Object grants to users and roles

Similar Questions

• User and role are the object?

  Dear all,

  1. There are many object as a TABLE, INDEX, VIEW...

  We can change to help change the ddl statement.

  So, can we say user is also a database object or not.

  because we can change the user using ddl statement and corresponding information stored in the data dictionary.

  2. we know that ALTER is a privilege of the object, and we can also change the DBA user. then we can say user is an object?

  3 is an object?

  Thanks in advance,

  Alain Coppey.

  1. There are many object as a TABLE, INDEX, VIEW...

  We can change to help change the ddl statement.

  So, can we say user is also a database object or not.

  because we can change the user using ddl statement and corresponding information stored in the data dictionary.

  2. we know that ALTER is a privilege of the object, and we can also change the DBA user. then we can say user is an object?

  3 is an object?

  Yes - users and roles are objects. But they are SYSTEM objects and not contained in a schema.

  See the section 'Introduction to schema objects' Oracle documentation

  http://docs.Oracle.com/CD/B28359_01/server.111/b28318/schema.htm#i22627

  The first section lists the schema objects - objects belonged to a schema

  The following section lists the system objects, or non-schema,

  Other types of objects are also stored in the database and can be created and manipulated with SQL, but are not contained in a schema:

  • Contexts
  • Directories
  • Settings files ( PFILE s) and server parameter files ( SPFILE s)
  • Profiles of school boards
  • Roles
  • Rollback segments
  • Storage spaces
  • Users

  You won't find the schema objects not listed in the views that display information of schema object, but there are other views system for them.

  So if it is an "interview" questions answers just YES and refer them to this link above. Or you can use this link for the 'sql elements' doc section if you prefer:

  http://docs.Oracle.com/CD/E11882_01/server.112/e41084/sql_elements007.htm

  Schema objects

  Other types of objects are also stored in the database and can be created and manipulated with SQL, but are not contained in a schema:

  Contexts

  Directories

  Editions

  Restore points

  Roles

  Rollback segments

  Storage spaces

  Users

  In this reference, each object type is described in the Chapter 10 , Chapter 19, in the section dedicated to the statement that creates the database object. These statements begin with the keyword CREATE . For example, for the definition of a cluster, see CREATE CLUSTER.

  In this link, unlike the other one, Oracle uses explicitly the terms "run things" and "objects" by referring to the items in the list above.

  A simple NET search for "objects nonschema oracle 11g" returns this link as the first result.

  The documentation is your friend! Some info may be harder to find, but the docs usually include information for ALL Oracle basic terms and functionality.

• creating users and roles of WL server for an application that is secured by security ADF

  Greetings
  
  I have an application that uses the security of adf, pre-deployment I created the users and roles to grant access or permissions to certain pages in mid CA. the thing is that I need to know if its possible to create users and roles through my the weblogic Server console and that roles and users can have permissions in my app I try but the only thing that works is authentication... I can not pass authorization
  
  Thanks for your help

  It should work very easily.

  What you have to do is give the domain name as domain (default myrealm) weblogic, this step you already have you're abe to authenticate.

  Now in jazn-"Data.xml", there are 2 types of roles. Application role & business role. Select business roles when assigning permissions. These should also be the same roles myrealm.

  You can also use the application role and have a relationship between the application role & business role.

  Only the care you need to take are to deploy the application in the EAR file, deployed a flag there migrate suite security users and security groups object. Deselect it.
  When you use the user groups and migrate the Application roles.

  Vincent

• Relationship between users and roles OID

  Hi team,

  We have created users and roles in the IOM and the synchronization of these OID values. Users and roles create under different containers in OID.

  We have the relationship between users and roles of the IOM. How the relationship between users and roles are maintained in the OID.

  Could you please help me on this. Thanks in advance.

  Thank you and best regards,

  Narasimha Rao

  For 11 GR 2 IOM, roles map to the OID groups if there is a ldap synchronization (between IOM and the OID). I know that it works for IOM 11.1.2.2 and OID 11.1.1.7 (also 11.1.1.6 OID as well).

  Between the IOM and the OID ldap synchronization will automatically synchronize users of IOM in OID. So if you add a user to the IOM it will come in OID under the users container.  You create the role of IOM, you should see a group created under the OID. Similarly, if you add users to the IOM for a role of IOM, it will map/synchronization user in OID OID group.

  (Hope this helps, please indicate your answer as answered if it solved your query)

• Is it possible to store user and role information in MDS instead of jazn?

  Hello
  
  I want to store user and role information in xml rather than jazn mds. Is - is this possible? Could someone steps who to follow?
  
  Thank you
  Vishnu

  Hello

  SDM is not a polic store nor a system of identity management. It does not really to sense what you're asking. Instead of jazn-"Data.xml", you can use OID and RDBMS to policies and vinifying the identities of users. If it is only the identities of users and groups to move to another bank, then you OID, RDBMS, Active Directory. OAM etc... The jazn-"Data.xml" file btw. is used at design time. The deployment - default - users and groups are created of jazn-"Data.xml" in the built-in LDAP WLS server. Strategies jazn-"Data.xml" file are copied to the system-jazn-"Data.xml" of the target WLS server.

  Frank

• Bug? Synchronization mixes DB users and roles.

  Hello

  I can't synchronize my physical datamodel with the database (datamodeler 4.0.3). For some reason, the synchronization process has a preference for database roles on DB-users. So what happens is: my database contains a user EWDS_OWNER_REF, but the synchronization process creates a role EWDS_OWNER_REF insteand and assigns all privileges to this role. This occurs even if the user EWDS_OWNER_REF is already present in the model.

  An idea for a workaorund?

  Thanks in advance!

  Hello

  Thanks for reporting this.  I will record a bug on this issue.

  There is a solution.  Go to the Data Modeler > model > physical synchronization preferences page and select the checkbox synchronize to USER type.

  David

• Managing users and roles in OBIEE 11 G

  Hi all
  
  I try to learn OBIEE and started installing it in my laptop.
  
  I connect with the weblogic user account. When I go to Administration > manage privileges, I can see different groups as roles of consumers BI, BI author roles etc.
  
  How do I assign or see which group my weblogic user belongs to? Where can I manage these groups? don't know if its been through weblogic?
  
  See you soon.
  
  OBIEE 11 G on Windows 7 running.

  Hi William,.

  Cannot create groups and users/groups to manage--> identity. Users on the magagers of identity are references to security field.

  Let me know if this helped.

  Kind regards
  Jay

• Security ADF of application using DB tables for users and roles

  Hello
  I followed the below documents to use SQL authentication instead of jazn.
  
  http://Biemond.blogspot.com/2008/12/using-database-tables-as-authentication.html
  
  
  http://Biemond.blogspot.com/2008/12/using-WebLogic-provider-as.html
  
  The second paper after completing the ADF Security Assistant, there are steps to create roles and application below at point
  
  * "We need to use myrealm as Kingdom and not jazn.com. Create the role of valid users. "
  
  Could someone suggest where to put these roles?
  
  Thanks in advance!
  Vinod

  Hi Vinod,

  If you set up SQLAuthenticator in the JDeveloper's integrated Weblogic Server, so what happened to your case is expected, because you deleted the Weblogic instance where SQLAuthenticator has been configured. Yes, you have deleted the domaine_par_defaut instance that is located in the directory specified above. JDeveloper will recreate a new instance (not configured) the next time you run.

  To avoid reconfiguring SQLAuthenticator, you must set it up on a stand-alone instance of Weblogic (which is not located on the JDeveloper/systems user... folder.

  Kind regards

  Pino

• Question about user SYS and ROLES

  Hello
  
  When I create a role, such as:
  

  create role atestrole;

  I see that as soon as the role is created, it is automatically granted to the SYS.
  
  I thought that, given the fact that SYS has already all the privileges system and object in existence, that the automatic grant was superfluous and unnecessary. To test this, I have revoked the role of 'atestrole' of SYS and then tried to give "atestrole" as user SYS to SCOTT. As expected, SYS has been able to give "atestrole" SCOTT.
  
  At this point, it seems that the automatic granting of new roles to SYS does not SYS, being able to do something that he would be able to do otherwise.
  
  Question: SYS automatically grant all newly created roles, cause SYSTEM to have a few abilities that he would or not is superfluous (as seems to be)?
  
  Thank you for your help,
  
  John.
  
  PS: the new roles are automatically awarded to SYS by Oracle itself, it is not something to be done "manually".
  
  Published by: 440bx - 11 GR 2 on 20 Sep, 2010 08:23 - added PS.

  I don't know if it will clear the cloud or not! but the result is "a user who creates a role is granted also that default role.
  So, if you created the ROLE with SYS is authorized for SYS otherwise DO NOT default. See the example below.

  SQL> conn sys@xe as sysdba
  Enter password: ******
  Connected.
  
  SQL> CREATE ROLE TEST_ROLE_GRANT1;
  
  Role created.
  
  SQL> set line 1000
  SQL> SELECT * FROM dba_role_privs
    2  WHERE GRANTED_ROLE='TEST_ROLE_GRANT1';
  
  GRANTEE                        GRANTED_ROLE                   ADM DEF
  ------------------------------ ------------------------------ --- ---
  SYS                            TEST_ROLE_GRANT1               YES YES
  
  SQL> conn system@xe
  Enter password: ******
  Connected.
  SQL> CREATE ROLE TEST_ROLE_GRANT2;
  
  Role created.
  
  SQL> SELECT * FROM dba_role_privs
    2  WHERE GRANTED_ROLE='TEST_ROLE_GRANT2';
  
  GRANTEE                        GRANTED_ROLE                   ADM DEF
  ------------------------------ ------------------------------ --- ---
  SYSTEM                         TEST_ROLE_GRANT2               YES YES
  
  SQL> conn hr@xe
  Enter password: **
  Connected.
  
  SQL> CREATE ROLE TEST_ROLE_GRANT3;
  
  Role created.
  
  SQL> SELECT * FROM dba_role_privs
    2  WHERE GRANTED_ROLE='TEST_ROLE_GRANT3';
  
  GRANTEE                        GRANTED_ROLE                   ADM DEF
  ------------------------------ ------------------------------ --- ---
  HR                             TEST_ROLE_GRANT3               YES YES
  
  SQL> 
  

• University Complutense of MADRID and Weblogic users, groups, roles, and permissions

  Hello
  
  I could not get the AAU to honour the permissions of the user defined in Weblogic. Here's what I do:
  
  1. create a Weblogic group called "contributor".
  
  2 create a role in the UMC called "contributor" with permissions of read/write on the PUBLIC group
  
  3. Add a user in Weblogic called "testuser" and make him a member of the employee group
  
  4. connect to the Complutense University of MADRID as a "testuser".
  
  5 testuser has only the permissions "guest."
  
  UCM is NOT honoring the contributor of Weblogic group membership. The documentation says if I create a Weblogic group with exactly the same name as being instrumental in the University Complutense of MADRID, the permissions should be granted properly but I didn't actually work.
  
  Someone saw this? I would supremely, manage users and authorization in a unique place with a minimum of fuss.
  
  Thank you! -JDM

  Hello

  Stop the server of the University Complutense of MADRID managed and the WLS server.

  Start the WLS server, wait until it starts completely, and then start the server from the Complutense University of MADRID.

  After this test to see if the issue still persists.

  Thank you
  Srinath

• Details of grant required for the user and schema

  Hello
  
  I have the Oracle - 10.2.0.4.0 version
  
  We figure A (many objects exist) and user B (no objects exist - acts as a user of the application to access objects in the other schema).
  
  I have listed below doubts.
  
  (1) I want to know the method to find the list of the users have access to the objects in A schema and privileges for schema objects A
  (2) I want to know the method to find the list of the subsidies granted for objects of schema to user B

  Have a look on the DBA_TAB_PRIVS view, then come back here with specific questions after you have tried to find what you need to know it.

• Cannot grant the privilege on the column the user through role?

  Hello:
  
  From what I read in the docs I should be able to create a role that has privileges to UPDATE a column in a table and then assign this role to a user, that should be able to update the column in the table. I get "insufficient privileges" when I try which, although it works as advertised if I book directly to the user. I read the docs wrong?
  
  WATCH session:
  

  CREATE TABLE "GAFF"."FOO2" 
  
     (    "F1" NUMBER, 
  
      "F2" NUMBER, 
  
      "F3" VARCHAR2(50), 
  
      "F4" NUMBER, 
  
       CONSTRAINT "FOO2_PK" PRIMARY KEY ("F1")
  
  /
  
  
  
  create role foo2_u_f2;
  
  
  
  grant update (f2) on foo2 to foo2_u_f2 ;
  
  
  
  grant select on gaff.foo2 to play ;
  
  
  
  grant foo2_u_f2 to play ;

  GAME session:
  

  update gaff.foo2 set f2 = 1 where f1 = 1

  ORA-01031: insufficient privileges

  Probably foo2_u_f2 role is not a default role to the user's game. Initially, when the user is created the default role is set to ALL. Later, it can be changed to NONE or set of roles. Log in as a game and question:

  select * from session_roles
  /
  

  I bet that you won't see any foo2_u_f2. Then the question:

  select granted_role,default_role from user_role_privs
  /
  

  This will give you a list of the user default set roles. Another question, you can:

  set role foo2_u_f2
  /
  

  This will allow the role of foo2_u_f2 in the current session. Or you can identify you as privileged user and issue AMENDED the USER default ROLE..., foo2_u_f2.

  SY.

• Can I connect to SQL * more as SYS after connecting as a user and then run a GRANT?

  Oracle 11 g 2

  Linux RHEL 6.3

  SQL * Plus 11.2.0.2 on Windows 7

  ------------------------------------------------

  I am running a script SQL through SQL * more connected as "DOE, JOHN".

  In the SQL script, I need to connect as SYS to make a GRANT EXECUTE on a SYS package (e.g. GRANT EXECUTE ON DBMS_CRYPTO to JOHN;).

  But it fails with the following error:

  
  GRANT EXECUTE ON TO JOHN DBMS_CRYPTO
  *
  ERROR on line 1:
  ORA-01917: user or role 'JOHN' does not exist

  But of course, 'JOHN' are.  The rest of the SQL script is running "DOE, JOHN" without any problem.

  The code segment of SQL script in question is:

  connect sys/password as sysdba
  GRANT EXECUTE ON DBMS_CRYPTO TO ROYSECITYDATA;  <-fails here
  to connect/DOE

  Please advise on what my being the issue.

  tx103108 wrote:

  I connect to a remote database.  All dbs distance have the same instance name as they are all images.  I see where you're going (I think).  Should I try

  I'll try to connect sys/password@MYDB

  Sounds like a plan... (the instance_name returned with what you expected? or something else?)

• The user what role there and where it is defined

  Hello guys,.

  I'm looking for a script that search a user what role he has, set in what level the server vcenter folder root level of the virtual machine and list its role and the level that is defined.

  Thank you

  Of course, we can use a where clause to filter the permissions for a specific security principal.

  Like this

  $user = "domain\user"
  Get-VIPermission | where {$_.Principal -eq $user} |
  Select @{N="Entity";E={$_.Entity.Name}},
      @{N="Type";E={$_.Entity.GetType().Name.TrimEnd("Wrapper")}},
      Role,
      Propagate
  

• Subsidies granted by user SYS and SYSTEM

  Hi all
  
  Please, help me to understand this problem.
  
  I have a few schema named maps_ref where I create a view. (table abc discovers abc01).
  Here, I have granted the create view, creates all privs view to maps_ref by linking the SYS as SYSDBA.
  He alllowed me to create the view.
  
  As a test, I revoked the privileges by connecting as a SYSTEM and he revoked the privileges granted by SYS as SYSDBA.
  Later, of course, I couldn't create the view.
  
  This means that subsidies granted by SYS as SYSDBA resumable system however SYSDBA is then more powerful SYSTEM?
  
  I'm a little confused how it worked? Please explain.
  
  Rgds,
  Aashish

  Hello

  SYS is not normal user and you are not able to connect without clause SYSDBA.

  sqlplus sys@test

  SQL * more: version 11.1.0.7.0 - Production on Wed Apr 8 09:48:37 2009

  Copyright (c) 1982, 2008, Oracle. All rights reserved.

  Enter the password:
  ERROR:
  ORA-28009: connection as SYS must be SYSDBA or SYSOPER

  Enter the user name:

  sqlplus sys@test as sysdba

  SQL * more: version 11.1.0.7.0 - Production on Wed Apr 8 09:48:55 2009

  Copyright (c) 1982, 2008, Oracle. All rights reserved.

  Enter the password:

  Connected to:
  Oracle Database 11 g Enterprise Edition Release 11.1.0.7.0 - 64 bit Production
  With partitioning, OLAP, Data Mining and Real Application Testing options

  SQL >

  Kind regards
  Tom
  http://OracleDBA.cz