When i try to grant role to user , i get following error.
SQL>
SQL> GRANT MAINTAIN_TEO TO CEE_WIRELINE;
GRANT MAINTAIN_TEO TO CEE_WIRELINE
*
ERROR at line 1:
ORA-01932: ADMIN option not granted for role 'MAINTAIN_TEO'
SQL>
A Package cannot query a table that the package owner has permission to query via a role specifically:
There are schema_1 and schema_2
schema_1 owns package_1
schema_1 has select, update, insert on schema_2 via role_1
schema_1 CAN query schema_2
package_1 cannot access schema_2
(288/22 PL/SQL: ORA-00942: table or view does not exist)
How can this be resolved?
Is there any Role where 'exp_full_database' role is contained in it? or it is compulsory to grant to the user for exporting objects.,
View 2 Replies View RelatedI have created and role in my database and assign privileges as per following query.
Select 'Grant select on'||' user.'||object_name||' '||'to MyRole ;' from all_objects
where object_type in ('TABLE','VIEW')
and owner='username';
After granting role to new user everything work fine.I want to know a way to sync role with any newly created object.
Should I create a job that may execute above sql store results in a file and then execute to ensure all privileges are up to date for role or there any other optimal way exist ?
I want to change the DEFAULT_ROLE column to NO for following user 'P10_DEMO'.
SQL> show user
USER is "BALA"
SQL>
SQL>
SQL> select name from v$database;
[code]...
how to do this ?
Direct me on step by step to create secure menu based on roles.
View 2 Replies View RelatedI have successfully set up a (test) environment for single-instance Grid Infrastructure and Oracle database using job role separation. So I have the recommended grid and oracle users, and the oinstall, dba, oper, asmadmin, asmdba and asmoper groups. I have the following directory structure for my Oracle Bases and Oracle Homes:
/u01/app/11.2.0/grid - GI home
/u01/app/grid - GI base
/u01/app/oracle - DB base
/u01/app/oracle/product/11.2.0/db_1 - DB home
Platform is OEL5, 11.2.0.1 GI and DB.
This all works fine.
What I now want to do (since what I'm trying to do is make this environment as secure as practical) is set up an additional sysoper operating system account, so that that user can connect to carry out sysoper tasks, amongst other things stopping and starting the instance.
So (as the oracle user) I do the following:
$ sqlplus / as sysdba
SQL> create user test identified by passwrod;
SQL> grant sysoper to test;
SQL> exit
As root I do the following:
$ useradd -g oper testoper
$ su - testoper
Now as testoper:
$ sqlplus 'test/password as sysoper'
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
[code].........
As you can see, shutdown works, but startup doesn't. I have registered an SR with Oracle on this, but they're not being useful. The suggestion was that I should give testoper the to install secondary group. But this is not a secure solution as this now gives testoper privileges to do things in OB / OH that it really shouldn't be able to do. No other suggestions have been forthcoming. The reason for the suggestion however is the ownership / permissions on the Grid OH oracle executable:
[root@db03 ~]# ls -la /u01/app/11.2.0/grid/bin/oracle
-rwsr-s--x 1 grid oinstall 184286237 Aug 22 11:15 /u01/app/11.2.0/grid/bin/oracle
As you can see, it has group oinstall, so you can see why giving the user oinstall group would work. But in my view this is not satisfactory.
One thing that occurred to me is that in this environment I should arguably in fact be using srvctl to stop / start instances. But that means setting up a user with asmoper role (presumably) rather than oper. That user would then (again presumable) be able to stop and start other GI resources, which is not what I want.
I switch to Oracle11g express and create user
CREATE USER LEO
IDENTIFIED BY xy
DEFAULT TABLESPACE USERS
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
[code]...
and after login i check
select * from SESSION_ROLES
and i have none role if I set role all works fine. Why I doesn't have DEFAULT ROLE after login.
But what I noticed is that user HIEL has a connect role but YONC does not. (Result set is below) Have searched for information but did not find what I was looking for. I did read something about backward compatibility.I'm leaning towards that thought since the other user YONC does not have this role.
Database: 11g R1
SQL> select * from dba_role_privs where grantee in ('YONC', 'HIEL') order by grantee;
GRANTEE GRANTED_ROLE ADM DEF
--------------------------- --------------------------- --- ---
YONC WCAIMS_INQUIRY NO YES
YONC ENDUSER NO YES
HIEL WCAIMS_CSR_ADDR NO YES
[code].........
i have user with the name 'Rob' and this user has been assigned a role 'MY_SRC_ROLE' . I developed a table under rob schema and granted access to this table via role GRANT DELETE, INSERT, SELECT, UPDATE ON rob.emp TO MY_ SRC_ ROLE; I have 100 more users & they have been granted this role 'MY_SRC_ROLE'. These 100 users can now access emp table via Role 'MY_SRC_ROLE' without any issues. Now i took a datapump export & performed datapump import on target server which is also HP Unix with 11.20.3 .
On target server i have user 'JACK' and a role called 'MY_WORK_ROLE'. 5000 users have been granted 'MY_ WORK_ ROLE' on this server. I have used remap tablespace clause & remap schema clause in datapump import script. Once i performed an import , due to schema remap , i can see JACK now owns table 'emp', however grants are still not there, I tried searching on Google & oracle documentation, if somehow we can remap ROLE GRANTS also while doing datapump imp, but i couldn't find supporting syntax. can i assume datapump import is not capable to handle this particular scenario ? I was able to do it by manipulating sqlfile and replacing role name in that but i am looking for a sol. within datapump itself. how can grants assigned to ROLE 'X' be transferred to 'Role Y' via datapump import.
I have written a windows service which grants and revokes based on request. How to trace in oracle data dictionary if those privilages were granted and at what time to whom and by whom. I mean is there any table which can be queried for past privilages granted to users.
View 2 Replies View RelatedI have been granting "ALTER ANY MATERIALIZED VIEW" to a role but not able to see the same granted in DBA_SYS_PRIVS.
I have used the image for the first time, so pasting the sql prompt output as well:
SQL> select * from v$version where banner like 'Oracle%';
BANNER
----------------------------------------------------------------
Oracle9i Enterprise Edition Release 9.2.0.5.0 - 64bit Production
SQL> grant ALTER ANY MATERIALIZED VIEW to OPS_1ST_LINE;
Grant succeeded.
SQL> select * from dba_sys_privs where grantee = 'OPS_1ST_LINE';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
OPS_1ST_LINE CREATE SESSION NO
OPS_1ST_LINE ALTER ANY SNAPSHOT NO
SQL> commit;
Commit complete.
SQL> select * from dba_sys_privs where grantee = 'OPS_1ST_LINE';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
OPS_1ST_LINE CREATE SESSION NO
OPS_1ST_LINE ALTER ANY SNAPSHOT NO
SQL> SELECT * FROM DBA_SYS_PRIVS WHERE PRIVILEGE = 'ALTER ANY MATERIALIZED VIEW';
no rows selected..why is this grant not been shown. Is "ALTER ANY MATERIALIZED VIEW" not present for Oracle 9i database.
is there a way to create a role just like DBA role?
View 6 Replies View Relatedi want to log-in my local machine database as a system administrator , but it is giving an error:
C:Windowssystem32>sqlplus /@myprodb as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Feb 6 19:18:15 2013
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR: ORA-01031: insufficient privileges
Enter user-name:
C:Windowssystem32>sqlplus /@myprodb as sysoper
SQL*Plus: Release 11.2.0.1.0 Production on Wed Feb 6 19:19:28 2013
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR: ORA-01031: insufficient privileges
Enter user-name:
but
C:Windowssystem32>sqlplus sys@myprodb as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Feb 6 19:20:45 2013
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
and i have run cmd as administrator
I am studying a way to block the access from the root(UNIX) or admin(WIN) users to the database.
Are there some way to block the access by the superusers?
Having an issue with logging into URL.... Just went through the install for APEX 4.2 for
Oracle 11.2.0.1 on Linux 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux.
Installed Apex with Embedded PL/SQL Gateway.Explicitly followed all the online instructions step-by-step, installation was success and config for EPG had no issues. Changed the ADMIN pw as instructed. Checked that EPG is running on port 8080. Ran this script to grant connect:
DECLARE ACL_PATH VARCHAR2(4000);BEGIN -- Look for the ACL currently assigned to '*' and give APEX_040200 -- the "connect" privilege if APEX_040200 does not have the privilege yet. SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;[code]....
that lets power users to connect to everywhere',
'APEX_040200', TRUE, 'connect'); DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');END;/COMMIT;
When I go to log in it says "Invalid Login Credentials". I tried changing the admin pw several times but keep getting the same message.
I have installed oracle 11g and configured Apex application on it. I am able to open the Admin window from my machine . URL.... and everything works fine. But when I try to open the link from other machine I get "Server not found" error.
I read the posts it says to enable Http for other servers . I dont find the way to do it .
My configuration is GlassFish 4 (the same thing with Glass Fish 3.2) + win7 + Apex Listener 2.2 (the same thing with Apex Listener 2.1) + Apex 4.2.2 I get blank page when trying to connect to APEX. But after loggin into GlassFish admin page (exactly login with username+password; just open admin page is not enough) in another browser tab I get proper Apex page with all images.
View 1 Replies View RelatedI have installed oracle several times in the past. This time I installed 11gr2 first time. I created default database during install and provided an admin password. Only thing I forgot to do was did not unlock the accounts using Password management button.
When I tried to login as SYS the admin password works fine but as SYSTEM admin password does not work. Used to be able to login as SYS, SYTEM with same admin password.
Now in SQLPLUS I unlocked the account but still can not change the password.
We have 2 apex schemas
APEX_030000
APEX_040200
Before executing the apxchpwd.sql, found the "alter session command" sets schema to APEX_030000. So we changed that to APEX_040200. Then we executed the sql script. It executed fine.
But now when we try to login to apex, and pressing enter after providing the username/pwd, it raises the following exception
Error Error in PLSQL code raised during plug-in processing.
ORA-06508: PL/SQL: could not find program unit being called
I created a script to make my admin server a windows service. I successfully made it a service but when it starts it then shuts itself down. i ran a debug and found a error. I dont get what to do. I have tried changing the variables in the script and try it over and over again .....here is my script code and here is the error i got from debug output:
script
SETLOCAL
set DOMAIN_NAME=FRClassicDomain
set USERDOMAIN_HOME=C:/Oracle/Middleware/user_projects/domains/FRClassicDomain
set SERVER_NAME=FRweblogic
[Code]....
I'm trying to connect to the Apex website using SYSTEM or SYS. What is the workspace for system?
I logged into SQL command line and created this user using this line then grant dba to it
CREATE USER USER_HP_FULL IDENTIFIED BY w ACCOUNT UNLOCK DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" PROFILE "DEFAULT";
Now, I know the username and password but I don't know the workspace. I want to log into the oracle application express website.
I've installed XE and I want to know what accounts are active. If I log in to SQL*Plus as sys as SYSDBA how can I display a list of all user and admin accounts? I want to know who can log in.
View 3 Replies View RelatedWe are unable to connect our admin account for some unknown reason. We keep receiving the following message "Invalid Login Credentials". We tried to change the admin credentials with sqlplus. We tried the usual procedure "apxchpwd" successfully, but we still cannot log in.We then tried to create a new admin2 account with the following pl/sql block.
SQL> connect APEX_030200 as sysdba
Enter password:
Connected.
[code]....
We cannot connect with either admin & admin2.
DB 10.2.0.4
After running shut abort it is giving below error while trying to connect sqlplus.
ORA-28547: connection to server failed, probable Oracle Net admin error
Im trying to install Weblogic/Forms on a Windows 7 x86 machine. Its for the developers to use.But when I run the config.bat and is creating the domain and installing Forms builder and the other stuff the installation hangs at: step restaring admin server started.
Log:
Stopping Derby Server...
Starting AdminServer
Starting the domain ...
DEBUG : Loading the 32 bit dll here
DEBUG : Loading DLL : D:/oracle/middleware/as_1/install/config/StartUtil.dll
DEBUG : Loaded DLL : D:/oracle/middleware/as_1/install/config/StartUtil.dll
I installed and configures APEX in standalone mode about 2 weeks ago and played with it for short time. Now after 2 weeks I came back to start where I left off but APex_admin page would not come up.
I did following tasks as were found on Installed Apex on Oracle 11g. But cannot access admin screen
SQL> SELECT STATUS FROM DBA_REGISTRY
2 WHERE COMP_ID = 'APEX';
STATUS
-----------
VALID
SQL> conn sys as sysdba
Enter password:
[code]...
warning me that XDB requires username password to be sent through insecure manner (Basic authetication without a secure connection
Any documentation supporting Oracle 11G and Advanced Security stating encryption at rest is FIPS 140-2 compliant?
View 3 Replies View RelatedLost Windows password? Forgot Windows password? Your PC was hacked? Therefore, it is a basic step for every Windows users to enhance the security of Windows password. In the networks, it is found that a number of user's passwords are easy to guess. Only the smallest groups are the most security conscious and select passwords that are mixed lowercase and uppercase letters, numbers and punctuation to create cryptic passwords. Adopting strong password is one of the most effective ways to ensure system security. Here are several methods for you to enhance the security of your passwords in Windows 7/2000/XP/Vista and so on. You'd better remember the methods below unless you want to reset Windows password from time to time.
1. Is random password a great password?
A common myth is that totally random passwords like Ht3&e#L%5d@$B are the best passwords. This is not true. While they may be strong passwords, they are usually difficult to remember, slow to type, and sometimes vulnerable to attacks against the password generating algorithm. It is easy to create passwords that are strong but much easier to remember by using a few simple techniques. For example, consider the password "Luck-73@Better?". This password utilizes uppercase and lowercase letters, two numbers, and three symbols. The password is 15 characters long and can be memorized with very little effort. Moreover, this password can be typed very fast. The portion"Luck" and "Better" alternate between left and right-handed keys on the keyboard, improving speed, decreasing typos, and decreasing the chances of someone being able to discover your password by watching you.
2. Create the long Windows password
Although a password may eventually be discovered through some means, it is possible to create a password that cannot be cracked in any reasonable time. If a password is long enough, it will take so long or require so much processing power to crack it. That is essentially the same as being unbreakable (at least for most hackers).
3. Create the Windows password constantly?
This may be good advice for some high-risk passwords, but it is not the best policy for every user. It is frustrating for a user to have to constantly think of and remember new passwords every 30 days. It may be better to focus on stronger passwords and better user awareness rather than limiting password age. A more realistic time for the common user may be 90-120 days.
4. Write down Windows password in a proper place
Sometimes it is necessary for some users losing and forgetting complex passwords easily to write down them somewhere proper. However, it is important to educate users on how to write down passwords properly. Obviously, a sticky note on the monitor is not a good idea, but storing passwords in a safe or even a locked cabinet may be sufficient.
5. 14 characters is the optimal password length
Each character that you add to your password increases the protection. Your passwords should be 8 or more characters in length; 14 characters or longer is the Optimal Password Length. Many systems also support use of the space bar in passwords, so you can create a phrase made of many words. It is not easier to forget and lose, as well as longer than a simple password, and harder to guess.
6. Try not to use the same Windows password for all accounts
Some users always make the same passwords for every account to make it easy to remember. In that case, when any one of them lost, your other information protected by that password will be in danger as well. It is serious to use different passwords for different systems and accounts.
7. Do not use some common words that other users maybe guess
Most of users prefer to use some common words to remember easily, for example, login name, birth date, driver's license, passport number, pets' name and other words contained their personal information someone knows. In that case, your Windows system will not be safe anymore. Moreover, do remember not to use some words spelled backwards, abbreviations, sequences or repeated characters and adjacent letters, such as, asdfgh, 123456, 888888, abcdef and so on.
You can smoothly use your Windows now because the strong and powerful Windows password is created successfully, Certainly, I believe that many users lost Windows password and forgot Windows password, then you need have to reset Windows password or recover Windows password. It is a big problem for plenty of Windows users that how to reset Windows password. how to recover Windows password and they are puzzled by resetting windows password, for instance, reset Windows 7 password, recover password Windows XP, remove Windows Vista password and other operating systems after they create the password with complex letters, numbers and symbols. However, it is unnecessary to worry and it is said that things will eventually sort themselves out. There are many ways to reset forgotten Windows password, including use windows password reset disk and windows password reset software, like Super Windows Password Reset, a professional windows password reset software which could enable you to logon to Windows smoothly without reinstalling system.
In Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:
1. How to determine 'x' days of inactivity based on "last login date"?
2. How to determine when a new user logs in for the first time and force them to change their password?
3. If we need to reset a users password, how can we require the user to change their password?
4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?
5. In the USER_USERS view there is a status column. What the different status's can be?