Grant to the user API

Similar Questions

• System to grant to the user of the application views

  Hi all

  11.2.0.1

  Batch process Tha night encounter problem blocking where their generations report affected and delayed.

  I give this command operators, so that they will kill or stop the process that keeps the lock:

  SELECT TO_CHAR ("sysdate, ' HH24:MI:SS of MON-DD-YYYY"). ' The user '. S1. UserName | | » @'|| S1.machine | | "(SID = ' | s1.sid |)

  ') with the statement: ' | sqlt2.sql_text | |' if it blocks the SQL statement ' | S2. UserName | | » @'|| S2.machine |

  ' (SID ='|) S2.SID | |') Blocked-> SQL ' | sqlt1.sql_text AS blocking_status

  GV $ lock l1, Gv$ session s1, Gv$ lock Gv$ session s2, l2, Gv$ sqlt2, Gv sql $ sql sqlt1

  WHERE s1.sid = l1.sid

  AND s2.sid = l2.sid

  AND sqlt1.sql_id = s2.sql_id

  AND sqlt2.sql_id = s1.prev_sql_id

  AND l1. BLOCK = 1

  AND l2.request > 0

  AND l1.id1 = l2.id1

  AND l2.id2 = l2.id2;

  But this needs system views and you can not run the app user ID.

  On the security audit decision or without having violated, what I have to grant select to all system views accessed by this script to the user of the application, then create synonyms it 1 by 1?

  Or is it a one-time grant for all views of the system? So I is not need to type a plus creating synonyms so that I can't miss any?

  
  

  
  

  Thank you

  Petra k.
  

  f55237a7-2c38-4DB3-a7a3-1d77256f0730 wrote:

  Hi all

  11.2.0.1

  Process batch Tha night meets lock problem where their generations report interrupted.

  I give this command operators, so that they will kill or stop the process that keeps the lock:

  SELECT TO_CHAR ("sysdate, ' HH24:MI:SS of MON-DD-YYYY"). ' The user '. S1. UserName | | » @'|| S1.machine | | "(SID = ' | s1.sid |)

  ') with the statement: ' | sqlt2.sql_text | |' if it blocks the SQL statement ' | S2. UserName | | » @'|| S2.machine |

  ' (SID ='|) S2.SID | |') blocked SQL-> ' | sqlt1.sql_text AS blocking_status

  GV $ lock l1, Gv$ session s1, Gv$ lock Gv$ session s2, l2, Gv$ sqlt2, Gv sql $ sql sqlt1

  WHERE s1.sid = l1.sid

  AND s2.sid = l2.sid

  AND sqlt1.sql_id = s2.sql_id

  AND sqlt2.sql_id = s1.prev_sql_id

  AND l1. BLOCK = 1

  AND l2.request > 0

  AND l1.id1 = l2.id1

  AND l2.id2 = l2.id2;

  But this needs system views and you can not run the app user ID.

  In view of the security check or without having violated, what I give select all system views accessed by this script to the user of the application, and then create the names it 1 by 1?

  Or is it a one-time grant for all views of the system? So I no need to type one by one so that I can't miss any?

  Thank you

  Petra k.

  While approach posted will work subsequently, it's like making three left turns around the block;

  instead of making a single term of law.

  Place the SQL desired in a procedure (FIND_LOCKER) owned by the extremely privileged schema; then do as below

  GRANT EXECUTE ON FIND_LOCKER TO OPERATOR_USER;

• grant the user

  Hello
  There is a user permission 'select any table'... but I won't be selected only 'a table' by this user...
  
  grant select any table of XUSER except XTABLE
  command is not in Oracle :)
  
  How to do that without revocation "any select permission?
  
  Published by: lucky 18.Eki.2011 14:35

  You could create a policy from the CAE on this table. For example, you might have the political function ensure that the table is expressly granted to the user, otherwise will raise an error.

  However, this means that SELECT ANY TABLE wouldn't work for anyone (not even DBA), with respect to this table. Think through all the possible implications of which (including exports, statistics, etc.) and make sure you have your bases covered entirely if you go this route.

• Revoke ROLE on the user table

  Hi team,

  I'm trying to revoke grant on the user table

  The Sub statement gives error saying

  [code]

  REVOKE < role_nm > on < a.table_nm > to < b.user_nm >

  Error: ORA 00990: missing or invalid privilege

  [/ code]

  But the following works fine

  [code]

  REVOKE ALL ON < a.table_nm > to < b.user_nm >

  [/ code]

  Please suggest me to revoke the grant on the user table

  Smile says:

  [code]

  REVOKE on of

  Error: ORA-00990: missing or invalid privilege

  [/ code]

  A GRANT on table is assigned to a ROLE and that ROLE is assigned to the USER. So when you want to REVOKE a specific GRANT what is assigned to a user by ROLE. You must REVOKE any ROLE to the user or REVOKE the GRANTING OF THE ROLE.

• the user can only read

  Hello
  Should I create a user who can only read the tables in another schema. (this schema has 65000 tables and I want to avoid execution grant select on table1, table2... to MYUSER).
  Then, I created a trigger:

  CREATE TRIGGER set_empno_ctx_trig AFTER LOGON ON DATABASE
       BEGIN
       IF USER='MYUSER' THEN
        execute immediate 'ALTER SESSION SET CURRENT_SCHEMA = SCHEMA';
       END IF
       END;
      / 

  Any way to restrict it to read-only? How can I revoke Insert or UPDATE?
  
  I published that follows, but does not work and the user can INSERT:

  CREATE TRIGGER set_empno_ctx_trig AFTER LOGON ON DATABASE
       BEGIN
       IF USER='MYUSER' THEN
        execute immediate 'ALTER SESSION SET CURRENT_SCHEMA = SCOTT';
        execute immediate 'REVOKE INSERT ANY TABLE FROM MYUSER';
       END IF
       END;
      / 
  
   

  Thanks for the help.

  user522961 wrote:
  I thank once again.

  For the first query cannot send the result. MY_WRITE role is a role with:
  GRANT SELECT, insert, update, delete any table. Without which MYUSER cannot see the tables in the SCHEMA. MY_WRITE revoked if:

  So, what's you want? You cannot revoke insert, update, delete the grant of the user, if they are granted by a role.

  Grant select any WHAT TABLE or SELECT ON .

  the role of the user and revoke.
  He will be able to choose, but not change data.

• Display of metadata to fetch the user's privileges

  Hello
  
  I would like to get a list of the roles and privileges granted to the user. You use what metadata view, I'll be able to read this information,
  Please share me the details, thank you.

  Hello

  That can be extremely difficult, given that the roles can be granted to roles, recursively.

  Pete Finnigan has a nice script which is very useful:

  http://www.petefinnigan.com/find_all_privs.SQL

  Concerning
  Peter

• failed to connect the user had not granted the type of logon required on this computer

  W2K, Win XP Home, Win XP Vista Pro and al

  Some win appear XP OS like win 2 k professional versions, others as XP Home appear as WP Pro builds.
  The integrated network has a combination of these BONES still bastard licensed and the subject of errors occur

  "failed to connect the user didn't would have been granted the type of logon required on this computer.

  What sets with that?

  Never had this problem until that Microslop mixing and matching the OS with no sense of compatibility problems started

  IS THERE ANOTHER OS THAT WORKS THERE... PLEASE EXPLAIN!

  Frustrated and angry consumers of products Microslop

  Dave R

  check out this link and see how it works for you.

  http://forums.techguy.org/networking/533210-solved-user-has-not-been.html

• The user confirmation dialog to access some RIM Api

  Hello

  I use RadioInfo Api for the locations, while the installation and execution of my application, I get the popup with "the application tries to access the radio information that can identify your location all allow?". I'm using curve 8520 for test.

  This confirmation message will be come from for all devices?

  The opportunities are there to avoid these dialogue?

  you don't know. If the device is connected to a BES you can allow these things on the server side.

  on a device no - BES, the user must know everything that happens on its device, it's a safety measure that cannot be bypassed.

  You can add a provider of reason (os 5 +) or the document in the user manual. BB users are used to these dialog boxes.

• OIM 11 g R2PS2 - how to decipher the user password while calling the OIMClient API

  Hello

  I have a client application that connects to OIM 11 g R2PS2. Users connect in the client application to trigger a request for service and the client application will submit applications to the IOM.

  Connection to the end users to the client application using OAM authentication. So I need to find a mechanism to get the end-user password so that I can use the same in the OIMClient API to connect to IOM.

  If I login as XELSYSADM in the client application, is it possible that I can ask the user password and decrypt the same? I tried to use the code below, but I'm getting null pointer exception.

  RS = stmt.executeQuery ("select USR_PASSWORD from USR where upper (USR_LOGIN) ='" + id + "'");

  If (rs! = null & & RS.) Next {}

  String encPwd = rs.getString ("USR_PASSWORD");

  System.out.println ("get the DB password:" + encPwd);

  try {}

  String decryptPwd = String.valueOf (CryptoUtil.getDecryptedPassword (encPwd, null));

  tcCryptoUtil.decrypt (encPwd, "DBSecretKey");

  System.out.println ("decrypted password:" + decryptPwd);

  oimClient.login (id1, decryptPwd.toCharArray ());

  } catch (Exception e) {}

  e.printStackTrace ();

  e return;

  }

  }

  Exception:

  < 13 November 2015 12:29:01 EST > < error > < XELLERATE. ACCOUNTMANAGEMENT > < BEA-000000 > < class/method: tcDefaultDBEncryptionImpl/initKeyStore some problems: {1}

  java.lang.NullPointerException

  at com.thortech.xl.crypto.tcCryptoHelper.loadKeyStore(tcCryptoHelper.java:145)

  at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.initKeyStore(tcDefaultDBEncryptionImpl.java:67)

  at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.getCipher(tcDefaultDBEncryptionImpl.java:99)

  at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(tcDefaultDBEncryptionImpl.java:218)

  at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:122)

  at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:200)

  at oracle.iam.platform.utils.crypto.CryptoUtil.getDecryptedPassword(CryptoUtil.java:132)

  If you want to use the client of the IOM to send the request as long as the logged on user, IE of OAM session, then you might just get the context of the session of the user so the IOM customer queries will be made in this context. There is no need to decrypt the password for the user in this scenario.

  See rest of URL of excellent example illustrating this: Oracle Fusion Middleware security: authentication IOM API without the end user password

• Create/modify users using the RequestService API

  Hello

  I would like to create or modify users of IOM, by using the API RequestService (RequestService (Oracle Fusion Middleware Java QAnywhere for Oracle Identity Manager)), but currently, I do not know how!

  Currently I use the UserManager API to create/modify users:

  UserManager userManager = Platform.getService(UserManager.class);
  HashMap<String, Object> userAttributeValueMap = new HashMap<String,Object>();
  User user = new User("MyNewOIMUser", userAttributeValueMap);
  userManager.create(user);
  

  It works very well, but it is not possible to 'Create the user approval Workflows' using this trigger mechanism.  (use this code snippet in a custom scheduled task)

  I've already found some examples of code, using the RequestService API, but nobody uses this api to create/modify users.  (https://java.net/projects/openptk/sources/svn/show/branches/Oracle/OIM11g/examples/java/OIMClient/src/oim/client/request)

  Ideas/tips/code samples to specify this use case?

  BR,

  Mint

  This API allows you to submit the application:

  Oracle Fusion Middleware Java QAnywhere for Oracle Identity Manager

  doOperation (RequestData requestData, OIMService.Intent intention)

  This will allow you to submit and do force a request, direct provision or use some permissions has the person making the presentation for administrative roles to determine whether it is direct or claim.

  -Kevin

• How can I use the REST API to get general information of the user (Signature fields)?

  I'm trying to use the API to get the signature of all the users of the system fields. I can see this information in the web browser if I go to settings-> user management-> and selecting the user.

  I would like to know if there is a way to get the information General information (Signature fields) using the API.

  Thank you!

  Hi Sai,

  The REST API exposes the user records (see the following document); However, signature fields are not included. We need to work on this addition to the API (in a later version), but the option is currently not available.

  Please let me know if you have any questions or would like more information.

  Thank you

  Fred

• the API call error: error: the user has sufficient privileges to perform this API call.

  Hello

  I'm exploring cloudClient 3.4.1 but I'm trying to run a "vra catalog list" command or other similar commands I get the error "error: the user has sufficient privileges to perform this API call."

  I don't know what are the permissions of system requirements before I can make the API call because the account which I use to make these calls already have privileges to Administrator local on box of IAAS & is admin Admin/tenant IAAS. In short, the user is a full administrator of the tool.

  Please help me because I found there is a documentation for the usability of the cloudclient.

  Thank you

  MG

  Is the account of your help to make the law of all items in the catalog API call? We have users from the normal group of activities that use the API does not have system or administrator access.

• IOM, API - getData() - no data is not returned by the user account

  Hi all

  I have a question for the AD account data. The problem is when I try to get the account data from any account (account status: enabled, the account Type: primary), the API GetData returns a blank card and I don't know why. I see this account in the accounts of the user to the IOM. This account has been created through reconciliation of AD and this account is only one (primary and active).

  In the test environment my code works very well, but production only.

  Here is part of my code where I get some details of account.

  ...

  accounts = provServ.getAccountsProvisionedToUser (take);

  Logger.Finest ("getUsersToTheLookupTask-> user Details - take:" + take + ", DisplayName:" + userDisplayName);

  Iterator it = accounts.iterator ();

  {while (IT.hasNext ())}

  Account ad_account = (Account) it.next ();

  If (ad_account.getAppInstance () .getApplicationInstanceName () .equalsIgnoreCase (appInstName) & & ad_account.getAccountType () .equals (Account.ACCOUNT_TYPE.) (Primary)) {}

  Logger.Finest ("getUsersToTheLookupTask-> AppInstance ApplicationInstanceName:" + ad_account.getAppInstance () .getApplicationInstanceName ());

  Logger.Finest ("getUsersToTheLookupTask-> AppInstance DisplayName:" + ad_account.getAppInstance () .getDisplayName ());

  Logger.Finest ("getUsersToTheLookupTask-> AccountDescriptiveField:" + ad_account.getAccountDescriptiveField ());

  Logger.Finest ("getUsersToTheLookupTask-> getAccountID:" + ad_account.getAccountID ());

  String UtilisateurDN = getADUserDN (appInstName, take);

  AccountData accountdata = ad_account.getAccountData ();

  Map < String, Object > accdata = accountdata.getData ();                         //THIS RETURN EMPTY map < String, Object >! And I don't know why!

  Logger.Finest ("--> account data:" + accdata);

  String userOrg = accdata.get("UD_ADUSER_ORGNAME").toString ();

  String userCN = accdata.get("UD_ADUSER_COMMONNAME").toString ();

  Logger.Finest ("-> CN an ORG:" + userOrg + "-" + userCN);

  userOrg = userOrg.substring (userOrg.indexOf ("OR ="));

  String UtilisateurDN = "CN =" + userCN + "," + userOrg;

  Logger.Finest ("getUsersToTheLookupTask-> pair key / value:" + UtilisateurDN + ":" + userDisplayName);

  userMap.put (UtilisateurDN, userDisplayName);

  }

  }

  ...

  You have an idea why I'm not able to get user account data?

  Thank you!

  Milan

  Fact.

  The following API does not return the AccountData in the AccountVO. Old API IOM at 11.1.2.0 in 11.1.2.1 IOM Yes.

  accounts = provServ.getAccountsProvisionedToUser (take);

  If you need obtain account data, use:

  Acccriteria SearchCriteria = new SearchCriteria (ProvisioningConstants.AccountSearchAttribute.APPINST_KEY.getId (), "*", SearchCriteria.Operator.EQUAL);

  accounts = provServ.getAccountsProvisionedToUser (take, acccriteria, null, true);

  ...
  

  AccountData accountdata = ad_account.getAccountData ();

  Card accdata = accountdata.getData ();

  GetData returns then map of attributes as I expected.

• Change the User Manager api for the update

  Hi all

  I'm trying to change some attributes using the UserManager change call.

  I get the exception below-

  Caused by: oracle.iam.platform.kernel.ValidationFailedException: this attribute is not supported for the change of the bulk operation.

  at oracle.iam.identity.usermgmt.impl.handlers.modify.ModifyUserValidationHandler.validate(ModifyUserValidationHandler.java:192)

  at oracle.iam.platform.kernel.impl.OrchProcessData.validate(OrchProcessData.java:246)

  at oracle.iam.platform.kernel.impl.OrchProcessData.runValidationEvents(OrchProcessData.java:190)

  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.validate(OrchestrationEngineImpl.java:728)

  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:579)

  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:492)

  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:409)

  to s

  I am able to change using the same api string or text attributes, I get the above error only when I add an attribute of date format.

  HM.put (CommonConstants.EMPLOYEESTATUS, "T");

  HM.put (CommonConstants.EMPSTATUSDESC, CommonConstants.TERMINATED);

  HM.put (CommonConstants.TERMINATIONDATE, new Date ((new java.util.Date () .getTime ()));

  Employee status and type PEM desc are attributes of text and they have updated if I comment the termdate entry in the hash table.

  Pls let me know.

  Note: I checked to find and use in bulk for all the attributes that I spend in the hash table.

  Thanks in advance.

  ~ THE VSN

  Thank you J_IDM.

  I just followed the same same approach before, but the real problem was after I did the editable attribute, there is actually an update of the User.xml.

  Where the question.

  I took mds export and manually updated.

  ~ THE VSN

• Users of "Lean" in the Socialcast API

  Http://developers.socialcast.com/api-documentation/api/responses/user-response/ , I noticed that there seems to be a way to recover a 'skinny' user object in the responses.  I don't see an example of this anywhere in the docs.  How can I get this user "skinny" instead of a full user object object in my answers?

  Thank you!

  Thank you for reaching out.  The only place that is returned right now part of the preferred API - API v1 answer is quite verbose.  We should be implemented in ways to make it less verbose in the near future.