Session require user privileges

Similar Messages

• User requires ADMIN privilege to perform this operation.

  Hi
  I have written a procedure which creates a new workspace. The owner of the package has been granted apex_administrator_role. This works fine with SQL Developer/Plus.
  But when I try to use this procedure from my Apex page I get User requires ADMIN privilege to perform this operation.
  I understand that Apex makes a connection with APEX_PUBLIC_USER, and this can be one of the reasons of the error. But I would like to know if there is some solution:
  My code is:
        apex_instance_admin.add_workspace (
          p_workspace          => p_name,
          p_primary_schema     => p_name,
          p_additional_schemas => '');
    --p_name is passed as a parameter and workspace and primary_schema name are the sameHabib

  I think you will need to grant privleges to apex_instance_admin directly to the owner of the package.
  http://docs.oracle.com/cd/E14072_01/network.112/e10574/authorization.htm#BABFJEGJ
  The privileges of the procedure's definer must be granted directly to the user, not granted through roles.

• Broken link on copy and paste from normal user to required upper privilege user

  Hi, 
  I've encountered an error that is probably coming from environment variables.
  When I copy %document%\something\ from a normal user to %programs% where it require administrator privilege, i'm prompted with a credential window ( so far so good ) until it prompt me with an other window that says: "i don't find %document%\something\"
  witch is normal since the administrator have different environment variable and certainly no "something" folder under his documents.  
  hope it helps, N.Satsuki.

  Hi,
  This should be privilege problem, as normal user desn't have write permission of Program files folder in C drive.
  If you doubt this is enviroment variable problem, it would be better to switch your account to Administrator account to test if it had same problem.
  Roger Lu
  TechNet Community Support

• Remote Get-Service as Normal user require other privileges

  Hello,
  I my setup I have two Windows 2012 R2 servers.
  From Computer1 I do a enter-pssession  to Computer2 as a normal user. (The user is in the group Remote Management Users)
  On Computer2 I can do a get-process and it works. If I do a get-service it does not work.
  Could this be because get-service automatically adds -computer . ? and it's then a double-hop?
  So is there a trick to get it to work as a normal user?
  Cannot open Service Control Manager on computer '.'. This operation might require other privileges.
      + CategoryInfo          : NotSpecified: (:) [Get-Service], InvalidOperationException
      + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetServiceCommand

  Hi RFalken,
  I also think this should be permission issue, Please also use wmi remote access service:
  Get-WmiObject -Class WIN32_service -ComputerName computer2
  I think you would also get "access denied" error.
  I tested the script you posted, and got the same error with you, after my investigation, please follow these steps:
  To solve the wmi class permission issue, please also go through this article to troubleshoot:
  Permissions to access WMI remotely
  1)Add the user to 'Distributed DCOM Users' group on the target server
  2)Add domain test user to  "WinRMRemoteWMIUsers__"
  3)Grant both "Enable Account" & "Remote Enable" access to  Root/CIMV2 namespace
  Please also run the cmd below, which will edit a service's security descriptor.
  4)Run "sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)" in cmd.
  Refer to:
  Non-administrators cannot remotely access the Service Control Manager after you install Windows Server 2003 Service Pack 1
  Although the article above is applied to Server 2003, however, it can also work in my test with newer OS version.
  If there is anything else regarding this issue, please feel free to post back.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Grant debug connect session to user

  I understand that if DBA hasn't granted following option to "user" following way:
  grant debug connect session to user;, then "user" wil lget following error when she tries to debug:
  ORA-0131:Insufficient Priviledges
  Debugging requires Debug connect session system priviledgesIs there any explanation why DBA decides to not grant such privilege? Maybe such privilege slows down something? Maybe it can create security "hole"? Maybe there is another good explanation?
  The "user" in this example was Schema/Account ment for Development personell who developes functionality, but it doesn't matter i think what kind the "user" is.
  so why you think i don't have such privilege, what bad could such privilege when granted give?

  Its just that You have not been Granted that Privilege. Mostly in what ever shop i have worked Such grants are given on request Base.
  Debugging is a Developers Right and no one can denie it.
  But i never use any debugging tool. I only relay on my Instrumented Code.

• How do I fix this error, Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Modal session requires modal window'?

       I have been trying to start up my Batman: Arkham City game recently and it says that it cannot open and gives me this error;
                 "Terminating app due to uncaught exception 'NSInternalInconsistancyException', reason: 'Model session requires model window'"
       I have played the game for about 13 hours before this error started to pop up and I was wondering if anyone knew of a way to fix it.  Any information would be greatly appreaciated.

  Yesterday I had the same problem.
  I installed the game and played for five hours with no problem but in the last execution my iMac show me that error. I tried to uninstall and install the game again but always show me the error. I did the same with the Steam client with no solution.
  Finally I fixed the error deleting a folder.
  Go to Macintosh HD/Users/[username]/Library/Caches/com.feralinteractive.bmac
  and delete the folder named "com.plausiblelabs.crashreporter.data"
  Try to launch the game again.
  Good luck.

• 10.9.2 systemsetup requires administrator privileges?

  Per the update materials for 10.9.2:
  Date and Time
  Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
  OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
  Impact:  An unprivileged user may change the system clock
  Description:  This update changes the behavior of the systemsetup
  command to require administrator privileges to change the system
  clock.
  CVE-ID
  CVE-2014-1265
  My account is an administrator account, but now when I run the systemsetup command, I get the following error:
  MacBookAir:~ mikedonscheski$ systemsetup -listtimezones
  You need administrator access to run this tool... exiting!

  Hmmm... I'm probably a bit experienced, but the Time/Date setting looks okay to me?  Matches the time on my iPhone.  Should I be looking at something else?

• Is "parse as" the only way to restrict user privileges?

  I have an application which is working in a schema blabla_owner.
  Users do not need to log into this app, but I don't want them to be able to update data. Although I only have reports and no updateable forms or anything, my client is not very happy that all queries are implicitly done by the schema owner.
  I read that "parse as" can be used, so we created a user blabla_read that can only read in the owner's schema and selected this user in the "parse as" attribute of the application, but unfortunately using this mechanism we need to grant the select privileges directly instead of through a role.
  I tried changing the dad to use the readonly user but that is no use since the HTMLDB_PUBLIC_USER is only a dummy user and its privileges do not matter.
  Is there another way of accomplishing the following:
  - not requiring the users to log in
  - be sure all queries are done by a user with readonly privileges only
  - be able to use a role to grant privileges instead of doing this directly
  Thanks

  Not to put too fine a point on it, but as I said earlier An Apex application is no different than a "stored procedure" in that object privileges need to be granted directly to the parsing schema and not via a role
  The reason for this might be that DBMS_SYS_SQL.PARSE_AS_USER, the underlying mechanism used by Apex to parse all SQLs requires object privileges to be granted directly to the "parse as" schema (for security reasons), but in any case whatever the reason, it is what is.
  I have also "wished" many times that stored procedures/views would work with privileges granted through roles and not directly, but hey, what you gonna do?!

• Run with user privileges but write to restricted folder

  In Windows Server 2008 R2 (and in an Active Directory domain), the login and logoff scripts are run with user privileges.
  Suppose that I run script1.ps1, when user1 logs in; I need that script1.ps1 is associated to user1, because it will write some informations about that user: it modifies a log file in a folder. Anyway, script1.ps1 will be run with user1 privileges.
  I obviously made that file and that folder accessible (readable/writable) to user1: but I actually don't want the user to modify that log file. I would like that
  only the script could do it.
  Is there a way to work around this problem? Maybe should I run script1.ps1 in a different way?

  Henry.  You can add a subscription to a server that subscribes t event log entries on user computers.  Subscribe to the logon/logoff events. Now you have a central repository of logon and  logoff events.
  There is no way to accomplish what you are asking to do.  Any file that can be written to in logon script or during a user session can be changed by the user.
  Bil is suggesting a "startup" script that runs when the user logs on and not when the computer starts.  A user startup script runs as the user and not system.
  Another method is to schedule a script that run at logon.  This can run as system and write to a file that the user cannot change.
  ¯\_(ツ)_/¯

• LDAP User Privileges

  Dears,
  wanna do integration CUCM 9.1 with Active Directory and what i know that the user should have "Read" Only privileges to do the integration
  BUT:
  1- I tried to do it with user has only Read privilges i got error login failure to ldap
  2- I change the user privilege to be Admin then i could integrate with call manager
  CUCM 9,1 Administration Documents Says:
  LDAP Manager Distinguished Name
  Enter the user ID (up to 128 characters) of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory in question.
  CUCM 9.1 SRND Says (Page 809):
  Design Considerations for LDAP Synchronization
  Observe the following design and implementation best practices when deploying LDAP synchronization
  with Cisco Unified CM:
  • Use a specific account within the corporate directory to allow the Unified CM synchronization
  agreement to connect and authenticate to it. Cisco recommends that you use an account dedicated
  to Unified CM, with minimum permissions set to "read" all user objects within the desired search
  base and with a password set never to expire. The password for this account in the directory must
  be kept in synchronization with the password configuration of the account in Unified CM. If the
  service account password changes in the directory, be sure to update the account configuration in
  Unified CM.
  What exactly the right privileges for the user ??

  Can you provide the distinguished user string and the search base string? Perhaps the user is outside of the search base hence requires admin rights to read it.
  Chris

• Oracle Security - Controlling the 'alter user' privilege

  Hi,
  1. DB 10.1.0.5 and 10.2.0.3
  2. "Admin User" needs to be able to change some users passwords in database.
  3. Create user adminuser - grant alter user to adminuser.
  4. DBAs will grant "approle" role to list of required users. DBAs will maintain control of who gets this role.
  4. Create system trigger on alter database - will prevent "adminuser" from changing passwords for accounts not authorized - Script does not fire for DBAs and anyone changing their own password.
  The trigger works as intended - the "adminuser" account can only change the specific set of users.
  Question: We've discovered that the "adminuser" can also use the "alter user" privilege to change default tablespace and tablespace quota. User should only be able to change password.
  Anyone have ideas on adding to the trigger to make sure the "adminuser" is only altering the password?
  I am playing with the ora_is_alter_column system event, thinking that maybe the password column in user$ would be changed but so far I can't get this to work: Here is my trigger --
  CREATE OR REPLACE TRIGGER SYS.PASSWORD_CONTROL AFTER ALTER ON DATABASE
  DECLARE
  DBACHK varchar2(50);
  USRCHK varchar2(50);
  BEGIN
  BEGIN
  -- Ensure users can change their own passwords --
  IF
  ora_login_user = ora_dict_obj_name
  THEN
  RETURN;
  ELSE
  -- Do not apply trigger to DBA group --
  select grantee into DBACHK from dba_role_privs where granted_role='DBA'
  and grantee = ora_login_user;
  IF
  DBACHK = ora_login_user
  THEN
  RETURN;
  END IF;
  END IF;
  EXCEPTION
  WHEN NO_DATA_FOUND
  THEN
  NULL;
  END;
  BEGIN
  select grantee into USRCHK from dba_role_privs where
  granted_role='DISCUSR' and grantee = ora_dict_obj_name;
  IF
  ora_dict_obj_type = 'USER'
  and ora_dict_obj_name = USRCHK
  ---- Need to check that only the password is being change -- the line below does not work
  and ora_is_alter_column('PASSWORD') = TRUE
  THEN
  RETURN;
  ELSE
  RAISE_APPLICATION_ERROR(-20003,
  'You are not allowed to alter user.');
  END IF;
  EXCEPTION
  WHEN NO_DATA_FOUND
  THEN
  RAISE_APPLICATION_ERROR(-20003,
  'You are not allowed to alter user.');
  END;
  END;

  user602453 wrote:
  Ed, thank you for your reply. But, let me explain in more detail.
  More detail is always helpful. ;-)
  >
  A specific user has been assigned as the application administrator. This admininstrator is responsible for reseting application user passwords. The DBA (me) recognizes the DB security issues so I am trying to craft a solution that will allow the application administrator the ability to change only the password of the application users.
  I see that this may be out your hands, but I'd still question the wisdom of having an apps administrator being the one to change user passwords. Especially if that were a model where the users couldn't change their own passwords. I might accept it if the app admin were acting more of a helper to a clueless user.
  Since the only way to change user passwords is to grant the 'alter user' privilege I need a system trigger to keep the user from changing non-application user passwords. Also, because I support nearly 100 production databases that support about 35 different applications I need a solution that can apply to multiple databases. I've been assured that there will only be one administrator charged with resetting passwords.
  So,
  Given those requirements, I have this trigger that will allow the the specific administrator to change the password of a specific set of user while not impacting DBAs or people wanting to change their own password. The way I've implemented this is to create a "dummy" role and assigning the role to the application user. The trigger will allow the administrator to change the password only if the user has the role assigned. The role has no privileges, it is just a way to "mark" the user as an application user. The administrator cannot grant this "dummy" role, only the DBA can.
  Hope that clears things up.I still see another problem in that it still comes back to the dba to create the apps user in the first place, and to assign that dummy role to the user. Also, I'd hope that this proposed apps admin user is a role assigned to a real user. If not, as I mentioned before, you have no real accountability to who is using that account. Simply saying "it shall not be shared", even if written in corporate policy, won't secure it, and you won't be able to trace it. Well, you could turn on auditing and capture the OS userid in the audit log.

• Single Database Session Per User in ADF/BC Application

  Hi, I am using ADF with BC (JDeveloper 11.1.1.1). My application contains multiple application modules, each connected to the same JDBC data source. On the app server, I have configured the data source to use Identity Based Connection Pooling.
  My current configuration is resulting in numerous database sessions for each user. I have a requirement to use only a single database session per user HTTP session. Is there any way to configure the application modules to achieve this?
  Thanks,
  Brad

  Hi,
  use a single root Am module and make sure the others are used as nested modules. This will create a single connection
  Frank

• Activating "Check user privileges​" causes TestStand to not start properly.

  Recently we checked the box "Check User Privileges" under Station Options->User Manager.
  Now when we try to start the Teststand Sequence editor it opens but with all functionality grayed out so that no action whatsoever can be taken.
  If we make an attempt to use File-Login no new box appears but the GUI flickers for a millisecond as if a dialog was open and closed at almost the same time.
  If we try to start a sequence file directly from windows explorer it replies with an error message : "Could not open the sequence file(s).... Error code: -18360, User does not have required privilege".
  What has happened and does anyone have any good ideas about how to remedy this?

  Hi GiangV,
  You can change the "Check User Privileges" setting back to the default by modifying the TestExec.ini file, located by default at (C:\ProgramData\National Instruments\TestStand 2010\Cfg)
  With TestStand closed, change the line CheckUserPrivileges = False to CheckUserPrivileges = True
  Also, the login dialog issue can occur if the loginlogout sequence becomes corrupted (this would explain the flickering behavior).  To restore this sequence to its default state, you can do the following:
  Move the FrontendCallbacks.Seq file to a different location (such as my documents), located by default at (for TestStand 2010):
  C:\Program Files\National Instruments\TestStand 2010\Components\Callbacks\FrontEnd\FrontEndCallbac​ks.seq
   Run a repair install of TestStand to recreate the default version of the file
  Hope this helps!
  Al B.
  Staff Software Engineer - TestStand
  CTA/CLD

• Installer requires Admin Privilege to run

  I'm a new user on a Macbook. Its been about 20 years since I last was on an apple. I need help, I'm trying ton install a game on my laptop. When I click on the installer to install the game a window pops up saying "installer requires Admin privilege to run" and the only option is to quit. What do I need to do to get this game installed?
  Thanks so much!!

  /Applications/Utilities/Disc Utility - a very handy tool in all sorts of situations.
  I'm most surprised that a new account with admin permissions wasn't able to perform the install I'm at a loss what might be causing that to be honest ... maybe the repair permissions on the drive will sort it out, perhaps the entire folder has had write access removed somehow. You could select the destination folder location and Get Info on it and look at the permissions settings at the bottom, does it allow any user to Write there or is it Read only I wonder ?

• Access Connection​s on Windows 7 with Standard User Privilege

  My company is developing a Windows 7 Professional image based on Lenovo’s factory build. One of the key objectives to this image is to get our users away from being Administrators (admin) on their systems to greatly reduce the security risks associated with admin privileges. One of the ThinkVantage utilities we have found most valuable to our laptop users is Access Connections (AC). In our initial testing we have found that AC does not allow for the creation or modification of connection Profiles as a standard user.
  Is there any way to configure AC so it does not require admin privilege to create and manage profiles?
  Thanks
  "Imagination is more important than knowledge. Knowledge is limited but imagination encircles the world."
  Albert Einstein

  Hi,
  yes, the previous post is the correct one.
  Just one note, in case you want to deploy some network connections to multiple users, then you can use the .LOA files, where you can also distribute specific configuartion settings for the end user. All that is needed, once the .LOA file is on please is to restart the both AC services and you are ready to go.
  This is just a note, in case you have >1000 users which you would like to administrate.
  Cheers