Read only access ACS 5.3
Hello guys,.
I use ACS 5.3 with the internal database for authentication of users, I would like to give some users read only rights on the systems.
What is the best way to do it? by not configuring a password to enable for these users? or is there a better way to do this?
Thanks in advance.
Give read only access on devices such as the router/switch/firewall?
If Yes, then we don't have that one best option is to configure ACS and devices for approval of the order.
ACS 5
Necessary config on devices:
If you have any specific questions or some configuration does not work, post it here.
Kind regards
Jousset
The rate of useful messages-
Tags: Cisco Security
Similar Questions
-
Read only access (to hide part of the config)
Is there a way to allow read-only access to only part of the config. I have clients that require read-only access, but I don't want the portions to the config.
For any help or suggestion would be greatly appreciated. Thank you
If they have a connection to enable level, they will be able to see the entire configuration (absence of passwords encrypted assuming you are using the service encryption password).
You can make more granular connections and prevent customers from, say, the ability to run arbitrary commands such as "show run". For example you could setup a given user to be alllowed to run 'show interface status' etc. NX - OS has this ability almost "cooked in the oven-in." IOS systems, to a little more work.
Here's a guide to how to do if you use GANYMEDE for AAA:
https://supportforums.Cisco.com/docs/doc-15765
If you use local authentication, you can do similar things, using cli views or levels of privilege:
http://www.Cisco.com/en/us/docs/iOS/12_2t/12_2t13/feature/guide/ftprienh.html
http://www.Cisco.com/en/us/docs/iOS/12_3t/12_3t7/feature/guide/gtclivws.html
http://www.NetworkWorld.com/community/node/57553
I hope this helps.
-
Active DataGuard: ora-16000 database opened for read-only access
Hi all
Application, I get the error message "ora-16000 database opened for read-only access, while my primary database is up/open for read/write." When I stopped the standby database, the application works very well.
Please suggest what could be the reason and the solution for the same.
OS: RHEL - 5.3
Oracle: 11.2.0.1.
Kind regards
Ronak Masudi
Patch 9322138 ORA-16000 on recursive SQL on standby database Query rewrite
I wouldn't be sure if tha applies to your scenario. What you might want to check is this host = xxxx in your tnsnames file points to the right machine or resolve the correct IP addresses. Perahps you have confused primary and standby.
-
You have read-only access to the inventory of the Oracle
I try to install on the AIX machine, I get the below error please help
Hostname resolved - xxxxxx
Supported operating system - AIX
You have read-only access to the inventory of the Oracle
Failure to meet all the prerequisites can lead to unsatisfactory results. If you have errors, please see the help or documentation for more information.There is a file. Oracle.properties which is an inventory of the oracle. Search and find which directory it is located, you may need to change the permissions to have full access. It is used during the installation to determine which products can be installed and what needs to be upgraded
-
Read only access to the database
Hi all
I am unable to give read-only access to a newly created in the Oracle database user. I grant only read permission to the user, but the problem, it's that this user is able to delete data from a table or schema.
Must only give 'Read only' access to the user who will be sql query for any table, schema, etc.
I followed the steps.
1 creation of the user
2 granted suite privilege
CREATE SESSION
SELECT_ANY_TABLE;
SELECT_ANY_DICTIONARY
Please guide on the same.user8934591 wrote:
HelloI created the user "MFC".
and granted 'create the Session '.
Thank you and best regards,
Fine. But I asked PUBLIC.
-
Setup error: you have read-only access to the inventory of oracle
Hi guys,.
In some versions of Linux, for example. Fedora, Ubuntu... every time I install the Hyperion product, I get this error "you have read-only access to the oracle inventory." and also the interesting thing, if this error comes Oracle does not settle "OpenLDAP' which is required to run shared services.
With Oracle Enterprise Linux, and everything seems fine. and I did not get the above error also OpenLDAP is installed.
any help would be appreciated. attached is the screenshot of the error.
[https://docs.google.com/leaf?id=0BwB5xiYJ_HGwMDZkNjQ1OTEtMDg4Zi00NGM3LTk5NDAtYzE1ZmJkZTcyMzU0 & hl = en]
Thank youSupported versions of linux, with you have found problems.
I thought it was just Oracle Enterprise 4/5 and Red Hat Enterprise 4/5 that are supported.See you soon
John
http://John-Goodwin.blogspot.com/ -
How to limit the request for read-only access
We are the migration of 7.1 to version 11.1. As part of the Cup on the activities, I need to keep the old server on read-only for a few days and then completely block access. Can you please let me know if there is a simple way to limit read only access on Server 7.1, instead of changing the security settings of all groups on the server?
Grateful for your help!What would you say to put the databases in read-only mode until you delete access.
Esscmd - BEGINARCHIVE
MAXL - [alter database | http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/html_esb_techref/maxl/ddl/statements/altdb.htm] archive to start at app.db...There are equivalent commands out of read-only mode, the links will take you to the information you need.
See you soon
John
http://John-Goodwin.blogspot.com/ -
I need apply the changes on the DB (add a new table and modify some...), I'm looking to make the database in "READ ONLY" mode, so that users cannot add or change anything on DB, during the time I work in production - the reason is that we have an operation of the NOC who need a/access of non-stop service to DB.
When I alter DATABASE READ ONLY, I see that I can't even access the app APEX...
Any help will be appreciated.
Mehr
Hi Mehr,
This is not possible, just because access APEX made writing APEX allot of things in the database, like for example session information. In a database of reading, this is not possible.
The only solution creates a database not readonly 2nd where you simply store your APEX application, and where you use links from database for all your tables/packages/views/etc to your database read only.
Kind regards
Joni
-
Create a read-ONLY access account, DOHAD
People,
We use the OID with OAM, as SSO at EBS.
IO is 11.1.1.7.0.
Can I create a read-only account in OID, this account can connect in DOHAD, to just able to do the read-only?
Thank you
Ashish
People,
Read this document, 746612.1 that will show you how to create an account only in OID.
BUT also read this also: 1924840.1 very Important.
Thank you
Ashish
-
ACS read only access to devices
We are using ACS ver 4.2 and trying to setup users with limited access to our switches and routers. Here's what we did:
(1) created a user in ACS
(2) create Shell permission Set - ReadOnly command
Unmatched orders - deny
Commands added
Show
output
* This should limit the user to show command and exit only (correct)?
3) established a group - support with the following parameters of GANYMEDE.
Shell (exec) is checked
Privilege level is check with 15 as the assigned level
Assign permission to command Shell Set for any network - selected device
ReadOnly - set current shell command authorization
When the user connects to the router/switch, it seems that he has full access. It can enter the enable config terminal command command. Everything we want it to be able to do is to issue the command show.
Any help would be appreciated.
Please refer to this document
and compare the config as you well say ACS config looks OK on the switch/router, you must also do the following command
aaa authorization config-commands aaa authorization commands 0 default group tacacs+ local aaa authorization commands 1 default group tacacs+ local aaa authorization commands 15 default group tacacs+ local
-
need to create a user with read-only access only two tables
I am trying to create a user who has access to only two tables in a table space. Please tell me what privileges required and I need to go read on this two tables
Best regards
AtiqGRANT SELECT ON SCHEMA.TABLENAME TO USERNAME;
-
Delegate read-only for an OU select employee group
I'm delegating read-only access to all the user accounts on a specific OU in one of our areas.
When I add the group to the list of access with special permissions - Read all properties - it allows users to this group to change password for all accounts and group memberships in the ORGANIZATIONAL unit.
I just want what they see information = name, address, telephone number, email, postal address and group memberships.
What Miss me?
any help is appreciated.
This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
If you give us a link to the new thread we can point to some resources it -
Dear,
Could you just confirm that with FDMEE 1.1.2.3.x you can't grant only read access to a user or a group of users?
He read / write access or not at all (not even read in this case).
Thanks a lot for what confirms.
Fix. There is no way to grant read-only access to load map data.
-
Hello
I created a data guard with 1 physical and 1 relief database.
Database: 11.2.0.4 - Enterprise edition
Everything is OK, if the wait is still in State of Mount.
but.
When I want to open the day before in read-only mode, log shipping is stop.
I found az error in the primary newspaper:
PING [ARC2]: Unable to connect to the standby Heartbeat "keeps." The error is 88.
The newspaper of Eve:
alter database open read only
AUDIT_TRAIL initialization parameter is changed to OS, as DB is NOT compatible to the database open with read only access
Wed Dec 03 12:02:02 2014
SMON: enabling cache recovery
Dictionary check start
Verification of the complete dictionary
Database character set is AL32UTF8
No Resource Manager plan active
off replication_dependency_tracking (no replication multimaster async found)
Physical standby database opened for read only access.
Completed: alter database open read only
Wed Dec 03 12:02:03 2014
Mo 4977 db_recovery_file_dest_size is 2.29% used. It is a
user-specified limit on the amount of space that will be used by the present
for the files related to the recovery of databases and does not reflect the amount of
space available in the underlying file system or ASM diskgroup.
Thanks for your help and sorry for my bad English.
LACI
Oracle error: ORA-00088
Error description:
Cannot be executed by the shared serverCause of the error:
Debug command issued on a shared server.Action:
Run the command again using a dedicated server. -
ALTER USER on read-only database link db
Oracle 11.2.0.3.6
Solaris 10
I have a primary database and one Active Data Guard standby database physical. My read-only database users must be able to change their password for read-only standby. I tried to create a stored procedure with an ALTER USER inside statement and then to have my user call the stored procedure of the unalterable standby by: MIMI EXEC. CHGPWD@PRIM ();
This translates into:
ERROR on line 1:
ORA-16000: database opened for read-only access
ORA-06512: at "MIMI. CHGPWD', line 27
ORA-06512: at line 1
How can I allow a user who cannot access the read-only database to change their password for read-only standby?
Here my stored procedure:
CREATE OR REPLACE PROCEDURE MIMI. CHGPWD IS
-CREATE OR REPLACE PROCEDURE CHGPWD IS
sql_stmt VARCHAR2 (200);
BEGIN
sql_stmt: = 'ALTER USER MIMITEST IDENTIFIED BY 111111';
EXECUTE IMMEDIATE sql_stmt;
END CHGPWD;
/
Ah, I got it! I had to create a public synonym for my stored procedure, and then create another stored procedure and use the synonym. This is explained in the documentation of Oracle packages and PL/SQL procedures coding under the section 'referring to remote objects. Here is what I have from the beginning to the end (My SID is MIMI and the unique name on the primary is MIMI_A):
Read-only mode ensures:
ALTER SYSTEM SET GLOBAL_NAMES IS FALSE SCOPE = BOTH;.
Elementary school:
ALTER SYSTEM SET GLOBAL_NAMES IS FALSE SCOPE = BOTH;.
CREATE THE PUBLIC DATABASE LINK MIMI_A.WORLD WITH THE HELP OF "MIMI_A";
ALTER SYSTEM SET GLOBAL_NAMES IS TRUE SCOPE = BOTH;. (I need to have this true on my primary game)
CREATE OR REPLACE PROCEDURE MIMI. CHGPWD IS
Working directory;
BEGIN
dbms_job. Submit (job,' BEGIN EXECUTE IMMEDIATE "ALTER USER MIMITEST IDENTIFIED BY 666666";) END ;') ;
END;
/
CREATE CHGPASS SYNONYM PUBLIC FOR MIMI. CHGPWD@MIMI_A.WORLD;
CREATE OR REPLACE PROCEDURE MIMI. LOCAL_PROCEDURE IS
BEGIN
CHGPASS;
END;
/
GRANT EXECUTE MIMI. CHGPWD TO MIMITEST;
GRANT EXECUTE MIMI. LOCAL_PROCEDURE TO MIMITEST;
Read-only mode ensures:
Mimi/oracle/1120308 > sqlplus mimitest
SQL * more: Production of the 11.2.0.3.0 version Fri Sep 19 15:55:56 2014
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Enter the password:
Connected to:
Oracle Database 11 g Enterprise Edition Release 11.2.0.3.0 - 64 bit Production
With partitioning, OLAP, Data Mining and Real Application Testing options
SQL > exec MIMI. LOCAL_PROCEDURE;
PL/SQL procedure successfully completed.
Maybe you are looking for
-
Impossible to merge the calls FaceTime Audio
On iOS 9.3 trying to merge with calls updated iPhone users but merge button is dimmed. Anyone could make the Conference feature work? The problem goes back to when others expected later iOS 8 updates to address the problem - but I don't find any rece
-
(active control of noise using speaker)
In fact I have project to cancel noise (active control of noise using speaker) and my signal processing is labeled and am using labeled 2011 I want Squire signal of the speaker that is connected to the signal generator and the parameters of this sign
-
Photosmart 7510: crosstalk
In the past months, my printer hs been sent different problems but eventually settle on these two. If I scan, I can scan only on an sd card. If I try to send to the computer it says computer not connected. If I scan to a card, then load the map on
-
Monitor flickers through a game or with large screen
flashing sceen After an hour, maybe my monitor will start toFlash games to the big screen as small green words Word it was working fine until windows low current charge my montor is a dell e2074 fp vided card is nvidia nforce 7300 agp bus
-
Windows 7 can not find the driver for the shared printer, IBM infoprint 1352
through the network, that I have connected to my infoprint 1352 (on a XP machine), but when my 64-bit machine w7 is to install the printer, he said: 'No driver found - windows cannot find a driver for IBM Infoprint 1352 on network. To locate one manu