Allowing access only through a PL/SQL function

What is the technique of letting a user to do something by a PL/SQL function that would normally not have the privilege to do so, without granting the possibility to do outside the PL/SQL function?

I have a need to allow a user to change the global_name of the database, in the resolution of ORA-02082 errors. In short, the product using Oracle (we can not change code) loopback database links, and the only way to drop them (according to the Oracle support) is to temporarily change the global_name, drop the link and change the global_name return.

This happens on a semi-regular basis, so rather than having to involve a DBA, I favor.

My thought was to create a PL/SQL procedure that performs the Rename/move/rename. I don't want the user to be able to change the global_name of DB to what he wants, but I want him to have the possibility to change through the PL/SQL procedure at will.

My question is, how to do this without allowing the user to update on sys.global_name?

Let's see:

(1) create a role (say LOOPBACK_DBLINK_DROPPER)
(2) create a procedure (say LOOPBACK_DBLINK_DROP) makes the Rename/move/rename
(3) grant and then execute the procedure to the role
(4) ??? .. .the I need to give an update on sys.global_name for the role. But if I then assign the role to a user, is not that means he can also update sys.global_name on its own without using the procedure, because it would have the sys.global_name privilege update?

Create the schema belonged procedure that has the necessary privileges.
GRANT EXECUTE on LOOPBACK_DBLINK_DROP to NON_PRIV_USER

That's all!

Tags: Database

Similar Questions

  • Connect the two spreadsheets through a pl/sql function registered

    Hello
    Need help to connect the two worksheets using a stored function.

    Step 1:
    Created a function * (test_global) Pl/SQL * in which a table * (TWG) global * is inserted with lines based on criteria (via a call to a pl/sql procedure packed).
    The function returns the number of rows in the global table or 0 if no row is returned.
    The TWG was created using "On Commit preserve rows.

    Step 2:
    The function test_global has been saved to the Finder via the "PL/SQL functions to register.

    Step 3:
    Create a spreadsheet calculation - & gt; Sheet1 and included a Calculation (calc_global) that calls the test_global function.

    Step 4:
    Add another sheet of calculation - & gt; Sheet2 based on a query to select lines in the TWG where calc_global & gt; 0

    Step 5:
    Refreshed Sheet1 - & gt; displays the number of rows as * 5119 *.
    Refreshed Sheet2 - & gt; takes some time to run but returns no data

    Tried to:
    ) a calc_global link on Sheet1 with the help of sheet 2 links management, this does not work either
    (b) changed using the Pragma autonomous transaction function; gives an error that says no data returned by 1 sheet Sheet2.

    Please help with a solution, it seems that there are data in the TWG at the time Sheet1 is running need to display data in the sheet2 worksheet.

    Thanks in advance
    SP

    Hello

    You need to call test_global function once on Sheet1 that fit lines within the TWG. In Sheet2, you simply select the TWG and do not have the conditions of anywhere in this form. Try to run Sheet2 without calc_global > 0.

    Rod West

  • Restrict a user/group to allow access only to specific shared services groups

    Hello team,

    I have EMP 11.1.2.2. I created different groups) a ' Admin_groupA') b ' App_groupA' c) "App_groupB" under the native directory. I have configured Shared services-> administrator to this 'AdmingroupA '. Those who belong to this group "AdmingroupA" is able to add a new user to the directory of companies to provide access to the group 'App_groupA '. But I don't want the users of 'Admin_groupA' to access 'App_groupB '.

    Since I put in service Shared services administrator privelge to this group of "AdmingroupA", "AdmingroupA" users are able to access "App_groupB" also. Can you please let me know how I can limit 'AdmingroupA' to provide access to users to the group "App_groupA".

    Thank you for your valuable contributions.

    You said, as you have configured administrator privileges of shared services to this 'AdmingroupA '. I don't think that you can restrict the user from this group to provide access to other users.

    ...

    Did you hear about delegate user management? Managing Director can view and manage only those users and groups which they are responsible. Good read on the your hss version Administrator's guide and see if it helps!

    See you soon

    BP

  • Apply the condition on the page to allow access if Javascript is enabled

    Hi, is there a way I can put a condition on the page to allow access allow access only if java script is enabled?

    I have a heavy use of Javascript to calculate different values in a page and want to ensure that if Javascript is not enabled in the browser they do not get to use the page.

    Using Apex 4.1.1

    See you soon.

    Xrc xarg wrote:
    Hi, is there a way I can put a condition on the page to allow access allow access only if java script is enabled?

    I have a heavy use of Javascript to calculate different values in a page and want to ensure that if Javascript is not enabled in the browser they do not get to use the page.

    APEX is JavaScript-dependent, it is unlikely that users will even be able to log in and access this page, unless you already take steps throughout the application to allow it to work with JS disabled.

    Also note that for security reasons all depends on the JS in the browser must be verified on the server when the page is sent.

  • I need driver o lightroom, mas appears aviso dizendo that only through making cloud creative desktop. Appears nao ELE no meu computado. JA instalei several times, I can not access creative o mas para aturalizar o lightroon. 8.1 Windows 64 bit

    I need driver o lightroom, mas appears aviso dizendo that only through making cloud creative desktop. ELE nao appears no meu computador. JA instalei several times, I can not access creative o mas para o lightroon driver. Tenho o 8.1 Windows 64 bit. Creating funcionava direito e o icon not dele mill no canto e agora nao tem but Office. Acho a wave o programa Creative cloud, clico e la nada esta pasta. O programa não abre. Alguem pode me help?

    Jeff,

    Lighrroom 6 is not a free upgrade from older versions of the software constantly, but rather can be purchased here: link to the purchase of Adobe products .

    Scroll to lightroom and click 'buy '. Click on the text selectable by "I want: 'and select 'upgrade'."

    However, since you have the CC photography plan, you should be able to download and install Lightroom CC 2015 on the site of creative cloud.

    Since Lightroom CC is a new product, it will not show as an update in Adobe Application Manager.

    Instead, press the button install next to Lightroom in the Application Manager.

    If you do not see 'install' by Lightroom in the application manager, please first try to log out and return to: connect and disconnect from the creative cloud desktop application

    If you still have questions, see option 2 in this link: Lightroom does not start or stops automatically after the splash screen

    Guinot

  • Firefox has blank pages when I try to access my bank on the internet. I have to click "allow" repeatedly pass through.

    The Bank page appears empty with the text "Firefox prevented this page automatically redirecting to another page. I then have to click "allow" to work through a series of blank pages before you reach the page of the Bank itself.

    It did not appear with any other URL so far.

    Please see the solution previously provided by mha007 in the link here.

    Let us know how you go.

  • Create a privilege level which only allows access to view orders

    Hello

    I would create a level of privilege that would only give access to commands show for some users. What would be the best way to do this?

    I should use the privilege mode level level control for all available commands, or is there a better way to do this?

    Besides, could we manage this level of privilege to a Radius server.

    Thanks for your help

    Stéphane

    Well, I think that the best way to achieve this is to use GANYMEDE with command authorization feature.

    On the RADIUS server configuration (only for the command, read access only)

    http://www.Cisco.com/en/us/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#scenario2

    These commands are required on an IOS router or switch to implement permission to order via an ACS server:

    AAA new-model

    AAA authorization config-commands

    AAA authorization commands 0 default group Ganymede + local

    AAA authorization commands 1 default group Ganymede + local

    AAA authorization commands 15 default group Ganymede + local

    GANYMEDE-server host 10.1.1.1

    RADIUS-server key cisco123

    These commands are required on ASA/PIX/FWSM to implement permission to order via an ACS server:

    authserver Protocol Ganymede + AAA-server

    authserver AAA-server 10.1.1.1

    AAA authorization command authserver

    However, if you strictly want to use radius server then please try the below list attribute for a single user or group.

    Service-Type = NAS Prompt

    http://www.ietf.org/assignments/RADIUS-types/RADIUS-types.XML#RADIUS-types-4

    This may not work for ASSISTANT Deputy Ministers.

    HTH

    Kind regards

    Jousset

    The rate of useful messages-

  • Allow access to the USB Reader under account 'user '.

    Hello world

    Need help to allow access to the usb ports so that users can use a card reader to download stuff on a web application, we have.

    The great way would be able to push on HP device Manager (I v4.5) and Thin Clients are T610 running WES7

    Any help is appreciated.

    See you soon,.

    The local user account is configured to restrict access to the Z:\ only through NoDrives policy.  See http://technet.microsoft.com/en-us/library/cc938267.aspx for more details.

    To make life easier, there are calculators that you can use to determine what should be this entry of 32 bits, based on drive letters you want hidden.  An example is http://www.wisdombay.com/hidedrive/index.php.  The default value for Z:\ is only 0x01ffffff (33554431).

  • Not affected by Macintosh computers allow access control rules

    Last week my company revised their policies to become compliant hitrust. As part of this compliance will be to lock the network to avoid data loss. Also among the subisdaries is a bit away from what they are a marketing agency and must continue to do business as usual with custromer data and customer interface using web sites and services that need to be blocked.

    So to answer the marketing department, I've created allows the rules higher in the access list bypass essentially content which is now blocked large company. These rules tested OK using a windows pc, but I never imagined that the macintosh behave differently.

    To deal with the current administration, I created security groups in AD and added users to every function that the waiver has been approved for their Department. In the rules allow, I added the security group to each correspondent allowed access.

    What eventually comes past users on windows computers obtained their exemption through the rules allow, but macintosh users continued to be blocked by the large block of company rule. I then tried the ad user account name and same IP addess machine without success.

    My question is: is - anyone else in the community to come against this same question with their Macintosh and or does anyone have an idea to get these Macintosh computers for the rules of the game so to speak?

    To give you an idea of what is happening in sourcefire is not on a user with the IP address and mac Macintosh

    The facebook of sourcefire stuck on this 10.40.2.20 IP address.

    When I looked it up, it came withoutcurrent user.

    I've attached a screenshot of the host profile if anyone cares to take a look.

    Thanks a bunch...

    Hello

    MAC user can not be part of the windows domain. Have you integrated MAC for authentication AD? I've seen some messages on the internet about it, but I don't know if. I don't think this works for MAC users. The main thing is, user needs to be authenticated from AD and a logon event must be generated on AD (I think 4624). Bed user agent this event and then informs the CMF and that's how FMC learns on the mapping of the ip user.

    Thank you

    Dinkar

  • PL/SQL functions as LOV to use in another display object

    Hello

    We had a custom search to extract data from a display object and the data displayed as a Table of ADF. Now, there are few requests for searches on this report. Go see criteria and Panel request if we allow saved search. But the fields used in the research are going through a lot of logic and thus the PL/SQL functions are implemented. We used to call these functions and lists separated by commas and then divided the list into individual elements and put in the component "select options".

    The value (String) returned by the pl/sql function is something like - APAC, EMEA, NORTH AMERICA, FDA

    I am creating a LOV based on SQL-query "Select getRegions() from dual;

    Now, I want the list separated by commas to divide so that I could use this LOV in an another view and try the display criteria and saved searches.

    I tried to assign as LOV just to check and the criteria drop-down view for region displays same value as single element - "APAC, EMEA, NORTH AMERICA, LAD."

    I want it to be 4 separate - elements

    APAC

    EMEA

    NORTH AMERICA

    DVL

    Is there anyway to achieve this?

    Or better is at - it another way to do this (maybe I'm wrong)

    Thank you.

    JDev: 11.1.2.4

    Instead of a programmatic VO of PL/SQL, I found sometimes easier to write PL/SQL functions that return a table - need to CREATE a TYPE for the data items to be returned and a TYPE of TABLE IMBRIQUE tabular form of the first kind.  The function returns the type of table, and can even be a PIPElined table function.  Then I create a VO with the following text:

    SELECT * from TABLE (my_function_returning_table)

    The function can even take parameters, which you fill with variable BIND your VO.

  • Is it posible to allow access between the host and virtal machine without wired network?

    I want to use my laptop to show him that I did in the virtual work to other people at my home.

    However, the laptop is ofen not allowed access to the network in their office.

    Is it posible to allow access between the host and virtal machine without wired network?

    VMware player

    My virtual machine is filled to the physical network adapter and use the static IP address.

    Brad

    Setting of the virtual machine: filled

    Change that to each host only (what Continuum called VMnet1) or NAT (VMnet8).  Both use a separate virtual NETWORK card to connect the physical computer virtual host, independent of any NETWORK adapter on the host.

    ... Since the machine host (win7) could not get IP, ping fail to VM (192.168.1.5)...

    Because the connection between the guest and the host is through a separate NETWORK card, you must use the 'other' IP address.  Access a prompt on the host computer and type IPCONFIG to view the IP address of VMnet1 and VMnet8 NIC.  Then use this IP address instead of 192.168.1.5.

    And when you have changed the network management modes (i.e. of bridged to host-only), Windows does not automatically renew its IP address.  The virtual NETWORK card uses a different subnet if you need to renew your DHCP lease or change your static IP address to work with the new subnet.

  • Cannot export to the pdf format because the permissions to t2embed.dll is limited. is it ok to allow access?

    Microsoft has released a security MS11-087 patch which restricts access to t2embed.dll warns we Duqu like attacks in November.  It made us unable to export to PDF from the reportviewer control.  The only solution I met was allowing access to t2embed, which which would likely result in the security Duqu patch.  My users really want to export to PDF.  Is there a solution to this?

    Hi Vincent,.

    Your question to Microsoft Sharepoint is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT audience Pro on MSDN. Please post your question in the Sharepoint forum. You can follow the link to your question:

    http://social.msdn.Microsoft.com/forums/en-us/category/SharePoint/

  • Update Atheros Driver for "Local access" only the wireless. HP G60 laptop

    Hello

    Loads of reading on the internet about this Vista Local Access Only. Recently moved property and now guess what this PC cannot connect via wireless, never made any other device.

    Tried to configure IPv4 only etc, still have questions.

    Is there a link to check the latest version of the driver for the laptop computer help section, HP doesn't seem to make it easy to locate and download?

    Thank you

    Dan.

    Hi Paul,.

    Thanks for the link... Hard to find this driver on the HP website no such direct link!

    I continued to research on the web and found similar version driver.

    Product: Atheros AR5007 802. 11 b / g WiFi adapt
    Class material: Net
    OS: Windows Vista 32-Bit
    Version: 9.2.0.480
    The driver date: 10/01/2012

    Immediately huge, up and running.

    Of course the driver via rlink will allow you to correct excatly the same as...

    Thanks again for the response...

  • How to configure the Windows XP firewall to allow access for Windows 7

    I have 2 Windows 7 PCs & 1 Windows XP.

    XP, I can connect & see the shared folders on the 7.  However, I don't see the XP from 7 if I disable my firewall.

    They are all connected to the same workgroup.  I removed the 7 s residential groups (that I read that this could be a problem).  I tried to turn it off simple sharing & ensuring that local settings are set to everyone, but it does not work.

    I use of Avira AntiVir to my antivirus and I see all the settings within what I need to change.

    The only thing that works is to disable the firewall.  I don't want to leave it off, I need to understand how to configure it to allow access from other computers.  I looked in exceptions and can't seem to understand.  I think maybe I need to add a port, but I do not know how to select a port number and once I did, I don't know what I would have to do on the 7 to use this port.

    Thanks in advance for the help!

    Hi Brittany,

    Check to see if this article helps you.

    Networking of computers running different versions of Windows

    See also:

    Sharing files and printers with different versions of Windows - Help & how-to - Microsoft Windows

  • Unidentified network Local Access only on Vista Home Basic using Ethernet.

    Have 2 laptops not identified network Local Access only on Windows Vista Home Basic.  One is a Toshiba and the other is a Dell.  I can use the Ethernet on the Toshiba to one of the The Fire Dept. I work at. (From lastweek, haven't checked since.)  I can't go to the other Station.  Get Local access to the unidentified network only.  I get also home and when I checked the Dell, get the same message.  I can connect wirelessly.  How can I solve the unidentified network problem?

    Hello

    If your system is running Hello , Netmagic or any other party 3rd network try to uninstall.

    Try also.

    Type Cmd in the search text box.

    Press Ctrl-Shift-Enter keyboard shortcut to run a command as administrator prompt.  Allow the elevation.

    Type route delete 0.0.0.0 press ENTER.

    Type ipconfig/flushdns press enter

    Restart your computer.

    Jack-MVP Windows Networking. WWW.EZLAN.NET

Maybe you are looking for