Which privilege to grant to users?
Hi guys
Normally the sys as sysdba user is the only user who can grant privileges to other users.
I need any user on my database to be able to grant privileges to any other user.
What privilege do I need to grant to each one of my users so that they can grant privileges to each other in the future without having to connect as sys user and grant privileges?
Many thanks in advance
Cheers
Ciaran
And for individual grants for objects not assigned to a role or perhaps as a standard the object privilege can be granted as
"grant select [etc...] on object_name to sec_admin_user with grant option;"
This allows a non-DBA no special privileged user to handle grant requests.
HTH -- Mark D Powell --
Similar Messages
-
How to revoked 'ANY' privileges being granted to user or role
Hi all,
I need to be revoked all 'ANY' privileges that have been granted to all non-DBA user or Role in the database.
To achieve this what i assume is
1> i need to find out Role as well all user who are non-DBA
2> For all non-DBA user i need to find out and revoked 'ANY' privileges if they would have.
Here i need some information about all tables related to privilieges and non-DBA users
The below are some example as a reference.
USER Privileges
CTXADMIN SELECT ANY TABLE
PUBLIC MERGE ANY VIEW
LAXORA ANALYZE ANY
EXECUTE ANY PROCEDURE
GRANT ANY ROLE
INSERT ANY TABLE
SELECT ANY TABLE
LAX_NEW ANALYZE ANY
CREATE ANY TABLE
DELETE ANY TABLE
DROP ANY TABLE
INSERT ANY TABLE
SELECT ANY TABLE
USER_NEW SELECT ANY TABLE
Thank n reagrds
LaxmanHi,
LAX_ORA wrote:
Hi all,
I need to be revoked all 'ANY' privileges that have been granted to all non-DBA user or Role in the database.
To achieve this what i assume is
1> i need to find out Role as well all user who are non-DBA
2> For all non-DBA user i need to find out and revoked 'ANY' privileges if they would have.
Here i need some information about all tables related to privilieges and non-DBA users
The below are some example as a reference.
USER Privileges
CTXADMIN SELECT ANY TABLE
PUBLIC MERGE ANY VIEW
LAXORA ANALYZE ANY
EXECUTE ANY PROCEDURE
GRANT ANY ROLE
INSERT ANY TABLE
SELECT ANY TABLE
LAX_NEW ANALYZE ANY
CREATE ANY TABLE
DELETE ANY TABLE
DROP ANY TABLE
INSERT ANY TABLE
SELECT ANY TABLE
USER_NEW SELECT ANY TABLE
Thank n reagrds
LaxmanYou can fiind out all the users and roles who have been granted system privileges by querying dba_sys_privs.
For example:
SELECT grantee
, privilege
FROM dba_sys_privs
WHERE privilege LIKE '% ANY %'
;The grantee column includes users and roles together.
If you want to find which users have the dba role, then query dba_role_privs. -
Viewing columns on which privileges granted.
TO see the columns on which privilees are granted, i am using the DICT table 'USER_COL_PRIVS_MADE'. But, some of the columns on which privileges are granted, i am not able to see. Is it possible that if some columns are being updated using DB link, then, these colums will not show by querying 'USER_COL_PRIVS_MADE' table.Please help in solving my doubt as i need it resolved urgently.
Try ALL_COL_PRIVS_MADE instead
http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96536/ch224.htm#1290307 -
How to check which privileges user is using
Hello All,
I have a user assigned DBA role in mistake many years back.
During our security overview I is flagged and now I need to revoke the DBA role from that user.At the moment it look like as follows and I am on 10204 database
Privilege
Category Granted Privilege
Role Privs CONNECT
DBA
OEM_MONITOR
RESOURCE
Sys Privs ALTER ANY MATERIALIZED VIEW
ANALYZE ANY
CREATE ANY MATERIALIZED VIEW
CREATE PROCEDURE
CREATE ROLE
CREATE SEQUENCE
CREATE SESSION
CREATE TABLE
CREATE VIEW
DROP ANY MATERIALIZED VIEW
GLOBAL QUERY REWRITE
UNLIMITED TABLESPACE
Now I need to find what all privileges out of approx 158 in the DBA role this user is using so that I can revoke the DBA role and assign that sys privielege exclusively and later on trim down a bit on those as well if possible?
Can someone help me in finding or is there a way possible to find out which privileges are actually being used by the user assigned to him via DBA role?
I can find something on net on those lines, any help or useful pointers would be highly appreciated.
Many Thanks,
RishiHello All,
Right I think auditing the DBA role could save my day.I have enable the auditing on the DB for dba role as shown below:
audit_file_dest string /oraadmin/tgtx/10/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB, EXTENDED
Exact version of the database is:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod
PL/SQL Release 10.2.0.4.0 - Production
CORE 10.2.0.4.0 Production
TNS for Linux: Version 10.2.0.4.0 - Production
NLSRTL Version 10.2.0.4.0 - Production
I have enable the audit dba role for user exeter as shown:
SYS@TGTX> AUDIT DBA by exeter WHENEVER SUCCESSFUL;
Audit succeeded.
Now I expect to audit all the sys privs assigned to dba role but alas its not working as expected if anyone can shed any light ON it, what I am trying to do is as follows:
I am trying to use the sys priv that is create any table as user exeter who is assigned dba role as follows:
SYS@TGTX> select * from dba_role_privs where grantee='EXETER';
GRANTEE GRANTED_ROLE ADM DEF
EXETER DBA NO YES
EXETER CONNECT NO YES
EXETER RESOURCE NO YES
EXETER OEM_MONITOR NO YES
EXETER@TGTX> create table dbaschema.test2 (srno number(10));
Table created.
Now I expect to see some records in dba_audit_trail as a result of above commands but there is none, am I doing anything wrong here?
SELECT * FROM dba_audit_trail
WHERE USERNAME = 'EXETER'
ORDER BY timestamp;
No rows returned but I shall have expected atleast one row to be returned here after enabling the audit on DBA role by exeter.
Any Ideas?
Thanks
Rish -
Granting the privileges to the Other User
Hi,
I am Using Oracle 10g. My Question is, I am Selecting the table from party from SYSTEM as the user and SYSADM is the Password. It is populating the Record. And when Select the table Party in SYSADM as the user and SYSADM as the password it is giving no rows message. I tryed to give the Privileges to the SYSADM but it is not taking
Can anyone give the process to give privileges to the another user to ( Means SYSTEM user table to SYSADM user tables )
Can anyone give suggestion...!
Thank u..!hi,
i am using Oracle 10g. Previously i asked the question there is no reply.
So i tryed this commands but no effect please can anyone tell me any suggestions
Here SYSTEM is User, SYSADM is PASSWORD, TEST is Database
connected as SYSTEM/SYSADM@TEST
SQL> GRANT INSERT, DELETE, UPDATE, SELECT ON ' || table_name || ' TO SYSADM; Here SYSADM is Another USER Name
Grant succeeded.
Like this i am getting. Any mistake i made when writing this Statement, Otherwise why this is not granting Privileges to other USER SYSADM
Pls. Tell me any Suggestions..!
Thank u..! -
Logical Standby Apply Processes Die when granting a user sysdba on Primary
I've run into an issue where the sql apply processes are stopping when granting a user sysdba privilege on the primary.
The error is insufficient privileges.
Of course the workaround that we have used is to skip the transaction on the logical and then manually grant the sysdba privilege on the standby. I'm hoping there is a more elegant solution as I have 8 DBAs on my team and each on of the transactions will need to be skipped individually, and is a bit of a pain. Just thought I would ask if anyone out there has run into the same issue and has a better workaround.I think you misunderstand. We run our standby in guard_mode 'STANDBY', which allows sys to perform the grant operation directly on the logical. Where it is failing is when we grant on the primary. That or I misunderstand. Are you saying that if I put in the script on the primary, the alter session command, then it will propagate down cleanly? That is something I have not tried of course, but makes sense how that could work, unless it throws an error on the primary because it is not a standby.
-
Which privilege to access active SQL instruction tab
Hi all,
On sqldeveloper when I am supervising the sessions on my new database, the screen shows the complete list of sessions. But if I click on one of the sessions to have more details, like running SQL query, an error occurs :
SEVERE 1378 2229 oracle.dbtools.db.DBUtil Avertissement, exception non gérée : ORA-00942: table or view does not exist
The detail panel is working well if the user connected is a dba role one, so the root cause is probably a missing privilege. Do you know which privilege grant to enable the panel of the details of a session ?
Any help appreciated,
Donatien.
I am using sqldeveloper 3.1.07. All the databases are 10g version.Raj,
From the User's Guide:
APEX_INSTANCE_ADMIN can be executed by the SYS, SYSTEM, and FLOWS_030100 database users as well as any database user granted the role APEX_ADMINISTRATOR_ROLE.
Scott -
How to identify which privilege is missing?
Hi,
If any query comes out with insufficient privileges, how do we identify which privilege is missing instead of searching in Oracle docs. Is there any table(dict or oracle internal) we can take aid to find out required privilege.Oracle does not store (other than the document) the possible privileges that could be granted to a specific user/object. But the privileges that are granted can be viewed in dictionary tables listed below.
SQL> select *
2 from dictionary
3 where table_name like '%PRIV%'
4 order
5 by table_name;
TABLE_NAME COMMENTS
ALL_COL_PRIVS Grants on columns for which the user is the grantor, grantee, owner,
or an enabled role or PUBLIC is the grantee
ALL_COL_PRIVS_MADE Grants on columns for which the user is owner or grantor
ALL_COL_PRIVS_RECD Grants on columns for which the user, PUBLIC or enabled role is the grantee
ALL_REPGROUP_PRIVILEGES Information about users who are registered for object group privileges
ALL_TAB_PRIVS Grants on objects for which the user is the grantor, grantee, owner,
or an enabled role or PUBLIC is the grantee
ALL_TAB_PRIVS_MADE User's grants and grants on user's objects
ALL_TAB_PRIVS_RECD Grants on objects for which the user, PUBLIC or enabled role is the grantee
COLUMN_PRIVILEGES Grants on columns for which the user is the grantor, grantee, owner, or
an enabled role or PUBLIC is the grantee
DBA_AQ_AGENT_PRIVS
DBA_COL_PRIVS All grants on columns in the database
DBA_PRIV_AUDIT_OPTS Describes current system privileges being audited across the system and by user
DBA_REPGROUP_PRIVILEGES Information about users who are registered for object group privileges
DBA_ROLE_PRIVS Roles granted to users and roles
DBA_RSRC_CONSUMER_GROUP_PRIVS Switch privileges for consumer groups
DBA_RSRC_MANAGER_SYSTEM_PRIVS system privileges for the resource manager
DBA_SYS_PRIVS System privileges granted to users and roles
DBA_TAB_PRIVS All grants on objects in the database
GV$ENABLEDPRIVS Synonym for GV_$ENABLEDPRIVS
ROLE_ROLE_PRIVS Roles which are granted to roles
ROLE_SYS_PRIVS System privileges granted to roles
ROLE_TAB_PRIVS Table privileges granted to roles
SESSION_PRIVS Privileges which the user currently has set
TABLE_PRIVILEGES Grants on objects for which the user is the grantor, grantee, owner,
or an enabled role or PUBLIC is the grantee
USER_AQ_AGENT_PRIVS
USER_COL_PRIVS Grants on columns for which the user is the owner, grantor or grantee
USER_COL_PRIVS_MADE All grants on columns of objects owned by the user
USER_COL_PRIVS_RECD Grants on columns for which the user is the grantee
USER_REPGROUP_PRIVILEGES Information about users who are registered for object group privileges
USER_ROLE_PRIVS Roles granted to current user
USER_RSRC_CONSUMER_GROUP_PRIVS Switch privileges for consumer groups for the user
USER_RSRC_MANAGER_SYSTEM_PRIVS system privileges for the resource manager for the user
USER_SYS_PRIVS System privileges granted to current user
USER_TAB_PRIVS Grants on objects for which the user is the owner, grantor or grantee
USER_TAB_PRIVS_MADE All grants on objects owned by the user
USER_TAB_PRIVS_RECD Grants on objects for which the user is the grantee
V$ENABLEDPRIVS Synonym for V_$ENABLEDPRIVS -
Hi
I must to list all privileges of the a user for to other user in other scheme
How Can I to it ?
tia-- Description : Use this script to find which privileges have been granted to a
-- particular user. This scripts lists ROLES, SYSTEM privileges
-- and object privileges granted to a user. If a ROLE is found
-- then it is checked recursively.
-- The output can be directed to either the screen via dbms_output
-- or to a file via utl_file. The method is decided at run time
-- by choosing either 'S' for screen or 'F' for File. If File is
-- chosen then a filename and output directory are needed. The
-- output directory needs to be enabled via utl_file_dir prior to
-- 9iR2 and a directory object after.
whenever sqlerror exit rollback
set arraysize 1
set space 1
set verify off
set pages 25
set lines 90
set termout on
clear screen
set feed off
set head off
set echo off
set serveroutput on size 1000000
col system_date noprint new_value val_system_date
select to_char(sysdate,'YYYYMMDD') system_date from sys.dual;
undefine user_to_find
prompt
accept user_to_find char prompt 'NAME OF USER TO CHECK : '
/* Creates a temporary view to get the list of ROLES recursivly for a user*/
create or replace view Privileges_Grant_user
(GRANTEE#,PRIVILEGE#,SEQUENCE#,LEV_EL) as
SELECT GRANTEE#,PRIVILEGE#,SEQUENCE#,LEVEL
from sys.sysauth$
connect by prior privilege# = grantee#
start with grantee# = (select USER# from user$ where name = upper('&&user_to_find'));
/* list the roles Hierarchy */
spool find_all_roles_privs_&val_system_date..log;
prompt *********************************************************
prompt List of roles Hierarchically Granted to &user_to_find
prompt *********************************************************
select lpad( ' ', 6 * ( lev_el - 1 ) ) || u2.name "Role Name"
from Privileges_Grant_user v ,
sys.user$ u2
where u2.user#=v.privilege#;
prompt
drop view Privileges_Grant_user;
declare
lv_tabs number:=0;
procedure write_op (pv_str in varchar2) is
begin
dbms_output.put_line(pv_str);
exception
when others then
dbms_output.put_line('ERROR (write_op) => '||sqlcode);
dbms_output.put_line('MSG (write_op) => '||sqlerrm);
end write_op;
procedure get_privs (pv_grantee in varchar2,lv_tabstop in out number) is
lv_tab varchar2(50):='';
lv_loop number;
cursor c_main (cp_grantee in varchar2) is
select 'ROLE' typ,
grantee grantee,
granted_role priv,
admin_option ad,
'--' tabnm,
'--' colnm,
'--' owner
from dba_role_privs
where grantee=cp_grantee and
GRANTED_ROLE NOT IN ('CONNECT','SELECT_CATALOG_ROLE','EXECUTE_CATALOG_ROLE',
'RESOURCE','DBA','IMP_FULL_DATABASE','EXP_FULL_DATABASE','AQ_ADMINISTRATOR_ROLE')
union
select 'SYSTEM' typ,
grantee grantee,
privilege priv,
admin_option ad,
'--' tabnm,
'--' colnm,
'--' owner
from dba_sys_privs
where grantee=cp_grantee
union
select 'TABLE' typ,
grantee grantee,
privilege priv,
grantable ad,
table_name tabnm,
'--' colnm,
owner owner
from dba_tab_privs
where grantee=cp_grantee
union
select 'COLUMN' typ,
grantee grantee,
privilege priv,
grantable ad,
table_name tabnm,
column_name colnm,
owner owner
from dba_col_privs
where grantee=cp_grantee
order by 1;
begin
lv_tabstop:=lv_tabstop+1;
for lv_loop in 1..lv_tabstop loop
lv_tab:=lv_tab||chr(9);
end loop;
for lv_main in c_main(pv_grantee) loop
if lv_main.typ='ROLE' then
write_op(lv_tab||'ROLE => '
||lv_main.priv||' which contains =>');
get_privs(lv_main.priv,lv_tabstop);
elsif lv_main.typ='SYSTEM' then
write_op(lv_tab||'SYS PRIV => '
||lv_main.priv
||' grantable => '||lv_main.ad);
elsif lv_main.typ='TABLE' then
write_op(lv_tab||'TABLE PRIV => '
||lv_main.priv
||' object => '
||lv_main.owner||'.'||lv_main.tabnm
||' grantable => '||lv_main.ad);
elsif lv_main.typ='COLUMN' then
write_op(lv_tab||'COL PRIV => '
||lv_main.priv
||' object => '||lv_main.tabnm
||' column_name => '
||lv_main.owner||'.'||lv_main.colnm
||' grantable => '||lv_main.ad);
end if;
end loop;
lv_tabstop:=lv_tabstop-1;
lv_tab:='';
exception
when others then
dbms_output.put_line('ERROR (get_privs) => '||sqlcode);
dbms_output.put_line('MSG (get_privs) => '||sqlerrm);
end get_privs;
begin
write_op('User => '||upper('&&user_to_find')||' has been granted the following
privileges');
write_op('*********************************************************');
get_privs(upper('&&user_to_find'),lv_tabs);
exception
when others then
dbms_output.put_line('ERROR (main) => '||sqlcode);
dbms_output.put_line('MSG (main) => '||sqlerrm);
end;
prompt
prompt ********************************************************
prompt End of the report
prompt ********************************************************
spool off
whenever sqlerror continue
I got above script from anywhere in net. Probably helpful to you. -
The permissions granted to user '' are insufficient for performing this operation. (rsAccessDenied)
when I try to connect to the "http://localhost:8080/ReportServer " I get this error.
The permissions granted to user 'DOMAIN/USERNAME' are insufficient for performing this operation. (rsAccessDenied).
I have configered the Reporting services Configuration manager.
I am an administrator on my machine and on the reportserver DB. when I try to log on the my 2008 R2 reporting services I get a simalar error.
does any one have an idea of what I am missing?
thank you.
Jeff
JeffHi There
Please also have a look on this thread
http://tanveeronline.blogspot.co.nz/2011/07/ssrs-2008-r2-unable-to-connect-to.html
http://social.msdn.microsoft.com/Forums/hu-HU/sqlreportingservices/thread/f8a0a3f5-3985-4356-8404-3b408f790747
http://www.networksteve.com/enterprise/topic.php?TopicId=24217
In the last section of this thread it get resolved by
"Changing the ports. Configured TCP port to 9000 and SSL port to 9001.
And then
<Add Key="SecureConnectionLevel" Value="0"/>
Its value was 2, changed it to 0."
Please have alook on this thread that might help you
Many thanks
Syed
http://tanveeronline.blogspot.co.nz/2011/07/ssrs-2008-r2-unable-to-connect-to.html
Does not work. I already had the settings which are mentioned in that blog -
Try doing the following things
Go to Reporting Services Conf. Manager.
1. Change the server account to local account.
2. Remove the SSL if configured.
3. Go to C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer
4. Change the SecureConnectionLevel value to 0 in rsreportserver.config
Try refreshing the page, it should work now!
Also tried answer at - http://social.msdn.microsoft.com/Forums/sqlserver/en-US/f8a0a3f5-3985-4356-8404-3b408f790747/ssrs-2008-unable-to-connect-to-remote-server?forum=sqlreportingservices
Same thing there. SecureConnectionLevel value to 0 is already set for me.
Third link comment at end says -
Hi Chaitanya, Changing the ports worked for me. Configured TCP port to 9000 and SSL port to 9001. And then <Add Key="SecureConnectionLevel"
Value="0"/> Its value was 2, changed it to 0. Thanks for all your support Best Regards, Arka Mitra.
You can set TCP and SSL like this from Reporting services config manager -
Web Service URL option (left pane) > Advanced settings button > put the values.
The TCP can be changged to 9000, but the SSL requires a certificate file. I am stuck here.
The clue to make your own SSL certificate is here -
http://johnhennesey.blogspot.com/2010/10/reporting-services-2008-over-ssl.html
But, this post is not for windows 7 64 bit, ie my personal pc os. I tried to make the cert on win, 7, but options are complicated. Lets see.
Here is the issue for the same - https://stackoverflow.com/questions/22314341/cannot-see-self-created-certificate-in-certmanager -
Can't retrieve folder privileges for a specific user
I am trying to get the granted privilege for a specified user for a certain folder. I am using the wwsec_api.get_granted_user_privilege function. When I run my code, nothing is ever returned. Here is my code:
l_priv_varchar := wwsec_api.get_granted_user_privilege(
p_user_id => 0,
p_object_type_name => 'FOLDER',
p_name => '2889');
p_user_id is from wwsec_person.id$
p_object_type_name is my object type
p_name is from wwv_corners.id
I have looked at the properties of this folder and this user, 0, is set up as the owner. So I am expecting to see 'OWN' returned. I have another user set up to only VIEW the folder and when I put that user's id into the p_user_id parameter I still do not get any return. I can run this same code (with different parameter values) and get the privileges for a 'PAGE', but never for a FOLDER.
Does anyone have this problem or can tell what I am missing?
Thanks.
nullp_name for a folder is "sitename/parentfolder/foldername". You can see that in the syspriv_name field on the WWV_CORNERS table.
-
I've inherited a bit of a security issue and would appreciate any insight.
The bottom line is that I have a user than can run one report from folder "X", but not the report next to it.
Here is the problem context. The names are changed to protect the innocent. Sharepoint is not involved.
The SSRS Home Folder has Security "Group or User" of "DomainX\SSRS_Browsers" with Role(s) "Browser"
"SSRS_Browsers" is an AD group. The user with the issue (DomainX\UnhappyUser) is a member of this group.
The user is able to navigate to folder "X" (one level below Home) and run Report "A" successfully. But, when they try to run report "B", they get:
"An error has occurred during report processing. (rsProcessingAborted) The permissions granted to user "DomainX\UnhappyUser" are insufficient for performing this operation. (rsAccessDenied)
The difference between report "A" that works, and report "B" that doesn't is that report "B" references a data set from a different data source.
Both reports reference DataSource1. The failing report additionally references DataSource2. The SSRS logs confirm this is where the problem is:
ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: , Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'DomainX\UnhappyUser' are insufficient for performing this operation.;
processing!ReportServer_0-34!c58!07/16/2014-16:45:41:: e ERROR: An exception has occurred in data set 'DataSource2'. blah blah blah
Both data sources have "stored" credentials with the same AD user: "DomainX\SSRS_Reports". Both data sources reference the same instance of SQL Server. They do have different "Initial Catalog" values. (DatabaseA
and DatabaseB). I can run both reports successfully, but I more authority.
"SSRS_Reports" is defined as a "Login" user under "Security" in SSMS at the instance level. The Server Role is "public".
DatabaseA (which is behind the data source that works) has Security->Users->DomainX\DataBaseA_Readers. This is an AD group, that includes has "SSRS_Reports" as a member.
DataBaseA_readers (in SQL Server, at the DatabaseA level) is a member of role db_datareader.
DataBaseB (which is behind the data source that fails) has Security->Users->DomainX\DataBaseB_Readers. This is also an AD group, that includes "SSRS_Reports" as a member.
DataBaseA_readers (in SQL Server, at the DatabaseB level) is a member of role db_datareader.
Does anyone have any insights as to where my problem may be?
Thank you. Sorry for the verbosity.Hi Steve,
After testing the issue in my local environment, I can reproduce it. The Home Folder has Security for "DomainX\SSRS_Browsers" group with "Browser" Role, the folder “X” and Report “A” security is inherited from its parent item, but the Report “B” Item security
is not inherited from its parent item. In this way, the DomainX\UnhappyUser has insufficient permission to render the Report “B”.
So, please try to check the Security page of Report “B” and compare it with Report “A” security settings. If possible, we can click “Revert to Parent Security” button to replace all the defined security settings with the security settings of its parent folder
”X”.
Hope this helps.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
HI,
I am working on SharePoint 2013 and using Report Viewer webpart (imported from RSWebpart.cab file from SQL server 2008 R2) for showing SSRS reports. I have added Report Viewer webpart in page and done all configuration related to it like set Report
Manager Url and Report Path in the webpart properties. But when i browse that page it is giving the below error -
The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)"
But when i run IE as 'Run as Administrator' and open the same page which contains the Report Viewer webpart, now i am able to view the report on the page and the error gone away.
I am not sure what is happening here, what can be the reason for such unpredicable behaviour and what can be the work around for this. Every user can't open the IE in 'Run as Administrator' mode. So what can be the possible solution for this.
Thanks in advance for the help!Solved. In IE I went to the RS Home page, selected Detail View, put a check in front of every folder, went to Folder Settings and then added my domain user as a Browser in New Role Assignment. Reports work fine now.
André -
Default Privilege Level for ASA users authenticated by Radius or TACACS when using ASDM
Hello,
I'm trying to figure out what the default privilege level is for users that are authenticated to the ASA via a remote authentication server when using the ASDM.
the command "aaa authentication http console TACACS+ LOCAL" is used in the ASA config.
The remote server is NOT setting any privilege levels for users. There are also no aaa authorization commands present in the config.
So what privilege level do the users receive when they login with the ASDM? I'm being told that the users receive admin access which includes config write, reboot, and debug. But I cannot find any documentation stating hte default level.
Please advise. And providing links to cisco documentation would be great too.
Thanks,
BrendanHi Berendan,
Hope the below exerpt from document clarifies your query. also i have provided the link to refer.
About Authorization
Authorization controls access per user after users authenticate. You can configure the security appliance to authorize the following items:
•Management commands
•Network access
•VPN access
Authorization controls the services and commands available to each authenticated user. Were you not to enable authorization, authentication alone would provide the same access to services for all authenticated users.
If you need the control that authorization provides, you can configure a broad authentication rule, and then have a detailed authorization configuration. For example, you authenticate inside users who attempt to access any server on the outside network and then limit the outside servers that a particular user can access using authorization.
The security appliance caches the first 16 authorization requests per user, so if the user accesses the same services during the current authentication session, the security appliance does not resend the request to the authorization server.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/aaasetup.html
Regards
Karthik -
Privileges require for a user to create CONTEXT indexes
Hi all,
RDBMS: 11.2.0.3
SO.......: OEL 6.3
What are the necessary privileges that have to be granted to a user to be able to create CONTEXT Indexes, for example. I have granted the CTXAPP to my user, but when i tryied to create the CONTEXT Index with the command bellow, i got an "insufficient privilege" error message.
CREATE INDEX USR_DOCS.IDX_CTX_TAB_DOCUMENTOS_01 ON USR_DOCS.TAB_DOCUMENTOS(DOCUMENTO) INDEXTYPE IS CTXSYS.CONTEXT PARAMETERS ('SYNC (ON COMMIT)');It depends on whether the user is trying to create the index on his own table in his own schema or on somebody else's table in somebody else's schema. The following demonstrates minimal privileges (quota could be smaller) for user usr_docs to create the index on his own table in his own schema and for my_user to create the index on usr_docs table in usr_docs schema.
SCOTT@orcl> -- version:
SCOTT@orcl> SELECT banner FROM v$version
2 /
BANNER
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for 64-bit Windows: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
5 rows selected.
SCOTT@orcl> -- usr_docs privileges:
SCOTT@orcl> CREATE USER usr_docs IDENTIFIED BY usr_docs
2 /
User created.
SCOTT@orcl> ALTER USER usr_docs QUOTA UNLIMITED ON users
2 /
User altered.
SCOTT@orcl> GRANT CREATE SESSION, CREATE TABLE TO usr_docs
2 /
Grant succeeded.
SCOTT@orcl> -- my_user privileges:
SCOTT@orcl> CREATE USER my_user IDENTIFIED BY my_user
2 /
User created.
SCOTT@orcl> GRANT CREATE SESSION, CREATE ANY INDEX TO my_user
2 /
Grant succeeded.
SCOTT@orcl> -- user_docs:
SCOTT@orcl> CONNECT usr_docs/usr_docs
Connected.
USR_DOCS@orcl> CREATE TABLE tab_documentos (documento CLOB)
2 /
Table created.
USR_DOCS@orcl> INSERT ALL
2 INTO tab_documentos VALUES ('test data')
3 INTO tab_documentos VALUES ('other stuff')
4 SELECT * FROM DUAL
5 /
2 rows created.
USR_DOCS@orcl> CREATE INDEX USR_DOCS.IDX_CTX_TAB_DOCUMENTOS_01
2 ON USR_DOCS.TAB_DOCUMENTOS(DOCUMENTO)
3 INDEXTYPE IS CTXSYS.CONTEXT
4 PARAMETERS ('SYNC (ON COMMIT)')
5 /
Index created.
USR_DOCS@orcl> DROP INDEX usr_docs.idx_ctx_tab_documentos_01
2 /
Index dropped.
USR_DOCS@orcl> -- my_user:
USR_DOCS@orcl> CONNECT my_user/my_user
Connected.
MY_USER@orcl> CREATE INDEX USR_DOCS.IDX_CTX_TAB_DOCUMENTOS_01
2 ON USR_DOCS.TAB_DOCUMENTOS(DOCUMENTO)
3 INDEXTYPE IS CTXSYS.CONTEXT
4 PARAMETERS ('SYNC (ON COMMIT)')
5 /
Index created.
Maybe you are looking for
-
How do you export a pdf from acrobat dc to dropbox on a mac
I have been using dropbox for years and have never had a problem exporting a pdf to it until I got Adobe Acrobat DC. Please tell me how to export to a dropbox file.
-
Email not readable since upgrading to Mountain Lion
Since upgrading to Mountain Lion, I am not able to read my email in the upgraded version of Mail. All my emails ON MY MAC are readable as normal, but my Inbox emails are there and I can read the single line information (From, Subject, Date Received,
-
I have a big crossbar mark over my FF4 icon after I've installed and replaced FF3. When I try to open the software, I get "You can't open the application "Firefox" because it is not supported on this architecture." What's up with that?
-
How to convert a pdf file with hand-written signature?
How to convert a pdf file with hand-written signature?
-
Microsoft accont not working properly
Am using Nokia Lumia 720. Since from last few days my Microsoft account does not sync...its shown as not up to date..because of that I have missed so many mails. And I couldn't use my office...n I have mobile network also.