I am working on the roles and privs. I want to provide the privs on any object to any user through the roles. not a direct grant.I am having 150 users and 50 roles, I want to do this using the script is few strokes. for this I have tried to create a script but I am not able to make that.
For example There is 2 user scott and test
A. test is having select privs on scott.emp.
B. Test is having insert,delete,update privs on scott.emp;
c. DB is having 2 roles
scott_edit - insert,delete,update privs on tables
scott_read - select privs on tables
I want to revoke separate privs from test and want to given only scott_edit and scott_read (which(roles) is having all privs)
I am trying to create a script where a user can be granted all the roles that another user has. I created a script:
create user yyyyy identified by zzzz default tablespace ahspace temporary tablespace temp_data;
grant connect to yyyyy;
declare cursor grantpriv is select granted_role from dba_role_privs where grantee='xxxxx'; -- existing user cursor_name integer; statement varchar2(200); Begin cursor_name :=dbms_sql.open_cursor;
Actually I was performing "grant all on table_name to user_name;" to grant the privilege but 1 of my friends suggested "grant all on any table to user_name;"
Is it possible to grant a user a percentage amount of a specified tablespace ? for instance granting a user called userx 5% of USERS tablespace. How can I do that ?
Developers they use Toad and in that they want to use session browser option so that they can see the SQL running and open Cursor,other session specific details...So what grant/ permissions can be given to them so that the Schema they logged on can access those information.
There are over 100 objects like tables,procedures,packages,triggers in my database.I am looking for a script/sql which should list out synonyms and grant privs on it.
I have granted select privs on below tables to an exisiting user.grant select on WEB.ALMSTAT to nms...I would like to view the privs that i have granted to nms user?
*"In production, nms user will need the ability to read the following tables:*
I did an export using the following parfile (see below) I want to import all the objects associated with this schema into another DB but I want don't want to over-write any of the permissions such as grants.
Is there a way I can get the grants into a sql file before I do the import. If so, provide an example.
I'm not sure if this belong to this place. move it to the proper place.
I'm having an annoying problem: (I'm not sure if it is a problem) - In a package body I'm trying to delete/update/insert/select the contents of a table in other schema. - The respective synonym exists. - I had created a role with the respective privileges over the synonym. - I granted the role to the package's owner. - I try to compile the package, but it keeps returning compilation errors. (Not table found) - In standard SQL, I can delete/insert/update/select over the table. - The only way to compile the package, without errors, is to grant the privileges directly to the package's owner.
I am using Oracle9i Enterprise Edition Release 9.2.0.6.0 - 64bit Production.I have a table D_GEOGRAPHY_25729 in RDS schema and I have created a role ACC_D_TABLES logging as ADMIN.
Now I have given GRANT SELECT access for table D_GEOGRAPHY_25729 to role ACC_D_TABLES.
There is another schema TRANS in the same database which has the role ACC_D_TABLES. But after logging in this schema, I am not able to query directly from table D_GEOGRAPHY_25729. I need to use like below to access the table.
select * from RDS.D_GEOGRAPHY_25729 Having the correct role ACC_D_TABLES to TRANS schema, why should I use RDS.D_GEOGRAPHY_25729 ? Is it not possible without prefixing the RDS schema name?
It is possible when I create a public synonym for D_GEOGRAPHY_25729 in RDS schema, but if i do so everyone can access this table.
i want to get user (dba roles in combo box runt time).i have write down this code in when new form instance.
declare rg_id recordgroup := find_group('RG') ; ln_error number ; begin if not id_null(rg_id) then ln_error := populate_group(rg_id) ; if ln_error = 0 then populate_list('BLOCK3.T' , rg_id) ; else message('Error in Populating Group') ; end if ; end if ; end ;
attached file.when i run it gives the follwoing error. frm-41334-invalid record group.
record group query is: SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE='MTSYS'
I read that few privilegs can not be granted to roles like 'UNLIMITED TABLESPACE ' and they need to granted to user directly.
1. Is there any reason behind that few privileges cant be granted to roles or is it just oracle design. 2. what kind of privileges cant be assigned to roles.
I want to import schema1 from sourcedb to targetdb. For this I need to generate create sripts and grant scripts for roles related to schema. For example schema1 has role1; rol1 has rol2; rol2 has rol3 and some system privileges and object privileges. How can I generate this script from sourcedb?
When I try to drop the roles in dbartisan tool, I get an error saying "Drop DDL for **_***********_ROLE has not been generated because it is a system object", but if i go to sql prompt and say "drop role rolename", it is working. How do I remove the role in dbartisan itself?
But what I noticed is that user HIEL has a connect role but YONC does not. (Result set is below) Have searched for information but did not find what I was looking for. I did read something about backward compatibility.I'm leaning towards that thought since the other user YONC does not have this role.
Database: 11g R1
SQL> select * from dba_role_privs where grantee in ('YONC', 'HIEL') order by grantee; GRANTEE GRANTED_ROLE ADM DEF --------------------------- --------------------------- --- --- YONC WCAIMS_INQUIRY NO YES YONC ENDUSER NO YES HIEL WCAIMS_CSR_ADDR NO YES
I am looking for a query which can select all existing Oracle predefined users and roles from db.I need it because one of my other scripts needs to know a given user name or role is a customised one or a system one.It looks like sys.user$ does not have any column that can be used to distinguish predefined users/roles.
I could find all the list of Oracle predefined users and roles by googling and hardcoded them in a query. I can also collect all the customised users and roles as well. However, I prefer a query which can automatically reports that and minimise the maintenance cost as new names and roles, either Oracle predefined or customised, may come out at anytime.
I have got single sign on working via the built in LDAP Directory authentication in APEX. But at the moment this is letting everyone who is within AD log inHow can I assign role permissions to each logged in user so some users have an admin role and see certain parts of the application / pages / navigation items while editors and readers have different permissions
And also to restrict access to certain pages within the application
Lost Windows password? Forgot Windows password? Your PC was hacked? Therefore, it is a basic step for every Windows users to enhance the security of Windows password. In the networks, it is found that a number of user's passwords are easy to guess. Only the smallest groups are the most security conscious and select passwords that are mixed lowercase and uppercase letters, numbers and punctuation to create cryptic passwords. Adopting strong password is one of the most effective ways to ensure system security. Here are several methods for you to enhance the security of your passwords in Windows 7/2000/XP/Vista and so on. You'd better remember the methods below unless you want to reset Windows password from time to time.
1. Is random password a great password?
A common myth is that totally random passwords like Ht3&e#L%5d@$B are the best passwords. This is not true. While they may be strong passwords, they are usually difficult to remember, slow to type, and sometimes vulnerable to attacks against the password generating algorithm. It is easy to create passwords that are strong but much easier to remember by using a few simple techniques. For example, consider the password "Luck-73@Better?". This password utilizes uppercase and lowercase letters, two numbers, and three symbols. The password is 15 characters long and can be memorized with very little effort. Moreover, this password can be typed very fast. The portion"Luck" and "Better" alternate between left and right-handed keys on the keyboard, improving speed, decreasing typos, and decreasing the chances of someone being able to discover your password by watching you.
2. Create the long Windows password
Although a password may eventually be discovered through some means, it is possible to create a password that cannot be cracked in any reasonable time. If a password is long enough, it will take so long or require so much processing power to crack it. That is essentially the same as being unbreakable (at least for most hackers).
3. Create the Windows password constantly?
This may be good advice for some high-risk passwords, but it is not the best policy for every user. It is frustrating for a user to have to constantly think of and remember new passwords every 30 days. It may be better to focus on stronger passwords and better user awareness rather than limiting password age. A more realistic time for the common user may be 90-120 days.
4. Write down Windows password in a proper place
Sometimes it is necessary for some users losing and forgetting complex passwords easily to write down them somewhere proper. However, it is important to educate users on how to write down passwords properly. Obviously, a sticky note on the monitor is not a good idea, but storing passwords in a safe or even a locked cabinet may be sufficient.
5. 14 characters is the optimal password length
Each character that you add to your password increases the protection. Your passwords should be 8 or more characters in length; 14 characters or longer is the Optimal Password Length. Many systems also support use of the space bar in passwords, so you can create a phrase made of many words. It is not easier to forget and lose, as well as longer than a simple password, and harder to guess.
6. Try not to use the same Windows password for all accounts
Some users always make the same passwords for every account to make it easy to remember. In that case, when any one of them lost, your other information protected by that password will be in danger as well. It is serious to use different passwords for different systems and accounts.
7. Do not use some common words that other users maybe guess
Most of users prefer to use some common words to remember easily, for example, login name, birth date, driver's license, passport number, pets' name and other words contained their personal information someone knows. In that case, your Windows system will not be safe anymore. Moreover, do remember not to use some words spelled backwards, abbreviations, sequences or repeated characters and adjacent letters, such as, asdfgh, 123456, 888888, abcdef and so on.
You can smoothly use your Windows now because the strong and powerful Windows password is created successfully, Certainly, I believe that many users lost Windows password and forgot Windows password, then you need have to reset Windows password or recover Windows password. It is a big problem for plenty of Windows users that how to reset Windows password. how to recover Windows password and they are puzzled by resetting windows password, for instance, reset Windows 7 password, recover password Windows XP, remove Windows Vista password and other operating systems after they create the password with complex letters, numbers and symbols. However, it is unnecessary to worry and it is said that things will eventually sort themselves out. There are many ways to reset forgotten Windows password, including use windows password reset disk and windows password reset software, like Super Windows Password Reset, a professional windows password reset software which could enable you to logon to Windows smoothly without reinstalling system.
In Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:
1. How to determine 'x' days of inactivity based on "last login date"?
2. How to determine when a new user logs in for the first time and force them to change their password?
3. If we need to reset a users password, how can we require the user to change their password?
4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?
5. In the USER_USERS view there is a status column. What the different status's can be?
