I have created and role in my database and assign privileges as per following query.
Select 'Grant select on'||' user.'||object_name||' '||'to MyRole ;' from all_objects
where object_type in ('TABLE','VIEW')
and owner='username';
After granting role to new user everything work fine.I want to know a way to sync role with any newly created object.
Should I create a job that may execute above sql store results in a file and then execute to ensure all privileges are up to date for role or there any other optimal way exist ?
When i try to grant role to user , i get following error.
SQL> SQL> GRANT MAINTAIN_TEO TO CEE_WIRELINE; GRANT MAINTAIN_TEO TO CEE_WIRELINE * ERROR at line 1: ORA-01932: ADMIN option not granted for role 'MAINTAIN_TEO' SQL>
I have successfully set up a (test) environment for single-instance Grid Infrastructure and Oracle database using job role separation. So I have the recommended grid and oracle users, and the oinstall, dba, oper, asmadmin, asmdba and asmoper groups. I have the following directory structure for my Oracle Bases and Oracle Homes:
/u01/app/11.2.0/grid - GI home /u01/app/grid - GI base /u01/app/oracle - DB base /u01/app/oracle/product/11.2.0/db_1 - DB home
Platform is OEL5, 11.2.0.1 GI and DB.
This all works fine.
What I now want to do (since what I'm trying to do is make this environment as secure as practical) is set up an additional sysoper operating system account, so that that user can connect to carry out sysoper tasks, amongst other things stopping and starting the instance.
So (as the oracle user) I do the following:
$ sqlplus / as sysdba SQL> create user test identified by passwrod; SQL> grant sysoper to test; SQL> exit
As you can see, shutdown works, but startup doesn't. I have registered an SR with Oracle on this, but they're not being useful. The suggestion was that I should give testoper the to install secondary group. But this is not a secure solution as this now gives testoper privileges to do things in OB / OH that it really shouldn't be able to do. No other suggestions have been forthcoming. The reason for the suggestion however is the ownership / permissions on the Grid OH oracle executable:
[root@db03 ~]# ls -la /u01/app/11.2.0/grid/bin/oracle -rwsr-s--x 1 grid oinstall 184286237 Aug 22 11:15 /u01/app/11.2.0/grid/bin/oracle
As you can see, it has group oinstall, so you can see why giving the user oinstall group would work. But in my view this is not satisfactory.
One thing that occurred to me is that in this environment I should arguably in fact be using srvctl to stop / start instances. But that means setting up a user with asmoper role (presumably) rather than oper. That user would then (again presumable) be able to stop and start other GI resources, which is not what I want.
But what I noticed is that user HIEL has a connect role but YONC does not. (Result set is below) Have searched for information but did not find what I was looking for. I did read something about backward compatibility.I'm leaning towards that thought since the other user YONC does not have this role.
Database: 11g R1
SQL> select * from dba_role_privs where grantee in ('YONC', 'HIEL') order by grantee; GRANTEE GRANTED_ROLE ADM DEF --------------------------- --------------------------- --- --- YONC WCAIMS_INQUIRY NO YES YONC ENDUSER NO YES HIEL WCAIMS_CSR_ADDR NO YES
i have user with the name 'Rob' and this user has been assigned a role 'MY_SRC_ROLE' . I developed a table under rob schema and granted access to this table via role GRANT DELETE, INSERT, SELECT, UPDATE ON rob.emp TO MY_ SRC_ ROLE; I have 100 more users & they have been granted this role 'MY_SRC_ROLE'. These 100 users can now access emp table via Role 'MY_SRC_ROLE' without any issues. Now i took a datapump export & performed datapump import on target server which is also HP Unix with 11.20.3 .
On target server i have user 'JACK' and a role called 'MY_WORK_ROLE'. 5000 users have been granted 'MY_ WORK_ ROLE' on this server. I have used remap tablespace clause & remap schema clause in datapump import script. Once i performed an import , due to schema remap , i can see JACK now owns table 'emp', however grants are still not there, I tried searching on Google & oracle documentation, if somehow we can remap ROLE GRANTS also while doing datapump imp, but i couldn't find supporting syntax. can i assume datapump import is not capable to handle this particular scenario ? I was able to do it by manipulating sqlfile and replacing role name in that but i am looking for a sol. within datapump itself. how can grants assigned to ROLE 'X' be transferred to 'Role Y' via datapump import.
wanted to grant dbms_scheduler permission to the system user in oracle 11.2.0.3,but it is showing insufficient privileges, but my System has Sysdba rights.
SQL> SELECT * FROM v$pwfile_users WHERE sysdba='TRUE'; USERNAME SYSDB SYSOP SYSAS ------------------------------ ----- ----- ----- SYS TRUE TRUE FALSE
[code]....
Revoke succeeded.
SQL> conn system Enter password: Connected.
[code]...
while i ran this query " SQL> select * from session_privs;"
for system user i have 202 rows of different privileges,but the same query for sysdba has 208 rows...
un-documented parameter _trace_files_public / I want to set this to true so my app team can review trace files. better way to proceed to open read permissions for non oracle users.
I've noticed that the backup files produced by RMAN (Database is 11.2.0.2.0 Enterprise Edition) )on a RHEL5.5. server which is running ASM have group permissions assigned to ASMADMIN (so the file permissions are assigned to ORACLE:ASMADMIN) as opposed to OINSTALL or any other group.
While this is not an issue (it's not currently impacting us in any way) I'm curious as to how and why this happens. I suspect it is related to the fact that the oracle executable has these permissions also but I can't find any material to confirm my suspicion.
i am using datapump to import database from 10g to 11g . all the tables and users everything got transferred but some grant permissions (create session) on users ,not importing to 11g. but same process imports grant if if do datapump to another 10g db .
I have an automated process which runs on an Oracle 8i database server as user abc.This process creates views/tables in other schemas, on the same database server, which point to objects owned by the abc user.
The issue I'm getting is that when I try to execute GRANT SELECT ON xyz.view123 TO PUBLIC as the abc user, I get an insufficient privileges.I should add that the abc user created the xyz.view123 table/view.
What grants/priviliges or whatever do I have to do to the abc schema?
This shows user=1 has permission on Account=4 , user=2 does not have access priviledge on Account_id=5.Now my requirement is to write a SQL query such that If user has permissions on a given leaf node then all the parent / grand parent nodes should also be returned. Eg: SELECT * FROM (.......) where USER_ID=2;
Lost Windows password? Forgot Windows password? Your PC was hacked? Therefore, it is a basic step for every Windows users to enhance the security of Windows password. In the networks, it is found that a number of user's passwords are easy to guess. Only the smallest groups are the most security conscious and select passwords that are mixed lowercase and uppercase letters, numbers and punctuation to create cryptic passwords. Adopting strong password is one of the most effective ways to ensure system security. Here are several methods for you to enhance the security of your passwords in Windows 7/2000/XP/Vista and so on. You'd better remember the methods below unless you want to reset Windows password from time to time.
1. Is random password a great password?
A common myth is that totally random passwords like Ht3&e#L%5d@$B are the best passwords. This is not true. While they may be strong passwords, they are usually difficult to remember, slow to type, and sometimes vulnerable to attacks against the password generating algorithm. It is easy to create passwords that are strong but much easier to remember by using a few simple techniques. For example, consider the password "Luck-73@Better?". This password utilizes uppercase and lowercase letters, two numbers, and three symbols. The password is 15 characters long and can be memorized with very little effort. Moreover, this password can be typed very fast. The portion"Luck" and "Better" alternate between left and right-handed keys on the keyboard, improving speed, decreasing typos, and decreasing the chances of someone being able to discover your password by watching you.
2. Create the long Windows password
Although a password may eventually be discovered through some means, it is possible to create a password that cannot be cracked in any reasonable time. If a password is long enough, it will take so long or require so much processing power to crack it. That is essentially the same as being unbreakable (at least for most hackers).
3. Create the Windows password constantly?
This may be good advice for some high-risk passwords, but it is not the best policy for every user. It is frustrating for a user to have to constantly think of and remember new passwords every 30 days. It may be better to focus on stronger passwords and better user awareness rather than limiting password age. A more realistic time for the common user may be 90-120 days.
4. Write down Windows password in a proper place
Sometimes it is necessary for some users losing and forgetting complex passwords easily to write down them somewhere proper. However, it is important to educate users on how to write down passwords properly. Obviously, a sticky note on the monitor is not a good idea, but storing passwords in a safe or even a locked cabinet may be sufficient.
5. 14 characters is the optimal password length
Each character that you add to your password increases the protection. Your passwords should be 8 or more characters in length; 14 characters or longer is the Optimal Password Length. Many systems also support use of the space bar in passwords, so you can create a phrase made of many words. It is not easier to forget and lose, as well as longer than a simple password, and harder to guess.
6. Try not to use the same Windows password for all accounts
Some users always make the same passwords for every account to make it easy to remember. In that case, when any one of them lost, your other information protected by that password will be in danger as well. It is serious to use different passwords for different systems and accounts.
7. Do not use some common words that other users maybe guess
Most of users prefer to use some common words to remember easily, for example, login name, birth date, driver's license, passport number, pets' name and other words contained their personal information someone knows. In that case, your Windows system will not be safe anymore. Moreover, do remember not to use some words spelled backwards, abbreviations, sequences or repeated characters and adjacent letters, such as, asdfgh, 123456, 888888, abcdef and so on.
You can smoothly use your Windows now because the strong and powerful Windows password is created successfully, Certainly, I believe that many users lost Windows password and forgot Windows password, then you need have to reset Windows password or recover Windows password. It is a big problem for plenty of Windows users that how to reset Windows password. how to recover Windows password and they are puzzled by resetting windows password, for instance, reset Windows 7 password, recover password Windows XP, remove Windows Vista password and other operating systems after they create the password with complex letters, numbers and symbols. However, it is unnecessary to worry and it is said that things will eventually sort themselves out. There are many ways to reset forgotten Windows password, including use windows password reset disk and windows password reset software, like Super Windows Password Reset, a professional windows password reset software which could enable you to logon to Windows smoothly without reinstalling system.
In Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:
1. How to determine 'x' days of inactivity based on "last login date"?
2. How to determine when a new user logs in for the first time and force them to change their password?
3. If we need to reset a users password, how can we require the user to change their password?
4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?
5. In the USER_USERS view there is a status column. What the different status's can be?
Provide me the script which would track all the users security violations like ... say for example i want to find which users logged in and what he did in database prospective.
what is the role of SGA and PGA in oracle . And want kind of functionality they provide the oracle. i not understand what is system global Area and Program global Area (SGA and PGA).
I have a stored procedure which when executed creates a user and grants some roles to the user and also makes certain roles DEFAULT using "alter user"
The issue comes when i execute the procedure.
I have a User who has a role and this role has the "alter user" privilege, for example lets say that the user1 has the role ABC, and role ABC has the "alter user" privilege.
SQL> grant alter user to ABC; Grant succeeded. SQL> grant ABC to user1; Grant succeeded.
Now, when i run the stored procedure as the user1, it gives me an error on a line saying "insufficient privileges", when i check the line, its this line: alter user user1 DEFAULT ROLE "ROLE1", "ROLE2"
But as far as i know the user1 has the "alter user" privilege
I want to make those two roles ROLE1, ROLE2 DEFAULT because i don't want the other roles ROLE3,ROLE4 to be default, as you know if there are many roles and if we alter user with default for certain roles other roles become DEFAULT=NO.
So i get the error at "alter user" statement though the user has the "alter user" privilege, what do you think might be wrong?
OR is there anyway to grant roles to the user with default=NO option?
I have created a role, when i try to grant privilege to that role, it give me insufficient privilege error. After granting privileges to this role, i have to grant this role to other. what type of privileges should i have.
Create Role cb_select; Grant select on atable to cb_select; (Got error)