users the same way but for some reason they dont work the same manner.
  The second issue is even weired. I was wondering if other users may have come across similar issue. Just wondering.
  Thanks.

• EBS 11.5.10.2 + Discoverer 10g

  Hi
  I am trying to install Discoverer 10g.
  OS - HP-UX PA-RISC
  DB - 10.2.0.4
  EBS - 11.5.10.2
  Successfully installed BI Server 10.1.2.0.2 on the same machine.
  I copied tnsnames.ora file from iAS oracle_home to new discoverer oracle_home at the location.
  I copied dbc file from $FND_SECURE to new discoverer oracle home /discoverer/secure.
  Now trying to apply Patch 5983622.
  I have tried 3 times till now. I failed.
  At the end it says "OPMN Configuration Assistant" failed.
  Couldn't find anything in the logs.
  I created a new user 'disuser' to install BI Server 10.1.2.0.2
  1 more thing..it says interpreter "/usr/bin/perl" not found. We have perl 5.6.1 in */opt/perl/bin* and this is in PATH
  Regards
  SK

  Hi
  I am stuck at Step no. 6 in the Doc ID 313418.1
  sh adupdeul.sh connect=sysadmin/mash1234@MASH resp="System Administrator" gwyuid=APPLSYSPUB/PUB fndnam=APPS secgroup="Standard" topdir=/owd/MASH/mashappl/au/11.5.0/discover language=US eulprefix=EUL eultype=OLTP mode=complete iashome=/owd/bi logfile=/owd/bi/import_complete_eul.log
  You are running adupdeul, version 115.17
  Start of adupdeul session
  Date/time is Sun Jan 17 16:45:44 uae 2010
  Log file is /owd/bi/import_complete_eul.log
  Command line arguments are
  "connect=sysadmin/mash1234@MASH"
  "resp=System Administrator"
  "gwyuid=APPLSYSPUB/PUB"
  "fndnam=APPS"
  "secgroup=Standard"
  "topdir=/owd/MASH/mashappl/au/11.5.0/discover"
  "language=US"
  "eulprefix=EUL"
  "eultype=OLTP"
  "mode=complete"
  "iashome=/owd/bi"
  "logfile=/owd/bi/import_complete_eul.log"
  Processing files for US language ...
  Searching /owd/MASH/mashappl/au/11.5.0/discover/US directory for files to import ...
  adupdeul.sh[728]: /owd/MASH/mashappl/au/11.5.0/discover/tmpfile8938.lst: Cannot create the specified file.
  wc: cannot open /owd/MASH/mashappl/au/11.5.0/discover/tmpfile8938.lst
  adupdeul.sh[735]: test: Specify a parameter with this command.
  Number of files to process for US language :
  adupdeul.sh[757]: /owd/MASH/mashappl/au/11.5.0/discover/cmdfile8938.tmp: Cannot create the specified file.
  cat: Cannot open /owd/MASH/mashappl/au/11.5.0/discover/tmpfile8938.lst: No such file or directory
  Determining the character set for the import session ...
  The following encoding schemes have been found
  sort: Cannot open /owd/MASH/mashappl/au/11.5.0/discover/cset8938.tmp
  ERROR: adupdeul - unknow encoding unknown
  adupdeul is exiting with status 1
  End of adupdeul session
  Kindly help.
  Regards
  SK

• Security Flaw on iPhone???

  Critical iPhone security flaw found
  Fortify Software, a security firm, has uncovered a critical security flaw in the Apple iPhone which could lead to phishing attacks.
  Because the iPhone only displays the first few characters of a URL in its Safari web browser, phishers could easily hide a fraudulent URL at the end of a link without the user even knowing it.
  Even worse, the iPhone connects the browser and the phone in such a way that it may be possible to embed scam telephone numbers into a site to make the phone automatically dial the scam number.
  Let’s hope Apple is working on a fix for this one because that is some scary stuff. Now, if you input addresses yourself and use bookmarks, the chances of being affected by this are relatively minimal. That said, watch out for strange emails and Google results — you can’t always trust that either.
  Anybody read this? Any comments or thoughts??? Valid?

  It's hardly a new flaw since disguising URLs in links has been common practice for some time. However, while the browser does indeed only show a limited number of characters from the URL being opened (more if in landscape mode than portrait) to get to the URL at all the user would either have to enter it manually, or encounter it in an email or web page where the full URL should readily be discovered.
  It seems probable to me that over time, security holes will be found as in all accessible and discoverable devices on the internet. Based on experience with Apple and MacOS, I would have confidence that genuine weaknesses found in the iPhone will benefit from security fixes as expeditiously as possible.

• Discoverer 10g E-Business Release 12 Vision

  I am currently setting up Discoverer 10.1.2 for use with Oracle E-Business Suite Release 12, as per Metalink document 373634.1.
  I have reached the point where it's time to create a fresh End User Layer. However section 5.6 of the above document states that the 'Release 12 Vision database contains a pre-installed Discoverer 10.1.2 End User Layer'.
  Can anyone tell me how to access this and what the default login credentials are? I can't find it in any Discoverer document.

  Hi Mark,
  To answer your original question:
  "Can anyone tell me where I change configuration setting so that Discoverer Plus or Discoverer Desktop look for the correct dbc file?"
  There is not a way.
  It relies on what E-BS passes to it.
  You can see this by capturing the URL after you click the worksheet link in E-BS.
  You will see parameters like:
  &SessionCookieName=vis
  &Connect=%5BAPPS_SECURE%5Dvis
  In my environment, these match $FND_TOP/secure/<SID>_<HOST>/ dbc file
  You could also do a connection trace to see the values passed from E-BS
  Note 370800.1     How To Create An Applications Connection Trace For Discoverer 10g (10.1.2) Plus / Viewer
  Bottom line, you can't control it in Disco.
  Hope that helps. Other Comments welcomed.
  ~Steve.

• Launch Discoverer 10g from Oracle Applications Menu

  Please provide steps to launch Discoverer 10g from Oracle applications menu.
  Thanks in advance.
  suresh

  Hi,
  Follow these steps....
  The process is in 3 stages _(stage 1 will be done only once for all the reports)._
  Stage 1:
  Set the application discoverer relevant parameters.
  Perform this stage only once.
  1.1 Enter the application in System Administrator responsibility.
  1.2 Choose menu 'Profile' and then submenu 'System'.
  1.3 Find the desired profile by filling 'Icx%Discoverer%' and press Find button.
  1.4 Fill the fields (only the values) as described in the table of values bellow.
  Parameter Value
  ICX: Discoverer Default End User Layer Schema Prefix your eul name without the suffix (_US).
  note that if you have several invs it can be diffrent between them.
  ICX: Discoverer End User Layer Language Override American English
  ICX: Discoverer Launcher http://your_server_name:7777/discoverer/viewer?Connect=[APPS_SECURE]
  ICX: Discoverer Release 10 or any other that you are using
  ICX: Discoverer Viewer Launcher http://your_server_name:7777/discoverer/viewer?Connect=[APPS_SECURE]
  ICX: Discoverer use Viewer Yes (or not if you want plus to open - but change the viewer to plus in the link as well - the previos parameter)
  Don't forget to press save button.
  Stage 1 Ends.
  Stage 2:
  Build an oracle application function for each discoverer report.
  Perform this stage for each report.
  2.1 Enter the application in System Administrator responsibility.
  2.2 Choose menu 'Application' and then submenu 'Function'.
  2.3 Fill needed values in each tab by the next instructions (function values)
  2.3.1 Description tab – fill the function, function user name and the description. Notice that the function value should be without spaces.
  2.3.2 Properties tab – fill the:
  Function with the same name you have choose in the previous tab,
  Type with 'SSWA plsql function',
  Maintenance Mode Support with 'None' (Default value),
  Context Dependence with 'Responsibility' (Default value).
  2.3.3 Form tab- fill the:
  Function with the same name you have choose in the previous tab,
  Form & Application fields leave empty,
  Parameters – there are two options available:
  1st Leave it empty – will cause the function to open the discoverer all reports web page and user will have to choose a specific report from the list .
  2nd Fill it with value '=workbook=name of the workbook' but without spaces, convert the spaces (if there are any) from the workbook name to + (plus) sign.
  For example '=workbook=BI+SERVICE+Performance' represents the string for the 'BI SERVICE Performance' report.
  Note: you can also send parameters to the report but since almost all the parameters have a default value (accept from dates) it's not necessary.
  2.3.4 Web HTML tab – fill the HTML call with ' OracleOASIS.RunDiscoverer'.
  Don't forget to press save button.
  Stage 2 Ends.
  Stage 3:
  Build an oracle application menu or submenu for each discoverer report that represented by the function you has created in stage 2.
  Perform this stage for each pair - responsibility + report/function.
  3.1 Enter the application in System Administrator responsibility.
  3.2 Choose menu 'Security' and then submenu 'Responsibility' and then submenu 'Define'.
  3.3 Locate the needed menu by the responsibility that you want to enable her to use the report – of course that the report should be granted for the responsibility via discoverer mechanism as well.
  Do it by clicking on the flashlight that located in the left upper corner and find the needed responsibility.
  3.4 Find the needed responsibility and select her via next screen (Don't forget to use % as wildcards)-choose by double click on her
  3.5 Copy the menu name that related to the responsibility you have choose from the menu field located in the next screen and close the window.
  3.6 From the navigator screen choose menu 'Application' and then submenu 'Menu'.
  3.7 Locate the menu that you've copied in 3.5 (with the flashlight and the find screen, double click on the menu name – similar to 3.3 and 3.4) via next screen.
  3.8 Press on the 'add record' sign (+) that located in the right upper corner of the screen (Do it after the mouse sign and focus is in the rows as you can see the oval mark).
  3.9 Fill the prompt with what you want the user to see in the menu that will activate the report link and after fill the user function name as you have build her in stage 2 (Don't forget to save it).
  Don't forget to press save button.
  Stage 3 Ends.

• Discoverer 10g, it returns no data

  Hi all,
  I have a doubt can any one clarifies.
  Currently I work migration projects from 4i to 10g discoverer reports (Upgraded 11i to R12). Previously in 4i discoverer reports many views used and data also populated. Same query in discoverer 10g, it returns no data. I can view the data after setting client org id in the toad but can’t view the data in the discoverer reports. Even I tried to register as a function for setting client org id and use in the discoverer reports but result is no rows return. Can any one suggest?
  Regards,
  Prasanna
  no data

  Hi,
  Check Metalink Note 732826.1. There are some extra steps need to configure R12 with Discoverer.
  Rod West

• Discoverer 10G Plus Questions

  Hi
  We're in the process of upgrading from Discoverer 4 (APPS EUL) to 10G. We're doing away with the Desktop client. Most users will be given access to Discoverer Viewer and other users will be given access to Plus. We have recently upgraded or DEV instance and there are a few "questions" (i.e. gripes) that users have come back to me with:
  1) Do all reports have to be stored on the database to allow them to be accessed by Plus or Viewer? Can only the 10G client version open files from a local hardrive or shared network drive?
  2) Can only one report be open at any given time with Plus or Viewer? In client it is possible to have 2 reports open at the same time to facilitate easier comparisons.
  3) NULL values are still showing the word "NULL" even though in Tools Options we have set it to show blank, existing reports are still using the NULL value.
  I'd very much appreciate feedback on any of the 3 points above.
  Thanks.
  Paul.

  Hi paul,
  Its a good idea to upgrade from 4i to 10g 4i is no more used by many and their are some issues or bugs with it.The latest version is 11g which has been released 1 week back.If not go with 10g version available.
  1) Do all reports have to be stored on the database to allow them to be accessed by Plus or Viewer? Can only the 10G client version open files from a local hardrive or shared network drive?Yes they have to stored in the database so any ened user can access them from plus or viewer.
  Can only one report be open at any given time with Plus or Viewer? In client it is possible to have 2 reports open at the same time to facilitate easier comparisons.Yes,if the reports are registered as different reports and if the end user has access to both the reports thn he can open and compare it OR if both reports are in same workbook as different sheets than its easy to view or compare.
  NULL values are still showing the word "NULL" even though in Tools Options we have set it to show blank, existing reports are still using the NULL value.It should show blank,might be some problem.In discoverer 10g i think you will not find this issues.
  Hope this helps you.
  Best Wishes,
  kranthi.

• How to delete a workbook in Discoverer 10g

  Hello guys,
  Does anyone know how to delete a workbook from Discoverer 10g? I created a report in Discoverer Plus as SYSADMIN and gave this to my user. My user only has access to Discoverer Viewer. He went and did a "Save As" on this report. Now when he loggs in to Viewer again, he sees two report. One created by SYSADMIN and the on he created. I want to delete the one he created. How do I go about doing this? Can I do it from Discoverer? If so, which one(Viewer or Plus)? Will I have to login as him to do this? Please advise.

  Hi,
  I'm sorry for the question but you said:
  You just login as the user into viewer and delete the workbookWhere do you see the option to delete from the viewer ?
  To delete/ manage workbooks you need to login to either Plus or Desktop versions.
  And yes you need to log in using the owner user name
  Tamir

• Acrobat 9.2.0 Update Breaks Text Box Tool, Possibly Introduces a New Security Flaw.

  Anyone have any ideas for this one?
  Once we upgraded to version 9.2.0 (This is a major security release that fixes a Javascript security flaw) our text box tool no longer works the way we want it and crashes the program.
  Try this:
  1. Open any PDF document on a  Windows XP SP3 computer with Adobe Acrobat 9.2.0.
  2. Add the 'Text Box Tool'  to the toolbar by right-clicking the toolbar and selecting 'MoreTools' then placing a checkbox next to the 'Text Box Tool'.
  3. Click the 'Text Box Tool' on the toolbar and draw a new textbox anywhere on the PDF document.
  4. Click out of the textbox to cancel typing mode, then single click back on the textbox that you just created.
  5. Right-click the textbox that you created and select 'Properties..."
  6. Under the 'Appearance' tab,
  a. Select Style: No Border
  b. Select Fill Color: No Color
  c. Check the box 'Make Properties Default'
  d. Click OK.
  7. Click the Text Box Tool again, and draw another textbox (Since there is no border you will not see it but you will still be drawing a textbox).
  8. Let go of the mouse when you are done drawing your textbox rectangle and the program will crash at this point.
  Results:
  1. "An internal error occurred." dialog box is displayed.
  2. After clicking ok the following "Microsoft Visual C++ Runtime Library" dialog box is displayed:
  "Runtime Error!
  Program: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
  R6025
  - pure virtual function call
  3. After clicking ok another dialog box is displayed:
  Error signature
  AppName: acrobat.exe AppVer: 9.2.0.124 ModName: acrobat.dll Offset: 000509dd
  4. The same error has occurred on all five computers that we tested the new version on.
  Expected results: A new textbox is created and you may start typing in text (This was the behavior in version 9.1.3).
  Additional Information
  At times, we need to add information to PDF files (i.e missing dates, etc). We have always used the Text Box Tool to do this with no border, and with no fill color as this is the EASIEST and FASTEST way to add information to PDF files in a precise manner. We want the fill color to be transparent so that we can fit text in between and exactly on lines easier, and so that there is not a solid background box behind the text. We want no border because a border around text that needs to go on a line looks stupid. Up until version 9.2 this procedure worked fine. Now, the program will crash. Perhaps this even adds another security vulnerability if the crash could be exploited. We want to maintain security by patching Adobe to address the JavaScript vulnerability that was addressed in version 9.2.0, however, we are not able to update our users as the new version breaks the fundamental purpose that we use Adobe Acrobat for. We are stuck with the vulnerable version 9.1.3 until this problem is addressed. Disabling JavaScript is not an option either, as we use a Java plug-in on a daily basis.
  Any thoughts would be great, I have attached screenshots of the errors.

  The question still is not answered.
  The problem continues in Acrobat 8.1.7 for Windows, even after updating toAcrobat  8.2.0. ( I can't comment on whether recent updates to Acrobat 9 fix the problem in Acrobat 9.)
  The internal error after text insertion problem occurs even with PDF documents created in Acrobat 8, i.e., not only old versions of PDF files. We have the text box insertion icon in the toolbar, and the properties set to "no color" for the box and "0" width for the text box lines, as other commentators have noted.
  The problem did not exist when Acrobat 8 Pro was installed, it was introduced by one of the updaters.
  The main reason we use Acrobat, rather than much cheaper PDF-creation software, is to annotate PDF files (including inputting data into spaces in standard forms).
  So justify the high price of Acrobat and fix the problem please, Adobe !

• Differences between  Oracle Discoverer 10g and 11g (EBS & Desktop)

  We are in the process of upgrading from Oracle Discoverer 10g testing to Oracle Discoverer 11g.
  We have had several requests (from functional users) for documentation that might reflect the changes in this release level. Does anyone have relevant documentation that might help explain what has changed so that they can be better prepared.

  We are in the process of going from 10 desktop to 11 plus. I do not like it as other end-users I have talked to don't either. In desktop, I could have multiple reports open at one time, move tabs from one report to another so I wouldn't have to rebuild the report again. Also, there are times I have 3 or more sessions of desktop running with multiple reports running in them. In plus, I am limited to one session and one report. That slows down productivity big time. In desktop, exporting crosstabs to excel is more user friendly than plus. For desktop, it will fill in the cells below with the data above it if it changes. In plus, it looks like a pivot table. I have read other posts on how to work around that, but not always functional. Using Dense_Rank() works sometimes depending on how the report is written. IT is researching another way but haven't heard back from the consultants. Or, I will have to modify all my excel files with formulas to do that for me. Also in desktop, I can select all and copy paste the results into excel and all data comes in. The row and column headers, page items and even the title section will paste into excel. Plus only gives you the data, no row or column headers. So I have to export it every time I need the data. I have formatted excel files that all I need to do is copy paste and data flows beautifully. As for organizing and saving reports, desktop is much better. I can save reports out on our network under different folders so I can find them faster by topic. Granted, if that directory is an open one, anyone can change/delete it. In plus, the only advantage of saving it on the database is I can sort and search for reports or users. If you make any changes in plus and then walk away from your desk, plus will shut down after a certain time period. If you didn't save it, you have to start over. Don't know if this is something IT can fix???
  As we see it, plus is a step back in technology. I hope someone can change that opinion. Don't know if we are not getting the best support from whoever is working with us (Oracle or 3rd party) or we are missing something???? If so, please share.
  Thanks.

• Differences between Oracle Discoverer  10g and 11g .

  we would like to know if they are any differences between Oracle Discoverer 10g and 11g and any issues with 10g that are overcome in 11g.
  Please make us aware of any merits in going for 11g over 10g.
  apps version 11.5.10.2
  Regards

  Please see these links for the list of new features, bug fixes, certification, and installation of Discoverer 11g on 11i instance.
  Discoverer 11.1.1.4 Certified with E-Business Suite
  http://blogs.oracle.com/stevenChan/2011/02/discoverer_11114_ebs.html
  EBS Sysadmin Primer: Oracle BI Discoverer 11gR1
  http://blogs.oracle.com/stevenChan/2010/08/discoverer_11gr1_primer.html
  Oracle Business Intelligence Discoverer 11g
  http://www.oracle.com/technetwork/developer-tools/discoverer/overview/index.html
  Oracle Business Intelligence Discoverer 11g documentation
  http://www.oracle.com/technetwork/developer-tools/discoverer/documentation/index.html
  Thanks,
  Hussein