Security with password to edit

Similar Messages

• Is there a way to print a pdf, which is secured with password?

  I want to know a way to print pdf which is secured with password to print without throwing a error ?
  Instead it has to ask for a password and print..

  we need to have an associated application installed in the system for that particular fileYup.
  does javax.print api works for pdf files and word documents?Nope.
  There is something called (I think) iText which can handle PDF documents. No idea whether it includes a printing facility or not.
  db

• Hi, Some one hacked into my AirPort Base Station, which initially I had not secured with password. Now they took control by adding their own password. How can I regain ownership back?

  Hi there,
  I have an intruder into my AirPort Base Station wireless connection. The Station initially I did did not protect it with a Password, so the intruder branded it a name and put on a password. Is there any way I can deactivate the intruder's password and regain ownership?
  Thanks for your answers in advance.

  Some one hacked into my AirPort Base Station.....
  No, they did not have to "hack" into your AirPort at all.  Since the door to your wireless network was wide open, they simply walked right in.
  Is there any way I can deactivate the intruder's password and regain ownership?
  Hold the reset button on the back of the AirPort in for 9-10 seconds, and then release. Allow a full minute tor the AirPort to restart to a slow, blinking amber light.
  The AirPort is back to new, out of the box settings. You can can now reconfigure it again......hopefully this time with a password.

• Use grouped checkboxes with only some secured with password?

  Hi,
  I have a set of 4 checkboxes on my form that I have set as a radio group so that only 1 checkbox may be checked at once.  But I'd like to use Mr. George Johnson's JavaScript code on only 2 of the checkboxes so that those 2 cannot be checked unless the person has the password while the other 2 can be freely chosen without a password.  Is there a way to do this either within the code or just with the form properties?
  Thanks,
  Misery9980

  I have a fwe more questions and a comment. When exactly are the fields going to be locked? If they will be locked and then sent to a user to complete, and one of the check boxes that gets locked is selected, do you want the user to be able to select one of the ones that are unlocked, which will cause the locked check box to be deselected? In other words, the user will be able to change one of the locked fields by selecting one of the unlocked ones. Is that OK?
  The other problem with this approach is if a user has JavaScript disabled (or are using a non-JavaScript-capable viewer), they will be able to select more than one of the unlocked check boxes at a time. Because the behavior of the group of check boxes will be controlled through JavaScript, overriding the normal behavior, this could lead to an inconsistent state for the form. Is that acceptable?

• Save text to pc with password

  Am i able to transfer text msgs from phone to computer and stop other people accessing them. I have windows xp and a nokia 6230i with pc software. i know how to save word docs etc with passwords, but not sure how nokia pc suite stores the info. how do i save the info with a password . i understood that the backup facility was the way to transfer the text n photos, but this didnt give me the option of saving securly with password. it has taken me ages to delete any trace so that i can start again. many have access to this pc so i dont want others viewing my text or photos .i want to be able to save all text and photos to pc and delete them from my phone.....please help...ps not that computer literate so please keep it simple thank you

  I have exactly the same problem.
  I did think about writing a viewer, just to read each sms file and extract the relevant data. But because my programming skills are so weak it would take me like a month to do it.
  Anyone at Nokia with more skills than me got a spare hour to write a viewer?

• Linked PDF with Open Doc password- false, Edit Permissions- true, requires password to open AI doc

  I would like to password protect editing of a placed PDF. I have set the PDF Open Doc password to false and the Edit permissions to true. Illustrator still requires the permissions password to OPEN the Illustrator document. This would defeat the purpose, no?

  Well, it does seem to work, sort of. The Illustrator document with a placed, protected PDF asks for the password when opening. The password is also required when attempting to embed (edit) the linked PDF, as expected.
  I would think the correct behavior should be  for the Open Document password protection (or lack of) to control opening the Illustrator document and the Edit Permissions password to be applied when embedding or flattening the linked PDF, making it accessable to editing. Acrobat seems to be able to make this distinction.
  This would be a significant feature for users who need to restrict editing of sensitive portions of their layouts while allowing necessary prepress work downstream.

• Scripting 'Save PSD as PDF with password security' and 'Open PDF with password security' issue.

  Hi!
  I'm now building an extension for Photoshop. The script (jsx) should save the active document as Photoshop PDF secured with a password. The PW is the same all the time and is set in the script. Then the script is to open the PDF with that same password. I need all this to protect the PDF from opening by a user, so that only the script has access to the file.
  I've googled a lot. I've seen a similar topic on this community dated as 2012. It's not answered. With an only comment saying that saving with a password seems to be possible via GUI and not via a script.
  Has anything changed since 2012?
  P.S. Illustrator .documentPassword and .requireDocumentPassword don't work in PS and ScriptListener still gives nothing :-/

  ScriptListener still gives nothing
  Which probably means the task is (still) not possible to achieve with Photoshop Scripting.
  Both Photoshop DOM and AM seem to have weaknesses/omissions that I would consider more relevant but if you regard the issue as crucial you may want to post a Feature Request over at
  Photoshop Family Customer Community

• I have an iPad 2 v6.1.3 that has a problem with connecting to wi-fi.  My other I macs have no problem with connecting.  The pad keeps coming up with unable to join the network. Nothing has changed with passwords--it just refuses to join my secure network.

  My other Imacs and my wife's Ipad 3 have no problem with conneccting.  My Ipad keeps coming up with unable to join the network.  Nothing has changed with passwords--it just refuses to join my secure network.  A couple minutes ago, it connected for 10 seconds, then dropped the connection.  Is there a way to reconfigure the Ipad to fix this major problem, as we dropped our carrier (saved a bunch of money) and just went wifi.
  Thanks so much for any help with resolving my connection problem.
  Gary

  Hello jaxgaryj,
  The following article provides a number of potential resolutions for your WiFi issues.
  iOS: Troubleshooting Wi-Fi networks and connections
  http://support.apple.com/kb/TS1398
  Cheers,
  Allen

• How do I send/email Documents with high security and password protected

  I want to send Documents securely to my clients. What product do I need and how do I send/email with password protection? I recently purchased Adobe Send but not sure this was the right product needed to send my documents securely?

  In Acrobat you can create a Portfolio in which your documents (any types) will be placed as attachments and encrypt the whole portfolio. You can also create a small PDF, possibly with explanation what is in it, attach your files to it, and encrypt this PDF. In this case you can encrypt attachments only, so that the user can open the shell PDF but to extract the files would need to know the password.

• Fingerprin​t Reader access to KeePass (from a Thinkpad with Password Manager)

  The goal: secure, convenient, automated login to password-protected sites
  KeyPass is a great open-source program for secure creation, storage and use of login passwords and other information. With a plugin called KeeForm, it allows very convenient automatic login to password-protected sites by clicking on a KeePass entry. To preclude unintended access to all of your secure information, it is wise to close Keepass after each use, or set Keepass to lock when minimized. But this is less convenient, because a long secure master password then has to be entered before each use of Keepass.
  Using a fingerprint reader to enter Keepass can be a big time saver while retaining security. Capacitive swipe fingerprint readers can be very secure, provided they operate through equally secure software. They are available as USB units, or integrated into some keyboards and notebook computers, for example some Lenovo ThinkPads.
  Unfortunately, set-up can be a challenge and there may be disadvantages even after the best workable interface between KeePass and a particular biometric system. This example uses the integrated fingerprint reader and software on a Lenovo ThinkPad X61.
  The problem: getting secure fingerprint software to use KeePass
  ThinkPads can use Lenovo fingerprint software alone for start-up into Windows, but they need additional layers of software (Client Security Solution - CSS, and Password Manager  - PM) to work with other programs including KeePass. PM uses CSS security functions.
  Cautions about Lenovo CSS:
  1. Some organisations advise against CSS because of problems including clashes with antivirus programs. See http://www.ncsu.edu/antivirus/lenovo/ and
  http://prowiki.isc.upenn.edu/wiki/ThinkVantage_Sof​tware_Under_Windows_Vista
  These bugs may have been fixed over time - but install at your own risk!
  2. CSS and PM introduce their own system overheads which may slow some operations.
  3. Once tried, CSS may not simply be inactivated while restoring basic fingerprint start-up into Windows. The X61 at least insists that CSS be reactivated for any fingerprint function. If you try a Windows system restore to a time before CSS was first activated, you may experience the ‘blue screen of death'. The security chip evidently regards your desire for a past configuration as a security breach. With luck you may ‘live again' if you can log into Windows in Safe Mode to undo the attempted system restore. After that, I reactivated CSS. I was not game to try uninstall after inactivation of CSS - but see the ncsu link above.
  Having decided to accept the ‘risks' of activating CSS and PM, you may want to try PM for all password management. For me it would not recognise some internet logins, could not complete auto-submission in others, and did not allow the manual adjustments that make KeePass so versatile. Unfortunately PM help is very limited. There is no current user manual (old manuals up to v1.4 available on the web do not match the properties of the current v3 of the software). KeePass (or the KeeForm plugin) also struggles with some sites, but it works much better overall. Help on KeeForm plugin syntax is limited, but otherwise KeePass help is great.
  So we really want the fingerprint reader (via PM) to work for KeePass master password entry.
  This is not so simple for five interacting reasons:
  (i)  It is tricky to register KeePass in PM;
  (ii) PM then gets confused by ‘hidden' entry of a master password during fingerprint login to KeePass, and repeatedly tries to save ****** as a changed master password;
  (iii) PM also tries to automatically register each entry opened for editing within KeePass;
  (iv) PM tries to automatically register other logins even if they are managed through KeePass.
  (v) Your KeePass records are now only as secure as your PM login (which is likely to be your Windows login).
  The solutions: or workarounds at least
  The best workarounds I could develop for these five issues were:
  (i) To register KeePass in PM, first ensure that PM is running (icon in the system tray). Then launch KeePass, click the login window box for unobscured password display (three blue dots turn black), enter the master password and click OK to start KeePass as usual.
  If PM does not offer to save an entry for KeePass by this stage, try ‘plan B'. Open a window to edit an entry in KeePass, then click Cancel. PM seems to recognise this more readily as a login window and may offer to create an entry. Accept the offer, and name the entry KeePass. Then open PM to edit the saved entry. You will have to edit several fields to achieve an effective PM entry for KeePass:
  The title field must be "Open database - database.kdb", to match the title of the KeePass login window.
  The file name field should show the full path to KeePass.exe (something like C:\Program Files\KeePass\PeePass.exe depending on your installation).
  The login and password data field is accessed by double clicking the entry. It will need to show only your KeePass master password (in the unobscured text view). In login and password data, delete each line of unwanted text until you get to the final password line (shown as *****), and edit this line to provide your master password.
  In the Advanced tab, select auto-fill and auto-submit and the desired security level [see (v) below]. Then select OK to get to the PM front window, and File - Save Changes, then Exit.
  Now when you close and re-launch KeePass, PM should automatically intervene (requesting a fingerprint to complete the KeePass login if you selected that security level. Select ‘No' when PM asks to change the password [see (ii) below].
  If you had no luck, try ‘plan C'. Close KeePass completely, then launch it again to open the login window. Then right-click the PM icon in the system tray, open the ‘Type and Transfer Tool', click the box for unobscured password display, type in the KeePass master password, drag the cross-hairs to the password field in the waiting KeePass login window, and release the password there. Click OK to start KeePass as usual, then click OK to close the PM transfer window. If there is still no KeePass entry in PM, check that KeePass has not been included in the PM excluded programs list. If this sequence does not work, reboot and check again. Failing all else, any entry that PM succeeds in making from any login page can be edited to an effective KeePass entry by editing fields as described above for ‘plan B'.
  PM (v3.00) can be coy to associate initially, but it will accept KeePass (v1.14) as a password-managed program, and thereafter it reliably succeeds to auto-submit the KeePass login after some help described in (ii) below.
  (ii) Having sent the correct master password to the KeePass login window, PM becomes confused by the ‘hidden' text now in the password field, and offers to change its record of your KeyPass master password to ******. You can manually select ‘No' in the PM changed-password dialogue box that appears every time you use PM / fingerprint for KeePass login. But Beware: if you ever accidentally select ‘Yes' (the default) your KeePass master password record in PM will be changed to ******. This can be edited to provide the correct password again, but it is more than a minor pain in the AR5E. Unless you know (or have a backup of) your KeePass master password you just lost access to your KeePass database!
  To avoid this big nuisance and risk, you can set up to restart KeePass for each use from a desktop shortcut (instead of minimising it to the system tray) and have the shortcut run a batch file with vbs scripts that send the ‘No' message to PM automatically.
  Here is an example batch file, with corresponding vbs scripts. You can make all these files using Notepad and save the files with the names indicated, into the KeePass program directory (C:\Program Files\KeePass in this example).
  KeePass.bat (This launches KeePass and tells PM v3 not to change the password. Caution: If Lenovo changed PM program design in future, the effect could change; the batch file might send {TAB}{ENTER} keystrokes to another open window on your computer):
  C:
  cd\
  cd "C:\Program Files\KeePass"
  start " " "C:\Program Files\KeePass\KeePass.exe" "C:\Program Files\KeePass\Database.kdb"
  start /w Sleep.vbs 1
  start /w AppActivate.vbs
  start /w SendKeys.vbs
  Sleep.vbs (provides a short delay to open the ThinkVantage dialogue window, otherwise the following scripts fail because they are sent too soon):
  Wscript.Sleep Wscript.Arguments(0) * 1000
  AppActivate.vbs (puts focus on the ThinkVantage  Password change dialogue window so that Tab and Enter commands are not sent elsewhere with undesired effects):
  CreateObject("WScript.Shell").AppActivate "ThinkVantage Password Manager"
  SendKeys.vbs (sends a ‘No' response to the PM request to change its KeePass entry):
  CreateObject("WScript.Shell").SendKeys "{TAB}{ENTER}"
  Please substitute ) where you see smileywink: in the vbs scripts above - I can't get this forum window to stop automatically translating the " ) sequence of text (without a space) as an emoticon.
  This batch file approach should work with additional startup switches for KeePass, for example the /backup.path: switch used by ‘another backup' plugin (or you can use the db_backup plugin that works from the KeePass.ini file). Quotes are needed around any entry with spaces. But some things that ‘should work' such as just writing "KeePass.exe" instead of the full path in line 4 of the batch file do not give the same outcome for me. This may be an effect on timing of the switch of focus between windows - so if you strike a problem it may be worth experimenting with the delay time set through the sleep script.
  If you set KeePass to lock when minimised, you will have to deal manually with the PM changed-password dialogue every time you re-access KeePass. So it is simpler to close rather than minimise KeePass after each use and restart it when needed, via the batch file.
  (iii) You have to tell PM ‘No' whenever it offers to save an entry that is edited in KeePass. This is less of a nuisance, because entries rarely need to be edited once set up in Keepass.  There is no way to turn off this requirement. If you select ‘Never' it will prevent use of PM and therefore fingerprint entry to start KeePass (not just the edit window).
  (iv) Turn off internet login within PM. This will leave all internet logins to KeePass. Unfortunately you can not set PM to only allow a single program login (KeePass), but you can set it to exclude specific programs, so do that for other programs that you access via KeePass.
  (v) Finally, set PM security within CSS so that a fingerprint (or a password if the fingerprint reader fails) is needed every time PM is launched (not just once per boot). Similarly, set KeePass security this way within PM. Otherwise (if you set the requirement to once per boot) your passwords are open to inspection while you are away from your booted computer.
  Caution: How secure is your Windows login password? Most likely this is also your PM login password, so it now allows access to your KeePass database! Make sure that it is a unique, secure and preferably memorable password.
  How close are we now to the desired combination of security and convenience?
  Click on the KeePass shortcut to the batch file given above, swipe the fingerprint, wait while CSS works, then click on the relevant Keepass entry to access any password-protected site or application in your Keypass list - great convenience.
  Security is very strong - both KeePass and PM are extremely secure unless you use a weak or insecure master password or select less secure settings.
  Starting (or opening a locked instance of) KeePass without the batch file given above requires a couple of extra carefully-placed clicks in the process to tell PM not to mess up its entry for KeePass, then to complete KeePass startup. This is less convenient, and a mistake could prevent future database access - so the batch file method is recommended.
  A final caution (while enjoying secure & convenient logins):
  Beware - fingerprint access is so convenient that you may forget your master passwords! Eventually they will be needed! You may click the wrong button in PM, suffer a faulty fingerprint reader or change computers! Then you must recall your master passwords before you can access your password file (and possibly your computer). This could be devastating: loss of all secure password information in KeePass and PM (and possibly loss of all information on a protected computer drive, not to mention need to pay for a computer motherboard and HDD replacement). So:
  1. Choose very secure but ‘unforgettable' master passwords for KeePass and computer (PM) access.
  2. Always set up a secure master password as an alternative to biometric authentication (in case of a faulty fingerprint reader).
  3. Keep your password database backups, and your separate master password backups, in another secure (preferably encrypted) but accessible location!
  Program versions tested:
  KeePass v1.14 (v2 betas not tested) with KeeForm v2 and DB_Backup v1.14
  Lenovo CSS v8.20 with PM v3.00
  The solutions were tested in November 2008 on a Thinkpad X61 running Windows Vista Business. The tricks to interface with KeePass can vary between fingerprint programs (search the KeePass forum).
  Message Edited by r_g_b on 11-03-2008 07:01 PM
  Message Edited by r_g_b on 11-04-2008 12:00 AM

  I'm reviving quite an old topic here, but I have been unable to find any other good information on this.  I currently use the latest version of Keepass v2.23 and have Lenovo Passoword Manager v4.3 installed on my new W530 laptop.  I can't get PM to recognize any passowords at all, in web browsers or in windows application.  
  In PM the only thing I can do is create folders and secure notes.  My fingerprint software works great for automated logins to windows.  Does anyone have any experience with using the fingerprint reader with a windows application like Keepass?  
  How can I get the Password manager to do ... anything?  Recognize a password in windows or a web browser?
  I'm open to any other software to be used or I can write scripts if necessary to accomplish this.  It doesn't seem like this should be so difficult, but from what I've learned about Lenovo so far, is that nothing is easy.  After trying to get battery charge thresholds working proplery in Windows 8, I've already lost faith in a company that I thought had a great reputation.  

• How to create PDF from Excel with Password Protection Using Visual Studio & Visual Basic

  Could someone provide some VB code sample(s) to create a PDF file with password protection (Security Method - Password Security - Restrict Editing & Printing)?
  I create a bunch of reports every week using an Excel 2010 addin that subsequently must be printed to PDF.  I then have to manually edit the properties of each document in order to apply the printing restriction.
  I'm using Acrobat X.
  I've downloaded the SDK but have no idea which dll's to use or where to begin.
  Thanks!
  Ross

  That's surprising & disappointing.  I would have thought that this capability would have long since been requested.
  Thanks for the heads up.

• Is SSH safer or more vulnerable with password auth?

  I've been having a fight with the university IT people about SSH being unsafe because of the possibility of a brute-force password attack. Of course (as I explain to them) there are myriad ways to thwart this, some of which I had already taken before the fight began (only allow a short time to connect successfully, for example). (Although, I haven't been able to figure out if SSH can simply decide to refuse a connection after a certain number of failed passwords, but that's another issue..). On the other hand, I have seen a few sites in my SSH googling that hint that the RSA key authentication is less secure than password authentication.
  So, my question I would like to submit for discussion is this: Is a passwordless RSA key authentication more or less secure than password authentication, and why? Or, if you would rather, under what circumstances are each method more vulnerable?

  I think it really depends on the attack vector you are looking at.
  Assuming mutually exclusive for the sake of this discussion (either key-based auth with password login disabled, or password login and key based auth disabled). A password-less ssh key is likely more vulnerable to an endpoint exploit -- as if an attacker has your sshkey without a password, he has access. Password-over-ssh is likely more vulnerable to a server-side exploit -- opens the password-guess vector, and if you aren't paying attention to the 'fingerprint doesn't match' message and someone hijacks your dns, you could attempt to login to a compromised system, thus giving away your password. Key-based auth would fail if they did not have your public key on the compromised server (you would still see the fingerprint difference message though).
  You can do things to increase the security of the above vectors, from using a passphrase on your ssh-key and using ssh-agent (so you only have to auth once per session and it simply 'unlocks' your key, and doesn't leave it laying around open)..to using something like knockd or fail2ban on the server side.
  Personally, I use a passphrase protected ssh key (along with ssh-agent), and disable interactive (password) authentication on my boxes anytime they are exposed to a public network (along with adding root to the denyusers ssh list).
  Last edited by cactus (2009-07-08 01:52:11)

• OID-Integrated Label Security with HTMLDB?

  Hi,
  I've followed the how-to document to integrate Oracle Label Security with Oracle Internet Directory.(http://www.oracle.com/technology/deploy/security/database-security/howtos/ols_oid-how-to.html).
  I've successfully created a label security policy for the HR.LOCATIONS table. I would like that same policy to be effective on any query regions in an HTMLDB application.
  I created a test application in HTMLDB, and changed the authentication scheme to be LDAP. It uses Oracle Internet Directory to authenticate the users, and this works successfully.
  However, when I login with an OID user that has been assigned to use the policy, I get no rows returned.
  What is a good way to integrate my label security policy with my htmldb applicaton so that it works within HTMLDB and outside of HTMLDB?
  I saw the technote to use VPD, but when I tried this, it caused my label security policy to stop working. I somehow made it conflict...(http://www.oracle.com/technology/pub/notes/technote_htmldb_vpd.html)
  I guess I'm just not sure what the VPD function should look like after I've already created a Label Security Policy.
  I basically want it to look at the APP_USER and then apply the policy appropriately.
  Thanks,
  Nora

  Scott,
  It still worked in SQLPLUS when I typed 'set role none' first.
  The way I granted PROFILE_ACCESS was through a label security command:
  SQL> exec sa_user_admin.set_user_privs('senspolicy','parse_schema','FULL,PROFILE_ACCESS');
  It seems like this is the only way..
  It just seems strange that it works in SQLPLUS. I'm trying to figure out what other permissions I need for HTMLDB.
  Thanks again,
  Nora
  SQL*Plus: Release 10.2.0.1.0 - Production on Wed May 16 16:38:20 2007
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Enter user-name: parse_schema/<password>@testls
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
  With the Partitioning, Oracle Label Security, OLAP and Data Mining options
  SQL> set role none;
  Role set.
  SQL> select count(*) from hr.locations;
  COUNT(*)
  23
  SQL> exec sa_session.set_access_profile('senspolicy','PUB');
  PL/SQL procedure successfully completed.
  SQL> select count(*) from hr.locations;
  COUNT(*)
  17
  SQL>

• Problem in creating users with password restrictions

  I have enabled the following option in the Authentication>Enterprise tab of CMC.
  Must contain at least N Characters and specified N as 7
  Enforce mixed-case passwords
  However I am able to create user with password as abcd.
  Please suggest.
  Thanks in Advance

  I might be missing something but the rule applies to users changing their pw not administrators creating accounts. If the administrator sets this rule it would be thought/assumed that they would enforce their own rule when creating accounts. The users however should not be able to select 4 character passwords.
  I'll run some tests and see if I find out anything different.
  Tested this on XIR2 SP4 and XI 3.0 The rules apply to the user not the administrator creating the account.
  So create an account while the 7 character pw is enabled. By default the user logs in with the pw (any amount of characters) and is prompted to change their pw. They cannot choose anything less than 7 characters. So unless an administrator creates an account with a password less than 7 characters AND deselects the option to force a pw change. All new users will be forced to select a 7 character password.
  This is by design. If it forced the administrator to create accounts without a 7 character pw they could simply deselect the options(as administrators) so there is no security in forcing this.
  Regards,
  Tim
  Edited by: Tim Ziemba on Aug 13, 2008 5:28 PM
  Edited by: Tim Ziemba on Aug 13, 2008 5:33 PM

• Default role  with password - reality check

  I support the database for an application. We upgraded from Oracle10 to Oracle11 9 months ago. Then recently we applied the OCT CPU.
  The application admin says that they have a program that has recently stopped working that worked after the Oracle11 upgrade.
  The application user has a default role which has a password. Is that possible? A default role with a password. Would this have ever worked in any version of Oracle?

  Default role with password is a feature even available with Oracle XE. Default roles are activated without requiring role password in Oracle 10.2:
  SQL> drop user admin cascade;
  User dropped.
  SQL> drop user test cascade;
  User dropped.
  SQL> drop role rwp;
  Role dropped.
  SQL> select * from v$version;
  BANNER
  Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product
  PL/SQL Release 10.2.0.1.0 - Production
  CORE    10.2.0.1.0      Production
  TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
  NLSRTL Version 10.2.0.1.0 - Production
  SQL>
  SQL> create user admin identified by oraclexe;
  User created.
  SQL> grant create session, create table to admin;
  Grant succeeded.
  SQL> grant unlimited tablespace to admin;
  Grant succeeded.
  SQL> grant create user to admin;
  Grant succeeded.
  SQL> grant create role to admin;
  Grant succeeded.
  SQL>
  SQL> create user test identified by oraclexe;
  User created.
  SQL> grant create session to test;
  Grant succeeded.
  SQL>
  SQL> connect admin/oraclexe;
  Connected.
  SQL> create table t(x varchar2(10));
  Table created.
  SQL> insert into t values('admin OK');
  1 row created.
  SQL> commit;
  Commit complete.
  SQL> create role rwp identified by oraclexe;
  Role created.
  SQL> grant all on t to rwp;
  Grant succeeded.
  SQL> grant rwp to test;
  Grant succeeded.
  SQL>
  SQL> connect test/oraclexe;
  Connected.
  SQL> select * from session_roles;
  ROLE
  RWP
  SQL> select * from admin.t;
  X
  admin OK
  SQL> insert into admin.t values('test OK');
  1 row created.
  SQL> commit;
  Commit complete.
  SQL> select * from admin.t;
  X
  admin OK
  test OK
  SQL>There have been changes between Oracle 10.2 and 11.2 because the same script fails in 11.2 unless the role is set with the password:
  SQL> drop user admin cascade;
  User dropped.
  SQL> drop user test cascade;
  User dropped.
  SQL> drop role rwp;
  Role dropped.
  SQL> select * from v$version;
  BANNER
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  PL/SQL Release 11.2.0.1.0 - Production
  CORE    11.2.0.1.0      Production
  TNS for Linux: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production
  SQL>
  SQL> create user admin identified by oraclexe;
  User created.
  SQL> grant create session, create table to admin;
  Grant succeeded.
  SQL> grant unlimited tablespace to admin;
  Grant succeeded.
  SQL> grant create user to admin;
  Grant succeeded.
  SQL> grant create role to admin;
  Grant succeeded.
  SQL>
  SQL> create user test identified by oraclexe;
  User created.
  SQL> grant create session to test;
  Grant succeeded.
  SQL>
  SQL> connect admin/oraclexe;
  Connected.
  SQL> create table t(x varchar2(10));
  Table created.
  SQL> insert into t values('admin OK');
  1 row created.
  SQL> commit;
  Commit complete.
  SQL> create role rwp identified by oraclexe;
  Role created.
  SQL> grant all on t to rwp;
  Grant succeeded.
  SQL> grant rwp to test;
  Grant succeeded.
  SQL>
  SQL> connect test/oraclexe;
  Connected.
  SQL> select * from session_roles;
  no rows selected
  SQL> select * from admin.t;
  select * from admin.t
  ERROR at line 1:
  ORA-00942: table or view does not exist
  SQL> insert into admin.t values('test OK');
  insert into admin.t values('test OK')
  ERROR at line 1:
  ORA-00942: table or view does not exist
  SQL> commit;
  Commit complete.
  SQL> select * from admin.t;
  select * from admin.t
  ERROR at line 1:
  ORA-00942: table or view does not exist
  SQL>
  SQL> set role rwp identified by oraclexe;
  Role set.
  SQL> select * from session_roles;
  ROLE
  RWP
  SQL> select * from admin.t;
  X
  admin OK
  SQL> insert into admin.t values('test OK');
  1 row created.
  SQL> commit;
  Commit complete.
  SQL> select * from admin.t;
  X
  admin OK
  test OK
  SQL>10.2 Security Guide says:
  If you are granted a role protected by a password, then you can enable or disable the role by supplying the proper password for the role in a SET ROLE statement. However, if the role is made a default role and enabled at connect time, then the user is not required to enter a password.
  11.1 and 11.2 Secuirty Guide says:
  If a user is granted a role protected by a password, then you can enable or disable the role by supplying the proper password for the role in the SET ROLE statement. You cannot authenticate a password-authenticated role on logon, even if you add it to the list of default roles. You must explicitly enable it with the SET ROLE  statement using the required password.
  Edited by: P. Forstmann on 20 févr. 2010 10:28