Trying to use SQL to implement a VPD policy

Similar Messages

• Trying to implement a VPD policy but got the following error ORA-20001

  hey good day,
  I'm trying to implement a VPD policy to my application. After I have performed the below task (Label 1) in oracle 10g database. When I'm about to access my application page in ApEx 3.2.1 I got the following error
  ORA-20001: get_dbms_sql_cursor error ORA-28110: policy function or package CHARLES.VPD_PREDICATE has error
  any form of assistance will be greatly appreciated.
  thanks in advance
  Label 1
  USER is "VPD_ADMIN"
  SQL> create or replace context empnum_ctx using set_empnum_ctx_pkg;
  Context created.
  SQL> CREATE OR REPLACE PACKAGE set_empnum_ctx_pkg IS
    2    PROCEDURE set_empnum;
    3  END;
    4  /
  Package created.
  SQL> CREATE OR REPLACE PACKAGE BODY set_empnum_ctx_pkg IS
    2    PROCEDURE set_empnum IS
    3     emp_id NUMBER;
    4    BEGIN
    5     SELECT EMPNUM INTO emp_id FROM CHARLES.INSTRUCTOR
    6     WHERE upper(username) = nvl(v('APP_USER'), USER);
    7     DBMS_SESSION.SET_CONTEXT('empnum_ctx', 'empnum', emp_id);
    8
    9    EXCEPTION
  10      WHEN NO_DATA_FOUND THEN NULL;
  11    END;
  12  END;
  13  /
  Package body created.
  SQL> create or replace package vpd_policy as
    2    function vpd_predicate(object_schema in varchar2 default null, object_name in varchar2 default null)
    3     return varchar2;
    4  end;
    5  /
  Package created.
  SQL> create or replace package body vpd_policy as  function vpd_predicate(
    2   object_schema in varchar2 default null, object_name in varchar2 default null)
    3     return varchar2 as
    4
    5      BEGIN
    6     if (USER = 'ADMIN') and (v('APP_USER') is null) or
    7        (USER = 'MICHAEL.GRAY') and (v('APP_USER') is NULL) then
    8       return '';
    9     else
  10       return '(
  11             exists (
  12                     select  "INSTRUCTOR"."EMPNUM" as "EMPNUM",
  13                             "INSTRUCTOR"."FIRSTNAME" as "FIRSTNAME",
  14                             "INSTRUCTOR"."LASTNAME" as "LASTNAME",
  15                             "LOAD"."COURSEID" as "COURSEID",
  16                             "COURSE"."CREDIT" as "CREDIT",
  17                             "COURSE"."HPW" as "HPW",
  18                             "LOAD"."CAMPID" as "CAMPID",
  19                             "LOAD"."YR" as "YR",
  20                             "INSTRUCTOR"."POS" as "POS",
  21                             "INSTRUCTOR"."USERNAME" as "USERNAME",
  22                             "INSTRUCTOR"."DEPARTMENT_NAME" as "DEPARTMENT_NAME",
  23                             "LOAD"."SEMESTER" as "SEMESTER"
  24                     from    "COURSE" "COURSE",
  25                             "INSTRUCTOR" "INSTRUCTOR",
  26                             "LOAD" "LOAD"
  27                     where   "INSTRUCTOR"."EMPNUM"="LOAD"."EMPNUM"
  28                     and     "LOAD"."COURSEID"="COURSE"."COURSEID"
  29                     and     department_name = (
  30                                     select department_name from departments
  31                                     where upper (assigned_to) = nvl(v(''APP_USER''),USER) )
  32                                     )
  33
  34                     or upper(username) = nvl(v(''APP_USER''), USER)
  35                                                ) ';
  36
  37     END IF;
  38  END vpd_predicate;
  39  END vpd_policy;
  40  /
  Package body created.
  SQL> begin
    2  dbms_rls.add_policy(
    3  object_schema => 'charles',
    4  object_name => 'load',
    5  policy_name => 'Loading Policy',
    6  function_schema => 'charles',
    7  policy_function => 'vpd_predicate',
    8  statement_types => 'select, update, insert, delete');
    9  end;
  10  /
  PL/SQL procedure successfully completed.

  ORA-20001 isn't an Oracle error message it was coded into your application by a developer: Look it up.
  Consider too the following:
  EXCEPTION
     WHEN NO_DATA_FOUND THEN NULL;so if the employee identifier is not found ... is this really what you want? If an employee isn't valid shouldn't you know it?

• Thread hangs trying to use MoveChildComponentChange to implement drag-n-dro

  System: JDeveloper 11.1.1.3 Browser: FF 3.6.6
  So I'm trying to implement a drop-n-drop between two components, allowing the user to drag elements between on parent component and another parent component:
  I never make it past the commonComponentParent = moveChildComponentChange.add(..) line as the thread hangs (during debugging i dont get an exception it just hangs!!), but the reason that I'm getting this, i think, is because the system is giving a null ChangeManager (cm). Why is the RequestContext giving me a null cm when I so nicely asked it for a valid one?
  <af:panelGroupLayout id="pgl1" styleClass="appdock appMenu" layout="horizontal" inlineStyle="margin-left: 0px;">
  <af:dropTarget dropListener="#{menuComponent.handleExternalContainerDrag}" actions="MOVE">
  <af:dataFlavor flavorClass="javax.faces.component.UIComponent" />
  </af:dropTarget>
  <tr:outputText value="drop here" />
  </af:panelGroupLayout>
  import javax.faces.component.UIComponent;
  import javax.faces.context.FacesContext;
  import oracle.adf.view.rich.context.AdfFacesContext;
  import oracle.adf.view.rich.datatransfer.DataFlavor;
  import oracle.adf.view.rich.datatransfer.Transferable;
  import oracle.adf.view.rich.dnd.DnDAction;
  import oracle.adf.view.rich.event.DropEvent;
  import org.apache.myfaces.trinidad.change.ChangeManager;
  import org.apache.myfaces.trinidad.change.MoveChildComponentChange;
  import org.apache.myfaces.trinidad.context.RequestContext;
  public class MenuComponent {
  public DnDAction handleExternalContainerDrag(DropEvent dropEvent){
  ChangeManager cm = null;
  cm = RequestContext.getCurrentInstance().getChangeManager();
  UIComponent commonComponentParent = null;
  try {
  commonComponentParent = moveChildComponentChange.add(fctx, cm);
  moveChildComponentChange.changeComponent(commonComponentParent);
  AdfFacesContext adfFacesCtx = AdfFacesContext.getCurrentInstance();
  adfFacesCtx.addPartialTarget(commonComponentParent);
  } catch (Exception e){
  e.printStackTrace();
  -Rob

  Hi,
  did you enable change persistence in the ViewLayer project ? The book you have the sample code from mentions this on page 447 "Enabling Change Persistence in ADF Faces RC Projects". To enable this, just double click the view layer project and then select "ADF View". The check the checkbox to "Enable User Customization"
  Frank

• Getting error ORA-01732, after implementation of VPD policy

  Hi,
  I have created a policy to restrcit the number of records affected in auncondtional select & update (not more than 3 at a time). The policy is working fine for the select staement but when I'm trying to update the same table I'm getting "ORA-01372: data manipulation operation not legal on this view".
  I'm using Oracle 10g release 2. & I performed following steps:
  SQL> connect SYS as SYSDBA
  Enter password: ****************
  Connected.
  SQL> GRANT EXECUTE ON DBMS_SESSION TO smbdev;
  Grant succeeded.
  SQL> GRANT EXECUTE ON DBMS_RLS TO smbdev;
  Grant succeeded.
  SQL> GRANT CREATE ANY CONTEXT to smbdev;
  Grant succeeded.
  SQL> GRANT create trigger to smbdev;
  Grant succeeded.
  SQL> GRANT ADMINISTER DATABASE TRIGGER to smbdev;
  Grant succeeded.
  SQL> connect smbdev@SMBS
  Enter password: *******
  Connected.
  SQL> CREATE OR REPLACE CONTEXT rownum_ctx USING rownum_ctx_pkg;
  Context created.
  SQL> CREATE OR REPLACE PACKAGE rownum_ctx_pkg IS
  2 PROCEDURE set_rownum;
  3 END;
  4 /
  Package created.
  SQL> CREATE OR REPLACE PACKAGE BODY rownum_ctx_pkg IS
  2 PROCEDURE set_rownum
  3 AS
  4 BEGIN
  5 DBMS_SESSION.SET_CONTEXT('rownum_ctx', 'rownum', 4);
  6 EXCEPTION
  7 WHEN NO_DATA_FOUND THEN NULL;
  8 END set_rownum;
  9 END;
  10 /
  Package body created.
  SQL> CREATE OR REPLACE TRIGGER set_rownum_ctx_trig AFTER LOGON ON DATABASE
  2 BEGIN
  3 smbdev.rownum_ctx_pkg.set_rownum;
  4 END;
  5 /
  Trigger created.
  SQL> CREATE OR REPLACE FUNCTION get_rownum(
  2 schema_p IN VARCHAR2,
  3 table_p IN VARCHAR2)
  4 RETURN VARCHAR2
  5 AS
  6 rownum_pred VARCHAR2 (400);
  7 BEGIN
  8 rownum_pred := 'rownum < SYS_CONTEXT(''rownum_ctx'', ''rownum'')';
  9 RETURN rownum_pred;
  10 END;
  11 /
  Function created.
  SQL> BEGIN
  2 DBMS_RLS.ADD_POLICY (
  3 object_schema => 'smbdev',
  4 object_name => 'SMB_BOLT_CODE',
  5 policy_name => 'rownum_policy',
  6 function_schema => 'smbdev',
  7 policy_function => 'get_rownum',
  8 statement_types => 'select,update’)
  9 END;
  10 /
  PL/SQL procedure successfully completed.
  SQL> select * from smbdev.SMB_BOLT_CODES;
  CATENTRY_ID SYN_BOLT_CODE
  13700 08000026540000
  13701 08000026520000
  13702 08000026530000
  SQL> update smb_bolt_codes set SYN_BOLT_CODE='asd';
  update smb_bolt_codes set SYN_BOLT_CODE='asd'
  ERROR at line 1:
  ORA-01732: data manipulation operation not legal on this view
  SQL> select * from tab where tname=’ SMB_BOLT_CODES’;
  TNAME TABTYPE CLUSTERID
  SMB_BOLT_CODES TABLE
  SQL> connect sys@smbs as SYSDBA
  Enter password: ***********
  Connected.
  SQL> select count(*) from smbdev.SMB_BOLT_CODES;
  COUNT(*)
  101
  Please let me know what I'm doing wrong or what I need to change?
  Thanks in advance.

  Welcome to the forum!
  This seems odd: you add a policy to an object named SMB_BOLT_CODE, but you query SMB_BOLT_CODES
  SQL> BEGIN
  2 DBMS_RLS.ADD_POLICY (
  3 object_schema => 'smbdev',
  4 object_name => 'SMB_BOLT_CODE',
  5 policy_name => 'rownum_policy',
  6 function_schema => 'smbdev',
  7 policy_function => 'get_rownum',
  8 statement_types => 'select,update’)
  9 END;
  10 /
  PL/SQL procedure successfully completed.
  SQL> select * from smbdev.SMB_BOLT_CODES; --<------ Notice the extra S here...Edited by: Alex Nuijten on Aug 14, 2009 2:28 PM

• Using SQL server instead of Olite in Oracle BPEL

  I am now trying to use SQL 2000 server instead of Olite in Oracle BPEL. I couldn't find any instruction or admin config guide. Has anyone had any luck with this?
  If anyone has any experience, please shed some light on this.
  I am now able to get "domain_sqlserver" dll file populated into SQL server.
  How di i configure BPEL to use SQL db instead of Olite? Do i need to set up database connections to work?
  Thank you very much in advance.

  Edwin,
  Thank you so much for the info.
  I have emailed to [email protected] for the question.
  Up to now, i have done the followings:
  1. I have successfully populated domain_sqlserver ito SQL 2000 with some modification.
  2. I have also configured data-sources.xml under ..\integration\orabel\system\services\install\config and unser ..\integration\orabel\system\appserver\oc4j\j2ee\home\config to use MSFT SQL 2000 instead of Olite.
  3. I have also commented out running kill_Olite.bat and start_olite.bat, and start SQL 2000 server.
  4. Installed Data Direct JDBC driver
  Could you please kindly point me what are the rest of configuration required in order to make it work?
  Thank you so much.

• Using Sql monitor in Oracle SqlDeveloper

  Hi ,
  i tried to use SQL Monitor in Oracle SqlDeveloper but it says "i need to register the oracle "
  is there any other way to use it ?
  thank u

  Hi,
  I am not quite sure what you mean by "i need to register the oracle ". Are you referring to the Tuning Pack Required confirmation dialog? If so, then you should click on the Yes button if that option is licensed for your database installation.
  Regards,
  Gary
  SQL Developer Team

• Using SQL permissions in Azure

  I am trying to use sql security in Azure and my first attempt doesn't work because the ALTER ROLE statement doesn't seem to be supported.  I'm interested in whether I can use sql security in Azure, and if so how.
  My current approach, which works in SQL Server 2012, is to create roles and add users to those roles, e.g.
  1. CREATE USER [xxx] FOR LOGIN [Azurexxx] WITH DEFAULT_SCHEMA=[dbo]
  2. CREATE ROLE [AttendeeNoPayUpdate]
  3. DENY UPDATE ON OBJECT::dbo.Attendees(HasPaid) TO [AttendeeNoPayUpdate]
  4. ALTER ROLE [AttendeeNoPayUpdate] ADD MEMBER [xxx]
  The first three statements work, but the ALTER ROLE does not, with the error 'Statement 'ADD/DROP ROLE MEMBER' is not supported in this version of SQL Server.'
  My question is - how should I set up sql security on an Azure database? Clearly roles are supported, otherwise statements 2 and 3 wouldn't work, so can I use them with Users? Obviously the alternative is to stop using roles and assign  the GRANT/DENY
  directly to the user, which looks like it works.(I use roles because I have the same permissions applied to lots of users).
  I would appreciate any suggestions or insights on the best/correct way to set up GRANT/DENY permissions for users.
  Jon Smith

  Hi,
  I found the answer after trawling a lot of sites. I found the page
  Managing Databases and Logins in Azure SQL Database and Azure uses the stored procedure 'sp_addrolemember'. Once I swapped to that then everything worked.
  In case someone else finds this useful I have listed the same code as in the question, but with the right command to add the role.
  1. CREATE USER [xxx] FOR LOGIN [Azurexxx] WITH DEFAULT_SCHEMA=[dbo]
  2. CREATE ROLE [AttendeeNoPayUpdate]
  3. DENY UPDATE ON OBJECT::dbo.Attendees(HasPaid) TO [AttendeeNoPayUpdate]
  4. EXEC sp_addrolemember 'AttendeeNoPayUpdate', 'xxx'
  Jon Smith

• Tuxedo buildserver : use SQL in cobol applics

  Hi,
  I'm trying to use SQL through COBOL applications in a Tuxedo (8.0) environment.
  I've added the ODBC libpath to the buildserver command. The execution/compilation of the buildserver seems to be ok, but upon execution of the cobol program the SQL CONNECT fails with SQL-error err 10000.
  I have no idea how to make SQL work ? Can anyone help ?
  I read about RM (resources manager), is this required to make it work ?
  thanks !
  Hugo
  Our platform is HP/UX and we use SQL/COBOL outside tuxedo without problems.
  This is the make file :
  # Fc 970618: incremental compilation for Cobol added
  TUXINC=$(TUXDIR)/include
  BTNINC=$(BTNDIR)/incl
  INCLUDES=-I $(TUXINC) -I $(BTNINC) -I /jates/progs/srcs
  ODBCLIBS="-L /usr/local/unixODBC/lib -lodbc"
  COBOPT="-t"
  COBCPY="/jates/tuxedo80/cobinclude:/jates/btn/btndevl/incl:/jates/cobol/cobol4000sp2/cpylib"
  #avoid unwanted C-compiler warnings
  NLSPATH=$NLSPATH:/opt/ansic/lib/nls/msg/C/%N.cat
  # btnrouter
  btnrouter: /jates/progs/tps/btnrouter.cbl /jates/progs/tps/btn400.cbl /jates/progs/tps/mod461.cbl /jates/progs/tps/mod470.cbl
       buildserver -C -v -o $@ \
  -f /jates/progs/tps/btnrouter.cbl \
  -f /jates/progs/tps/btn400.cbl \
  -f /jates/progs/tps/mod461.cbl \
  -f /jates/progs/tps/mod470.cbl \
  -f /jates/progs/tps/res400.cbl \
  -f ${ODBCLIBS} \
  -s SJETAIR
       -tmshutdown -s $@
       cp -p $@ ..
       -tmboot -s $@
  # general instructions
  .SUFFIXES: .cbl .c .o
  .c.o: $(BTNINC)/fml_flds.h
       cc -c $(INCLUDES) $<
  .cbl.o: $(BTNINC)/fml_flds.h
       cob -xc $<
  #******************************************************

  The normal way to use Tuxedo with an XA-compliant resource manager is to
  1. Have the Tuxedo administrator add a line for the resource manager to the
  $TUXDIR/udataobj/RM file including the resource manager name, XA switch
  name, and libraries required for linking.
  2. Build servers using the resource manager with the "-r rmname" line.
  This will include the resource manager lines specified in
  $TUXDIR/udataobj/RM in the buildserver line, and the application will not
  need to manually provide the libraries to buildserver.
  3. If using transactions, have the Tuxedo administrator build a TMS process
  for the RM using the buildtms command, or do this yourself. If not using
  transactions, this step can be omitted.
  When a server is built with the "-r rmname" option, Tuxedo will
  automatically call TPOPEN to connect to the resource manager within
  TPSVRINIT.
  (The only exception to this is if the application programmer replaces the
  default verion of TPSVRINIT with their own version and does not include a
  call to TPOPEN, so it is good to verify that this is not the case.) Since
  Tuxedo opens the resource manager when the server is started, there is no
  need to include SQL CONNECT statements within the application logic in such
  a server.
  If your resource manager is not XA compliant then you will need to manage
  connection to the database yourself, but most databases are XA compliant
  nowadays.
  <Paul Debleecker> wrote in message news:[email protected]...
  Hi,
  I'm trying to use SQL through COBOL applications in a Tuxedo (8.0)
  environment.
  I've added the ODBC libpath to the buildserver command. The
  execution/compilation of the buildserver seems to be ok, but upon
  execution of the cobol program the SQL CONNECT fails with SQL-error err
  10000.
  I have no idea how to make SQL work ? Can anyone help ?
  I read about RM (resources manager), is this required to make it work ?
  thanks !
  Hugo
  Our platform is HP/UX and we use SQL/COBOL outside tuxedo without
  problems.
  This is the make file :
  # Fc 970618: incremental compilation for Cobol added
  TUXINC=$(TUXDIR)/include
  BTNINC=$(BTNDIR)/incl
  INCLUDES=-I $(TUXINC) -I $(BTNINC) -I /jates/progs/srcs
  ODBCLIBS="-L /usr/local/unixODBC/lib -lodbc"
  COBOPT="-t"
  COBCPY="/jates/tuxedo80/cobinclude:/jates/btn/btndevl/incl:/jates/cobol/cobol4000sp2/cpylib"
  #avoid unwanted C-compiler warnings
  NLSPATH=$NLSPATH:/opt/ansic/lib/nls/msg/C/%N.cat
  # btnrouter
  btnrouter: /jates/progs/tps/btnrouter.cbl /jates/progs/tps/btn400.cbl
  /jates/progs/tps/mod461.cbl /jates/progs/tps/mod470.cbl
  buildserver -C -v -o $@ \
  -f /jates/progs/tps/btnrouter.cbl \
  -f /jates/progs/tps/btn400.cbl \
  -f /jates/progs/tps/mod461.cbl \
  -f /jates/progs/tps/mod470.cbl \
  -f /jates/progs/tps/res400.cbl \
  -f ${ODBCLIBS} \
  -s SJETAIR
  -tmshutdown -s $@
  cp -p $@ ..
  -tmboot -s $@
  # general instructions
  .SUFFIXES: .cbl .c .o
  .c.o: $(BTNINC)/fml_flds.h
  cc -c $(INCLUDES) $<
  .cbl.o: $(BTNINC)/fml_flds.h
  cob -xc $<

• Can I use SQL *Plus 11.1.0.7.0 to connect Oracle Express 10g

  Hi guys:
  I download "Oracle 11g ODAC *11.1.0.7.20* with Oracle Developer Tools for Visual Studio", trying to use SQL *plus to see if configuration is alright.
  But after entering account/pwd, I got a error:
  ORA-12560: TNS:protocol adapter error
  What is wrong with my environment?
  Thanks,
  Ricky

  user12086319 wrote:
  Hi EdStevens,
  Following the instructions in previous post, I can connect with SQL plus (the database is on the same box* as your sqlplus client); I just enter sqlplus in windows console.
  In addition, i am still curious about how SQL plus connect to a remote* box. Could you shed more light on that?SQLPlus connects to a remote db the same way any other app does. After all, sqlplus is just another client app.
  It's all in the connect string. So say, at a command prompt you enter
  $> sqlplus scott/tiger@mydbso in the above example, 'scott' is the user, 'tiger' is the password, and 'mydb' is the tns service name. Of course, the OS passes all that to sqlplus as a command line parameter. Internally, sqlplus makes a call to the tns layer and passes it the connect information it has. TNS will take a look at the tnsnames.ora file and find an entry for 'mydb', and from there it will get the name or ip address of the host server, a port number, and a service name. That information will be passed on down the network stack for routing. (If a name was provided instead of an ip address, the OS network stack will use whatever means are at its disposal - a hosts file, a dns lookup, or whatever, to get an ip address). The request will arrive at the specified host and placed on the specified port. If everything was configured correctly, there will be an oracle listener process monitoring that port. It will pick up the request and see if it recognizes the service name. If it does, it will spawn a user server process on a different port to complete the connection, then get out of the way and continue listening for more requests.
  This is how it happens most of the time. There are a lot of other variants, but that's the gist of it.
  More information can be found in the fine documentation at tahiti.oracle.com.

• Problem with Using SQL to write SQL

  HI,
  ---I am trying to use sql query to write a sql statement like following:
  update abc_tab set dept_cd = replace(dept_cd, 'HRE','HW');
  ---Since I have a lot of same kind updates, so I tried following:
  select ' update '||table_name||' set '||column_name||' =replace('||column_name||','
  ||'HRE'||','||'HW'||');' from dba_tab_columns
  where owner='EDU' and column_name like 'DEPT%'
  --- the result is something like this:
  update abc_tab set dept_cd = replace(dept_cd, HRE,HW);
  --- so I gave '''' for the string as follow:
  select ' update '||table_name||' set '||column_name||' =replace('||column_name||','
  ||''''HRE''''||','||''''HW''''||');' from dba_tab_columns
  where owner='EDU' and column_name like 'DEPT%'
  ---- I would get an error, saying FROM key word not found.
  Can someone help me out one this please.
  Thanks a lot
  Wendy

  Hi,
  Something like this might help
  select ' update ' || table_name || ' set ' || column_name || ' =replace(' ||
         column_name || ',' || '''HRE''' || ',' || '''HW''' || ');'
    from dba_tab_columns
  where owner = 'EDU'
     and column_name like 'DEPT%'Regards,
  Bhushan
  Edited by: Buga formatted the query

• JHBCI Provider trying to use self to verify

  Hi, I'm trying to use the JHBCI provider and it's running into a problem when it executes its self-verification code. The JarVerifier wants to create a Key instance and low and behold it tries to use the JHBCI implementation of Key, so as part of instantiation it attempts to verify itself again and it eats its tail until the stack overflows.
  This is with Tomcat. I've put the JHBCI provider in jre/lib/ext and added it as #2 in my list of Security providers.
  It looks to me from the JHBCI source that they're verifying using the technique described on Sun's website in the article on writing a JCE provider. So what's up? How can I get this to work? I don't necessarily want to put the SunJCE provider first cause I want to use the crypto code from JHBCI.
  This seems like a general problem with any Provider that provides JCE tools used to verify jar files (Keys, Certificates and what not). What's the recommended way to avoid this chicken and eggishness? Is there some sort of classloader business that I'm missing?

  Here's the stack trace, for what it's worth. Note that this sequence repeats itself indefinitely:
  at sun.security.pkcs.PKCS7.parse(PKCS7.java:110)
  at sun.security.pkcs.PKCS7.<init>(PKCS7.java:92)
  at sun.security.util.SignatureFileVerifier.<init>(SignatureFileVerifier.java:64)
  at java.util.jar.JarVerifier.processEntry(JarVerifier.java:261)
  at java.util.jar.JarVerifier.update(JarVerifier.java:194)
  at java.util.jar.JarFile.initializeVerifier(JarFile.java:251)
  at java.util.jar.JarFile.getInputStream(JarFile.java:313)
  at de.cscc.crypto.provider.JHBCI$JarVerifier.verify(JHBCI.java:590)
  at de.cscc.crypto.provider.JHBCI.selfIntegrityChecking(JHBCI.java:486)
  at de.cscc.crypto.provider.RSAKeyFactoryEngine.<init>(RSAKeyFactoryEngine.java:56)
  at sun.reflect.GeneratedConstructorAccessor11.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor
  AccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
  at java.lang.Class.newInstance0(Class.java:306)
  at java.lang.Class.newInstance(Class.java:259)
  at java.security.Security.doGetImpl(Security.java:1136)
  at java.security.Security.doGetImpl(Security.java:1083)
  at java.security.Security.getImpl(Security.java:1044)
  at java.security.KeyFactory.getInstance(KeyFactory.java:108)
  at sun.security.x509.X509Key.buildX509Key(X509Key.java:200)
  at sun.security.x509.X509Key.parse(X509Key.java:150)
  at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:58)
  at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:692)
  at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:155)
  at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1630)
  at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:286)
  at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:94
  at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.ja
  va:389)
  at sun.security.pkcs.PKCS7.parseSignedData(PKCS7.java:267)
  at sun.security.pkcs.PKCS7.parse(PKCS7.java:141)

• Implement row-level security using Oracleu2019s Virtual Private Databases (VPD)

  Environment: Business Objects XI R2; Oracle 10g
  Functional Requirement:
  Implement row-level security using Oracleu2019s Virtual Private Databases (VPD) technology. The restriction is that the Business Objects Universe connection should use a generic/u201Capplicationu201D database user account. This will allow the organization to avoid the situation where the Business Objects password and the Oracle password need to be kept in synch.
  What do we need from the Business Objects support team?
  1.     Review the 2 attempted solutions that we have tried to implement
  2.     Propose solutions/answers to open questions for each of the attempted solutions
  3.     Propose any alternate solution that will help us implement the Function Requirement stated above
  Attempted Solution 1: Connection String uses Oracle Proxy User
  The connection string that is specified in the Universe is the following:
  app_user[end_user]/app_user_pwdarrobaDatabase.WORLD
  app_user = generic application user
  end_user = the oracle account of the end user which is set using arrobaVariable('BOUSER') app_user_pwd = password of the generic application user
  We have tried and implemented this in our test environment. However, we have some questions and concerns around how the connections are reused in a connection pool environment.
  Open Question for Solution 1:
  i. What happens when multiple proxy users try to connect on at the same time?  Business Objects shares the generic app_user connect string.  However, every user that logs on will have their own unique proxy user credentials.  Will there be any contention involved?  If so, what kind of errors can we expect?
  ii. If a user logs on using his credentials (proxy user), and business objects opens up a connection to the database using that user's credentials (as the proxy user but logging in through the generic app user). Then the user exits out --> based on our test today, it seems like the database connection remains open.  In that case, if another user logs on similarly with their credentials, will business objects simply assign the first users connection to that second user?  If so, then our security will not work.  Is there a way that Business Objects can somehow ensure that everytime we close a report, the connection is also terminated both at the BO and DB levels?
  iii. Our 3rd question is general high level -> How connection pooling works in general and how it is implemented in BO, i.e. how are new connections assigned, how are they recycled, how are they closed, etc.
  Attempted Solution 2: Using the ConnectInit parameter
  Reading through a couple of the Business Objects documents, it states that u201CUsing the ConnectInit parameter it is possible to send commands to the database when opening the session which can be used to set database specific parameters used for optimization.u201D
  Therefore, we tried to set the parameter in the Universe using several different options:
  ConnectInit = BEGIN SYSTEM.prc_logon('arrobaVARIABLE('BOUSER')'); COMMIT; END; ConnectInit = BEGIN DBMS_SESSION.SET_IDENTIFIER('arrobaVariable('BOUSER')'); COMMIT; END;
  Neither of the above iterations or any variation of that seemed to work. It seems that the variable is not being set or being u201Cexecutedu201D on the database.
  One of the Business Objects documents had stated that Patch ID 38, 977, 350 must be installed in our BO environments. We have verified that this patch has been applied on our system.
  Open Questions for Solution 2:
  How do we get the parameter ConnectInit to work? i.e. what is the proper syntax to enter and what other things do we need to check to get this to work.
  Note: Arroba word is being used instead of the symbol in order to avoid following error message:
  We are sorry but your message can not be posted since you have included an email address. Please remove the email address and re-post.

  the connectinit setting should look something like this:
  declare a date; begin vpd_setup('@VARIABLE('BOUSER')'); Commit; end;
  The vpd_setup procedure (in Oracle) should look like this:
  CREATE OR REPLACE procedure vpd_setup (p_user varchar)IS
  BEGIN
    DBMS_SESSION.set_vpd( 'SESSION_VALUES', 'USERID', p_user );
  END vpd_setup;
  Then you can retrieve the value of the context variable in your vpd functions
  and set the vpd.

• Using beforeTrigger to implement VPD security model - any suggestions?

  Hi,
  I'm investigating using the beforeTrigger in a data set to implement VPD security. The idea is that a parameter containing the username would be passed to the beforeTrigger pl/sql function to set the user context for that database session. I got this to work in a small prototype, but ran into a couple of what seem to be significant restrictions.
  1) The pl/sql package I name in the dataTemplate defaultPackage must contain a global variable for each report parameter. In my case I'm passing the username to the pl/sql method as an bind variable argument, so I don't need/want any global variables. This is a major problem as we will have lots of reports all with different parameters. I want to bind the parameters using the :PARAM bind variable in the queries themselves.
  Is there a way to avoid having to make each parameter a global variable?
  2) We will need the ability to call various pl/sql packages in different reports. The following ER makes it sound as if this is not possible - but I haven't actually tested it out:
  Bug# 6472921 - ALLOW FUNCTION CALL OUTSIDE OF DEFAULT PACKAGE IN DATA TEMPLATE
  Is it required that all of the pl/sql calls for a data set be within the same pl/sql package?
  I've included my dataTemplate below for reference.
  If anyone has experience establishing VPD security for a data set using this technique or another, I'm interested in hearing what you recommend.
  Thanks,
  Leslie
  <dataTemplate name="TARGET_DATA_TEMPLATE" defaultPackage="MGMT_IP">
  <properties>
  <property name="debug_mode" value="on"/>
  </properties>
  <parameters>
  <parameter name="EMUSER" dataType="character" defaultValue="THREE"/>
  </parameters>
  <dataTrigger name="beforeReport" source="MGMT_IP.IPSETUSERCONTEXT(:EMUSER)"/>
  <dataQuery>
  <sqlStatement name="Q1">select TARGET_TYPE as TARGET_TYPE, TARGET_NAME
  as TARGET_NAME from mgmt$target order by TARGET_TYPE</sqlStatement>
  </dataQuery>
  <dataStructure>
  <group name="G1" source="Q1">
  <element name="TTTYPE" value="TARGET_TYPE"/>
  <element name="TNAME" value="TARGET_NAME"/>
  </group>
  </dataStructure>
  </dataTemplate>

  Hi Leslie,
  Step 1.
  Setup the VPD policy in database,
  Create some proxy users, and create data sources and try querying, by login in with the different users.
  You should be able to get the different results based on user logged in.
  Step 2:
  Package in data template.
  for each report, you need to create separate package.
  And the parameters in the report should be declared as Global variables in the report.
  And once the trigger calls the package, then i guess, package has control to call other packages inside the database.
  You can write all the function in the default package.
  Is it required that all of the pl/sql calls for a data set be within the same pl/sql package?
  I guess, yes as of now. if you need anything outside this default, you can call them in the default package like a wrapper may be.
  This is what i can think right now.
  Will try my luck on this and let you know :) in details.

• BI publisher concurrent comes back with warning trying to use PL/SQL

  Hello,
  I am new to BI publisher and I am trying to use PL/SQL to generate XML and have the Publisher display the report with a template I have created. The concurrent is completing with a warning and from looking at the other forum posts I found the following in the OPP error logs...
  Template code:XML_TEST
  Template app: XML
  Language: en
  Territory: 00
  Output type: RTF
  [3/2/11 2:27:37 PM] [393078:RT2163613] Output file was found but is zero sized - Deleted
  [3/2/11 2:27:37 PM] [UNEXPECTED] [393078:RT2163613] java.lang.reflect.InvocationTargetException
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at oracle.apps.xdo.common.xml.XSLT10gR1.invokeNewXSLStylesheet(XSLT10gR1.java:611)
  at oracle.apps.xdo.common.xml.XSLT10gR1.transform(XSLT10gR1.java:239)
  at oracle.apps.xdo.common.xml.XSLTWrapper.transform(XSLTWrapper.java:182)
  at oracle.apps.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:1044)
  at oracle.apps.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:997)
  at oracle.apps.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:212)
  at oracle.apps.xdo.template.FOProcessor.createFO(FOProcessor.java:1665)
  at oracle.apps.xdo.template.FOProcessor.generate(FOProcessor.java:975)
  at oracle.apps.xdo.oa.schema.server.TemplateHelper.runProcessTemplate(TemplateHelper.java:5936)
  at oracle.apps.xdo.oa.schema.server.TemplateHelper.processTemplate(TemplateHelper.java:3459)
  at oracle.apps.xdo.oa.schema.server.TemplateHelper.processTemplate(TemplateHelper.java:3548)
  at oracle.apps.fnd.cp.opp.XMLPublisherProcessor.process(XMLPublisherProcessor.java:302)
  at oracle.apps.fnd.cp.opp.OPPRequestThread.run(OPPRequestThread.java:176)
  Caused by: oracle.xdo.parser.v2.XPathException: Namespace prefix 'ref' used but not declared.
  at oracle.xdo.parser.v2.XSLProcessor.reportException(XSLProcessor.java:806)
  at oracle.xdo.parser.v2.XSLProcessor.newXSLStylesheet(XSLProcessor.java:571)
  ... 17 more
  I am pretty sire the PL/SQL is OK beacuse if I run without a template the XML output is displayed as expected.
  Would anyone have any ideas on this?

  Here's your problem:
  "Caused by: oracle.xdo.parser.v2.XPathException: Namespace prefix 'ref' used but not declared.
  at oracle.xdo.parser.v2.XSLProcessor.reportException(XSLProcessor.java:806)
  at oracle.xdo.parser.v2.XSLProcessor.newXSLStylesheet(XSLProcessor.java:571)
  What version of BIP Desktop are you using? From the error message it appears to be Template builder for Word 11.1.1.3. eBS is probably using 5.6.3 .
  Try this - edit the fields in the template using MS Word. Under Help or Status, remove tags that contain <?ref.....?>. Save and upload the template.
  Hope this helps. If this works, please don't forget to give me points for the right answer.

• "the feature you are trying to use is on a network resource that is unavailable", SQL Server 2008

  when I try to install SQL Server enterprise 2008, during the installation processing, an error information occurs, it said that 'the feature you are trying to use is on a network
  resource that is unavailable', it is missing this file "sql_engine_core_shared.msi".
  Even I locate an available file with the same version for the installation, it still alert this error information. But actually  the file exists in the directory that belong to the whole installation directory. 
  Because of this problem, I can`t complete the whole SQL Server installation. My computer OS is windows 7 Enterprise SP1, 32-bit, with .Net Framework 4.0. And I has installed Visual Stdio 2008, could this program impact the installation of SQL Server 2008?
  Any good ideas, Thanks.

  Hi,
  SQL Server 2008 Enterprise dose not support Windows
  7. You can try SQL Server Standard, or SQL
  Server Developer, or SQL Server Express. Please
  check this link:
  http://msdn.microsoft.com/en-us/library/ms143506.aspx
  [Personal Site] [Blog] [Facebook]