Wildcard in grant

Similar Messages

• Using wildcards with DirectoryFile.ListFiles()

  Hi all,
  I need to be able to selectively grab a list of files from a directory, which
  then go on to get further processed. The selection criteria is that file names
  will conform to a certain template (eg. "file*.dat"). I located the method I
  need in the Framework.DirectoryFile object, called ListFiles()
  Here's the quandary: The ListFiles method allows two optional parameters,
  prefix and suffix, which it can use to filter the resultant array of files. The
  on-line help specifically states that wildcard usage is not permitted. However,
  in a test run I discovered two things: (1) the prefix and suffix parameters are
  severly restricting given that wildcards are not allowed, and (2) Wildcards are
  apparently permitted, anyway.
  To clarify, here are the results of my little test:
  ============================================================ ========= =====
  ListFiles(prefix=NIL, suffix=NIL) [ie. full contents of directory]
  Fred.txt
  Test1.txt
  Test2.dat
  Test2.txt
  ListFiles(prefix=NIL, suffix='txt')
  Fred.txt
  Test1.txt
  Test2.txt
  ListFiles(prefix='Test2', suffix=NIL)
  Test2.dat
  Test2.txt
  ListFiles(prefix='Test', suffix='txt') [Hoping to get 'Test*.txt']
  - nothing -
  ListFiles(prefix='Test*', suffix='txt') [Apparently not allowed]
  Test1.txt
  Test2.txt
  ============================================================ ========= =====
  This test was conducted on Windows NT and VMS, and I got the exact same results
  both times.
  Would anyone care to comment on why this wildcard feature apparently works
  fine, but is documented as not being allowed? I am hesitant to continue
  programming on the assumption that it IS allowed and DOES work, because in a
  future release it may in fact be crippled in order to satisfy the documented
  specification, and my cries of anguish will be greeted with the ever-comforting
  "We told you so".
  FYI, we are using Version 20H1, with plans to upgrade 30F2 REAL SOON.
  Ideas/comments anyone?
  Andrew Bird
  Horizon Technologies International

  This is a very old thread. If you have a question you should really start your own thread for it.
  In answer to your question...
  UTL_FILE_DIR parameter has been deprecated since 10g.
  You should no longer use the UTL_FILE_DIR parameter as it can leave security holes on your server, meaning people can access files and directories they shouldn't.
  Oracle has replaced the functionality with Oracle Directories.
  http://docs.oracle.com/cd/B19306_01/server.102/b14200/statements_5007.htm#SQLRF01207
  Example usage:
  As SYS user:
  CREATE OR REPLACE DIRECTORY mydir AS 'c:\myfiles';Note: This does not create the directory on the file system. You have to do that yourself and ensure that oracle has permission to read/write to that file system directory.
  Then, grant permission to the users who require access e.g....
  GRANT READ,WRITE ON DIRECTORY mydir TO myuser;Then your user (myuser in this example) will use that directory object inside your FOPEN statement e.g.
  fh := UTL_FILE.FOPEN('MYDIR', 'myfile.txt', 'r');Note: You MUST specify the directory object name in quotes and in UPPER case for this to work as it is a string that is referring to a database object name which will have been stored in uppercase by default.

• Wildcards in principal names

  I need to be able to use wildcards in some principal names in the policy file.
  I tried to solve it with the equal() method in my Principal class, but it does not work. Where is the principal names (values) in the policy file compared to the names of the principals of the same type in the subject?
  I see two possible solutions, but I would prefere another solution. What do you think? These are my solutions:
  1) Let my principal class implement com.sun.security.auth.PrincipalComparator in addition to java.security.Principal.
  2) Some how solve it with the implies() method in the Permission classes. (How?)
  Pleas help!

  The comparison is done inside the sun.security.provider.PolicyFile implementation (the default implementation of java.security.Policy).
  PolicyFile calls Principal.getClass().getName() along with Principal.getName(), and then compares those values to the class name and principal name listed in the policy file. Note that these are simply String comparisons (they are not done using Principal.equals).
  That means you are left with the following choices. You can implement PrincipalComparator, as you mentioned, or you can extend and replace the PolicyFile implementation.
  Alternatively, there is one obscure feature in PolicyFile that is not well documented. It supports a minimal amount of wildcarding. Specifically:
  grant Principal com.foo.Principal * {
  grant Principal * * {
  If the principal class is wildcarded, then the principal name must also be wildcarded (this is the second example above). Unfortunately this may not give you the level of wildcarding that you desire.
  If the permissions you want to grant are all custom permissions (you have control over the implementation), then it may be possible to design them in a way to achieve what you want. Look at javax.security.auth.PrivateCredentialPermission. That permission encapsulates principals inside of its target name. You would have to design your custom permission class to have a similar syntax, and then the implies method could perform the correct logic for principal name wildcarding.
  In this particular case, since the policy file grant statement does not contain principal information (see the example in the PrivateCredentialPermission javadocs), the String comparison that I described above does not occur. Instead, Permission.implies is called, and you have control over that behavior.
  Hope that helps.

• Discoverer 11g EUL command line error granting privileges

  I'm testing Discoverer 11g (Desktop and Administrator 11.1.3) in order to upgrade from 10g. On 10g we have some scripts that automate many things using EUL command line. The first difference I've found is than in 10g we used directly eulbuilder.jar, now in 11g this jar has moved to $ORACLE_HOME\discoverer\lib and you have to use eulapi.bat located on oracle home's bin directory.
  The second difference is that grant_privilege and revoke_privilege commands had stopped working, they do nothing. I've compared via database dumps what they do in 10g and basically they insert/delete some registers on EUL5_ACCESS_PRIVS and EUL5_EUL_USERS and grants/revoke access to EUL tables.
  10g commands working fine
  -- Revoke all access and privileges
  java -jar eulbuilder.jar -CONNECT E/E@ORCL -eul E -REVOKE_PRIVILEGE -PRIVILEGE all_user_privs -BUSINESS_AREA_ACCESS % -IDENTIFIER -WILDCARD -role <ROLE_NAME> -LOG LOG.LOG
  -- Grant user privileges
  java -jar eulbuilder.jar -CONNECT E/E@ZEUS -eul E -GRANT_PRIVILEGE -PRIVILEGE all_user_privs -IDENTIFIER -WILDCARD -role <ROLE_NAME> -LOG LOG.LOG
  -- Grant business area access privileges
  java -jar eulbuilder.jar -CONNECT E/E@ZEUS -eul E -GRANT_PRIVILEGE -BUSINESS_AREA_ACCESS % -IDENTIFIER -WILDCARD -role <ROLE_NAME> -LOG LOG.LOG
  11g commands doing nothing
  -- Revoke all access and privileges
  eulapi.bat -CONNECT E/E@ORCL -eul E -REVOKE_PRIVILEGE -PRIVILEGE all_user_privs -BUSINESS_AREA_ACCESS % -IDENTIFIER -WILDCARD -role <ROLE_NAME> -LOG LOG.LOG
  -- Grant user privileges
  eulapi.bat -CONNECT E/E@ZEUS -eul E -GRANT_PRIVILEGE -PRIVILEGE all_user_privs -IDENTIFIER -WILDCARD -role <ROLE_NAME> -LOG LOG.LOG
  -- Grant business area access privileges
  eulapi.bat -CONNECT E/E@ZEUS -eul E -GRANT_PRIVILEGE -BUSINESS_AREA_ACCESS % -IDENTIFIER -WILDCARD -role <ROLE_NAME> -LOG LOG.LOG
  Has anybody tried these commands? If so, they worked? I'm afraid this could be a bug, does anybody know how can I report it to Oracle?
  Thanks in advance

  Hi
  I haven't been able to try them and I am surprised to hear that they do not work.
  Assuming that the commands are unaltererd and I would be surprised if the syntax is changed, to report this as a bug you need to raise a service request using MyOracleSupport (formerly MetaLink).
  You basically raise it in the same way you are doing it it in here and ask Oracle if the commands you are provdiing are still valid and then ask them to report it to development if they find out that it is a bug and they can reproduce it. The trick here is getting support to reproduce your issue.
  If you hear anything further please let us know.
  Best wishes
  Michael

• Wildcards and java.io.FilePermission???

  I realize I can use a "-" or "*" at the end of my pathname. Can I use one in the middle?
  I have approximately 1,200 user webs that I'd like to enable for JSPs with Jakarta Tomcat. I'd like each user to have write access to a /webdata folder withing their web:
  permission java.io.FilePermission "d:\\Inetpub\\Wwwroot\\dev\\jtest\\students\\-\\webdata\\-", "read, write";
  The directory name between students and webdata will be different for each student. Howdo I handle a varying directory name in the middle of the path?
  Any suggestions?

  You realize that you can use wildcards with FilePermission.
  Did you really test it for let's say one user, like:
  grant codeBase "file:${catalina.home}/webapps/examples/-" {
  permission java.io.FilePermission "d:\\somepath\\-", "read, write";
  Because I never succeeded in using wildcard with FilePermission.
  Wildcards work well for PropertyPermission.
  Dany
  [email protected]

• Error while granting BPMOrganizationAdmin role to SOAOperator.

  Error Starting While starting SOA server. Please advise.
  <Mar 5, 2015 12:56:08 PM EST> <Error> <oracle.bpm.services.organization> <BEA-000000> <Exception
  exception.70692.type: error
  exception.70692.severity: 2
  exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
  exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
  exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present.
  ORABPEL-10513
  Cannot get application roles from application identified by "{0}".
  An error occurred while getting application roles from application identified by "soa-infra".
  The underlying APIs threw an exception. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
          at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:920)
          at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
          at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
          at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
          at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
          at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
          at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
          at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
          at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
          at $Proxy307.postDeployInit(Unknown Source)
          at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
          at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
          at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
          at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
  Caused By: ORABPEL-10510
  Application role not found.
  Application role "BPMOrganizationAdmin" could not be found for application identified by "soa-infra".
  Check if the application role exists in the repository associated with the application. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
          at oracle.tip.pc.services.identity.jps.JpsProvider$9.run(JpsProvider.java:2338)
          at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRoleEntry(JpsProvider.java:2333)
          at oracle.tip.pc.services.identity.jps.JpsProvider.access$000(JpsProvider.java:169)
          at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:917)
          at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
          at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
          at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
          at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
          at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
          at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
          at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
          at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
          at $Proxy307.postDeployInit(Unknown Source)
          at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
          at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
          at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
          at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
  >
  <Mar 5, 2015 12:56:08 PM EST> <Error> <oracle.bpm.common> <BEA-000000> <Exception
  BPM-70692
  Exception
  exception.70692.type: error
  exception.70692.severity: 2
  exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
  exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
  exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present.
          at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:324)
          at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
          at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
          at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:29)
          at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
          at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
          at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
          at $Proxy307.postDeployInit(Unknown Source)
          at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
          at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
          at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
          at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
  Caused By: ORABPEL-10513
  Cannot get application roles from application identified by "{0}".
  An error occurred while getting application roles from application identified by "soa-infra".
  The underlying APIs threw an exception. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
          at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:920)
          at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
          at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
          at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
          at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
          at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
          at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
          at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
          at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
          at $Proxy307.postDeployInit(Unknown Source)
          at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
          at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
          at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
          at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
  Caused By: ORABPEL-10510
  Application role not found.
  Application role "BPMOrganizationAdmin" could not be found for application identified by "soa-infra".
  Check if the application role exists in the repository associated with the application. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
          at oracle.tip.pc.services.identity.jps.JpsProvider$9.run(JpsProvider.java:2338)
          at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRoleEntry(JpsProvider.java:2333)
          at oracle.tip.pc.services.identity.jps.JpsProvider.access$000(JpsProvider.java:169)
          at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:917)
          at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
          at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
          at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
          at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
          at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
          at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
          at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
          at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
          at $Proxy307.postDeployInit(Unknown Source)
          at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
          at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
          at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
          at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
  >

  Hi user,
  Can you give us some information on the version you are using and your security setup? Are you using an external security provider? Because to me it sounds that you are using an external LDAP server.
  Antonis

• Replication of a BP in CRM as a FI Vendor in ECC for Grants Management

  Hi,
  We are implenting SAP CRM 7 with SAP ECC for Grants Management, integrated with FI AP (we're not using PSCD).
  For BP replication we followed the next steps, however something looks it is incorrect because my BDOC still shows errors:
  The middleware settings had been completed between the CRM and the ECC system.
  - Site, Suscription and replication from CRM to SAP ECC are in placed
     -The next replication object are activated:
      -All Business Partners (MESG)   (BUPA_MAIN)
      -All Busines Partner Relationships (MESG) (BUPA_REL)
      -All Business Transactions (MESG)
      -Grantor Program Management
  Also we implemented the next steps:
  1) Define the number ranges for BP groupings in CRM: This number range would be internal in CRM and External in ECC.
  CRM (IMG) -> Customer Relationship Management -> Cross-Application Components -> SAP Business Partner -> Basic Settings ->
  Number Ranges and Groupings
  2) Since the BP would be replicated as a BP in ECC we define the same number ranges in ECC too:
  ERP (IMG) -> Customer Relationship Management -> Cross-Application Components -> SAP Business Partner -> Basic Settings ->
  Define Groupings and Assign Number Ranges
  3) Activate the post-processing framework: (Business processes CVI_02 and CVI_04 in Component AP-MD)
  ERP (IMG) -> Cross-Application Components -> General Application Functions ->Postprocessing Office -> Business Processes->
  Activate Creation of Postprocessing Orders
  4) Activate PPO Requests for Platform Objects in the Dialog:
  ERP (IMG) -> Cross-Application Components -> Master Data Synchronization -> Synchronization Control -> Synchronization
  Control -> Activate PPO Requests for Platform Objects in the Dialog
  Edited by: Lyda Osorio on Oct 9, 2009 7:25 AM

  For CRM I had the following FM activated:
  BPOUT     BUPA     100000     CRM_BUPA_OUTB_RENTED_ADDRESS     X
  BPOUT     BUPA     200000     BUPA_MWX_BDOC_CREATE_MAIN     X
  BPOUT     BUPA     300000     CRM_BUPA_OUTB_MARKETING_ATTR     X
  BPOUT     BUPA     400000     VEND_MWX_CREATE_MAIN_BDOC     X
  BPOUT     BUPA     1000000     BUPA_OUTBOUND_MAIN     X
  BPOUT     BUPR     100000     BUPA_MWX_BDOC_CREATE_REL     X
  BPOUT     BUPX     1000000     MDS_BUPA_OUTBOUND     X
  CLEAR     BUPA     1000000     BUPA_OUTBOUND_CLEAR_FLAGS     X
  CRMIN     BUAG     100000     CRM_BUAG_MWX_PROCESS_EXT_STRUC     X
  CRMIN     BUPA     90100     CRM_BUPA_INBOUND_SET_BUAG_FLAG     X
  CRMIN     BUPA     1000000     BUPA_INBOUND_MAIN_CENTRAL     X
  CRMIN     BUPA     1100000     CRM_BUPA_INBOUND_MAIN_MD     X
  CRMIN     BUPA     1200000     CRM_BUPA_BDOC_MAP_MAIN     X
  CRMIN     BUPA     1400000     CRM_BUPA_KOREA_INBOUND_MAP     X
  CRMIN     BUPA     2000000     ABA_FSBP_INBOUND_MAIN     X
  CRMIN     BUPR     1000000     BUPA_INBOUND_REL_CENTRAL     X
  CRMIN     BUPR     1100000     CRM_BUPA_INBOUND_REL_MD     X
  CRMIN     BUPR     1200000     CRM_BUPA_BDOC_MAP_REL     X
  CRMOU     BUAG     100000     CRM_BUAG_MWX_FILL_EXT_FROM_MEM     X
  CRMOU     BUPA     1000000     BUPA_OUTBOUND_BPS_FILL_CENTRAL     X
  CRMOU     BUPA     1200000     CRM_BUPA_OUTB_BPS_FILL_MD     X
  CRMOU     BUPR     1000000     BUPA_OUTBOUND_BPR_FILL_CENTRAL     X
  CRMOU     BUPR     1200000     CRM_BUPA_OUTB_BPR_FILL_MD     X
  CRMOU     BUPR     1300000     CRM_BUPA_BDOC_BPR_FILL_DATA     X
  EXTR     BUAG     100000     CRM_BUAG_MAIN_GET_ID_LIST     X
  MERGE     BUPA     1000000     MERGE_BUPA_CENTRAL     X
  MERGE     BUPA     2000000     MERGE_BUPA_FINSERV     X
  MERGE     BUPR     1000000     MERGE_BUPR_CENTRAL     X
  PXYIN     BUPA     1000000     BUPA_INBOUND     X
  R3AOU     BUPA     100000     BUPA_MWX_BDOC_UP_CURRSTATE_SET     X
  XIIN     BUPA     1000000     ABA_BUPA_MAP_PROXY_TO_DDIC     X
  XIIN     BUPA     2000000     ABA_FSBP_MAP_PROXY_TO_DDIC     X
  XIIN     BUPA     2100000     ABA_FSBP_MAP_PROXY_TO_DDIC_1     X
  XIIN     BUPR     1000000     ABA_BUPR_MAP_PROXY_TO_DDIC     X
  XIOUT     BUPA     1000000     ABA_BUPA_MAP_DDIC_TO_PROXY     X
  XIOUT     BUPR     1000000     ABA_BUPR_MAP_DDIC_TO_PROXY     X

• Using wildcards (*) in sender file adapter - FTP type

  Hi guys!
  Dooes it work using wildcards in sender file adapter (FTP type(!) (filesystem obviously work))? I tried it and it failed. it works only for exact name..
  I read some articles about FTP and the result is, that ftp work always only with 1 file, so I'm wondering, if this is possible.
  Thanks for info!
  Olian

  Thanks for all replies..
  I know of course, that * can be used, I use it in many scenarios too. But on a FileSystem. It is not working if the sender type is FTP.
  *, ., *.dat, ...  nothing like that works..  Just exact file name.
  I am able to pick up file, if I specify it's exact name, so there should be no problem with permissions..
  Please, I'd appreciate one reply with comfirmation: yes, we are using asterisk (*) , we access source files via FTP and they are processed.
  Is there anybody with this experience, that it works?
  Thank you!
  Olian

• How to include wildcard in FTP adapter header variable?

  I have two partner links that use FTP adapters. The first one puts a file on the FTP server. It specifies a dynamic outbound file name based upon an input variable and the timestamp in the format "test_BATCHID_yyyyMMddHHmmss.csv" (e.g. test_1011_20050925153059.csv). This part works as expected.
  The second partner link is supposed to pick up a file on the same FTP server. This inbound filename will be based upon the outbound filename and another timestamp in a format such as "originalfilename.yyyyMMddHHmmss.txt" (e.g. test_1011_20050925153059.csv.20050926091541.txt). I have created a Transform action with a mapping to convert the outbound filename and assign it to the inbound header variable. It concatenates the outbound filename and ".*.txt" within the mapping. The inbound header shows up as test_1011_20050925153059.csv.*.txt in the audit, but the process hangs at the receive activity and the file never gets retrieved. Perhaps the asterisk is being interpreted literally?
  Does anyone know how to specify a wildcard character in an xpath expression in a way that it will be interpreted as a true wildcard? Or is there another way to tell the inbound adapter to look for a dynamic filename using wildcards?

  BPEL patch 1 supports performing a synchronous read using a BPEL invoke activity. The following forum post shows how to configure a read adapter manually.
  Re: Help! Three questions about FileAdapater.
  The subsequent patches of JDeveloper allow such an apdater to be configured automatically.
  ps: This adapter can be used to read a single file only i.e. you cannot use a wild character.

• Using wildcards in import statement

  I typically use wildcards in my import statements. For example:
  import javax.swing.*;
  Are there any advantages, though, in specifying exactly which classes I am importing?
  For example,
  import javax.swing.JPanel;
  import javax.swing.JLabel;
  import javax.swing.JEditorPane;
  import java.swing.JProgressBar;
  // etc.
  Specigically, is the resulting class file any smaller if I specify exactly which classes to use and does the Java runtime engine load faster if I specify exactly which classes I use in the import statemetents?
  Thanks,

  Import has precisely zero runtime impact. I believe it is used to help locate the specified class at runtime. Take the following 2 simple source files:
  import java.util.Vector;
  //import java.util.*;
  public class VectorTest
       public static void main( String[] args )
            Vector v = new Vector();
            v.add("Item 1");
            v.add("Item 2");
            System.out.println( v.get(1) );
  public class Vector
       public boolean add(Object o)
            return true;
       public Object get(int index)
            return "doh!";
  }1) Run the code as is and "Item 2" is displayed
  2) Recompile the code using the generic import and "doh!" is displayed.
  The point is that by fully qualifying the import statement you are sure you are executing the correct class and not just some class that happens to be lying around somewhere in your classpath.

• How to add item to a List with a bounded wildcard

  Hi,
  Is there a way to add a subtype instance to a List with a bounded wildcard? For example, say I have an
  abstract class called Car. Then I have 2 concrete subclasses--Ford and Toyota. Now say I have another
  class that contains a prepopulated list and is wildcard bounded like this: List<? extends Car> carList. I
  want to add a method where I pass in a Car subtype as a parameter and then add it into this list, e.g:
  public void addCar(Car car) {
  carList.add(car);
  Trying this, I keep getting "cannot find symbol" compilation errors. When I went back to read the Generics
  tutorial by Bracha, he mentions that explicitly adding a subtype, e.g. carList.add(new Ford()), can not be
  done. But here I'm adding the "upper bound" of the wildcard, i.e. the Car type. Therefore there should be no
  discrepancy between supertype and subtype an thus the carList.add(car) should be ok, IMO.
  Am I misunderstanding something with this logic? Also, if carList.add(car) can not be done, then how can
  I go about doing something similar which will allow me to add subtypes to a "generic" list?
  Thanks in advanced!
  -los

  I get a compilation error expecting an Object instead of a Car. Of course you did. List<? super Car> is a list into which you can put cars -- and possibly other stuff. List<? extends Car> is a list out of which you can get cars (possibly of different makes).
  Do you need a list that you can put cars in and get cars out? That's List<Car>
  This isn't a linguistic problem you are having; this is a design problem. If you have a function that takes an argument which is a list that you can put any kind of car into and be sure of getting a car out of, it isn't reasonable to pass in a List<Ford> (because the function might put in a Chevy) or a List<Object> (but there might be motorcycles already in there). By the requirements you have, you need a List<Car> and nothing else.
  Yes, you could use a cast, but all you are doing is circumventing the type system by saying "I know this List<Object> only has Cars in it."

• Is it possible to use wildcards to match cell contents in an if statement?

  I need to return a ID along with some other information on a page by page basis, so that the information comes out linked by position.  I use a couple of loops and if statements to navigate through the document.  I am able to use exact matches of cell contents which is fine when the contents doesn't vary.  But the IDs, though they have a similar pattern, are all different. In a menu driven search, I am able to find what I need with '150^9^9^9^9^9-^9^9^9' But when I try putting this (or any number of [0-9], *, ? combinations) it fails.  Is it possible to use wildcards?  The symbol used for the match (==) makes me suspect that it is not possible and that only literal, exact matches will work.  But I wanted to check with the experts before giving up.
  Thanks
  pcbaz

  Thanks for the input.  You're right, a GREP search is much more efficient.  But what I'm trying to do and the circumstances here don't allow me, I think,  to go that route. I am trying to generate a list of values coming from several textframes on a single page and have them come out so that I can tell which values belong together.
  I'm using an inherited document with masters that were created 'manually';  the index numbering for textframes and tables is random. I navigate through the pages, looping through textframe indices asking ' does this textframe exist?' If so, I ask if it is a table -- if no, it is a simple textframe and I ask about the ID, if yes, I ask if the contents of cell (0,0) (invariant position and contents) are equal to the table I want..  I am sending the ID and other pieces of information from the table to one row of a new table on a new page.  So the ID and other information from a single page are linked by being in the same row.
  I know this a little 'off-normal' -- I'm using the search to navigate through the document and find things by location the way you do with a spreadsheet.  I have devised a work-around that helps me get around the fact that the ID is not invariant.  I create a list of the (exact) IDs from another document, equating them to a variable ('a').  I then loop through the list of IDs and ask if the contents of the textframe is equal to 'a'..This works o.k, unless there happens to be an extra space, a different kind of hyphen, etc. It would be so much easier if I could use the wildcards that work in a menu-driven text or GREP search in script just to ask about the contents of the textframe.
  Thanks again
  pcbaz (Peter BIerly)
  P.S. we have since rewritten the masters so this problem will not exist in the future -- we now know exactly which textframe and/or table indices to refer to to get any particular bits of information and don't need to ask questions about the contents.

• Sql server grants access to specific login to database.

  i have created website for intranet and hosted it on server. for that i needed to create login "IIS APPPOOL\hi" in sql server 2008 for my application
  to access my "reportdb" database. "IIS APPPOOL\hi" has sysadmin and public server roles in sql server 2008. And i have default login"sa" same
  as "IIS APPPOOL\hi". these are working correctly. Now I want these two logins to access"reportdb" for all
  operations in database and remaining all logins should be denied to access"reportdb". My Sql Server 2008 is having mixed mode (windows authentication and Sql authentication). plz help me

  I think what Tauseef is requesting is to keep access for the 2 sysadmins & deny access to everyone else, correct?
  As Uri mentioned, by being part of sysadmin role, “IIS APPPOOL\hi” & “sa” would have access to everything in the server, and nobody else should have access to the DB unless explicitly being granted access.
  If you would really deny anyone else access to the database, you can potentially deny connect to public, and only sysadmins (who override permissions) would be able to connect; although I would strongly recommend against such practice.
  Something else I would like to recommend against is the usage of sysadmin for what may not be a DBA role (IIS appPool). Following the least-privilege principle, I would recommend having a non-administrator user for applications that has enough capabilities
  to perform the tasks needed.
  The main risk is that a SQL injection (SQLi) bug in your application would lead to a complete compromise of your SQL server.
  If there are app tasks that would require elevated permissions, I would recommend encapsulating the logic in a stored procedure and either use impersonation or digital signatures to accomplish a controlled elevation of privileges instead. If you have any
  question on this topic I will be glad to assist.
  I hope this information helps,
  -Raul Garcia
   SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• How can I grant Application access to a user via API ) programattically

  how do I grant access to a portal user from API
  I want to grant access to a user from an API, ie I need a
  command to grant "SCOTT" access to "EXAMPLE_APP" APPLICATION as
  an end user?

  Hi,
  I am assuming that you have already updated the EUL in the Administrator Edition, correct? If not, open Discoverer Administrator and login to the database you want to connect to. You must use your EUL user name which I assume has already been created and assigned the correct privileges in the database. You will be asked to update your EUL. Follow the prompts.
  Once logged into the EUL, go to Tools \ Privileges and find the user that you want to give administrator access to.
  Hopefully, this answers your question.
  Regards,
  Nancy

• Dynamic SQL and GRANT CREATE ANY TABLE

  hi gurus,
  i have a dynamic SQL in a procedure where a table will be created from an existing table without data.
  strSQL:='create table ' || strTemp || ' as select * from ' || strArc || ' where 1=2';
  execute immediate strSQL;
  without GRANT CREATE ANY TABLE for the user, *"ORA-01031: insufficient privileges"* error during execution.
  Is there a way to tackle this issue without providing GRANT CREATE ANY TABLE privilige?
  many thanks,
  Charles

  ravikumar.sv wrote:
  The problem is not because of dynamic sql...It probably has something to do with dynamic SQL or, more accurately, dynamic SQL within a stored procedure.
  From a SQL*Plus command prompt, you can create a table if your account has the CREATE TABLE privilege either granted directly to it or granted to a role that has been granted to your account. Most people probably have the CREATE TABLE privilege through a role (hopefully a custom "developer role" that has whatever privileges you grant to users that will own objects but potentially through the default RESOURCE role). That is not sufficient to create tables dynamically via a definer's rights stored procedure. Only privileges that are granted directly to the user, not those granted via a role, are visible in that case.
  I expect that the DBAs are granting the CREATE ANY TABLE privilege directly to the account in question rather than through whatever role(s) are being used which is why that appears to solve the problem.
  Justin