Security in 11g

Hi Team,
Can someone post me some material on applying security to a application in 11g (Ex:based on some logged in User).
Thanks,
User

User,
did you search this forum?
A simple search for security gives plenty of useful results.
Look at this Re: JDev 11g ADF Security app on standalone WLS against Active Directory and there are a couple of articles in the [code corner|http://www.oracle.com/technology/products/jdev/tips/fnimphius/index.html]
Even the Help give some links.
Timo

Similar Messages

  • How to deploy a secured ADF 11g application to WebLogic 10.3 server?

    Hi,
    I have just enabled security in our ADF 11g application, as descripbed in [chapter 29|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/adding_security.htm#insertedID0] of the Fusion Developer's Guide. It works fine in the embedded WebLogic server of JDeveloper.
    Now I'm trying to deploy to our WebLogic 10.3 server, which runs in production mode. I'm running into all sorts of problems. The WebLogic console seems to have hundreds of security related pages, I don't know which one I should use, let alone how to use it. The Fusion Developer's Guide doesn't cover deployment to a production server:
    >
    When the target server is configured for production mode, you typically handle the migration task outside of JDeveloper using tools like Oracle Enterprise Manager. For details about using tools outside of JDeveloper to migrate the policy store to the domain-level in a production environment, see the [Oracle Fusion Middleware Security Guide|http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/toc.htm].
    >
    However, this guide is of very little help to me. I found [chapter 7|http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/addlsecfea.htm#insertedID0], which says "The recommended tool is Fusion Middleware Control." I have no idea what "Fusion Middleware Control" is, where to get it and how to use it.
    Long story short: I'm totally lost. I'm looking for a step by step guide on how to deploy a secured ADF 11g application to a WegLogic 10.3 server that is running in production mode. Any help is highly appreciated.

    Ok, I found a [very helpful blog post |http://andrejusb.blogspot.com/2009/01/practical-adf-security-deployment-on.html] by [Andrejus Baranovski|http://www.blogger.com/profile/04468230464412457426]. I wish Oracle's documentation was as clear as this...
    The blog post refers to an article by Steve Muench, called [Simplified ADF 11g Application Credential and Policy Migration to Standalone WebLogic Servers|http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html]. This article presents an Ant script that migrates policies from JDeveloper to WebLogic, using some PFM. (See the last definition here.)
    The problem is that Steve Muench's script assumes that JDeveloper and the standalone WebLogic are on the same machine. However, in a typical environment, such as the one I'm working in currently, this is not the case. In our case the developer stations are Windows machines, while our WebLogic server runs on a HP-UX machine. So the question is: how to perform this migration between two machines with different operating systems?
    Regards,
    Bart Kummel

  • Configuring Security With 11g

    Hi,
    I have just started with the 11g version and couldn't find the Web service manager component.
    So how are the security policies to be defined which were earlier handled by the gateway and the agents?
    Moreover earlier there was the application server console from where the datasources,jms destination,adapters etc were configured?Which console do we use with the present installation?
    There was also a convenient way to see and test the webservices from this application server console,how all these can be accessed with the newer version?
    Other than the developer's guide for the soa suite 10g are there any other documents and sample codes to be released for the bpel,mediator and the bam components?
    Thanks.

    Hello, I guess security will be done with the Oracle Policy Manager. Check the developer guide (section 1.3.1.6) and take a look at the http://www.oracle.com/technology/products/ias/bpel/techpreview/s291362-whats-new-in-oracle-soa-suite.pdf slide 27. The AS isn't available yet so that's why soa development is done against an integrated oc4j (I guess?). In the presentation you can also see (slide 30) that monitoring will be available through the Fusion Middleware Contol.

  • Row level Security in 11g

    Hello,
    Is there any way to configure row level security in OBIEE 11g other than using external table? Please share your thoughts on this.
    Thanks,
    Kishore

    Check this http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/
    ~ http://cool-bi.com

  • Security profiles 11g

    Hi to all,
    there was many changes in security profiles in 11g. like the number of times connection attempts failed, etc ...
    How to rollback these new features back to 10g?
    I remember that someone told me there are a script that can be used, but don't remember the name....
    Any idea?
    thank you

    DBA-2011 wrote:
    Hi to all,
    there was many changes in security profiles in 11g. like the number of times connection attempts failed, etc ...
    How to rollback these new features back to 10g?
    I remember that someone told me there are a script that can be used, but don't remember the name....
    Any idea?
    thank youI am not sure that there is any script for this. But at the time of installation, you can disable it by unchecking a checkbox. I shall see if I can find any such script to disable it as well.
    Aman....

  • How to query Cell level Security in 11g AW

    Are there any views/tables that we might be able to use to query the Security settings in 11g AW?
    In AWM 11g we have the ability to grant users/groups security at a cell level, with this functionality there is no need for us to maintain the PERMIT_WRITE program to manage Write access to users. I could not find any document that states how we can manage/view the security outside the AWM tool.

    For Oracle 11.1, there is a dba-level view called
    DBA_XDS_INSTANCE_SETS which provides the data security definitions
    for both rdbms table-based and olap dimension/cube-based data security
    documents. The actual definition of data security is stored in the XML DB
    repository under the XDB schema.
    SQL> desc dba_xds_instance_sets
    Name Type
    SCHEMA_NAME VARCHAR2(30)
    OBJECT_NAME VARCHAR2(30)
    INSTANCE_SET VARCHAR2(30)
    DESCRIPTION VARCHAR2(4000)
    STATIC VARCHAR2(5)
    EVAL_RULE VARCHAR2(4000)
    ACLIDS SYS.XMLTYPE
    There is no way to actually manage the data security documents outside of
    AWM for 11.1 in terms of creating/editting/deleting the data security documents
    at least none that is documented.
    Here is an example of what the DBA_XDS_INSTANCE_SETS view returns:
    SQL> select * from dba_xds_instance_sets;
    SCHEMA_NAME OBJECT_NAME INSTANCE_SET
    DESCRIPTION
    STATI
    EVAL_RULE
    ACLIDS
    GLOBAL TIME DEFAULT_POLICY
    false
    1 = 1
    <aclids xmlns="http://xmlns.oracle.com/xs">
    <aclid>4C96964E68CC309FE040578C550414E2</aclid>
    </aclids>
    GLOBAL TIME policy1
    false
    GLOBAL."TIME".DIM_KEY IN ('186', '176', '133', '134', '135', '177', '136', '137', '138')
    <aclids xmlns="http://xmlns.oracle.com/xs">
    <aclid>4C96964E68CF309FE040578C550414E2</aclid>
    </aclids>
    Have you created data security in AWM on dimensions/cubes in 11.1?
    Any feedback about your experiences with AWM around data security would
    be welcome.

  • OWSM 11gR1 PS2 agent to secure OSB 11g business service

    Hi,
    Can anyone share any resources/information on how to secure an OSB 11g business service by using OWSM 11g agent? Its a new feature released with OWSM 11gR1 PS2 (11.1.1.3.0) release. Also, can we do the same for OSB 10g?
    Thanks,
    Bijoy

    Hi Bijoy,
    Documentation is here (for PS2 with OSB 11g)-
    http://download.oracle.com/docs/cd/E14571_01/doc.1111/e15866/owsm.htm#CHDEEGJI
    can we do the same for OSB 10g?No, it is not supported.
    Regards,
    Anuj

  • Obiee and BIP security - obiee 11g 11.1.1.7.1

    Hello,
      I have configured an external LDAP setting for authentication. Reordered the new LDAP as first authentication provider. The issue i am facing is , that i am able to login with external ldap users and weblogic as expected in obiee.  But when i login as weblogic user, and try to click on Manage BI Publisher link (to add jndi connections), it throws error Unthorized user! ...
      Any clue, if i need to do separate setting for BI Publisher?
    Regards,
    Shruti

    Hi Shruti,
    Can you please check the security file xmlp-server-config.xml under this path MW_HOME/user_projects/domains/bifoundation_domain/config/bipublisher/repository/Admin/Configuration and see whats the securitymodel in here
    also try to delete the weblogic user  from catalog users folder and then try to login and see if you can access it now

  • Securing SOA 11g Web Services with OWSM AD authentication

    I have SOA 11g with Weblogic 10.3.5 installed and running a Web Service and a Client I want to protect with Active Directory auth and perhaps some other access rules. As I read, I can use OWSM policies to do that. Most guides I found concern OWSM 10g.
    How can I make WL use AD authentication? Do I have to use Access Manager?

    I finally figured it out. The nullpointer exception is related to the SAML assertion. The SAML assertion in my requests is signed with embedded signature and this seems to be not supported with the used OWSM policy. Without the signature is the exception gone.
    Marian

  • Security in Dashboards in OBIEE 11g

    I want to deploy user/group based security in 11g dashboards. I have followed the following steps.
    1. Create user in <ip>:<port>/console. This user is not mapped to any group/role.
    2. Now I login to analyics using Administrator credentials and navigate to Catalog.
    3. I have 5 different Dashboards and BIConsumer role have read and traverse rights in all the dashboards.
    4. Now i go to one of the Dashboard and click on permissions and provide read and traverse rights to newly created user.
    5. When i login to the user he can see all the Dashboards inspite of having access to only one dashboard.
    6. However for example if I remove access to one the Dashboard from the BIConsumer role then the newly created user wont see the Dashboard.
    What am I doing wrong. It was far easier to do this is 10g. Please help

    Hi Sirini,
    I could understand the above problem, now I have another issue. I created users in console and created catalog groups and mapped those users to certain groups. Later I am mapping this groups to particular dashboards. The user can see the link to the dashboard however on opening the dashboard I am getting the below error. Although on restarting opmn the user has access to the same. Can you help me in this.
    access denied for user to path /shared/SFL BI Analytics/_portal/Loan Collection/dashboard layout.
    Error Details
    Error Codes: O9XNZMXB

  • DBlink issue from 9i to 11g

    I created Public DB Link from 9.2.0.8 to 11g database. And getting following error:
    ORA-01017: invalid username/password; logon denied
    ORA-02063: preceding line from TEST11
    I tested sqlplus connection and it works fine.
    Any suggestion?

    Right. Because Oracle always stores unquoted identifiers (in this case the password) in upper case. In the past, it didn't matter because the destination database didn't care about the password's case. Now that the destination database does care about the case of the password (assuming a default 11g install), you can no longer get away with using case-insensitive passwords in your database link definitions. If you create database links to non-Oracle databases (where passwords are generally case sensitive), you've always had to specify the password in double-quotes.
    This is an expected outgrowth of the move to enhance security in 11g by making passwords case sensitive.
    Justin

  • 11g Upgrade - Network ACL

    I want to upgrade my oracle 10g database to 11g. the utlui112.sql script shows following -
    WARNING: --> Database contains schemas with objects dependent on network packages.
    .... Refer to the Upgrade Guide for instructions to configure Network ACLs.
    .... USER MDMSYS has dependent objects.
    According to documentation , it is not clear whether I need to install XML DB before upgrade or after upgrade to 11g.
    I run the following query and result is as follows -
    SQL >SELECT * FROM DBA_DEPENDENCIES WHERE referenced_name IN ('UTL_TCP','UTL_SMTP','UTL_MAIL','UTL_HTTP','UTL_INADDR')
    AND owner NOT IN ('SYS','PUBLIC','ORDPLUGINS');
    OWNER NAME TYPE REFERENCED_OWNER REFERENCED_NAME REFERENCED_TYPE
    REFERENCED_LINK_NAME DEPE
    MDMSYS MDM_JOB PACKAGE BODY PUBLIC UTL_TCP SYNONYM
    HARD
    MDMSYS MDM_JOB PACKAGE BODY MDMSYS UTL_TCP NON-EXISTENT
    Can someone plaease help on how I can configure the network ACLs?

    Hi ,
    You can grant to a network and not necessary to grant each machines IP details.
    Also this has to be granted to users or the principal is the schema who will be executing this utl_smtp.
    If there are multiple users, then you need to grant access to each user.
    You need to configure below steps to grant access to the user for utl operations.
    This is a new security feature to 11g.
    Please review below document :
    Oracle® Database Security Guide
    11g Release 1 (11.1)
    Part Number B28531-06
    4 Configuring Privilege and Role Authorization
    Managing Fine-Grained Access to External Network Services
    URL : http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/authorization.htm#CIHDAJDJ
    A example of the setting:
    =================
    If you are creating the ACL for the first time, you can directly go to step (d).
    Please replace the values in < > with your environment values.
    a. Drop the user privilege:(please run the below for all the users who are granted connect privilege).
    BEGIN
    DBMS_NETWORK_ACL_ADMIN.delete_privilege (
    acl => '<mailserver_acl.xml>',
    principal => '<MYUSER>',
    is_grant => FALSE,
    privilege => 'connect');
    COMMIT;
    END;
    b. Unassign the network details from ACL (The ip address are only example, please replace with the
    values you have specified)
    BEGIN
    DBMS_NETWORK_ACL_ADMIN.unassign_acl (
    acl => '<mailserver_acl.xml>',
    host => '<192.168.2.3>',
    lower_port => <25>,
    upper_port => <25>);
    COMMIT;
    END;
    c. Drop the ACL
    BEGIN
    DBMS_NETWORK_ACL_ADMIN.drop_acl (
    acl => '<mailserver_acl.xml>');
    COMMIT;
    END;
    d. Create the acl again fresh:
    BEGIN
    DBMS_NETWORK_ACL_ADMIN.create_acl (
    acl => 'mailserver_acl.xml',
    description => 'Mailserver ACL',
    principal => '<MYUSER>',
    is_grant => TRUE,
    privilege => 'connect',
    start_date => SYSTIMESTAMP,
    end_date => NULL);
    COMMIT;
    END;
    e. Assign the acl to the network:(please have the ip address modified to correct IP of the machine where this utl package is targetted run.)
    for example IP/hostname of mail server should be there for UTL_SMTP to execute.
    BEGIN
    DBMS_NETWORK_ACL_ADMIN.assign_acl (
    acl => 'mailserver_acl.xml',
    host => '<192.168.2.3>',
    lower_port => <25>,
    upper_port => <25>);
    COMMIT;
    END;
    f.Test the package.
    Thanks,
    Sathya

  • Oracle 11g native web services

    Is there any formal explanation about how to configure and create Oracle 11g native web services and how to correctly secure these services? Since Oracle APEX now supports consumption of SOAP and REST web services, it makes sense to have more explanation about creating and securing web services. As many PL/SQL programmers know, it is always not an easy job to develop web services in jDeveloper to work with databases - with all those add-on technologies like jPublisher/Toplink to get tiny things work. It is not easy to find the "how-to" guide about creating and securing Oracle 11g native web services.
    Thanks.
    Andy

    Thanks for the link Tim...it is very useful. I was told that, in APEX 4.2, it will become able to create RESTful web services through APEX - if you run APEX through APEX Listener - by using resource templates in APEX Listener. I will wait for more information about this feature to come out.
    Thanks.
    Andy

  • Is OID available in Oracle identity management 11g R2

    Is OID available in Oracle identity management 11g R2

    OID is not yet available in 11gR2.
    As you can see in the list below, ODSEE and OUD are the only directories currently available in 11gR2.
    Here is the list of products in Oracle Identity Management 11g R2
    Oracle WebLogic Server 11gR1 (10.3.6) and Coherence
    Oracle Access Manager Access SDK 11.1.2.0.0
    Oracle Entitlements Server Security Module 11g (11.1.2.0.0)
    Oracle Access Manager WebGates 11.1.2.0.0
    Oracle Business Intelligence 11g (11.1.1.5.0)
    Oracle Fusion Middleware Repository Creation Utility 11g (11.1.2.0.0)
    Oracle Identity and Access Management 11g (11.1.2.0.0)
    Oracle Directory Server Enterprise Edition 11gR1 Patch Set 1 (11.1.1.5.0)
    Oracle Identity Management 11g Patch Set 5 (11.1.1.6.0)
    Oracle SOA Suite 11g Patch Set 5 (11.1.1.6.0)
    Oracle Fusion Middleware Repository Creation Utility 11g (11.1.1.6.0)
    Oracle Unified Directory 11g (11.1.2.0.0)
    Oracle Fusion Middleware Identity Management Documentation Library 11g Release 2 (11.1.2.0.0)
    Oracle Coherence for C++ Version 3.7.1
    Oracle Coherence Version 3.7.1
    Oracle OpenSSO Fedlet version 11.1.1.3.0

  • Time constraint on repository password in obi 11g

    hi all
    can i set 60 day expiry limit on the repository password. i am talking about obi 11g.
    plz help guys
    regards
    mahi

    Hi Mahi,
    I guess it should be possible. Security in 11g is managed in the Weblogic Server. Please check the documentation.
    Good Luck,
    Daan Bakboord
    http://obibb.wordpress.com

Maybe you are looking for

  • Alv report problem

    hi, i have problem in ALV. my requirement is in a ALV report if i double click on a row it has to take me to another transaction ( say for eg vf03). how should i do it. john.

  • Question about the new iPod Touch 5G?

    When in October will it come out? On the Apple site it says it will come in October. Does that mean October 1st? Also i'm debating in which color to get I might get yellow or blue, do you think the yellow color looks sorta greenish? Many people are s

  • One report contain two orientation sections

    Hi all, Is it possible to have different orientations on one report? My client hopes a letter would be printed at the beginning which is followied by data output in landscape orientation. Thank you very much, Clara

  • Waterfall chart, Mobile rendering Error

    dear all. I got a problem mobile in waterfall chart it doesn't bind label for bar Is this bug? anyone got a this problem? please advice for me. device : ipad retina (ios7) DS1.3 (SP1)

  • Spam update fails

    Hello, I wanted to update the SPAM transaction to the newest release. Unfortunately I get the following errors: Error in phase: CHECK_REQUIREMENTS - Reason for error: TP_CANNOT_CONNECT_SYSTEM - Return code: 0208 - Error message: error in transportpro