Should a user be created with Select / Read authorizat into GRC database

Similar Messages

• Can a dblink be created with select only privilege

  I have created dblink from one instance to another instance.With dblink we can perform dml operations on a table.But i want to restrict insert,update,delete rights and grant only select.Is this possible

  my problem is there is a user named ABC in mango instance with >insert,update,delete privs.
  there is another user CDE in apple instance with insert,update,delete privs.
  Now i have created a dblink on user ABC to CDE as a fixed user.So now user >ABC can do all insert,update,delete operations on user CDE tables.This I want to >restrict.I want user ABC to just view CDE tables instead of update,insert and >delete operations. Create a new user CDE1 and grant select only privilege on all tables of CDE.
  create a dblink using CDE1 this will solve the issue?
  Justin explains the same in his previous reply.
  HTH

• Lion Server: Can user preferences - created with workgroup manager - beupdated with Profile Manager?

  I've created some users and their preferences using the old workgroup manager. All work. I haven't used the profile manager (lion star functionality) so far. If  I do so, can I use it to update the user preferences already created? Is there any incompatibility between workgroup manager and profile manager?

  Dang, no help with this. Oh well. Guess I just mark it as "answered" and toss it in the "Cold Case" files.

• Text/html processing error with Acrobat Reader when sending to database

  Hi everyone,
  I have a problem that occurs in certain versions of the Acrobat Reader, with Acrobat Professional the error message does not pop up.
  In Acrobat Reader however, when sending the form to a php file to fill a database an error pops up
  "Content type text/html couldn´t be processed"
  Nevertheless it works fine, except the fact that the confirmation "successfully sent" that should pop up (and does in Acrobat Professional)  does not appear due to this processing error. What can I do?
  Thanks for supporting!

  Hi,
  I'll only attempt the first part:
  See this discussion where event.target.path.toString().substring(0, 4); was used to get the first four letters of the path. If that equalled "http", then the form was opened in a browser.
  http://forums.adobe.com/message/2840942#2840942
  I can't contribute on the other issues.
  Niall

• Why can't I import a .mov created with QT screen recording into FCX?

  I created a .mov file with QuickTime's Screen Recording mode. The movie thus created opens in the QuickTime Player and plays fine, but when I try to import it into FCX's editor with File>Import, I get an error message: "File Error: 1 file(s) recognized, 0 access denied, 1 unknown".
  Why can't I import this .mov to edit it in FCX?
  Thanks,
  George

  Bengt, I believe the OP's "FCX" does mean FCE.
  Like Al said, they need to be transcoded (say, to AIC) in something like MPEG Streamclip, QT Pro  or Compressor.
  Actually, FCP X will happily open them.
  Russ

• Problem inserting text with special Hungarian characters into MySQL database

  When I insert text into my MySQL db the special Hungarian
  characters (ő,ű) they change into "?".
  When I check the
  <cfoutput>#FORM.special_character#</cfoutput> it gives
  me the correct text, things go wrong just when writing it into the
  db. My hosting provider said the following: "please try to
  evidently specify "latin2" charset with "latin2_hungarian_ci"
  collation when performing any operations with tables. It is
  supported by the server but not used by default." At my former
  hosting provider I had no such problem. Anyway how could I do what
  my hosting provider has suggested. I read a PHP related article
  that said use "SET NAMES latin2". How could I do such thing in
  ColdFusion? Any suggestion? Besides I've tried to use UTF8 and
  Latin2 character encoding both on my pages and in the db but with
  not much success.
  I've also read a French language message here in this forum
  that suggested to use:
  <cfscript>
  setEncoding("form", "utf-8");
  setEncoding("url", "utf-8");
  </cfscript>
  <cfcontent type="text/html; charset=utf-8">
  I' ve changed the utf-8 to latin2 and even to iso-8859-2 but
  didn't help.
  Thanks, Aron

  I read that it would be the most straightforward way to do
  everything in UTF-8 because it handles well special characters so
  I've tried to set up a simple testing environment. Besides I use CF
  MX7 and my hosting provider creates the dsn for me so I think the
  db driver is JDBC but not sure.
  1.) In Dreamweaver I created a page with UTF-8 encoding set
  the Unicode Normalization Form to "C" and checked the include
  unicode signature (BOM) checkbox. This created a page with the meta
  tag: <meta http-equiv="Content-Type" content="text/html;
  charset=utf-8" />. I've checked the HTTP header with an online
  utility at delorie.com and it gave me the following info:
  HTTP/1.1, Content-Type: text/html; charset=utf-8, Server:
  Microsoft-IIS/6.0
  2.) Then I put the following codes into the top of my page
  before everything:
  <cfprocessingdirective pageEncoding = "utf-8">
  <cfset setEncoding("URL", "utf-8")>
  <cfset setEncoding("FORM", "utf-8")>
  <cfcontent type="text/html; charset=utf-8">
  3.) I wrote some special Hungarian chars
  (<p>őű</p>) into the page and they displayed
  well all the time.
  4.) I've created a simple MySQL db (MySQL Community Edition
  5.0.27-community-nt) on my shared hosting server with phpMyAdmin
  with default charset of UTF-8 and choosing utf8_hungarian_ci as
  default collation. Then I creted a MyISAM table and the collation
  was automatically applied to my varchar field into wich I stored
  data with special chars. I've checked the properties of the MySQL
  server in MySQL-Front prog and found the following settings under
  the Variables tab: character_set_client: utf8,
  character_set_connection: utf8, character_set_database: latin1,
  character_set_results: utf8, character_set_server: latin1,
  character_set_system: utf8, collation_connection: utf8_general_ci,
  collation_database: latin1_swedish_ci, collation_server:
  latin1_swedish_ci.
  5.) I wrote a simple insert form into my page and tried it
  using both the content of the form field and a hardcoded string
  value and even tried to read back the value of the
  #FORM.special_char# variable. In each cases the special Hungarian
  chars changed to "q" or "p" letters.
  Can anybody see something wrong in the above mentioned or
  have an idea to test something else?
  I am thinking about to try this same page against a db on my
  other hosting providers MySQL server.
  Here is the to the form:
  http://209.85.117.174/pages/proba/chartest/utf8_1/form.cfm
  Thanks, Aron

• Read XML into the database

  Hi,
  If I have a XML file and want to read its attributes into matching columns in a table, what is the best way to map the xml e.g. firstname to a firstname column in the table?
  <name>
  <firstname>Bill</firstname>
  <last>Gates</last>
  </name>
  Thanks

  Why do you want to do this? (Might help with the answer).

• Permissions required for an user to create a View in Oracle 10.2.0.1.0

  Hi,
  I am facing one serious issue with Oacle 10.2.0.1.0.
  I have an user (Atlas) created with below permissions.
  grant connect to atlas;
  grant resource to atlas;
  grant create public synonym to atlas;
  grant select any dictionary to atlas;
  grant query rewrite to atlas;
  I will create my database schema on this user Atlas. All my scripts are executing properly with Oracle 9i and 10g version 10.1.0.2.0. But when it comes to Oracle 10g version 10.2.0.1.0 the views creation is throwing an error saying that Insufficient Priviliges.
  I didn't get why this error is coming.
  What previliges does an user should require for creating a view in Oracle 10.2.0.1.0 version?
  I have installed Enterprise version of Oracle 10.2.0.1.0. Please suggest me with this.
  Thanks
  Rao

  CREATE VIEW was taken away from connect or resouce in 10.2.x. It has to be explicity granted... Not sure what this has to do with XML per-se :)

• Accounts being created with administrative group rights

  Hello,
  The server is a Windows 2003 R2 Enterprise fully patched used for Shared Hosting purposes.  It runs Hsphere control panel.  I am trying to identify how the following hack is happening. 
  1) There are users being created with Administrative group rights.   Below is the EventViewer log for the user creation:
  User Account Created:
       New Account Name:    username
       New Domain:    PCNAME
       New Account ID:    PCNAME\username
       Caller User Name:    PCNAME$
       Caller Domain:    DOMAINNAME
       Caller Logon ID:    (0x0,0x3E7)
       Privileges        -
   Attributes:
       Sam Account Name:    username
       Display Name:    <value not set>
       User Principal Name:    -
       Home Directory:    <value not set>
       Home Drive:    <value not set>
       Script Path:    <value not set>
       Profile Path:    <value not set>
       User Workstations:    <value not set>
       Password Last Set:    <never>
       Account Expires:    <never>
       Primary Group ID:    513
       AllowedToDelegateTo:    -
       Old UAC Value:    0x2DAB2B0
       New UAC Value:    0x2DAB2B0
       User Account Control:    -
       User Parameters:    <value not set>
       Sid History:    -
       Logon Hours:    <value changed, but not displayed>
  There exists entries as well where the primary group ID is changed to the Administrative group, but I am omitting such.
  2) I tried to identify what Caller Logon ID:    (0x0,0x3E7) means.  I found out from here:
   http://blog.joeware.net/2013/01/14/2667/ that I can use LogonSessions.exe to identify it.
  Output from LogonSessions.exe is pasted below (snippet):
  [0] Logon session 00000000:000003e7:
      User name:    DOMAINNAME\PCNAME$
      Auth package: NTLM
      Logon type:   (none)
      Session:      0
      Sid:          S-1-5-18
      Logon time:   9/11/2014 12:41:53 PM
      Logon server:
      DNS Domain:   
      UPN:          
          4: System
        316: smss.exe
        364: csrss.exe
        392: winlogon.exe
        440: services.exe
        452: lsass.exe
        628: svchost.exe
        756: LMAgent.exe
        840: svchost.exe
       1000: spoolsv.exe
       1252: avagent.exe
       1268: camWMIAgent.exe
       1324: cissesrv.exe
       1380: cpqrcmc.exe
       1404: vcagent.exe
       1440: svchost.exe
       1480: HsQuotas.exe
       1740: inetinfo.exe
       1780: EmailAgent.exe
       1856: snmp.exe
       1884: sysdown.exe
       1920: smhstart.exe
       2192: svchost.exe
       2388: cmd.exe
       2396: hpsmhd.exe
       2444: cqmgserv.exe
       2464: cqmgstor.exe
       2484: HSphere.exe
       2596: wmiprvse.exe
       2676: cmd.exe
       2684: rotatelogs.exe
       2692: cmd.exe
       2700: rotatelogs.exe
       2732: searchindexer.exe
       2812: hpsmhd.exe
       2824: cqmghost.exe
       2852: svchost.exe
       3044: cmd.exe
       3052: rotatelogs.exe
       3080: cmd.exe
       3088: rotatelogs.exe
       5452: svchost.exe
       5596: GravitixService.exe
       7392: csrss.exe
       7232: winlogon.exe
       6888: csrss.exe
       9832: winlogon.exe
      10388: wawrapper.exe
      10352: cpqnimgt.exe
       9496: msiexec.exe
       6068: w3wp.exe
       4748: webalizer.exe
  3) I also learned from http://support.microsoft.com/kb/243330/en-us that   Sid:          S-1-5-18 means:
  SID: S-1-5-18
  Name: Local System
  Description: A service account that is used by the operating system
  That is all great info, but I am not sure I can put together what I have learned to attempt and get closer towards identifying how in the world users are being created and then being assigned administrative group rights.
  I am a Linux person mostly, but I am comfortable following a properly explained thread regarding windows 2003 R2 Enterprise issues.
  The server is fully patched and it is running Lumension security product.  What's more, Norman Malware tracker, tdskiller.exe (Kaspersky) and McAfee rootkitremover.exe have been run without any apparent Malware/Virus infection
  Hope someone with advanced admin skills can advise.
  Thank you

  Hi,
  You mentioned that, “I am trying to identify how the following hack is happening”, would you please tell us that why did you think the event represent a hacking behavior?
  In a Shared Server Hosting environment, the underlying hosting control panel tool (Hsphere in this case) should be creating only virtual FTP users with a specific group.  So no users with Administrative group should be ever created.  If this happens,
  it constitutes a breach of server security=positive hacking attempt.
  >how in the world users are being created and then being assigned administrative group rights.
  In addition, would you please be more specific about this question? Did you find the event message on a domain joined machine?
  I want to be able to understand in full how/what process is allowing users to be created with Admin rights.  In other words, I want to know what IP was used to issue the command, if ASP.net was used (abused in this case), or anything else related to
  it so that we can patch this particular hole.
  Best Regards,
  Amy

• Help on export sybase iq tables with data and import in another database ?

  Help on export Sybase iq 16 tables with data and import into another database ?

  Hi Nilesh,
  If you have table/index create commands (DDLs), you can create them in Developper and import data using one of methods below
  Extract/ Load table
  Insert location method : require IQ servers to be entered in interfaces file
  Backup/Restore : copy entire database content
  If you have not the DDLs, you can generate them using IQ cockpit or SCC.
  http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01773.1604/doc/html/san1288042631955.html
  http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01840.1604/doc/html/san1281564927196.html
  Regards,
  Tayeb.

• How can i create a new user with only read rights ?

  How can i create a new user with only read rights ?

  You are asking about a Database User I hope.
  You can look into the Oracle 8i Documentation and find various privillages listed.
  In particular, you may find:
  Chapter 27 Privileges, Roles, and Security Policies
  an intresting chapter.
  You may want to do this with the various tools included with 8i - including the
  Oracle DBA Studio - expand the Security node and you can create USERS and ROLES.
  Or use SQL*Plus. To create a
  user / password named John / Smith, you would login to SQL*Plus as System/manager (or other) and type in:
  Create user John identified by Smith;
  Grant CONNECT to John;
  Grant SELECT ANY TABLE to John;
  commit;
  There is much more you can do
  depending on your needs.
  Please read the documentation.
  -John
  null

• Create new user like another user with select privilege???

  our user requested create another user similar to "apps" , but only "selec t" privilege to "apps" objects and other user's objects which grant to "apps".
  In this case they can use tool login and do some work.
  Does anyone know how to "create a new user like APPS", bur only copy APPS "select" privilege to this new user?
  Thanks.

  This has been discussed many times in the forums. Pl see this thread Re: How to create a read only database or conduct a search for more hits.
  HTH
  Srini

• Create user with select privilege only one schema

  can someone tell me how i can create user with select priviliges only one schema.
  i don't want the user to have any select privileges with other schema.
  can someone advise me.
  Thansk

  In general, you would do something like
  CREATE ROLE abc_read_only;
  FOR x IN (SELECT * FROM dba_tables WHERE owner='ABC')
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON abc.' || x.table_name || ' TO abc_read_only';
  END LOOP;
  CREATE USER your_user ...;
  GRANT abc_read_only TO your_userYou create a role, grant the role SELECT access to all the tables in the ABC schema (you can extend this to grant access to views, functions, etc depending on the requirements), and then grant that role to your user.
  Justin

• How create LOV(select List) with all LDAP users

  Hello,
  I am trying to create a selected list with all the users in my LDAP, note my LDAP is synchronized with my OID.
  Any suggestions, I'm searching the the pl/sql statment?
  Thanks
  Hussam

  Hi Hussam,
  Take a look at my comments in the following two threads -
  Re: LDAP
  Re: Cookie And LDAP
  The two different threads discuss the methods I use to do what you want to do (so you really need to 'combine' the two different threads).
  Hope this helps

• Problem with user services (creating a service for mpdas)

  Hi, I'm using mpd and using a user service to start it.
  However, I'm trying to create a service for mpdas (a mpd client for last.fm) and getting some errors:
  currently, my mpdas.service is as following:
  [Unit]
  Description=AudoScrobbler client for MPD
  After=mpd.service
  [Service]
  ExecStart=/usr/bin/mpdas
  [Install]
  WantedBy=default.target
  Which giving me the following errors:
  (14:49:55) [ERROR] You are not root. Not changing user ..
  (14:49:55) [INFO] Connected to MPD.
  (14:49:56) [INFO] Last.fm handshake successful. SessionID: ...
  terminate called after throwing an instance of 'std::ios_base::failure'
    what():  basic_filebuf::underflow error reading the file
  Aborted
  Which are the same errors I get if I run just "mpdas" instead of running it with sudo.
  If I use it as a root service (instead of a user service) it fails on startup, but works fine when I restart the server.
  So, I'm assuming:
  1) mpdas needs root permission
  2) if used as a root service, it fails at startup cause the mpd service (enabled as a user service) hasn't started yet
  3) if used as a user service, it fails cause it needs root permission
  What's the 'correct' way to solve this? (I believe mpdas should be a user service, cause it runs with a config that is just for my user).
  Is there a way to make a user service run with root privileges?
  I couldn't figure out the best way to configure it.
  Last edited by alv-r- (2014-11-29 18:37:56)

  TheSaint wrote:Why should it fails with sudo?
  It works only with sudo. It was failing as a system service because it needs mpd, which I configured as an user service. Then when systemd starts the system services (when booting) there's not mpd instance running and it fails.
  TheSaint wrote:Doesn't it works with fakeroot ?
  As a noob, I don't know exactly how fakeroot works, I'll take a better look at it, but running it with fakeroot takes rid of the errors I was getting when not running as sudo.
  The problem I have now is that it still fails on startup, but there isn't any helpful (or unhelpful) message. It just shows the PID and says it failed.
  If I run
  systemctl --user start mpdas
  it works well though. Any ideas of why this happens?
  My current unit file looks like this:
  [Unit]
  Description=AudoScrobbler client for MPD
  After=mpd.service
  Requires=mpd.service
  [Service]
  ExecStart=/usr/bin/fakeroot /usr/bin/mpdas
  [Install]
  WantedBy=default.target
  Raynman wrote:Why does it need root privileges? Maybe you just need to configure it properly to run under your normal user?
  Seeing the options in the man page and the config options for the config file, I don't see any that could do the trick.
  I'll send a message to the developer with the error I'm getting (when not running as sudo).
  Last edited by alv-r- (2014-11-29 18:36:59)