Tracing all users and their privileges
Hi everbody!
I want to trace all users(online/offline) and those user's given privileges as a system dba. Are there any data dictionary views to trace it ?
i.e.
we have 3 users and 3 of them have connect,resource. How can we know who have which privs ?
i checked dba_role_privs, nothing to solve my prob.
thanks.
You should never assign CONNECT or RESOURCE to anyone.
Determine what privileges each connected user requires and create a role that contains the actual privs required.
System and Object privileges may be granted explicitly or in roles and roles can be granted to roles. Check here too:
all_tab_privs_made
all_tab_privs_recd
all_col_privs_made
all_col_privs_recd
Similar Messages
-
Script to list the users and their privileges in a database
Hi Team,
Can someone provide me a script that list all the users and their privileges in a database?
DB version:11.2.0.2
OS:AIXOsama_mustafa wrote:
Why you create your own script
SELECT * FROM USER_SYS_PRIVS;
SELECT * FROM USER_TAB_PRIVS;
SELECT * FROM USER_ROLE_PRIVS;
That won't tell him what privileges a user has via a role. It will only tell him what privilges were granted directly, and what roles were granted directly. But those roles have privileges, and may have other roles, which have still more roles and privs, etc. It's a recursive issue and a simple select from user__privs won't get it.
Pete Finnigan has a good script for reporting the entire picture. I leave it as an exercise for the student to use google to find it. I have already given all the information needed to complete that exercise. -
How can I list all users and their DEFAULT tablespace?
How can I list all users and their DEFAULT tablespace?
PeterPeter, the following short article that lists the most heavily used Oracle rdbms dictionay views might be of interest based on your question:
How do I find information about a database object: table, index, constraint, view, etc… in Oracle ? http://www.jlcomp.demon.co.uk/faq/object_info.html
HTH -- Mark D Powell -- -
BI Report - List all users and their assigned roles
Hello,
i need a report, which lists me all users and their roles.
Which table stores this membership information about the users?
USR or UGP does not have any valuesHi Reynaldo,
You can go to SE16 -> table name "AGR_USERS" and see the records for all users. Arrange them in ascending order by name and you will get the report what you have mention above.
Download it and put it in EXCEL.
Best Wishes.
Kumar -
Getting list of all users and their group memberships from Active Directory
Hi,
I want to retrieve a list of all the users and their group memberships through JNDI from Active Directory. I am using the following code to achieve this:
==================
import javax.naming.*;
import java.util.Hashtable;
import javax.naming.directory.*;
public class GetUsersGroups{
public static void main(String[] args){
String[] attributeNames = {"memberOf"};
//create an initial directory context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://172.19.1.32:389/");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "p8admin");
try {
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
//get all the users list and their group memberships
NamingEnumeration contentsEnum = ctx.list("CN=Users,DC=filenetp8,DC=com");
while (contentsEnum.hasMore()){
NameClassPair ncp = (NameClassPair) contentsEnum.next();
String userName = ncp.getName();
System.out.println("User: "+userName);
try{
System.out.println("am here....1");
Attributes attrs = ctx.getAttributes(userName, attributeNames); // only asked for one attribute so only one should be returned
System.out.println("am here....2");
Attribute groupsAttribute = attrs.get(attributeNames[0]); // memberOf
System.out.println("-----"+groupsAttribute.size());
if (groupsAttribute != null){
// memberOf is a multi valued attribute
for (int i=0; i<groupsAttribute.size(); i++){
// print out each group that user belongs to
System.out.println("MemberOf: "+groupsAttribute.get(i));
}catch(NamingException ne){
// ignore for now
System.err.println("Problem encountered....0000:" + ne);
//get all the groups list
} catch (NamingException e) {
System.err.println("Problem encountered 1111:" + e);
=================
The following exception gets thrown at every user entry:
User: CN=Administrator
am here....1
Problem encountered....0000:javax.naming.NamingException: [LDAP: error code 1 -
000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0
]; remaining name 'CN=Administrator'
I think it gets thrown at this line in the code:
Attributes attrs = ctx.getAttributes(userName, attributeNames);
Any idea how to overcome this and where am I wrong?
Thanks in advance,
Regards.In this sentence:
Attributes attrs = ctx.getAttributes(userName, attributeNames); // only asked for one attribute so only one should
It seems Ok when I add "CN=Users,DC=filenetp8,DC=com" after userName, just as
userName + ",CN=Users,DC=filenetp8,DC=com"
But I still have some problem with it.
Hope it will be useful for you. -
Import all users and their objects without doing full database import
Hi Guys,
I have a task to that involves Importing all existing users and their objects in production to the test database without doing a full database import - Please how do i do this?
Pls i need your help urgently.SQL> select * from v$version;
BANNER
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product
PL/SQL Release 10.2.0.1.0 - Production
CORE 10.2.0.1.0 Production
TNS for Linux: Version 10.2.0.1.0 - Production
NLSRTL Version 10.2.0.1.0 - Production
I tried to import objects and data from a user from a FULL dump file. File was created with the following command:
server is: SQL*Plus: Release 10.2.0.1.0 - Production on Wed May 26 15:34:05 2010
exp full=y FILE="full.dmp" log=full.log
Now I imported:
imp file=full.dmp log=full.log INCTYPE=SYSTEM
imp fromuser=user1 file=full.dmp
Results: not all the user procedures have been imported:
SQL> select count(*) from user_procedures;
the Original
COUNT(*)
134
the current:
select count(*) from user_procedures;
COUNT(*)
18
I also tried these alternatives:
exp tablespaces="user1_data" FILE="user1.dmp" log=user1.log
exp LOG=user1.log TABLESPACES=user1_data FILE=user1_data.dmp
exp LOG=user1owner.log owner=user1 FILE=user1owner.dmp
expdp DIRECTORY=dpump_dir1 dumpfile=servdata_pump version=compatible SCHEMAS=user1
impdp directory=data_pump_dir dumpfile=servdata_pump.dmp :
ORA-39213: Metadata processing is not available
SQL> execute dbms_metadata_util.load_stylesheets
BEGIN dbms_metadata_util.load_stylesheets; END;
ERROR at line 1:
ORA-31609: error loading file "kualter.xsl" from file system directory
"/usr/lib/oracle/xe/app/oracle/product/10.2.0/server/rdbms/xml/xsl"
ORA-06512: at "SYS.DBMS_METADATA_UTIL", line 1793
ORA-06512: at line 1
file kualter.xsl does not exist in XE !!
imp owner=user1 rows=n ignore=y
imp full=y file=user1_data.dmp
imp full=y file=full.dmp tablespaces=user1_data,user1_index rows=n ignore=y
So, I do not understand why user1 objects are not imported:
see this part of the first import log:
Export file created by EXPORT:V10.02.01 via conventional path
import done in US7ASCII character set and AL16UTF16 NCHAR character set
import server uses WE8ISO8859P1 character set (possible charset conversion)
. importing SYS's objects into SYS
. importing USER1's objects into USER1
. . importing table .........................
why only 18 rows?
if you have an suggestion, you are welcome, as I do not have any other idea...
ren
Edited by: ronpetitpatapon on May 26, 2010 12:38 PM
Edited by: ronpetitpatapon on May 26, 2010 12:41 PM
Edited by: ronpetitpatapon on May 26, 2010 1:03 PM -
List all users and their own roles.
Hi everybody!
I have to make a list of all sap users and their own separated roles by user. There are any transaction to do it? The SUIM transaction gives me a sap user and their own roles, but if I try with a lot users It gives me all the roles that are using those users but don't give me the roles for each one.
Thanks a lot.
Best regards.Hi Reynaldo,
You can go to SE16 -> table name "AGR_USERS" and see the records for all users. Arrange them in ascending order by name and you will get the report what you have mention above.
Download it and put it in EXCEL.
Best Wishes.
Kumar -
List all users and their OUs they belong to
Hi,
I would like to list all users with the OU they belong to and furthermore add an specific attribute that was added...
I can get both information separately:
get-aduser -SearchBase 'OU=DOMAIN,DC=mygroup,DC=re,DC=lan' | FT name
and
Get-ADOrganizationalUnit -SearchBase 'OU=DOMAIN,DC=mygroup,DC=re,DC=lan' -properties name,budgetanalytics | FT name,budgetanalytics
but I'd like to get the list containing user1, its OU, its budgetanalytics
Thanking you in advance,
CédricThanks for your reply!
I tried the following:
$Users = get-aduser -SearchBase 'OU=Mes Utilisateurs,DC=itced,DC=lan' -filter '*'
$OU = $User.distinguishedname -split ',',2 | select -last 1
$output = @()
Foreach($User in $Users){
$budgetanalytics = Get-ADOrganizationalUnit -SearchBase $OU -Properties objectGUID
$Object = New-Object PSObject
$Object | add-member Noteproperty user $user.name
$Object | add-member Noteproperty OU $OU
$Object | add-member Noteproperty objectGUID $objectGUID
$output += $Object
$output
but I get the following
user
OU
objectGUID
User1
OU=Mon OU,OU=Mes Utilisateurs,DC=itced,DC=lan {Microsoft.PowerShell.Commands.Internal.Forma...
User2
OU=Mon OU,OU=Mes Utilisateurs,DC=itced,DC=lan {Microsoft.PowerShell.Commands.Internal.Forma...
Why do I get "Microsoft.PowerShell.Commands.Internal.Forma..." instead of the actual objectGUID of the Organizational Unit
Thanking you in advance -
My server has been working flawlessly for many months. I did the upgrade to 10.5.6 and everything has been fine. I decided to do the software update to 10.5.8. When it was finished I could not log in as admin or anyone else. I finally got in as root...then it gave me an error in Workgroup Manager. Said I was not logged in and there was an error of -14008.
All my users are gone and so is their home directories....I hate to say it but this is ridiculous...doing a simple update and losing all the users? I expect this from Windows but not my xSERVER.
Does anyone have a fix to correct this? I really hate having to tell all the users tomorrow morning a simple update wiped all their data.
CarlHi
I saw your issue and I feel your pain. I did the same upgrade path to 10.6 and found that I had no users!. This is not your typical apple upgrade, the same as all other 10-X from day one. I cheated and used a new drive as I feel that upgrades may cause issues and I also used that as an opportunity to upgrade to a larger hard drive. After booting up on the new system with the upgraded drive I found the same issue to be true. I used the original drive, modified all my users to allow my new admin account to have rights to a user that I called 'move' on the old system. I booted up the old system modified all the users to allow user 'move' then I copied them to the new directory I set up that I called 'move' on the old drive, The next step I set up a new user 'move' on the new system drive and copied all the data from the old system drive 'move' to the new system drive 'move' I created all of my users on the new system drive. I set up all of my user accounts with a simple password 123456 on the new system I copied the users to there new directory. You could restore your backup on spare drive or an external drive with the old OS loaded. Postits on all the users monitors for Monday morning and... grumbling users with all of the data from Friday, get KrispyCreams and leave by the coffee pot [this step i forgot]. The users will talk about how nice it was that you brought doughnuts and not how there login is messed up [ha ha....}
I know that this is not an elegant or a quick solution but it worked for me and my 36 user accounts. If you know Unix script or Python or Apple script the procedures would be faster as you could batch the whole mess.
Hope this helps and good luck. -
I will be changing the default quota on mailboxes soon, but there are a number of others who have "customized" quotas and I will need to identify them also.
CharlieThe following powershell command can get you the mailboxes that are using "custum "quota:
Get-Mailbox -Resultsize unlimited | where-object {$_.UseDatabaseQuotaDefaults -eq $false} -
How to reset All users and delete their table?
Hi,
i want to know How to reset All users and delete their tables with username- system and password-manager.
thanksHi
Here delete means truncate or drop?????
If drop use the following statement to generate the script:
select 'drop table ' || Owner || '.' || Table_Name || ';' from Dba_tables
where owner in (<All_the_users_you_want_to_reset>);
But before firing the above statement extract the DDL's to create all the users and put it in a file and just run that file to re-create the users.
if its truncate then:
select 'truncate table ' || Owner || '.' || Table_Name || ';' from Dba_tables
where owner in (<All_the_users_you_want_to_reset>);
Hope this Helps
Regards -
Correct No. of Accounts and their Privileges for Installing SharePoint 2013 Developer Machine
Hi Dear SharePoint 2013 Experts,
I request you to kindly guide like; the Correct No. of Accounts and their Privileges for Installing SharePoint 2013 Developer Machine. Is there any step by step blog or Video on "Installing SharePoint 2013 Developer Machine".
Tried Installing ALL in one single Virtual Machine using account spDeveloper (which is a Member of "Administrators" and "Domain Admins" Group(s). Any kind of SharePoint Web-Application and/or Sites (Developer-Site, Team-Site, ....) can
be created including MySites and Intranet Sites.
But when tried creating SharePoint App Project in Visual Studio 2013 and deploying, stuck here with 2 weird Issues like;
1. This task requires the application to have elevated permission
2. Error occurred in deployment step 'Install App for SharePoint': The System Account can not perform this action
If Visual Studio 2013 is run NORMALLY (WITHOUT 'As Administrator'), it throws above 1st error - "This task requires the application to have elevated permission"
Because of the above 1st Issue, if the Visual Studio 2013 is run 'AS ADMINISTRATOR', it again throws an error (2nd error) - "Error occurred in deployment step 'Install App for SharePoint': The System Account can not perform this action"
How to over cum this "chicken and egg problem"??
Regards,
developementsharepointHi,
Have you had a look at the TechNet guidance for configuring SharePoint and SQL on a single server? It's here: http://technet.microsoft.com/en-us/library/cc262243(v=office.15).aspx
There is also a good TechNet wiki article on creating a SharePoint dev environment here,
http://social.technet.microsoft.com/wiki/contents/articles/19178.sharepoint-2013-setting-up-a-dev-environment-one-piece.aspx and here http://social.technet.microsoft.com/wiki/contents/articles/15289.sharepoint-2013-creating-a-development-environment.aspx
Regards, Matthew
MCPD | MCITP
My Blog
View
Matthew Yarlett's profile
See my webpart on the TechNet Gallery that allows administrative users to upload, crop and format user profile photos. Check it out here:
Upload and Crop User Profile Photos -
List of users and their decimal notation settings in SAP system
Hi all, i'm looking to get my hands on a list of all users in our SAP system and their respective decimal notation settings? I know that these can be mass changed using SU10 however I am unable to determine how to view a list of users and their settings.
Thanks,
JamesHi James,
You can find many useful reports, in SUIM transaction to see user details, but not decimal notation field. I don't know a report to show decimal notations, but as a workaround, in order to see the decimal notation, you can check "USR01-DCPFM" by using "SE16".
Best regards,
Orkun Gedik -
How to export a user and their schema from one 10g database to another?
Hi,
I would like to export a user and their entire schema from one 10g database to another one. How do I do this?
thx
adamIf you want to export a user and the schema owned to the user, and import to the same user in a different database, or a different user in the same database, you can use the exp and imp commands as described in the Utilities manual.
These commands are very versatile and have a lot of options - well worth learning properly. To give you a simplistic shortcut, see below - I create a user 'test_move', create some objects in the schema, export, create a new user in the database 'new_move' and import.
oracle@fuzzy:~> sqlplus system/?????
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 11 21:46:54 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
SQL> create user test_move identified by test_move;
User created.
SQL> grant create session, resource to test_move;
Grant succeeded.
SQL> connect test_move/test_move
Connected.
SQL> create table test (x number);
Table created.
SQL> insert into test values (1);
1 row created.
SQL> exit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
oracle@fuzzy:~> exp system/????? file=exp.dmp owner=test_move
Export: Release 10.2.0.1.0 - Production on Sat Mar 11 21:48:34 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to: Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
Export done in AL32UTF8 character set and AL16UTF16 NCHAR character set
About to export specified users ...
. exporting pre-schema procedural objects and actions
. exporting foreign function library names for user TEST_MOVE
. exporting PUBLIC type synonyms
. exporting private type synonyms
. exporting object type definitions for user TEST_MOVE
About to export TEST_MOVE's objects ...
. exporting database links
. exporting sequence numbers
. exporting cluster definitions
. about to export TEST_MOVE's tables via Conventional Path ...
. . exporting table TEST 1 rows exported
. exporting synonyms
. exporting views
. exporting stored procedures
. exporting operators
. exporting referential integrity constraints
. exporting triggers
. exporting indextypes
. exporting bitmap, functional and extensible indexes
. exporting posttables actions
. exporting materialized views
. exporting snapshot logs
. exporting job queues
. exporting refresh groups and children
. exporting dimensions
. exporting post-schema procedural objects and actions
. exporting statistics
Export terminated successfully without warnings.
oracle@fuzzy:~> sqlplus system/?????
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 11 21:49:23 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
SQL> create user new_move identified by new_move;
User created.
SQL> grant create session, resource to new_move;
Grant succeeded.
SQL> exit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
oracle@fuzzy:~> imp system/????? file=exp.dmp fromuser=test_move touser=new_move
Import: Release 10.2.0.1.0 - Production on Sat Mar 11 21:50:12 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to: Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
Export file created by EXPORT:V10.02.01 via conventional path
import done in AL32UTF8 character set and AL16UTF16 NCHAR character set
. importing TEST_MOVE's objects into NEW_MOVE
. . importing table "TEST" 1 rows imported
Import terminated successfully without warnings.
oracle@fuzzy:~> If moving between databases, remember to set the SID properly before the import. If keeping the same userid, skip the from/to stuff in the import.
There are many variations on the theme ...
You can simplify this. You can select tables individually. You can use a parameter file. You can transport all the constraints and data. You can skip the data and only move the definitions. You can get some help (imp/exp help=yes).
And, if it's all 10g, there is a new and improved facility called expdp/impdp (dp = data pump) which has a lot more capability as well, including direct transfer (no intermediate file) together with suspend/restart. Also documented in the Utilities manual. -
E-Recruiting Users and their Service Assignments
Hello all,
I am running EREC 604 SP11 (Ehp4), with ECC 6.0 SPS5, TREX 7.1rev39, Portal 7.01.
My scenario is EREC+ECC one box, Portal seperate and TREX seperate. I've got everything set up for WebDynpro (as required with this release) and am having some trouble accessing certain web dynpro links, I think my problem is an early eRecruiting step of defining service users and their assignments to eRecruiting / web dynpro services in SICF.
Can anyone provide me with a list/table of service/reference users that need to be created, their attached roles, and which services they each need to be assigned to? I've looked all over and cannot glean this type of simple documentation.
Thank you very much for your time!Hello,
The reference users and the respective roles would be;
Reference User / Standard SAP E-Rec Role / Role name
RCF_ADMIN / SAP_RCF_BUSINESS_ADMINISTRATOR / Administrator
RCF_CAND_EXT / SAP_RCF_EXTERNAL_CANDIDATE / External Candidate
RCF_CAND_INT / SAP_RCF_INTERNAL_CANDIDATE / Internal Candidate
RCF_DATA_TYP / SAP_RCF_DATA_TYPIST / Data Entry Clerk
RCF_DECISION / SAP_RCF_DECISION_MAKER / Decision Maker
RCF_MANAGER / SAP_RCF_MANAGER / Manager
RCF_MGRASS / SAP_RCF_MANAGER_ASSISTANT / Manager's Assistant
RCF_RECRUIT / SAP_RCF_RECRUITER / Recruiter
RCF_REQUEST / SAP_RCF_REQUISITION_REQUESTER / Requester
RCF_RES_REC / SAP_RCF_RESTRICTED_RECRUITER / Restricted Recruiter
RCF_RES_SUCC / SAP_RCF_REST_SUCCESSIONPLANNER / Restricted Succession Planner
RCF_SUCC_PL / SAP_RCF_SUCCESSION_PLANNER / Succession Planner
RCF_TC / SAP_RCF_TALENT_CONSULTANT / Talent Consultant
The service user with the role and relevant services would be
Service user / Std. E-rec Role / Role name
RCF_UREG_CAND(*) / SAP_RCF_UNREGISTERED_CANDIDATE / UnRegistered Candidate
(*) - The naming convention as required
Required services;
hrrcf_a_unreg_job_search
hrrcf_a_candidate_registration
HRRCF_A_POSTING_APPLY
Service user is key for Un-registered candidates till the registration process is complete. I'm not sure if i had missed out any specific services with respect to Unregistered candidates. If so, probably some one else can add to the list.
Best Regards
G Raj
Maybe you are looking for
-
The screen is not touch sensitive in the area covered by the 7 8 9 numbers when the ipod is in the horizontal (in scientific calculator orientation) - the rest of the screen is fine. But because of the ares affected I cannot even log on to internet a
-
I'm trying to print pdf using JasperReports Integration. I need to do an INSERT then clean all the page items(including the apex_collection.truncate_collection for truncate the collection) and print with the Jasper call(all in one button). The Inser
-
8530 doesn't connect to MacBook Pro
When I connect my BB8530 to my MacBook, Blackberry desktop manager doesn't see it. It seems to be the same whether connecting via bluetooth or by USB Cable. Any suggestions? I've tried a hard reboot
-
SLD : Failed to initialize cluster notification during SLD startup
hello, We are using WAS 7.0. While starting the SLD the server gives following error. Failed to send start signal for complete cluster, SLD may still be stopped on other cluster nodes. in the log of SLD following entries are there.. FATAL com.sap.lcr
-
Hi Experts, Please see the following requirement and let me give the sujjestion for it,It will be very helpfull to me.Thanks in advance. SAP Note No. 851943 04.07.2005 Page 1 Number 851943 Ver