Grant to the user API
Hi teamsomeone can tell me how we can grant API Oracle user, really appreciate help.
Kind regards
Mahesh
Mahesh,
Are you talking about [url http://docs.oracle.com/cd/E23943_01/portal.1111/e10238/pdg_cm_intro.htm#POBLD478] 9.3 providing access to APIs and Secure views?
In this case, you can use provsyns.sql. Note that the instructions to get the portal password apply to the 10g only. If you want to get on 11g, use the instructions in the Note [url https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=843978.1] 843978.1, "How to recover the portal schema Portal 11g password?".
Thank you
EJ
Tags: Fusion Middleware
Similar Questions
-
System to grant to the user of the application views
Hi all
11.2.0.1
Batch process Tha night encounter problem blocking where their generations report affected and delayed.
I give this command operators, so that they will kill or stop the process that keeps the lock:
SELECT TO_CHAR ("sysdate, ' HH24:MI:SS of MON-DD-YYYY"). ' The user '. S1. UserName | | » @'|| S1.machine | | "(SID = ' | s1.sid |)
') with the statement: ' | sqlt2.sql_text | |' if it blocks the SQL statement ' | S2. UserName | | » @'|| S2.machine |
' (SID ='|) S2.SID | |') Blocked-> SQL ' | sqlt1.sql_text AS blocking_status
GV $ lock l1, Gv$ session s1, Gv$ lock Gv$ session s2, l2, Gv$ sqlt2, Gv sql $ sql sqlt1
WHERE s1.sid = l1.sid
AND s2.sid = l2.sid
AND sqlt1.sql_id = s2.sql_id
AND sqlt2.sql_id = s1.prev_sql_id
AND l1. BLOCK = 1
AND l2.request > 0
AND l1.id1 = l2.id1
AND l2.id2 = l2.id2;
But this needs system views and you can not run the app user ID.
On the security audit decision or without having violated, what I have to grant select to all system views accessed by this script to the user of the application, then create synonyms it 1 by 1?
Or is it a one-time grant for all views of the system? So I is not need to type a plus creating synonyms so that I can't miss any?
Thank you
Petra k.
f55237a7-2c38-4DB3-a7a3-1d77256f0730 wrote:
Hi all
11.2.0.1
Process batch Tha night meets lock problem where their generations report interrupted.
I give this command operators, so that they will kill or stop the process that keeps the lock:
SELECT TO_CHAR ("sysdate, ' HH24:MI:SS of MON-DD-YYYY"). ' The user '. S1. UserName | | » @'|| S1.machine | | "(SID = ' | s1.sid |)
') with the statement: ' | sqlt2.sql_text | |' if it blocks the SQL statement ' | S2. UserName | | » @'|| S2.machine |
' (SID ='|) S2.SID | |') blocked SQL-> ' | sqlt1.sql_text AS blocking_status
GV $ lock l1, Gv$ session s1, Gv$ lock Gv$ session s2, l2, Gv$ sqlt2, Gv sql $ sql sqlt1
WHERE s1.sid = l1.sid
AND s2.sid = l2.sid
AND sqlt1.sql_id = s2.sql_id
AND sqlt2.sql_id = s1.prev_sql_id
AND l1. BLOCK = 1
AND l2.request > 0
AND l1.id1 = l2.id1
AND l2.id2 = l2.id2;
But this needs system views and you can not run the app user ID.
In view of the security check or without having violated, what I give select all system views accessed by this script to the user of the application, and then create the names it 1 by 1?
Or is it a one-time grant for all views of the system? So I no need to type one by one so that I can't miss any?
Thank you
Petra k.
While approach posted will work subsequently, it's like making three left turns around the block;
instead of making a single term of law.
Place the SQL desired in a procedure (FIND_LOCKER) owned by the extremely privileged schema; then do as below
GRANT EXECUTE ON FIND_LOCKER TO OPERATOR_USER;
-
Hello
There is a user permission 'select any table'... but I won't be selected only 'a table' by this user...
grant select any table of XUSER except XTABLE
command is not in Oracle :)
How to do that without revocation "any select permission?
Published by: lucky 18.Eki.2011 14:35You could create a policy from the CAE on this table. For example, you might have the political function ensure that the table is expressly granted to the user, otherwise will raise an error.
However, this means that SELECT ANY TABLE wouldn't work for anyone (not even DBA), with respect to this table. Think through all the possible implications of which (including exports, statistics, etc.) and make sure you have your bases covered entirely if you go this route.
-
Hi team,
I'm trying to revoke grant on the user table
The Sub statement gives error saying
[code]
REVOKE < role_nm > on < a.table_nm > to < b.user_nm >
Error: ORA 00990: missing or invalid privilege
[/ code]
But the following works fine
[code]
REVOKE ALL ON < a.table_nm > to < b.user_nm >
[/ code]
Please suggest me to revoke the grant on the user table
Smile says:
[code]
REVOKE
on of Error: ORA-00990: missing or invalid privilege
[/ code]
A GRANT on table is assigned to a ROLE and that ROLE is assigned to the USER. So when you want to REVOKE a specific GRANT what is assigned to a user by ROLE. You must REVOKE any ROLE to the user or REVOKE the GRANTING OF THE ROLE.
-
Hello
Should I create a user who can only read the tables in another schema. (this schema has 65000 tables and I want to avoid execution grant select on table1, table2... to MYUSER).
Then, I created a trigger:
Any way to restrict it to read-only? How can I revoke Insert or UPDATE?CREATE TRIGGER set_empno_ctx_trig AFTER LOGON ON DATABASE BEGIN IF USER='MYUSER' THEN execute immediate 'ALTER SESSION SET CURRENT_SCHEMA = SCHEMA'; END IF END; /
I published that follows, but does not work and the user can INSERT:
Thanks for the help.CREATE TRIGGER set_empno_ctx_trig AFTER LOGON ON DATABASE BEGIN IF USER='MYUSER' THEN execute immediate 'ALTER SESSION SET CURRENT_SCHEMA = SCOTT'; execute immediate 'REVOKE INSERT ANY TABLE FROM MYUSER'; END IF END; /
user522961 wrote:
I thank once again.For the first query cannot send the result. MY_WRITE role is a role with:
GRANT SELECT, insert, update, delete any table. Without which MYUSER cannot see the tables in the SCHEMA. MY_WRITE revoked if:So, what's you want? You cannot revoke insert, update, delete the grant of the user, if they are granted by a role.
Grant select any WHAT TABLE or SELECT ON
. the role of the user and revoke.
He will be able to choose, but not change data. -
Display of metadata to fetch the user's privileges
Hello
I would like to get a list of the roles and privileges granted to the user. You use what metadata view, I'll be able to read this information,
Please share me the details, thank you.Hello
That can be extremely difficult, given that the roles can be granted to roles, recursively.
Pete Finnigan has a nice script which is very useful:
http://www.petefinnigan.com/find_all_privs.SQL
Concerning
Peter -
failed to connect the user had not granted the type of logon required on this computer
W2K, Win XP Home, Win XP Vista Pro and al
Some win appear XP OS like win 2 k professional versions, others as XP Home appear as WP Pro builds.
The integrated network has a combination of these BONES still bastard licensed and the subject of errors occur"failed to connect the user didn't would have been granted the type of logon required on this computer.
What sets with that?
Never had this problem until that Microslop mixing and matching the OS with no sense of compatibility problems started
IS THERE ANOTHER OS THAT WORKS THERE... PLEASE EXPLAIN!
Frustrated and angry consumers of products Microslop
Dave R
check out this link and see how it works for you.
http://forums.techguy.org/networking/533210-solved-user-has-not-been.html
-
The user confirmation dialog to access some RIM Api
Hello
I use RadioInfo Api for the locations, while the installation and execution of my application, I get the popup with "the application tries to access the radio information that can identify your location all allow?". I'm using curve 8520 for test.
This confirmation message will be come from for all devices?
The opportunities are there to avoid these dialogue?
you don't know. If the device is connected to a BES you can allow these things on the server side.
on a device no - BES, the user must know everything that happens on its device, it's a safety measure that cannot be bypassed.
You can add a provider of reason (os 5 +) or the document in the user manual. BB users are used to these dialog boxes.
-
OIM 11 g R2PS2 - how to decipher the user password while calling the OIMClient API
Hello
I have a client application that connects to OIM 11 g R2PS2. Users connect in the client application to trigger a request for service and the client application will submit applications to the IOM.
Connection to the end users to the client application using OAM authentication. So I need to find a mechanism to get the end-user password so that I can use the same in the OIMClient API to connect to IOM.
If I login as XELSYSADM in the client application, is it possible that I can ask the user password and decrypt the same? I tried to use the code below, but I'm getting null pointer exception.
RS = stmt.executeQuery ("select USR_PASSWORD from USR where upper (USR_LOGIN) ='" + id + "'");
If (rs! = null & & RS.) Next {}
String encPwd = rs.getString ("USR_PASSWORD");
System.out.println ("get the DB password:" + encPwd);
try {}
String decryptPwd = String.valueOf (CryptoUtil.getDecryptedPassword (encPwd, null));
tcCryptoUtil.decrypt (encPwd, "DBSecretKey");
System.out.println ("decrypted password:" + decryptPwd);
oimClient.login (id1, decryptPwd.toCharArray ());
} catch (Exception e) {}
e.printStackTrace ();
e return;
}
}
Exception:
< 13 November 2015 12:29:01 EST > < error > < XELLERATE. ACCOUNTMANAGEMENT > < BEA-000000 > < class/method: tcDefaultDBEncryptionImpl/initKeyStore some problems: {1}
java.lang.NullPointerException
at com.thortech.xl.crypto.tcCryptoHelper.loadKeyStore(tcCryptoHelper.java:145)
at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.initKeyStore(tcDefaultDBEncryptionImpl.java:67)
at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.getCipher(tcDefaultDBEncryptionImpl.java:99)
at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(tcDefaultDBEncryptionImpl.java:218)
at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:122)
at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:200)
at oracle.iam.platform.utils.crypto.CryptoUtil.getDecryptedPassword(CryptoUtil.java:132)
If you want to use the client of the IOM to send the request as long as the logged on user, IE of OAM session, then you might just get the context of the session of the user so the IOM customer queries will be made in this context. There is no need to decrypt the password for the user in this scenario.
See rest of URL of excellent example illustrating this: Oracle Fusion Middleware security: authentication IOM API without the end user password
-
Create/modify users using the RequestService API
Hello
I would like to create or modify users of IOM, by using the API RequestService (RequestService (Oracle Fusion Middleware Java QAnywhere for Oracle Identity Manager)), but currently, I do not know how!
Currently I use the UserManager API to create/modify users:
UserManager userManager = Platform.getService(UserManager.class); HashMap<String, Object> userAttributeValueMap = new HashMap<String,Object>(); User user = new User("MyNewOIMUser", userAttributeValueMap); userManager.create(user);
It works very well, but it is not possible to 'Create the user approval Workflows' using this trigger mechanism. (use this code snippet in a custom scheduled task)
I've already found some examples of code, using the RequestService API, but nobody uses this api to create/modify users. (https://java.net/projects/openptk/sources/svn/show/branches/Oracle/OIM11g/examples/java/OIMClient/src/oim/client/request)
Ideas/tips/code samples to specify this use case?
BR,
Mint
This API allows you to submit the application:
Oracle Fusion Middleware Java QAnywhere for Oracle Identity Manager
doOperation (RequestData requestData, OIMService.Intent intention)
This will allow you to submit and do force a request, direct provision or use some permissions has the person making the presentation for administrative roles to determine whether it is direct or claim.
-Kevin
-
I'm trying to use the API to get the signature of all the users of the system fields. I can see this information in the web browser if I go to settings-> user management-> and selecting the user.
I would like to know if there is a way to get the information General information (Signature fields) using the API.
Thank you!
Hi Sai,
The REST API exposes the user records (see the following document); However, signature fields are not included. We need to work on this addition to the API (in a later version), but the option is currently not available.
Please let me know if you have any questions or would like more information.
Thank you
Fred
-
Hello
I'm exploring cloudClient 3.4.1 but I'm trying to run a "vra catalog list" command or other similar commands I get the error "error: the user has sufficient privileges to perform this API call."
I don't know what are the permissions of system requirements before I can make the API call because the account which I use to make these calls already have privileges to Administrator local on box of IAAS & is admin Admin/tenant IAAS. In short, the user is a full administrator of the tool.
Please help me because I found there is a documentation for the usability of the cloudclient.
Thank you
MG
Is the account of your help to make the law of all items in the catalog API call? We have users from the normal group of activities that use the API does not have system or administrator access.
-
IOM, API - getData() - no data is not returned by the user account
Hi all
I have a question for the AD account data. The problem is when I try to get the account data from any account (account status: enabled, the account Type: primary), the API GetData returns a blank card and I don't know why. I see this account in the accounts of the user to the IOM. This account has been created through reconciliation of AD and this account is only one (primary and active).
In the test environment my code works very well, but production only.
Here is part of my code where I get some details of account.
...
accounts = provServ.getAccountsProvisionedToUser (take);
Logger.Finest ("getUsersToTheLookupTask-> user Details - take:" + take + ", DisplayName:" + userDisplayName);
Iterator it = accounts.iterator ();
{while (IT.hasNext ())}
Account ad_account = (Account) it.next ();
If (ad_account.getAppInstance () .getApplicationInstanceName () .equalsIgnoreCase (appInstName) & & ad_account.getAccountType () .equals (Account.ACCOUNT_TYPE.) (Primary)) {}
Logger.Finest ("getUsersToTheLookupTask-> AppInstance ApplicationInstanceName:" + ad_account.getAppInstance () .getApplicationInstanceName ());
Logger.Finest ("getUsersToTheLookupTask-> AppInstance DisplayName:" + ad_account.getAppInstance () .getDisplayName ());
Logger.Finest ("getUsersToTheLookupTask-> AccountDescriptiveField:" + ad_account.getAccountDescriptiveField ());
Logger.Finest ("getUsersToTheLookupTask-> getAccountID:" + ad_account.getAccountID ());
String UtilisateurDN = getADUserDN (appInstName, take);
AccountData accountdata = ad_account.getAccountData ();
Map < String, Object > accdata = accountdata.getData (); //THIS RETURN EMPTY map < String, Object >! And I don't know why!
Logger.Finest ("--> account data:" + accdata);
String userOrg = accdata.get("UD_ADUSER_ORGNAME").toString ();
String userCN = accdata.get("UD_ADUSER_COMMONNAME").toString ();
Logger.Finest ("-> CN an ORG:" + userOrg + "-" + userCN);
userOrg = userOrg.substring (userOrg.indexOf ("OR ="));
String UtilisateurDN = "CN =" + userCN + "," + userOrg;
Logger.Finest ("getUsersToTheLookupTask-> pair key / value:" + UtilisateurDN + ":" + userDisplayName);
userMap.put (UtilisateurDN, userDisplayName);
}
}
...
You have an idea why I'm not able to get user account data?
Thank you!
Milan
Fact.
The following API does not return the AccountData in the AccountVO. Old API IOM at 11.1.2.0 in 11.1.2.1 IOM Yes.
accounts = provServ.getAccountsProvisionedToUser (take);
If you need obtain account data, use:
Acccriteria SearchCriteria = new SearchCriteria (ProvisioningConstants.AccountSearchAttribute.APPINST_KEY.getId (), "*", SearchCriteria.Operator.EQUAL);
accounts = provServ.getAccountsProvisionedToUser (take, acccriteria, null, true);
...
AccountData accountdata = ad_account.getAccountData ();
Card
accdata = accountdata.getData (); GetData returns then map of attributes as I expected.
-
Change the User Manager api for the update
Hi all
I'm trying to change some attributes using the UserManager change call.
I get the exception below-
Caused by: oracle.iam.platform.kernel.ValidationFailedException: this attribute is not supported for the change of the bulk operation.
at oracle.iam.identity.usermgmt.impl.handlers.modify.ModifyUserValidationHandler.validate(ModifyUserValidationHandler.java:192)
at oracle.iam.platform.kernel.impl.OrchProcessData.validate(OrchProcessData.java:246)
at oracle.iam.platform.kernel.impl.OrchProcessData.runValidationEvents(OrchProcessData.java:190)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.validate(OrchestrationEngineImpl.java:728)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:579)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:492)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:409)
to s
I am able to change using the same api string or text attributes, I get the above error only when I add an attribute of date format.
HM.put (CommonConstants.EMPLOYEESTATUS, "T");
HM.put (CommonConstants.EMPSTATUSDESC, CommonConstants.TERMINATED);
HM.put (CommonConstants.TERMINATIONDATE, new Date ((new java.util.Date () .getTime ()));
Employee status and type PEM desc are attributes of text and they have updated if I comment the termdate entry in the hash table.
Pls let me know.
Note: I checked to find and use in bulk for all the attributes that I spend in the hash table.
Thanks in advance.
~ THE VSN
Thank you J_IDM.
I just followed the same same approach before, but the real problem was after I did the editable attribute, there is actually an update of the User.xml.
Where the question.
I took mds export and manually updated.
~ THE VSN
-
Users of "Lean" in the Socialcast API
Http://developers.socialcast.com/api-documentation/api/responses/user-response/ , I noticed that there seems to be a way to recover a 'skinny' user object in the responses. I don't see an example of this anywhere in the docs. How can I get this user "skinny" instead of a full user object object in my answers?
Thank you!
Thank you for reaching out. The only place that is returned right now part of the preferred API - API v1 answer is quite verbose. We should be implemented in ways to make it less verbose in the near future.
Maybe you are looking for
-
It's strange how the cooling fan works on Satellite L20
I have a little problem. I bought the Satellite L20-182.When I turn on the computer about 10 minutes is quiet.Then the fan starts as a hurricane, slows and stops after a few seconds.The fan works this way on a regular basis with intervals of one minu
-
Get the context of the sequence of other connectors (active) in the batch processing model
TestStand 2014 - model updated the batch LV2014 System controls an environmental Chamber and doing trials on 4 of the UUT. Room Enviromental is the shared resource and is controlled by the synchronization of thread only lot. A UI TempMonitor of Lab
-
How to disable the blocker?
How to disable pop-up blockers?
-
heat flow for animation clay 5 fps output rate is 25 fps after publication
I turned my animation of clay at 5 fps in .mswmm. When I publish the movie on that computer it playsback at 25 fps. This transforms a 3 min. video in a 20-minute video that I can't upload to Youtube because it is too long. Can anyone help? I tried to
-
BlackBerry smartphones still have a different conception of the PRIVATE Blackberry!
Another share of these silent creators of Blackberry. The fact that they put the volume keys and touch mute, on the right, where you hold the phone to make calls. Now what do you think happens? Not only do keep you spoiling and pressing the volume ke