Grant permission to a role.

Similar Questions

• Granting of privileges through role does not not for PL/SQL

  Version: 11.2.0.2
  
  
  In our shop, we don't grant privileges directly to a user, give us it to a role, and grant this role to user scheduled grantee.
  
  Granting of privileges through a role seems to be fine with the SQL engine. But it does not PL/SQL engine.
  
  In the example below, the GLS_DEV user is granted access SELECT on SCOTT.pets table through a role called tstrole. GLS_DEV can select the SQL table. But does not seem to PL/SQL engine to find out.
  
  Reproduce the problem:
  

  SQL> show user
  USER is "SCOTT"
  
  SQL> select * from pets;
  
  NAME
  -----------------------------------
  PLUTO
  
  
  SQL> conn / as sysdba
  Connected.
  
  
  SQL> create user GLS_DEV identified by test1234 default tablespace TSTDATA;
  
  User created.
  
  SQL> alter user GLS_DEV quota 25m on TSTDATA;
  
  User altered.
  
  
  SQL> grant create session, resource to GLS_DEV;
  
  Grant succeeded.
  
  
  --- Granting SELECT privilege on scott.pets to tstrole and then grant this role to GLS_DEV.
  
  SQL> conn / as sysdba
  Connected.
  SQL>
  SQL> create role tstrole;
  
  Role created.
  
  SQL> grant select on scott.pets to tstrole;
  
  Grant succeeded.
  
  SQL> grant tstrole to GLS_DEV;
  
  Grant succeeded.
  
  SQL> conn GLS_DEV/test1234
  Connected.
  SQL>
  SQL> select * From scott.pets;
  
  NAME
  -----------------------------------
  PLUTO
  
  ---- All fine till here. From SQL engine , GLS_DEV user can SELECT scott.pets table.
  
  --- Now , I am going to create a PL/SQL object in GLS_DEV which tries to refer scott.pets
  
  SQL> show user
  USER is "GLS_DEV"
  
  
  create or replace procedure my_proc
  is
  myvariable varchar2(35);
  
  begin
       select name into myvariable from scott.pets ;
  
       dbms_output.put_line(myvariable);
  
  end my_proc;
  /
  
  Warning: Procedure created with compilation errors.
  
  SQL> show errors
  Errors for PROCEDURE MY_PROC:
  
  LINE/COL ERROR
  -------- -----------------------------------------------------------------
  6/2      PL/SQL: SQL Statement ignored
  6/41     PL/SQL: ORA-01031: insufficient privileges
  
  SQL>
  SQL> 6
    6*    select name into myvariable from scott.pets ;
  
  
  --- PL/SQL Engine doesn't seem to know that GLS_DEV has select privilege on scott.pets indirectly granted through a role
  
  --- Fix
  --- Instead of granting privilege through a role, I am granting the SELECT privilege on scott.pets to GLS_DEV directly.
  --- The error goes away, I can compile and execute the procedure !!
  
  SQL> conn / as sysdba
  Connected.
  SQL>
  SQL> grant select on scott.pets to GLS_DEV;
  
  Grant succeeded.
  
  SQL> conn GLS_DEV/test1234
  Connected.
  SQL>
  SQL> create or replace procedure my_proc
  is
  myvariable varchar2(35);
  
  begin
          select name into myvariable from scott.pets ;
  
          dbms_output.put_line(myvariable);
  
  end my_proc;  2    3    4    5    6    7    8    9   10
   11  /
  
  Procedure created.
  
  SQL> set serveroutput on
  SQL> exec my_proc;
  PLUTO
  
  PL/SQL procedure successfully completed.

  Has anyone encountered the same problem?

  N.Page wrote:
  Ok. Thank you all.
  There is no work around for this like using the clause AUTHID or something?

  Yes. using AUTHID (Summoner vs rights define) can make a difference.
  However it makes sense that pl/sql uses roles a little differently. Although at first glance, it is hard to see why. The reasoning is similar to the difference between a user and a schema.

  A user is a person who connects to a database. It has a role and this role defines what privileges he gets when you work with data.
  A schema consists of several objects that reside in the database. A package is also such an object. This package is valid, it is necessary to have all privileges directly. A role can be enabled and is a sort of temporary right. A direct subsidy has a permanent status. A user will only get the right to run this package/procedure/function. The package is a type of user interface. It encapsulates the privileges necessary to do something about this user.

  The logical problem happens only when the user and packaging are in the same scheme. The best approach is to have the package in the normal pattern and have a separate "schema access" with which the user connects. Give then execute privs on the package for this second scheme.

• Grant permission to select the function but not executed in a PL/SQL block

  Hello.

  I know that there are only two permissions on procedures/functions - RUN and DEBUG.

  But I want to grant EXECUTE permissions for a user so that the user can Select the function to double or to any other request, but not to run(to prevent the user to trigger the update of LMD - insertion, etc.) inside a BEGIN-END block.

  I know that we can revoke access to tables etc. But that access has to give. The user must be able to perform the DML operation, but just not through a function.

  Can someone please help?

  I know that there are only two permissions on procedures/functions - RUN and DEBUG.

  Fix - so give one or both of those who depend on your use case.

  
  But I want to grant the EXECUTE permission to a user in such a way that the user can select the function using dual or any other query but not execute( to prevent the user from firing DMLs - Insert, update etc) inside any BEGIN-END block.
   
  

  You already know that there is NO "select" privileges for functions. a query such as "select the function of double" RUNS the function. That's all what you can do with the functions is execute them.

  I know that we can revoke access to tables etc. But that access has to be given. The user should be able to do perform DML operation, but just not through a function.
  

  Then revoke execute on the service. Then the user cannot run the service either directly or in the context of a dml statement.

• grant of DB default roles

  I have the role called role_test and it is granted to the user user_test and made it as a default role.
  but role_test is protected by password IE to define the necessary role to give the password.
  the role of role_test identified by test_role_pass;
  
  My question is when the loggs of the user user_test will be automatically gets this role_test it is grated like default role?
  or again, he must call set role identified by password to activate this role.
  
  I use the Oracle 11 g server. Oracle Database 11 g Enterprise Edition Release 11.2.0.1.0 - 64 bit Production
  
  Y at - it any change in this behavior with versions of oracle 10g and 11g?
  
  Because I didn't answer the last time, I am republishing my question.

  Is not a 10g autour, but the behavior is the same in 9i, so I don't think it'll be different in 10g.

• Granting privileges to a role

  I created a role, when I try to grant the privilege to this role, it gives me error of insufficient privileges. After the granting of privileges to this role, I must grant this role to the other. Let me know what kind of privileges that I should have.
  
  Create the cb_select role.
  Grant select on àtable to cb_select; (Received the error)

  The Oracle Doc:

  To grant a privilege object, you must have the object, or the object owner granted you the object with the GRANT OPTION privileges you must have been granted the privilege of system to GRANT ANY OBJECT PRIVILEGE.

  Saad,

• Run immediately does not not in reason to grant permission

  Basically, when I do this
  
  declare
  a varchar2 (1000): =' create table test in select * from double ';
  Start
  immediately run one;
  end;
  -IT WORKS.
  
  - But when I do this-
  create or replace
  procedure P_test
  is
  a varchar2 (1000): =' create table test in select * from double ';
  Start
  null;
  EXECUTE immediate;
  end;
  
  And try to run the procedure created above - like this
  
  Start
  p_test();
  end;
  
  I get the error message like
  ORA-01031: insufficient privleges
  01031.00000 - "insufficient privileges".
  Cause: An attempt was made to change the user name or password without the appropriate privilege. This error also occurs if you plan to install a database without the privileges necessary for the operating system. When Trusted Oracle is configure in DBMS MAC, this error may occur if the user has been granted the necessary label privilege higher than the connection active.
  
  Action: Ask the database administrator to perform an operation or the required privileges. For users Trusted Oracle get this error, although only granted the privilege fits the top label, ask the database administrator to grant the privilege to the appropriate label.
  ---------------------------------------
  
  Could someone show me what exactly I am absent in procedure and not block anonymous

  Hello

  Looks like you (the owner of the procedure) have the privilege to CREATE TABLE system only by a role.
  Roles do not count in OWNER AUTHID stored procedures.
  The privilege granted directly to you, or change the procedure to AUTHID CURRENT_USER, like this:

  create or replace
  procedure P_test
  AUTHID       CURRENT_USER          -- Line added
  is
      ...
  

• Quick question on granting permissions to a role

  Is it possible to use the GRANT statement to give privileges to a role?
  
  For example: GRANT SELECT on all VIEWS FOR < rolename >
  
  Or, what I need to change the role?
  
  I tried searching forums and do some research on Google with no luck. Any help would be appreciated. (Even a link to a page that tells me how to do this).
  
  Thank you!

  Hello

  Unfortunately, there is no way to grant privileges to all points of view at a time; You must issue a separate GRANT statement for each of them.
  It would be really handy.
  And there is no way to control the privileges on views that havenn can't yet created.

  user11033437 wrote:
  ...
  I know that I can use a form of:

  SELECT     'GRANT SELECT ON ' || view_name || ' TO mydb_select_user'
  FROM     user_views
  WHERE     owner = 'schema owner'
  

  to generate all the GRANT statements for all views in the schema, but then I suppose that if a new view is created, I have to execute a GRANT statement for each new view to the role as well.

  I expect only one GRANT statement that would do what I want.

  Of after what I've been see by trying this research question, I guess there is no way to grant permissions to select among all views that would automatically include all new views created, but if there is, that's what I want to do.

  The dynamic instruction you posted is the best you can do.

  I've written a PL/SQL procedure to do this just for a specific schema. He traveled every night, dbms_scheduler and members of the role have privileges to perform the procedure whenever they wanted, if, in the middle of the day, they suspected there was a view that they could not see.

• Object grants to users and roles

  A question about the Oracle grants. Searched and found wires that are close, but not exactly what I'm looking for.
  I'm on an Oracle 10 g Enterprise Edition (64-bit) database running on Sun Solaris 5.10
  
  We have a test database (say TEST1) having 2 schema SCHEMA1 and SCHEMA2. These patterns have nearly 2000 items in each of them.
  Then we have a different database (say TEST2) with the same 2 schemas with the same name and containing as many objects.
  
  My goal is to export these two patterns of TEST1 and import them into TEST2. By doing this, I chose the path is, am I completely drop every single object from the 2 diagrams in TEST2. And then, do an import. I do import with grants = y option enabled.
  
  The dilemma I am, is that, although the DDLS objects are identical between SCHEMA1 and SCHEMA2 TEST1, SCHEMA1 and SCHEMA2 TEST2 respectively, users on the databases are different. Of course, I like to keep all subsidies of the object to other users in TEST2 after my import just the way which is prior to importation. So, looking for a way to pre-generate a script before the Tomb object so that I can just run the script and retrieve all my grants do lose I. as...
  GRANT SELECT ON TEST2.table10 to USER01;
  GRANT INSERT ON TEST2.table10 to USER02.
  GRANT INSERT ON TEST2.table20 to USER02;...
  
  (I really don't like if the TEST1 grants is imported when you import, thus introducing unnecessary grants... wanted to just make sure that TEST2 does not lose a thing)
  
  Another round here, is that we also have a good amount of roles that have received subsidies for SCHEMA1 and SCHEMA2 of TEST2 database objects. How to generate a script that has something like...
  
  GRANT SELECT ON TEST2.table1 to ROLE1.
  GRANT INSERT ON TEST2.table1 to ROLE2.
  GRANT INSERT ON TEST2.table2 to ROLE2;...
  
  Thank you

  You can start from these scripts:

  SQL> grant select on a.t13 to b;
  
  Grant succeeded.
  
  SQL> select 'grant ' || privilege || ' on ' || owner || '.' || table_name || ' to ' || grantee || ';'
    2  from dba_tab_privs
    3  where owner = 'A'
    4  /
  
  'GRANT'||PRIVILEGE||'ON'||OWNER||'.'||TABLE_NAME||'TO'||GRANTEE||';'
  ------------------------------------------------------------------------------------------------------------------------------
  grant SELECT on A.T13 to B;
  
  SQL> create role role1;
  
  Role created.
  
  SQL> grant insert, delete on a.t10 to role1;
  
  Grant succeeded.
  
  SQL>  select 'grant ' || privilege || ' on ' || owner || '.' || table_name || ' to ' || role || ';'
    2  from role_tab_privs
    3  where owner = 'A'
    4  /
  
  'GRANT'||PRIVILEGE||'ON'||OWNER||'.'||TABLE_NAME||'TO'||ROLE||';'
  ------------------------------------------------------------------------------------------------------------------------------
  grant INSERT on A.T10 to ROLE1;
  grant DELETE on A.T10 to ROLE1;
  

  With greetings
  Krystian Zieja

• Cannot grant CONNECT and add ROLES after commissioning with DBUM cloned

  With the cloned conector dbum I can 'Create user', "Add default tablespace", "Add tablespace temp".

  But I can't "add roles / add privileges '. The log is:

  GRAVE: oracle.iam.connectors.icfcommon.prov.ICProvisioningManager: addChildTableValue: error when user update

  java.lang.NullPointerException

  in java.util.Collections$ UnmodifiableCollection. < init > (Collections.java:992)

  in java.util.Collections$ UnmodifiableList. < init > (Collections.java:1145)

  at java.util.Collections.unmodifiableList(Collections.java:1131)

  at oracle.iam.connectors.icfcommon.Form.getChildFormFieldValues(Form.java:149)

  at oracle.iam.connectors.icfcommon.prov.ProvEvent.handleChildForm(ProvEvent.java:217)

  at oracle.iam.connectors.icfcommon.prov.ProvEvent.buildChildFormAttributes(ProvEvent.java:152)

  at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.doUpdateChildTableValue(ICProvisioningManager.java:193)

  at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.addChildTableValue(ICProvisioningManager.java:137)

  at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

  at java.lang.reflect.Method.invoke(Method.java:597)

  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpDGLORAADDUSERTOGROUP.ORAADDUSERTOGROUP(adpDGLORAADDUSERTOGROUP.java:113)

  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpDGLORAADDUSERTOGROUP.implementation(adpDGLORAADDUSERTOGROUP.java:58)

  at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:197)

  at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2496)

  at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:3166)

  at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:707)

  at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:606)

  at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:478)

  at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(tcProvisioningOperationsBean.java:4178)

  at Thor.API.Operations.tcProvisioningOperationsIntfEJB.retryTasksx (unknown Source)

  at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

  at java.lang.reflect.Method.invoke(Method.java:597)

  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)

  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)

  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)

  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)

  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)

  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)

  at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)

  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)

  at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)

  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)

  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)

  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)

  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)

  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)

  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)

  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)

  to com.sun.proxy. $Proxy560.retryTasksx (unknown Source)

  at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.__WL_invoke (unknown Source)

  at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)

  at Thor.API.Operations.tcProvisioningOperationsIntfEJB_4xftoh_tcProvisioningOperationsIntfRemoteImpl.retryTasksx (unknown Source)

  at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

  at java.lang.reflect.Method.invoke(Method.java:597)

  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)

  to com.sun.proxy. $Proxy214.retryTasksx (unknown Source)

  at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

  at java.lang.reflect.Method.invoke(Method.java:597)

  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)

  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)

  to com.sun.proxy. $Proxy554.retryTasksx (unknown Source)

  at Thor.API.Operations.tcProvisioningOperationsIntfDelegate.retryTasks (unknown Source)

  at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

  at java.lang.reflect.Method.invoke(Method.java:597)

  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)

  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)

  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)

  at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)

  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)

  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)

  to com.sun.proxy. $Proxy555.retryTasks (unknown Source)

  at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(ResourceProfileProvisioningTasksAction.java:715)

  at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

  at java.lang.reflect.Method.invoke(Method.java:597)

  at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)

  at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)

  at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:900)

  at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)

  at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)

  at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)

  at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)

  at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)

  at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)

  at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)

  at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)

  at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)

  at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

  to weblogic.servlet.internal.StubSecurityHelper$ ServletServiceAction.run (StubSecurityHelper.java:227)

  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)

  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)

  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)

  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

  at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)

  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

  at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:112)

  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

  to oracle.security.jps.ee.http.JpsAbsFilter$ 1.run(JpsAbsFilter.java:119)

  at java.security.AccessController.doPrivileged (Native Method)

  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)

  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)

  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)

  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)

  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)

  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

  at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)

  at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)

  at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)

  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)

  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)

  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

  to weblogic.servlet.internal.WebAppServletContext$ ServletInvocationAction.wrapRun (WebAppServletContext.java:3730)

  to weblogic.servlet.internal.WebAppServletContext$ ServletInvocationAction.run (WebAppServletContext.java:3696)

  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)

  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)

  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)

  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)

  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

  INFO: DB read: select mav.spd_key, mav.mav_map_child_table_name, mav.mav_map_to, mav.mav_map_qualifier, mav.mav_map_value, mav.mav_field_length of TMR TMR, mil mil, adv adv where mav.mil_key = mil.mil_key and mil.mil_key = 583 and mav.adv_key = adv.adv_key and adv.adv_name = 'Return value from adapter' and adv.adp_key = 83

  Thanks in advance!

  The only part of the issue is the definition of process, so you can remove the other objects from the xml file.

  -Kevin

• grant permission

  How to copy the permissions assigned to users JEMARSH to my user name

  Or, if you mean that you don't know what JEMARSH has privileges and you have the necessary privileges dba_ % query views, you could do something like:

  Select 'grants'. t.privilege: ' to the user. '

  of dba_sys_privs t

  where t.grantee = 'JEMARSH ';

  And run the generated instructions.

• Grant permission to another schema package

  Dear friends,
  
  I want to give access to another user access to a package in my diagram.
  
  How do I do?
  
  I've seen on this page, but how do refer to the different schema package is?
  
  http://www.techonthenet.com/Oracle/grant_revoke.php
  
  Please guide me.
  
  Thank you.
  
  Nith

  user645399 wrote:
  Dear friends,

  I want to give access to another user access to a package in my diagram.

  How do I do?

  I've seen on this page, but how do refer to the different schema package is?

  http://www.techonthenet.com/Oracle/grant_revoke.php

  Please guide me.

  Thank you.

  Nith

  Dear nith
  Here's the command:

  grant execute on your_schema.your_package to the_second_user;
  

  Kamran Agayev a.
  Oracle ACE
  - - - - - - - - - - - - - - - - - - - - -
  My video tutorials of Oracle - http://kamranagayev.wordpress.com/oracle-video-tutorials/

• Permission not granted error when running gpioledtest.

  When I run the project on IP GpioLedTest, I get permission not granted error. Is there a setting that I missed?

  Here is what was displayed on the putty session.

  sudo./usertest.sh

  argv [1] = runMidlet

  argv [2] = + UseProxy

  argv [3] == VMAgentBufferSize4000

  argv [4] = - 1

  argv [5] = com.sun.midp.appmanager.AmsLauncher

  argv [6] = - debugger

  argv [7] = - wdogenable

  [INFO] [CORE] iso = 0:javanotify_start_java_with_arbitrary_args() > >

  Java is starting. Press Ctrl-C to exit

  [INFO] [CORE] iso = 0:JavaTask() JAVATASK_EVENT_START_ARBITRARY_ARG > >

  [INFO] [STORAGE] iso = 0:opening for read only/home/pi/javame8ea/bin /... /appdb/ams_params.txt

  [INFO] [CORE] iso = 0:initialize resource limit

  [INFO] ISO [CORE] = 0:RESOURCES [0] midpCheckResourceLimit (3, 1)

  [INFO] [STORAGE] iso = 0:storage_open allocated file_desc 0

  debugger port is not supported in the current configuration

  [INFO] [SECURITY] iso = 1:BlacklistServer: customers of loading on the blacklist of the file/home/pi/javame8ea/bin /... /appdb/blacklist_clients.txt

  [WARNING] [SECURITY] iso = 1:BlacklistServer: cannot load the blacklist of client file/home/pi/javame8ea/bin /... /appdb/blacklist_clients.txt

  [INFO] [SECURITY] iso = 1:BlacklistServer: loading applications on the blacklist of the file/home/pi/javame8ea/bin /... /appdb/blacklist_apps.txt

  [WARNING] [SECURITY] iso = 1:BlacklistServer: could not load the application blacklist file/home/pi/javame8ea/bin /... /appdb/blacklist_apps.txt

  [INFO] [SECURITY] iso = 1:BlacklistServer: listening to queue has started

  [INFO] [SECURITY] iso = 1:Blacklist Client: initialized

  [ERROR] [SECURITY] iso = 1:Blacklist.isAppBlacklisted() called by the event dispatch thread

  [INFO] [SECURITY] iso = 1: using the policy file: / home/pi/javame8ea/bin /... /appdb/_Policy.txt

  [ERROR] [SECURITY] iso = 1:Blacklist.isClientBlacklisted() called by the event dispatch thread

  [INFO] [SECURITY] iso = 1:Application GPIOLEDTest | jhss assigned to the customer "not reliable."

  [CRITICAL] "" [SECURITY] iso = 1:Mandatory not granted permission com.oracle.deviceaccess.gpio.GPIOPinPermission "*: *" 'open '.

  Add the following lines as the end of the javame8ea/bin/jwc_properties.ini file:

  Authentication.Provider = com.oracle.meep.security.NullAuthenticationProvider

  So all good. Home working document has been updated.

• clarification of the role of admin Help Desk in IOM

  Hello

  I have granted few users with the role help desk Admin, I got the below list of permissions of the document oracle.

  

  When the user tried to change the attribute of the user (name, first name etc...), he went for approval. But in the list above permission to the role of assistance, there is no mention of user to change access rights.

  How is the user was able to edit the attribute name? Is this regular behavior?  I see the admin role Viewer user has permission to modify user (attribute-level security) .

  Help Desk role inherits permissions of other admin roles (display of use / other role)?

  What is meant by request or direct exploitation?

  What is meant by scope organization permissions?

  Please provide details?

  Thank you

  Yes, you need to use in the same way, as described in the link button change user below. You must create a sandbox, apply EL expression and publish the sandbox.

  Oracle security solutions: IOM 11 GR 2 - show elements and hide the user interface based on a role

  The wink below shows the similar expression you need to set for users of the system of administration.

  

  The other activity in relation to the Helpdesk will work as it is. He expression will only hide the button change for all users except Admins system (xelsysadm). We have working in one of the previos project. This should work for you as well.

  ~ J

• What is the average of default setting in the subject area Permission screen in SPR

  Hello gurus,

  We use OBIEE 11.1.1.7.150120. Trying to figure out how to play the permissions on the domain object.

  What is the average of the 'default' setting?  It translates to 'Read-write' or 'Read' or 'access forbidden '?  or business being a top-level object, the parameter 'Default' basically inherits the permission set for the application role "AuthenticatedUser"?

  Thank you

  Rakesh

  Hello

  Here is a copy/paste of the 'help' in the administration tool:

  By default. The permission is inherited from the parent object. Areas, because they are a higher level object, default value is equivalent to the permission granted to the application role AuthenticatedUser.

  If you ask for materials, 'default' in this case means same permission as an authenticated user.

• How to disable MAD for some groups of users / application roles?

  Hi all

  does anyone know how to revoke the privileges of creating mobile applications with MAD an application role?

  Thank you in advance,

  Stefan

  Hello Stefan,

  Good question, I just suspect that you will be disappointed by the response... (at least my answer)

  Don't know if you can really do...

  MAD's Publisher, so if you remove access to the editor you probably also lose permissions on BIMAD.

  BIMAD 'new' URL: /analytics/saw.dll?bipublisherEntry&Action=new&itemType=.xma

  Publisher report 'new' URL: /analytics/saw.dll?bipublisherEntry&Action=new&itemType=.xdo

  I also had a look at the doc on the deployment of BIMAD to see if there are a few references to safety and there is a named party ' 4.2 task 2: update for Oracle BI Mobile App Designer Security Configuration "(here), they say run a WLST script to"update your system (System-jazn-"Data.xml") JAZN file with security grants needed for BI Mobile App Designer. so I thought I'd find the real answer here!

  The content of the script is a little disappointing:

  grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget = "IdentityAssertion", permClass = "oracle.security.jps.JpsPermission" permActions = "*")

  grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget = "context = SYSTEM, mapName is oracle.bi.system, keyName = system.user", permClass = "oracle.security.jps.service.credstore.CredentialAccessPermission", permActions = "read")

  grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget ="context = SYSTEM, mapName = oracle.bi.publisher, keyName = *", permClass = "oracle.security.jps.service.credstore.CredentialAccessPermission", permActions = "*")

  grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget = "context = APPLICATION name = obi", permClass ="oracle.security.jps.service.policystore.PolicyStoreAccessPermission", permActions = "getApplicationPolicy")

  grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget ="AppSecurityContext.setApplicationID. *", permClass = "oracle.security.jps.JpsPermission", permActions = "*")

  grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget ="context = SYSTEM, mapName = oracle.bi.enterprise, keyName = *", "oracle.security.jps.service.credstore.CredentialAccessPermission", permActions = "read" = permClass)

  grantPermission (codeBaseURL = "file:$ {oracle.deployed.app.dir} /bimad_11.1.1$ {oracle.deployed.app.ext}", permTarget ="context = SYSTEM, mapName = oracle.wsm.security, keyName = *", "oracle.security.jps.service.credstore.CredentialAccessPermission", permActions = "read" = permClass)

  createResource (appStripe = "obi", name = "oracle.bi.publisher.developLightDataModel" type = "oracle.bi.publisher.permission" displayName = "Develop model of light data", description = "develop light Data Model")

  grantPermission(appStripe="obi",principalClass="oracle.security.jps.service.policystore.ApplicationRole",principalName="BIAuthor",permClass="oracle.security.jps.ResourcePermission",permTarget="resourceType=oracle.bi.publisher.permission,resourceName=oracle.bi.publisher.developLightDataModel",permActions="_all_")

  Most of the lines is not interesting except the last 2 commands: a resource named 'Developing light Data Model' of type 'oracle.bi.publisher.permission is created.

  And the last command to grant permission to BIAuthor the newly created resource 'oracle.bi.publisher.developLightDataModel' is probably the most interesting.

  It deserves to be tested (no luck my test environment crashed just before that I was able to test it).

  You can try to revoke that permission of BiAuthor (using "revokePermission") and give it to another (smaller) role of app and see if it does what you're trying to reach.