Using database users to login on portal

Similar Messages

• Discoverer Login using Application User

  Hi,
  we have a portal developed using adf and jsf where the usernames and passwords are stored in the table when the user enters the login and password information a procedure check is the user is valid and logs into the application we have VPD to control the security.
  Now i want to pass the logged in username ( Application user ) as application_user parameter,to discoverer url and use it in the post login trigger. How can i achive this ? I am passing the oracle username and password to connect to the database in the url using post method.
  Thanks in advance.

  Hi,
  You are right you cannot pass the Discoverer password in a URL unless you use a HTTP Post transaction.
  If you are using Oracle Applications you can connect directly to Discoverer from an Applications form function or use SSO.
  If you are using some custom application and the username is not a database user, then you could using a common database username/password and run a logon workbook then runs your custom logon process. The application username and password would then be in the parameters to the workbook in the URL and not Discoverer usernames and passwords.
  Hope that is clear.
  Rod West

• How to Execute a Remote Procedure in Portal using Database Link

  Hi,
  I followed the instructions to create a Portal form for a remote procedure. But I am encountering the following error. Can someone advise what may be the cause?
  Failed to execute - Missing string(create_package_body) language(us) domain (wwv) sub_domain (wwv_builder) (WWV-04300)
  ORA-04020: deadlock detected while trying to lock object PUBLIC.PORTLET_SCHEMA (WWV-11230)
  Failed to parse as PORTAL - (WWV-08300)
  PURPOSE
  How to execute a remote procedure in Portal using Database Link.
  DESCRIPTION
  This procedure assumes that you have two databases, one of which is remote, and Portal is configured in the other.
  Remote Database A:
  ==================
  1) Create a procedure as follows: Create or Replace PROCEDURE SCOTT.ADD_TWO_VALUES ( v_one IN NUMBER, v_two IN NUMBER, v_result OUT NUMBER) as begin v_result :=v_one+v_two; end; 2) Grant execute privileges to PUBLIC on the procedure.
  Database B (where Portal is configured): ========================================
  1) Create a public database link and choose to connect as a specific user (say SYSTEM). By default, in an Oracle 8i database, the "global_names" parameter in initSID.ora (or init.ora) file is set to "true". This Global Naming parameter enforces that a dblink has the same name as the database it connects to. Therefore, if the remote global database (A) name is "ora8.acme.com" then the database link should also be named as "ora8.acme.com".
  2) Create a synonym for the procedure in Database A. Make sure you fully qualify the procedure name in the remote database (like SCOTT.ADD_TWO_VALUES).
  3) Create a dynamic page to execute the procedure. The ORACLE tags in the dynamic page will look similar to the following: <ORACLE> DECLARE v_total NUMBER; BEGIN ADD_TWO_VALUES(:v_one,:v_two, v_total); htp.p('The total is => '); htp.p('<input type="TEXT" VALUE='||v_total||'>'); htp.para; htp.anchor('http://<machine.domain:port#>/pls/portal30/SCOTT.DYN_ADD_TWO_VALUES.show_parms', 'Re-Execute Procedure'); END; </ORACLE>
  4) Portal does not have an option to create a form based on a synonym. Therefore, if you want to create a form instead of a dynamic page, create a wrapper procedure and then create a form based on this procedure. For example: Create or Replace PROCEDURE PORTAL30.ADD_TWO_VALUES_PR ( v_one IN NUMBER, v_two IN NUMBER, v_total OUT NUMBER) as begin add_two_values(v_one, v_two, v_total); end;
  5) Grant execute privileges to PUBLIC on the procedure.

  hello...
  any input will welcomed... Thanks..

• Error "kdc: Server not found in database" on attempted connections using Network User Credentials

  I am rebuilding my system after a recent debacle with Time Machine, which resulted in a complete wiping of my Open Directory contents. At this point, users can log into various computers on the network, when the hosts have been reconnected to the newly formed Open Directory and the trust certificate has been authorized.  However, when users attempt to connect to any file share, the Network User Account credentials fail to gain access.
  I am running Mac OS X 10.9.4 on all systems. Two mac-mini's are running OS X Server 3.1.2.  One of these servers (mavericks1.pediatricheartcenter.org) is the Open Directory.  While testing the system, I am using the console on "Mavericks1," so the following discussion involves communication between the two server hosts only.
  From Mavericks1, I open the console and attempt to connect to my file server, named fileserver.pediatricheartcenter.org.  I clear the console just prior to sending a "registered user" request to "FileServer" to gain access.  Careful examination of the console records shows the following:
  1. The Network User is authorized with a message "ENC-TS pre-authentication succeeded".
  2. Mavericks1 lists a console message that reads "kdc: Server not found in database: krbtgt/[email protected]:no such entry found in hdb"
  3. Mavericks1 lists a console message that reads "kdc: Server not found in database: cifs/[email protected]: no such entry found in hdb"
  4. The process registers what appears to be a final failure before trying again with "kdc: Failed building TGS-REP to 127.0.0.1:64390"
  FileStorage.local does not exist in the DNS, nor does it exist on FileStorage.pediatricheartcenter.org. That (local) host name was removed when the domain host name for filestorage.pediatricheartcenter.org was created.
  1. Why does the kerberos process reference a host name that does not exist?
  2. What might be causing the failed authentication exchange?
  3. What can be done to remedy the issue?

  I spent some time on the phone with Apple Support on Friday.  Thank you to Linc Davis for providing some insights into the issues.
  As a result of the conversation with Apple Support we learned the following, which I will report here for those who might find this page again:
  First, OpenDirectories are extremely fragile.  Once you have turned on your OpenDirectory, do not do any of the following:
  Do NOT change the host name.
  Do NOT change the IP address.
  If you are going to attempt either of these things, you should make a clone of your drive (not just a TimeMachine backup, a fully bootable clone, just in case).
  Performing these activities (particularly the changing of the host name) will "break" your open directory, and the only way to rebuild the open directory is first to fully destroy the original.  Several services are also destroyed when OpenDirectory is broken, the most notable is Profile Manager.
  DESTROYING OPEN DIRECTORY
  To fully destroy OpenDirectory, it is more complex than simply turning off the OpenDirectory and turning it back on again.  Perform the following steps:
  Install WorkGroup Manager (it is depricated, but Apple still has a version available for use with OS X Mavericks to handle functions that the Server App does not perform like exporting users and groups).
  Sign into WorkGroup Manager as the directory administrator (user name defaults to "diradmin" the password is defined on OpenDirectory creation).
  Export the Users, Groups, Computers and Computer Groups to the Desktop or another safe location.
  Close WorkGroup Manager
  Turn off the OpenDirectory in Server App.
  Delete the Server App from the Applications folder and put it in the Trash. (This will disable any active services that are marking various files as being currently in use. Don't worry, we will restore it from the Trash when we are done).
  In the terminal, run the following command: sudo slapconfig -destroyldapserver
  Make a backup of all website files (just in case)
  Navigate to the folder /Library/Server and delete the ProfileManager folder. (If you willing to do so, delete the whole Server folder).
  After deleting various folders in the /Library/Server directory, restore the Server.app from the Trash.
  Run the Server App.
  Set the computer's network connection and host name.
  Create a new OpenDirectory.
  Use WorkGroup Manager to import any exported files from Step 3.
  If you deleted the entire Server directory, use the website backup to retrieve the files that comprise your web site(s) and use the Server App to link the file directories to the Web site's domain name(s).
  Personal Note: These instructions got me farther than any other tips I had received previously. After following these instructions, I was able to rebuild my Open Directory. During the process of copying files from the old user home folders into the new user home folders, the computer froze and when it rebooted, all the users and groups I had created during the day had disappeared. Rather than trouble-shooting it again, I decided to do a fresh installation.
  A NOTE ON HOME FOLDERS
  PER APPLE SUPPORT: Do NOT use the default /Users directory for Network users. Apple Support wanted me to rebuild the home directory, but they noted I was not able to do this, because I had used /Users.  This folder ("/Users") is a critical component of the OS X system, and will cause additional problems if the folder is destroyed and rebuilt.  The directory id and permissions must remain unchanged from the original installation.
  For this reason, Server administrators (like yourself) should use File Sharing in the Server App to create a new anchor point for home directories.  Create a shared folder. Ensure that it is shared over the protocols that you will be using (AFP, SMB, WebDav), and then after selecting these values, check the box that allows the folder to be used as a home directory at the bottom of this list.  This box will be greyed out if the system is not already bound to an OpenDirectory. If you have activated OpenDirectory on the same machine, the machine will operate as if bound to itself, and this field will be active.  If the FileShare server is NOT an OpenDirectory master or replica, then bind the machine to an OpenDirectory via the "System Preferences > Users & Groups > Login Options".
  If the local area network has FileShares that are enabled for home directory use, the folders will appear in the User Profile editor under the Home Folder list (See image)
  In the screenshot above, I have selected a shared directory named "HomeFolders".  By using specially defined home folder directory, the server administrator has the option of deleting and modifying the home folder if necessary.  Creating a home folder directory in a location other than "/Users" is the recommended best practice by Apple Support.
  If you are inserting files into the home folders, you will need to change the owner and the group to the new owners names.  I copied files from the old user directories into the new user directories so that the users would have access to their old files.  When my OpenDirectory crashed, and all the users were recreated, they were recreated with different system level user id's.  The system therefore maintains a memory that the file was owned by the original owner, even though the system administrator has put it in the new user profile's folder.  To fix this, do the following:
  1. Prior to making the copy, run "ls -al" from the terminal on the new home directory root.  You are looking for the default folder owner and default folder group.  On my system it was the user name and a group named "staff".
  2. When making the copy, do not replace the user folder. Copy the files into the file folder, not over it.
  3. After you have moved files into the user's folders, you can use "sudo chown -R [owner]:[group] [homeFolderPath]/*" and "sudo chmod -R 700 [homeFolderPath]/*" (replace the [owner] and [group] portions of these commands with the owners and groups identified by the command in step 1, and replace [homeFolderPath] with a path to the user directory created for the specific user.
  For example:
  For the user johnnybgood, we might see the following:
  1. We run "ls -al" on the newly created home folder and find that the folder /Volumes/HomeFolders/johnnybgood is owned by johnnybgood and the group "staff".
  2. We copy or move files from the old locations using commands similar to the following:
         sudo mv /OldFolderLocation/johnnybgood/Documents/* /Volumes/HomeFolders/johnnybgood/Documents
         sudo mv /OldFolderLocation/johnnybgood/Desktop/* /Volumes/HomeFolders/johnnybgood/Desktop
         sudo mv /OldFolderLocation/johnnybgood/Music/* /Volumes/HomeFolders/johnnybgood/Music
         ....etc....
         (notice how we are not just moving the old johnnybgood folder to the new location.)
  3. Next, we change the ownership and file permissions:
         sudo chown -R johnnybgood:staff /Volumes/HomeFolders/johnnybgood/Documents
         sudo chown -R johnnybgood:staff /Volumes/HomeFolders/johnnybgood/Desktop
         sudo chown -R johnnybgood:staff /Volumes/HomeFolders/johnnybgood/Music
         ...etc...
         sudo chmod -R 700 /Volumes/HomeFolders/johnnybgood/Documents
         sudo chmod -R 700 /Volumes/HomeFolders/johnnybgood/Desktop
         sudo chmod -R 700 /Volumes/HomeFolders/johnnybgood/Music
         ...etc...
  4. Let the user log in and use the system normally.

• Creating user using database link

  Hi
  I have 11g installed on one of the server
  I have created the database link BUGAU to bugau.us.oracle.com
  link works fine
  select * from table@"Bugau" gives the expected result
  I need run the below statement from my server using the dblink.but not sure how to use the dblink for this purpose.Please assit
  CREATE USER ABC IDENTIFIED BY welcome DEFAULT TABLESPACE USERS_001 TEMPORARY TABLESPACE temp123;
  GRANT DEFAULT TO abc;
  ALTER USER abc PROFILE LEVEL_1;
  Thanks
  Archana

  as mentioned in oracle documentation for db link purpose: you can use it for accessing schema objects in remote database..
  http://download.oracle.com/docs/cd/B28359_01/server.111/b28286/statements_5005.htm
  >
  Use the CREATE DATABASE LINK statement to create a database link. A database link is a schema object in one database that enables you to access objects on another database. The other database need not be an Oracle Database system. However, to access non-Oracle systems you must use Oracle Heterogeneous Services.
  After you have created a database link, you can use it in SQL statements to refer to tables and views on the other database by appending @dblink to the table or view name. You can query a table or view on the other database with the SELECT statement. You can also access remote tables and views using any INSERT, UPDATE, DELETE, or LOCK TABLE statement.
  >
  For creating users, you have to login to the remote database itself, You also need to login using the user who has the necessary credentials to create the user.
  Regards,
  Dipali.

• Users created in ABAP tool cannot login to Portal

  Hello,
  I have created a user in abap and assigned them the role SAP_J2EE_ADMIN but cannot login into Portal (Message: User authentication failed) with that user. If I login to portal as J2EE_ADMIN and search for that user I get "No element found." Is there something that needs to be done to get users into Portal? Does authentication not occur against the abap system? Also is the J2EE_ADMIN user only valid within portal and not the abap backend?
  I am using EP7.
  Thanks for any help.

  Hi Kelly,
  I changed it under System Administration>>System Configuration>>UME Configuration>>ABAP System tab. If you read ealier in this thread however, I could not restart the j2ee server after that....so change it at your own risk!
  If you do change it and cannot restart,  go into the config tool and navigate to Global server configuration >> services >> com.sap.security.core.ume.service and find the ume.r3.connection.master.client key. Change that back to it's original value. I was able to restart after that.
  Hope that helps.

• Avoid users to login into the database thru SQLPlus

  I'm trying to use the after logon trigger described below, to avoid users to login into the database thru SQLPlus, user can only connect from from pls help me

  If your only concern is preventing users from logging in via SQL*Plus, you could use the PRODUCT_USER_PROFILE table.
  However, and this is a big however, this will not prevent users from logging in using any other tool (SQL Developer, SQL Programmer, TOAD, etc) if they know the Oracle user name and password. You can create a login trigger that generates an exception if the program that the client reports is connecting isn't on a list of valid products, but this sort of thing is easily circumvented just by renaming the executable on the client machine.
  Fundamentally, if you have given a person an Oracle user name and an Oracle password, whatever privileges are available to the Oracle account are available to that individual. No matter what tool that person uses to connect to the database, they are going to have the same privileges. That's why you ideally want to restrict what users can do to the point that you don't care what tool they're using. Barring that, you can enable auditing and let the users know what they are and are not allowed to do by policy and use the audit logs to ensure compliance.
  Justin

• If user login in portal we need to assign him, the  perticular system

  Hi all,
  i have the requirement
  if user logins in portal, depending on the user we need to assign him a system( bapi or rfc),
  the user database is maintained in a table in MDM. if an user login in portal it should check in MDM to which region(america, asia.europe....) it belog,s to. according to that we need to assign the system(rfc or bapi). if the user belong's to two regions we need to assign the two links(rfc's or bapi's) regions,
  help me in doing step by step
  Thanks in advance
  Best Regards
  charan

  Hi Charan,
  This is same thread as - Depending on the user we need to assign the system
  Regards,
  Sen

• How to use MDM users in portal?

  Hi All,
  How to use MDM users in EP, my requirement is,
  i have an users, if the user log's in portal, depending on the portal user login, we need to assign a perticular region for that user such as europe, south america, asia....,
  before he log's in portal we need to confirm that user belongs to perticular region in MDM.
  we maintain users in MDM, when an europe user log's in portal we need to assign him europe system so that he can login in to that europe system. when a asia user log's in portal we need assign him asia system, so that he can login in to that asia system.
  how to do this in portal
  Regards
  jagadeesh

  Hi Jagaeesh,
  You need to configure sso between MDM and EP. You can do it with the help of UID method as there is no logon ticket method available with MDM 5.5.
  And for region specification, you can create different portal desktop, framework, theme for diffreent region users inside portal and define portal's master rule as per accordingly by creating user groups inside portal and assigning different desktops to different region user's.
  Then, create contents (like roles, worksets, pages, iviews, km contents) inside portal according to region and assign those contents to different groups as per requirement.
  So that, deplending on region user's, when they login into portal would see different content inside it.
  Regards,
  Sen

• Minimum seeded database users for portal

  We would like to obtain the usernames of the minimum number of database
  users that can be used for the portal to function.
  In addition to the portal schema, we will be having a custom
  schema in our database. So we would like to determine what
  is the minimum number of database users that are needed for the system.
  These would be:
  1. Seeded users that come with the portal database
  (Is there a list of minimum database users that we can obtain from some
  documentation that are needed - are all the seeded users absolutely required,
  or can some of them be deleted? )
  2. The user for the custom schema. (this would be the only additional
  user to the seeded users provided).
  Thanks,
  Suzanne

  Suzanne,
  Please refer to the Portal Configuration Guide.
  Regards,
  Jerry
  PortalPM

• Using one user account table across multiple databases but account used as a foreign key

  I want to use one user account table from one database and use it across a couple other databases. The problem is that I want some tables to use the primary key from the user account table as a foreign key to access the data when the user logs in. Is this
  the right way of going about it? Do I have to create a user account table in all my databases? What is the best practice to handle this problem? Thanks in advance.

  You can use Triggers or using replication. 
  more info: 
  Add Foreign Key relationship between two Databases
  SQL Server Replication
  Saeid Hasani [sqldevelop]

• Is it possible to force the user to login again when using oauth 2 (implicit grant)

  Hi,
  I'm trying to build an application based on a rest webservice in APEX which is being accessed by a javascript frontend via ORDS. I'm using the "Implicit grant" flow of OAUTH 2.
  When the user is finished with the application, he/she should be able to logout of the application, so another user can login (on the same machine and browser). But, without clearing all cookies, ORDS will automatically give an access token for the previous user, without showing the login screen to allow/deby access to the rest web service.
  (Clearing the cookies is not possible via javascript, since they are httponly)
  I know it is not the "normal" way to use oauth2, but I would like to be able to log-out a user. So how can I force ORDS to show the loginscreen again to give another user the possibility to login?
  Alexander

  You can force the implicit code flow to prompt the user to sign in by including _auth_=force in the approval request query string. To follow the example shown in the developer guide [1]
  change:
  https://server:port/ords/resteasy/oauth2/auth?response_type=token&client_id=CLIENT_IDENTIFIER&state=STATE
  to:
  https://server:port/ords/resteasy/oauth2/auth?response_type=token&client_id=CLIENT_IDENTIFIER&state=STATE&_auth_=force
  [1]: REST Data Services Developers Guide

• How to find which all workbook is using Database function ( User Defined)

  Hi All,
  Is it possible to find out which all workbook is using Database function( User Defined).
  Thanks,

  Hi,
  If I had to do this detective work, I would probably do the following:
  1. Activate for a period of time the function, eul5_post_save_document. This function when activated is triggered at the time a workbook is saved. If you look at its columns, it save the worksheet's SQL.
  2. Next, I would parse the EUL5_WORKSHEET_SQL.SQL_SEGMENT column which is a varchar2(4000) column. There are many effective Oracle functions which could aid you in this effort (e.g. instring or perhaps a regular expression function).
  I hope this helps.
  Patrick

• Can I use SAP HR to drive ESS Portal user creation?

  Hello
  We are implementing a new instance of SAP HR and Portal for ESS and MSS and I am not sure of all the steps that need to be completed so any guidance / tips would be greatly appreciated.
  Company currently has an LDAP - but not used extensively. Not all employees currently in LDAP as not all have network ids. All employees will have a SAP account to enable ESS (via Kiosks etc).  ESS iViews in Portal will call SAP HR and possibly SAP BW.  We have an instance of SAP already and user admin maintained via CUA - this will continue.
  Scenario:
  My initial thoughts are that we try to use SAP HR as the leading system to drive the ESS Portal users and access.  Basically I want to create the user in SAP and assign them an ESS SAP role... then through syncronization have the user created in the Portal and have the correct ESS Portal assigned (in the Portal)
  My thinking so far is to go the following way;
  1) Create User Master Record in SAP (SU01)
  2) Hire employee into the org structure (via HR processes)
  3) Populate Infotype 0105 with SAP username
  4) Populate Infortype 1016 - with SAP role to be assigned to allow ESS access (not sure about this aspect) or role could be assigned in 1) above
  I am not sure of the next steps - I think there must be a way in an SAP table to map the ESS SAP role to the ESS Portal Role (is this via WP3R?)
  then I am hoping that a standard job can be run (is this RSLDAPSYNC_USER) that will create the user in the Portal (UME?) and assign the correct Portal role ?
  (obviously configuration needed)
  For MSS and HR Power users - we would continue to assign SAP roles via SU01.
  Can anyone assist with;
  - Is my thinking correct in terms of how this should / could work?
  - in SAP how can I map SAP Roles to Portal Roles ?
  - will syncronization in SAP create the user in Portal and assign the role ? what do I need to configure?
  Thanks in advance

  Dear Michale,
  I just dont know if this can throw some light on your prob.'
  In our Orgn we had around 250 ess users and 200 sapr/3 users. Some of the r/3 users also logon to ess via their r/3 uname and password.
  What we have done is like follows:
  1. Created a role for only the ess users ZHRESS. For this i asked the HR functional people with sap_all profile to do all the job which the ESS users are supposed to do and tracer the authorization via tcode st01. We created the role on the basis of this trace report.
  2. For the purely ESS users we created the users via tcode HRUSER and assigned then with the above role.
  3. For the R/3 users who are supposed to avail the ess facility we assigned them with the role ZHRESS role in addition to the other roles assigned to them to carry out their normal R/3 transactions. Then we mapped their R/3 uname to their employee no via PA30 infotype 105.
  4. Tcode HRUSER saved time  which would have consumed had we done it via su01 and moreover it picked Name etc data from the HR master table. In HRUSER tcode , setting the user attributes helps to define what roles the users are to be assigned, what should be their initial password etc.
  Pl let me know if it satisfies you querry.
  Regards

• Not able to login using ORACLE USER in Linux

  I am not able to login using OS user ORACLE in linux,
  I am getting following error when trying to login
  /etc/X!!/gdm/PreSession/Default : Registering your session with wtmp and utmp
  /etc/X!!/gdm/PreSession/Default :running : /usr/bin/X11/sessreg -a -w /var/log/log/wtmp -u /var/run/utmp -x "/var/gdm/:0.Xservers" -h "" -1" : 0" "oracle"
  /etc/profile: line 17 : syntax error near unexpected token 'then'
  /etc/profile: line 17 ' if[ $USER = "oracle" ]; then'
  Failed to execute message bus daemon : No such file or directory
  EOF in dbus-launch reading address from bus daemon
  I tried to edit /etc/profile file but not sucessfull. Please help me out . This installtion is on VM ware
  Edited by: user12356407 on Dec 16, 2009 3:21 AM

  user8896383 wrote:
  I am not successful to login using Oracle User .
  I tried to edit /etc/profile file on Line 17 , but of no use.
  could you please be more precise about what exactly i should look in or edit in that file.
  Thanks for your immediate response.My car doesn't start
  I tried to fix it
  It still doesn't start.
  Can you be more precise in telling how to fix it.