User that can see different schemas
Dear Gurus,
In my db I've 2 schemas with 2 different user each one....so:
Schema A with user A_user
Schema B with user B_user
Now I created a new user's schema.
Schema C with user C_user
I need to allow C_User to see schema A and Schema B in read Only.
How can I do it?
Please let me know
regards
Hi,
You've got the basic idea.
Remember that names in quotes are case-sensitive. You probably need:
FOR r IN (SELECT OWNER, TABLE_NAME FROM ALL_TABLES WHERE owner='A_USER') -- Not ... 'A_User'This assumes SYSTEM has the necessary privileges to grant privileges on a_user's tables. If that's not the case, you can have SYSTEM create the role, but have a_user grant the privilleges to the role.
Where I work, typically, a DBA creates the role, then grants it to the owner WITH ADMIN OPTION
GRANT a_readonly TO a_user WITH ADMIN OPTION;Of course, a_user doesn't need the role to see the tables, but this gives a_user the ability to grant the role (or revoke it from) other users without getting the DBA involved. A_user then does steps (2) and (3).
A small thing: I would call the role A_ReadOnly, or something with A in the name, not C.
The important thing about the role is that it allows grantees to see A's tables.
The fact that the role was made for C_User is not so important. The role will remain essentially the same if other users get the role, or C_User is dropped.
Edited by: Frank Kulash on Jun 3, 2009 11:45 AM
Similar Messages
-
Portal30 only user that can see Other Providers
Which privilege am I missing to allow users to see the portlets of Other Providers to add to their pages?
When a user is customizing a page and wants to add more portlets, that user has to have "Edit Contents" rights on the providers that contain the portlets? I don't think I understand.
-
we are a creative design studio, we need to use apple mac pro server , so we can make more than a different user to use at the same time doing different activities, on different screens, is it possible?what is the max. no. of users that can work efficient.
Appreciate your support and if possible , how to do this?If you want to work with Mac OS X, you need one computer per simultaneous user.
What you are describing, " Multiple simultaneous logins to a single computer" is not avialable on a regular Mac of any description, unless you decide to use Unix tools instead of Mac OS X.
Server will happily store files for many, many users and provide them to multiple (up to hundreds) of computers at "near hard Drive" speeds over Gigabit Ethernet. It can make the File Sharing part easy. -
Create a user that can only access to one schema - please help!!
Hi all,
I want to create one user in a Oracle DB that can only access to one schema. I did the following:
CREATE USER "TEST" PROFILE "DEFAULT"
IDENTIFIED BY "test" DEFAULT TABLESPACE "USERS"
TEMPORARY TABLESPACE "TEMP"
ACCOUNT UNLOCK;
GRANT SELECT ON "TESTDTA"."F0007" TO "TEST"
GRANT "CONNECT" TO "TEST";
I have done a test and the user TEST can access all schemas, when I only gave explicit permissions to the schema TESTDTA.
Any suggestion/clarification???
Many thanks in advance.
Víctor.Hello Andreas and Pavan,
I have launched the query:
select * from dba_tab_privs
where grantee = 'PUBLIC'
and owner = 'PRODDTA'
and table_name= 'F0009';
And the result:
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRA HIE
PUBLIC PRODDTA F0009 PRODDTA ALTER NO NO
PUBLIC PRODDTA F0009 PRODDTA DELETE NO NO
PUBLIC PRODDTA F0009 PRODDTA INDEX NO NO
PUBLIC PRODDTA F0009 PRODDTA INSERT NO NO
PUBLIC PRODDTA F0009 PRODDTA SELECT NO NO
PUBLIC PRODDTA F0009 PRODDTA UPDATE NO NO
PUBLIC PRODDTA F0009 PRODDTA REFERENCES NO NO
PUBLIC PRODDTA F0009 PRODDTA ON COMMIT REFRESH NO NO
PUBLIC PRODDTA F0009 PRODDTA QUERY REWRITE NO NO
PUBLIC PRODDTA F0009 PRODDTA DEBUG NO NO
PUBLIC PRODDTA F0009 PRODDTA FLASHBACK NO NO
11 rows selected.
Then I supose that I have to change the value on column GARANTEE. How can I do that?
Thanks a lot for your help!!
Víctor. -
How to create a user that can login the LDAP?
I want to create a user that can login the OID/LDAP. I know how to create a user, it is allowed to login OIDDAS, but I also want the user to grant access to ldap directly. How do i do that?
And how can I give it read rights and or update/delete rights on a specific tree?
Regards
EelcoEelco,
did you see the OiD developers guide? Here you find some examples how to create users in OiD using pl/sql or java.
http://download-west.oracle.com/docs/cd/A97329_03/manage.902/a95193/smplcode.htm#637294
how to use directory access control can be found in
http://download-west.oracle.com/docs/cd/A97329_03/manage.902/a95192/access.htm#1054232
--Olaf -
I have a requirement where I have to give the list of users who can access a specific computer define in AD.
I am new with PS.
Do you have a script to list users that can access a computer object of AD ?
I have executed the following script but it does not give me the access rights of who can access the computer 'computername'
How can i have this information. please help
Import-Module activedirectory
$computer=get-adcomputer "computername" -properties ntSecurityDescriptor
$omputer.ntsecurityDescriptor.Access | select-object -expandproperty IdentityReference | sort-object -uniqueI would say that, since the OP has so little info, there are no policies in use. It there were then this question would never be asked the way it is being asked.
I had a client call with a letter from their insurance company; an accountant with malpractice insurance. THey asked the same question inmuch the same way. "What computer can you users access?" The question should be more like
"Do you have a policy that restricts access to computers and do you audit for compliance?"
I have had other clients whose insurance asked the question in that way. It produces a better view of what should be happening and how to show compliance.
I recommend that companies being asked these questions by their legal departments or insurance companies should contract with a god computer security consultant to assist with answering these very tricky questions. Of course if it is just you boss's
curiosity then you may need to discuss his requirements with him in more depth.
¯\_(ツ)_/¯ -
What is the maximum number of users that can be simultaneously connected to a shared drive on an Airport Extreme?
50
I haven't tried this, but imagine that things are going to be quite slow. -
Maximum number of 10 users that can connect and share?
I discovered today that Leopard seems to limit the number of users that can access a shared folder to 10! Can this really be true? This will make my lab kind of useless if only half of the computers can log on to the shared folder and access their files.
Is there some setting I am missing to correct this?
20 imacs connect to my MacPro's shared folder to read/write.Is there some setting I am missing to correct this?
Yes, money; $999.00 to be exact. As was stated the client version of OS X has a 10 user limit. To get more capacity you will need to buy and install OS X Server version.
http://store.apple.com/us/product/MB605Z/A?mco=MTIxODk3Mw
OS X Server with a 10-client license is $499.00 but you already said you had 20 Macs so you need the unlimited client version. -
Limit on number of users that can be provisioned in one AE request
Hi Gurus,
Could you please let me know if there is a cap on the number of users that can be requested for provisioning in one single AE request. We are on AE 5.2? and we are facing this error when we try to raise a request containign more than 25 users:
"User Provisioning failed for System(s) : FEP. Error Message : User ####### not found;"
Let me knwo if you need further information on this error.
thanks,
PoornimaPoornima,
Its recommended not to create a request for more than 20 users for mass provisioning.
Try with 20 users max., I think it should resolve your problem.
Thanks,
Tavi -
There are many Macs in the network, but only a few are supposed to use the TC. Is there a way to hide a TC from the other users?
We also have an Open Directory server. Those users that are allowed to use the TC are also in the OD (i.e. the users managed by the OD). Is it possible to configure the Time Capsule in a way that it requires a login via OD?Is there a way to hide a TC from the other users?
Not unless you want to try to use the option to "hide" the wireless network that the TC provides.....assuming that you are asking about wireless connections here, not Ethernet.
Users who know the name of the wireless network and wireless password will be able to connect. The others won't.
"Hidden" networks do not always work as well as you might expect, but it might be worth a a try.
You might also want to take a look at the Timed Access feature in AirPort Utility. Here, you can specify which Macs will be allowed to connect to the TC wireless network and which will not. Other Macs might be able to "see" the network, and they could even have the password, but they will not be able to connect unless you have set up a rule to allow that specific device to connect.
Is it possible to configure the Time Capsule in a way that it requires a login via OD?
None that I know of. -
Create a script that can create entire schema with data when run
Hi,
I need to create a script that creates the entire schema on a database when the script is run. the need is that the script should be capable of creating all schema objects with grants and all, including the table data.
The same objective can be achived through export / import.But we don't want to deliver the dump files instead a script which will be executed on a database created with same database stucture of tablespaces etc.
I have serched the net but yet to achive the goal.
Is there any oracle utility / script file that can do this for me ?
Can Oracle import be used to create the same, the way it is used to create index File ?
Please suggest !!
RegardsYou should look at the package dbms_metadata to be able to extract all ddl to recreate a schema. To load the data, you could write scripts that will generate insert statements and spool these to a file (sql generating sql), or you could write scripts that generates a delimited file and use sql loader to load the data into the target system. There are lots of little gotchas in either of these 2 solutions. The biggest 2 right away. 1 - picking a delimiter, 2 - dealing with carriage returns in text data. SQL Developer is able to do some extraction, so before you go writing this stuff yourself, I would check it out to see if it does what you are looking for before you reinvent the wheel.
-
Can see different brush size options but it won't let me change the size
When I'm in Flash CC 2014, I go to the tools menu, then the brush size option, and I can see all of the various brush sizes. I am able to click any size, but when I go to draw, it keeps defaulting to the same size over and over. I'm completely unable to change the brush size. Any ideas?
i am using a wacom bamboo fun cte-650 as my tablet
the pressure sensetivity is disabled, and the tilt option is disabled as well.
i am running flash CC 2014 = Version 14.0 - Released June 2014
and we have tried this with just the mousepad, and the tablet, neither seem to let us change brush sizes
i have attached a video of the issue taking place -
Create user who can update another schema table
Hi,
We have a prod system under which we need to update the application schema by running different update statement and create/execute function,procedure,package body. This is very easy if you use the owner schema. But i need to run those activities from another user due to some restriction. How can i do that??
May u suggested to give update any table privilege..but this would give all the dictionary table access also.
Is there any privilege that would allow any other user to update another schema table without using the schema name infront of the table name??
Plss suggestJohn,
Can we use public synonym for it ? I don't know the security risk for it though :
SQL> connect hr/hr
Connected.
SQL> select * from scott.emp;
select * from scott.emp
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> connect scott/tiger
Connected.
SQL> create public synonym scotemp for scott.emp;
Synonym created.
SQL> connect hr/hr;
Connected.
SQL> select * from scotemp;
select * from scotemp
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> connect scott/tiger
Connected.
SQL> grant select on emp to hr;
Grant succeeded.
SQL> connect hr/hr
Connected.
SQL> select * from scotemp;
14 rows selected.
SQL> show user;
USER is "hr"
SQL> update scotemp set ename='SMITHX' where empno=7369;
update scotemp set ename='SMITHX' where empno=7369
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> connect scott/tiger
Connected.
SQL> grant update on emp to hr;
Grant succeeded.
SQL> connect hr/hr
Connected.
SQL> update scotemp set ename='SMITHX' where empno=7369;
1 row updated.
SQL> rollback;
Rollback complete.
SQL>
Regards
Girish Sharma -
Maximum number of concurrent users that can connect to a SQL DB
I see various SQL DB plan S0, S1, S2 and P1, P2 and P3. Each one of them talk about DTU's but never talk about the max number of concurrent users. Where can I find that number and is it configurable by the end user?
It is the maximum connection that is most important. Best practice is not to have users holding on to their connection for long period of time. Maximum user connection in SQL is 32767, resource permitting. Not sure for Azure SQL. If you follow best
practice, you are not supposed to hit this limit cause other limits will be hit first.
Frank -
Mount network volume: different users same credentials, see different shares
A set of network volumes on a NAS need to periodically be backed up to a local USB disk. Manually, I can mount most shares (from a Finder window). In a shell script I can list all files due (find) and use that list for backing up to a local USB volume (cpio). So far so good. However, I need to mount these network volumes first. The mount command doesn't seem to work for me.
How do I mount a network volume in a shell script?
Also I noticed that if under fast user switching user A logs in with credentials uName and uPassword, the NAS shows 6 shares to choose from. When user B on the same machine logs in with the same credentials uName and uPassword, only 5 shares are visible and one is not shown. It looks as if the credentials do not uniquely determine the volumes offered for mounting. Also, when user B mounts a share, it appears to be owned by user A (who is logged in but has not mounted any share on the NAS) rather than owned by B or by uName...
How do I mount this volume as user uName rather than A or B?
How can one uniquely determine the identity of the volume? Network volumes don't show UUIDs and the name given in the /Volume/ folder can change, as is discussed in message 11871367.eljonco wrote:
I just checked: after a reboot, user A logs in (automatic login enabled), user A logs out, user B logs in, ls -a /Volumes only shows local HD and a USB HD. No network mounts there.
In the finder window, the NAS shows up on the left. Clicking it and entering credentials uName, uPassword, a list of five, not 6, items is offered for mounting. So your options 1 and 4 are then ruled out, unless an alias made by user A and copied to user B's home folder would still link to user A's mounting options.
Actually, only option 1 is ruled out. That Finder list is simply not reliable. It is likely cached somewhere and could be restored by deleting some hidden preference file. It regularly causes people to freak out when they see some sharepoint listed on a network that they have long since left.
If you did Go > Connect to Server in the Finder and typed in the location, you could still create an alias.
Once mounted one of 5 shares as uName with uPassword, an ls -al /Volumes shows the local drives and
drwx------@ 11 B staff <date> sharename
and all folders in sharename also show B:staff as user:group. I find that strange, as I did not log in to the share with credentials B, but with credentials uName. Anyhow.
The uName user is for the network share. When MacOS X mounts that, it gives it permissions appropriate for the user who did the mounting. If you did an NFS mount as root, the server would handle permissions via UNIX uid and gid. I'm really not familiar with the details of AFP.
As I read in a post about autoFS that 'cd /Volume/theHiddenShare' should magically mount that share, I gave it a shot. Alas, '/Volumes/theHiddenShare: No such file or directory'. Same long shot in the dark in the 'Go/Connect to' dialog gave 'The folder cannot be found'. Not surprisingly, I suppose.
Yes. That has to be setup
Here is what I've done to my /etc/auto_home:
# Automounter map for /home
#+auto_home # Use directory service
# Get /home records synthesized from user records
#+/usr/libexec/od_user_homes
myserver.org -allow_other,reconnect,fstype=sshfs [email protected]:/home/me_remote
I'm not on a big network, so I've disabled the system functionality by commenting out "+auto_home" and "+/usr/libexec/od_user_homes". Now, the system doesn't manage /home and I am free to do with it what I want. This will mount the path "/home/myserver.org" connected to the "me_remote" user on "myserver.org". I'm using the funky MacFUSE sshfs filesystem. Your AFP file system should work much better. Your line would look something like this:
drive5 -fstype=afp uUser@MyLocalServer:/theHiddenShare
Run "automount -vc" to reset your automount system.
Next use Finder Go > Connect to Server and type in "afp://uUser@MyLocalServer:/theHiddenShare".
You want to mount the drive once so that you can store uPassword in your keychain.
Now unmount the drive.
The Finder mounts all go into /Volumes and, as you have discovered, can get themselves confused. This automount will be at "/home/drive5". All you have to do is enter that folder in the Finder and it will be automatically mounted. If you haven't used it for a while, it will be unmounted automatically.
You may have to play around with this a little. I don't have any network AFP share that I need to mount on a regular basis, so those parameters may need to be adjusted somewhat.
Maybe you are looking for
-
Maximize the chances of getting and prompt response and good suggestions exponentially.
Hi there Folks First I want to say that all issues cannot be solved by troubleshooting. There are times when the hardware of the device damage been damage or and then is time to replace the unit. With that being said the majority of the problems tha
-
How to rename mailbox in N97 mini
I set 3 mailboxex with the automatic configuration wizard in N97 mini. The mailboxex have been automatically named by the SW. Can someone tell me how to rename them? Thank in advance Seiseralm Solved! Go to Solution.
-
Hello! Today my MBP (Early 2008) crashed two times. I copied the error message: Fri Sep 26 21:51:26 2008 panic(cpu 0 caller 0x001A8CEC): Kernel trap at 0x003f2298, type 14=page fault, registers: CR0: 0x80010033, CR2: 0x004c1c40, CR3: 0x01a95000, CR4:
-
I recently bought a 2GB memory kit for a G4 15" 1.67GHz Aluminum Powerbook from Crucial. The kit came with two 1GB sticks of PC-5300 memory. My single 1GB stick of PC-4200 was working fine, but I just figured it would be fun to max out this old lapto
-
Please advise: how can I restore the functionality of printing an iPhoto 6 photobook to PDF? I was successful before my upgrade to Leopard in printing to PDF my iPhoto photobooks. However, no matter how I tried, even opening a new instance of iPhoto