Roles and privileges of the sys schema default APPS
Dear all
What are all the privileges system & roles should be there, and unlimited tablespace should be there?
Guru cleared my doubt that DBA should not be there for apps schema. but I need information please.
Thank you and best regards,
Apps user must have quota access on the following storage spaces:
APPS_TS_ARCHIVE
APPS_TS_INTERFACE
APPS_TS_MEDIA
APPS_TS_NOLOGGING
APPS_TS_QUEUES
APPS_TS_SEED
APPS_TS_SUMMARY
APPS_TS_TX_DATA
APPS_TS_TX_IDX
APPS_TS_TX_INTERFACE
You can use this command for the applications of the user to have unlimited quotas on the tablesapces above - alter apps on
Thank you Hussein
Tags: Oracle Applications
Similar Questions
-
Cannot run script queued for roles and privileges
Hi all;
I'm recreating a u1 user and also try to attempt to define the roles and privilege from the file put on hold.
but I get the error message.
$ cat f1.sql
GRANT CONNECT to u1
Grant RESOURCE to u1
Grant CREATE SESSION to u1
Grant UNLIMITED TABLESPACE to u1
Grant CREATE TABLE to u1
Grant CREATE ANY TABLE to u1
Grant CREATE the CLUSTER to u1
Grant CREATE SYNONYM to u1
Grant CREATE VIEW to u1
Grant CREATE SEQUENCE to u1
Grant CREATE ANY SEQUENCE to u1
Grant CREATE DATABASE LINK to u1
Grant CREATE PROCEDURE for u1
Grant CREATE TRIGGER to u1
Grant CREATE TYPE U1
GRANT CREATE OPERATOR to u1
Grant CREATE INDEXTYPE U1
SYS > create the u1 user identified by u1;
Created by the user.
SYS > @f1.sql;
5
DB version is 11.2.0.1 on redhat 4.7
Thank you
Where are you semicolons? Each command must end with a semicolon.
Hemant K Collette
-
Roles and privileges, I'm really confused, 1st edition
I'm having some trouble with the privileges assigned through roles. I read a few articles on the topic, but I'm still confused. I have actually some problems and I am speaking to them in two separate threads: this one and 'roles and privileges, I'm really confused, 2nd edition.
To begin with, I am familiar with the following statement.
, The owner of the schema containing the view must have the necessary privileges to either select, insert, update, or delete rows from all tables or views on which the opinion is based. The owner must be granted these privileges directly, rather than a role.
Here's what's happening.
I have a role, say ROLE1 has the privilege of system CREATE SEQUENCE (without the GRANT OPTION) are attributed to him. I then set ROLE1 User1 (it's just a dummy user and a role, if they conflict with reserved roles or accounts, they are not the real names of role and the user that I use). User1 has also created a package in its schema that calls a SEQUENCE to CREATE breast in a package procedure.
When the user runs the package procedure we get an insufficient privileges error. When we do a SELECT * FROM SESSION_PRIVS the CREATE SEQUENCE privilege is listed; This should mean that the user can create a sequence, right? However, when the privilege is assigned directly to the user directly to the user, not by a role, the statement runs without error.
I don't understand this. The user has the CREATE SEQUENCE privilege through the role, verified by the SESSION_PRIVS table (or view), but is not able to create the sequence, unless this privilege is assigned directly to the user - if this is true, that I seem to contradict the purpose of having roles.
Anyway, anyone know how I can get it to work properly?DBelt wrote:
We are talking about all rights of the DEFINER vs applicant rights. I won't use the rights of the appellant, I like the guarantee of the rights of the author. WO what should I do to get things to work with the rights of the author?Grant privilege explicitly to the user, not a role.
-
How to move/copy the sys schema table to the diagram of the system?
Hello
I am trying to copy the table from the diagram of SYSTEM SYS schema, I get the error:
Could not commit: ORA-00942: table or view does not exist
How to get out the schema SYS table?
Any help will be much appreciated
Thank youI am trying to copy the table from the diagram of SYSTEM SYS schema, I get the error:
Could not commit: ORA-00942: table or view does not exist
How to get out the schema SYS table?
You can not - objects cannot be moved from one schema to another.
You must re-create the object in the new scheme, and then delete the former.
As I have already said, the only time where you have to do is when someone accidentally created their own objects in the SYS schema.
-
Trying to auto generate roles and privileges
Hello all,.
Oracle 11g v11.2.0.1.0 on Windows Server 2008 Enterprise
I have a database with many schemas. One of the patterns is referred to as the CM_MASTER schema in that it was granted the following: s/n, create user, drop user, alter user, create any table, select any table and a few others, all with the clause "with admin option".
We have developers who need to select only the access to tables and views non-maitre patterns. My plan was to create a unique ROLE for each schema, then grant select on each table and discovers in this scheme to this unique role. Then grant the role appropriate to every developer therefore giving them only read access.
I can accomplish the above manually when you are logged in as the CM_MASTER schema.
I am creating a procedure owned and run by the schema CM_MASTER which creates a new role and then give this role. The procedure accepts a parameter that contains the username of the target schema. The procedure is able to create the role (create a role scott_r) successfully.
However, I get an error of insufficient privileges (see below), after that the role was created, trying to issue the command "grant select on scott.some_table to scott_r" via "immediate execution".
Any ideas, what privilege (s) the user needs CM_MASTER to be able to issue the grant (s) for the role?
Error message below:
exec ('scott') gen_schema_role;
Error report:
ORA-01031: insufficient privileges
ORA-06512: at "CM_MASTER. GEN_SCHEMA_ROLE', line 30
ORA-06512: at line 1
01031 00000 - "insufficient privileges".
The procedure code is below:
Utl_file.put_line commands have been added for debugging, but nothing came out.
When the "immediate execution" lines are commented, the utl_file.put_line command output displays the correct SQL create and grant statements.
create or replace
procedure gen_schema_role (p_db_user in varchar)
as
v_role_name varchar2 (30);
v_bat_out utl_file.file_type;
cursor get_object_names is
Select object_name dba_objects
where owner = upper (p_db_user)
and object_type in ('TABLE', 'SEE')
and status = "VALID".
and object_name not like "DR$ %.
and object_name not like '% XT;
Start
v_bat_out: = utl_file.fopen ('SR_BACKUP', 'Create_Roles.sql', 'W');
v_role_name: = substr (p_db_user, 1, 28). '_r';
UTL_FILE.put_line (v_bat_out, ' ');
UTL_FILE.put_line (v_bat_out, 'create role' | v_role_name);
run immediately "create role" | " v_role_name; < <-this seems to work, the role is created
for a get_object_names in
loop
UTL_FILE.put_line (v_bat_out,' grant select on ' | p_db_user |) '.' || a.object_name | « à » || v_role_name);
run immediately ' grant select on "| p_db_user | '.' || a.object_name | « à » || v_role_name;
end loop;
UTL_FILE.fclose (v_bat_out);
end gen_schema_role;
Thank you
SnydsHello
It seems that CM_MASTER needs to GRANT any OBJECT PRIVILEGE.
And this should be given directly to him (not by the role DBA, which you shouldn't use anyway)
My guess is, however, that this will not work unless scott has actually created his own one or more tables.
Concerning
Peter -
Role and authorization in the CR for the user to collect ESXTOP Stats
Hello world
We have a team of test and development, who wants to test themselves in their test server and staging while doing what they want in time real stats to cpu, mem, and Disk.But it not the issue of the production, so we do not want to sit with them and live real-time statistics report. Now they want the temp user are created with root privilege so that they can collect ESXTOP report by running the command ESXTOP. Then what a privilege we will give and which group the user temp will be added so that they can report esxtop only run and fired. But they have several machines virtual spead on the different cluster and in different esxi host. Any help will be much appreciated on this.
Thank you
vmguy
I would modify a role in order to give them access to the "Performance report".
With what they are going to be able to get the host or VM performance data:
- Real time
- Day (s)
- Week (s)
- Month (s)
for the CPU, store data, disk, memory, network, virtual disks, etc.
-
vCenter roles and privileges to migrate virtual machines
I created a custom role named 'Build VMs' that I have assigned to an ad group. This role is assigned in the data centers, all spread and no. folder where elsewhere. The role was designed to allow a specific group of users to manage virtual machines (create, move, delete, but not clone, etc.).
For the most part, it works fine, but I have a problem: they cannot migrate powered off VMs. vMotion is available and works, but I need to move a cluster virtual machines to a different (more old hw & 3.5 to new hw & 4.1).
The role has the following privileges:
Name Id
---- --
Anonymous System.Anonymous
View System.View
Read System.Read
Create the folder Folder.Create
Allocate space Datastore.AllocateSpace
Update of virtual machine files Datastore.UpdateVirtualMachineFiles
Configure Network.Config
Affect the Network.Assign network
Change DVSwitch.Modify
Operation of DVSwitch.PortConfig port configuration
Setting of port DVSwitch.PortSetting operation
Change DVPortgroup.Modify
Create the virtual machine Host.Local.CreateVM
Reconfigure the virtual machine Host.Local.ReconfigVM
Create new VirtualMachine.Inventory.Create
Create existing VirtualMachine.Inventory.CreateF...
Register VirtualMachine.Inventory.Register
Delete VirtualMachine.Inventory.Delete
Unregister VirtualMachine.Inventory.Unregister
Move VirtualMachine.Inventory.Move
Power VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.PowerOff power off
Suspension VirtualMachine.Interact.Suspend
Discount to zero VirtualMachine.Interact.Reset
Question answer VirtualMachine.Interact.AnswerQu...
Console interaction VirtualMachine.Interact.ConsoleI...
Device connection VirtualMachine.Interact.DeviceCo...
Configure support CD VirtualMachine.Interact.SetCDMedia
Configure floppy media VirtualMachine.Interact.SetFlopp...
VMware Tools install VirtualMachine.Interact.ToolsIns...
Buy tickets to control comments VirtualMachine.Interact.GuestCon...
Defragmentation of disks all VirtualMachine.Interact.Defragme...
Turn on the VirtualMachine.Interact.CreateSe of fault tolerance...
Disable VirtualMachine.Interact.TurnOffF of fault tolerance...
Test failover VirtualMachine.Interact.MakePrimary
Restarting the VM VirtualMachine.Interact.Terminat secondary...
Disable VirtualMachine.Interact.DisableS of fault tolerance...
Enable fault tolerance VirtualMachine.Interact.EnableSe...
Record session on Machine virtual VirtualMachine.Interact.Record
Review the session on virtual computer VirtualMachine.Interact.Replay
Backup operation on a virtual machine VirtualMachine.Interact.Backup
Create a screenshot VirtualMachine.Interact.CreateSc...
Rename VirtualMachine.Config.Rename
Add a disk existing VirtualMachine.Config.AddExistin...
Add the new disk VirtualMachine.Config.AddNewDisk
Remove the VirtualMachine.Config.RemoveDisk disc
Raw device VirtualMachine.Config.RawDevice
Host VirtualMachine.Config.HostUSBDevice USB device
Change the number of CPU VirtualMachine.Config.CPUCount
Memory VirtualMachine.Config.Memory
Add or remove devices VirtualMachine.Config.AddRemoveD...
Change the settings of the device VirtualMachine.Config.EditDevice
Parameters VirtualMachine.Config.Settings
Change resources VirtualMachine.Config.Resource
Updating of the virtual hardware VirtualMachine.Config.UpgradeVir...
Reset the VirtualMachine.Config.ResetGuest customer information...
Advanced VirtualMachine.Config.AdvancedCo...
Lease of disk VirtualMachine.Config.DiskLease
Swapfile placement VirtualMachine.Config.SwapPlacement
Extend the virtual disk VirtualMachine.Config.DiskExtend
Change disk monitoring VirtualMachine.Config.ChangeTrac...
Unlock the virtual machine VirtualMachine.Config.Unlock
Queries files without owner VirtualMachine.Config.QueryUnown...
Reloading the way VirtualMachine.Config.ReloadFrom...
Compatibility VirtualMachine.Config.QueryFTCom of the fault tolerance of queries...
Customize the VirtualMachine.Provisioning.Cust...
Promote records VirtualMachine.Provisioning.Prom...
Deploy the model of VirtualMachine.Provisioning.Depl...
Clone model VirtualMachine.Provisioning.Clon...
Mark as virtual machine VirtualMachine.Provisioning.Mark...
Read about the customization VirtualMachine.Provisioning.Read...
Edit the VirtualMachine.Provisioning.Modi customization specifications...
Allow access to the disk VirtualMachine.Provisioning.Disk...
Allow access to the read-only disc VirtualMachine.Provisioning.Disk...
Assign the virtual machine resources... Resource.AssignVMToPool
Migrate from Resource.HotMigrate
Query vMotion Resource.QueryVMotionIt is the main thing I thought it would take to a simple move of a virtual machine while it is turned off:
Name Id
---- --
Move VirtualMachine.Inventory.MoveI gave to create a folder because some of the permissions were not yet allowing the creation of virtual machines, even though it probably isn't necessary.
Any ideas?
~ Luc
http://thephuck.comWhat happens if you add resources > permission to move?
-
A query involving roles and privileges.
I am trying to create the following query:
Given a table (or view) and a user, I wish that the query to list all the ways of the roles with which the user has been granted given privilege (for example "SELECT") to the selected table. The path will look something like
TABLE = > ROLE1 = > ROLE2 = > 3 = > USER
If the user only has the right to SELECT on the table that the query will return well on lines. If there is more than one path through which the user gets the privilege, then the query returns multiple lines.
Can someone help please
GeorgeHi, Girard,.
Sorry, I can't reproduce the problem. I get ouptut like this:
PATH -------------------------------------------------------------------------------- DBA_TS_QUOTAS => SELECT_CATALOG_ROLE => DBA => FUBAR DBA_TS_QUOTAS => SELECT_CATALOG_ROLE => FUBAR DBA_TS_QUOTAS => SELECT_CATALOG_ROLE => EXP_FULL_DATABASE => DBA => FUBAR DBA_TS_QUOTAS => SELECT_CATALOG_ROLE => IMP_FULL_DATABASE => DBA => FUBAR DBA_TS_QUOTAS => SELECT_CATALOG_ROLE => OLAP_DBA => DBA => FUBARMessage from the query that you run in fact, even if you copied it just of my message. There may be an error in editing.
All the names within quotation marks are correctly capitalized?
This query works for any table and the user? Try on a few cases where you know exactly why (or at least a reason why) a certain user has privileges on a table of some.What system user privileges GEO2 there? View the results of
SELECT privilege FROM dba_sys_privs WHERE grantee = 'GEO2' ;This doesn't apply right now, but remember that the name you may know a synonym. The view used in this query, dba_role_privs, and dba_tab_privs, only covers the real table names. DBA_SYS_PRIVS is a synonym, but it happens be the actual name of the display also, so, as I said, which is not causing your current problem. Just keep in mind if you use the data dictionary views that contain $ in their names.
Published by: Frank Kulash, 17 December 2010 15:34
I just saw your discussion with Justin; I see you have already posted the system privileges.
I guess that any role GEO2 has, directly or indirectly, might have a privilege of system as SELECT ANY DICTIONARY.
What happened to you?WITH all_roles AS ( SELECT granted_role , SYS_CONNECT_BY_PATH (granted_role, '/') AS path FROM dba_role_privs START WITH grantee = 'GEO2' CONNECT BY grantee = PRIOR granted_role ) SELECT r.granted_role , r.path , p.privilege FROM all_roles r JOIN dba_sys_privs p ON r.granted_role = p.grantee WHERE privilege LIKE 'SELECT ANY%' ;Published by: Frank Kulash, 17 December 2010 15:47
-
Cannot assign performance author role and share of the user
I created a user in DMS-Admin and they assigned to the Administrators role.
In the show and share I can assign all roles (Admin, ChannelCreator, LiveEventUser, Editor, ReportAdmin) with the exception of the role of the author to this user.
The dialog box "Edit user role", the role of the author is gray. I can't work on why is this the case or where to go to fix it.
I have a feeling I'm missing something but straight forward...
Ryan,
Can you tell me what license you have to 'Show and sharing content author Pack '? You can find this value under you DMM--> Administartion--> Licenses. The number of authors that you have in the NHS is bound by a permit.
For example: If you have a license for ' show and share content author Pack: 10 "and try to assign a role of 'Author' to the user 11 it will fail.
Kind regards
Sagar Dhanrale
-
Help and suggestions for the color scheme for the design of flavor package multiple
I need help to choose colors for a range of products food multiple flavor.
My goal in this post is about how to create or acquire the palette that I need in order to design, model, collateral marketing etc.
This project requires a color scheme which has sufficient contrast and variation to represent up to 24 flavors of food packed by type or range of products. Each flavor of product or the combination of flavor (the name of the element, as the cocoa almond cherry or apricot vanilla etc.) in the line will be represented by a unique color. The product packaging is white on solid color. The environment will be brilliant laser printing on labels.
The problem is that many flavors will use similar colors. Chocolate items will have different shades of Brown and Maple flavors or nut will also use brown tones. The same Orange, Apricot and mango will use similar shades of orange etc. I know that the problem could be solved with two or more colors, but I don't have this option for this project. All packaging is white on single color. He has not used the accent colors.
I need to generate the palette before you design the package to create models for printing and photography for print marketing and marketing etc. Active documents on the internet.
Does anyone have a good strategy for this or know all the resources available?
I use :
Dell Precision T1700 (64-bit)
Windows 7 Professional (Service Pack 1)
Two screens (not calibrated for Pantone or printer)
Printer: Konica Minolta bizhub c224e
Book + Pantone Color Bridge Coated and lying
Adobe CC, HAVE, PS, ID, etc.
I print on labels of brilliance for models and you want to use images for the web.
I'd also be interested to know how to calibrate these devices.
Thank you!
Out of the computer for a day and come out at your local grocery store and see what the competition is doing. In addition, the product itself may be your best resource for a color. Who and its taste. Food is a product that will generate a color once you have tasted. I know, maybe it's not practical. You could start with 6 primary and develop the 4 colors of catΘgories of void. You could also watch the manufacturers of ink different color in addition to Pantone for some unique options. Laser printers are struggling with spot colors, but they can be calibrated. Look at the manufacturer's recommendations for hardware devices like xRite colorspectrometers. Nice project. I hope this helps.
-
Questioning the roles and permissions at the University Complutense of MADRID 11g
Hello
I have a query like the following:
The user administrator can assign multiple roles to a user. If a user has multiple roles, the authorization becomes ___and _.
Is this,
A dependency
Less restrictive
More restrictive
Subtractive
Help, please.Looks like a certification test question :-)
I think that the correct answers are Addictive and least restrictive
(the user will receive the permissions based on the roles that he or she is assigned to the) -
can I edit photos and export to the photos on mac app
You can edit photos in Lightroom, then export them in the photos on mac app?
Yes, you can
Normally, you wouldn't want pictures catalogued in two different applications, it's a recipe for confusion, especially if you forgot to keep two catalogues updated and sync
-
Vs role directly privilege on the creation of the procedure
I gave an our develpers create them all procedure/run procedures privleges and also granted him a role that has choose, update privileges, but always as insufficient privileges error when attempting to create a procedure.
On the other hand, when I grant the same privilege directly to the user, it is able to create the procedure without error.
What I'm doing wrong - I'd like only to all privilege granted through roles.
Your input please.
acquired through ROLE privileges do NOT apply within the named PL/SQL procedures
-
Is it safe to change passwords and profile of the user by default DB?
Version of the grid: 11.2.0.4.0
RDBMS version: 11.2.0.4.0
Platform: Oracle Linux 6.4
To comply with upcoming security audit, we need all DB users except users of the application to conform to the password of our firm strategy.
Currently, all of our DB users belong to the DEFAULT profile which is not to impose restrictions such as the complexity of password, password expiration.
To implement password policy, I created 3 profiles and a password check the operation.
Here are the 3 profiles, that I introduce
MANH_ADM - for SYS, SYSTEM, SYSMAN users. Associated with a password check function that responds to the lack of policies of our firm.
MANH_NONADM - for users who were created by default when you create a new database. Associated with a password check the operation comply with the policies of our firm
MANH_APP - users for the Application. Very mild. No restrictions as requested by the team of apps. No associated password policy.
Here is an excerpt of the script we used to implement all our DBs It Security.
change the profile of these users to a custom profile named MANH_NONADM and changes the password for all users by default DB.
ALTER USER OUTLN PROFILE MANH_NONADM;
ALTER USER PROFILE MANH_NONADM DIP.
ALTER USER ORACLE_OCM PROFILE MANH_NONADM;
ALTER USER APPQOSSYS PROFILE MANH_NONADM;
ALTER USER WMSYS PROFILE MANH_NONADM;
ALTER USER EXFSYS PROFILE MANH_NONADM;
-For the oracle text, do not apply
ALTER USER CTXSYS PROFILE MANH_APP;
-MGMT_VIEW used OEM Database control. Do not apply
ALTER USER MGMT_VIEW PROFILE MANH_APP;
-Used by the Manager of the company, do not apply
ALTER USER PROFILE MANH_APP DBSNMP.
-XDB stores metadata and data in Oracle XML DB. Do not apply
ALTER USER XDB PROFILE MANH_APP;
-ALTER USER XS$ PROFILE NULL MANH_NONADM;
ALTER USER PROFILE ANONYMOUS MANH_NONADM;
ALTER USER ORDPLUGINS PROFILE MANH_NONADM;
ALTER USER ORDSYS PROFILE MANH_NONADM;
ALTER USER ORDDATA PROFILE MANH_NONADM;
ALTER USER SI_INFORMTN_SCHEMA PROFILE MANH_NONADM;
ALTER USER MDSYS PROFILE MANH_NONADM;
ALTER USER OLAPSYS PROFILE MANH_NONADM;
ALTER USER MDDATA PROFILE MANH_NONADM;
ALTER USER SPATIAL_WFS_ADMIN_USR PROFILE MANH_NONADM;
ALTER USER SPATIAL_CSW_ADMIN_USR PROFILE MANH_NONADM;
ALTER USER APEX_PUBLIC_USER PROFILE MANH_NONADM;
ALTER USER FLOWS_FILES PROFILE MANH_NONADM;
ALTER USER APEX_030200 PROFILE MANH_NONADM;
ALTER USER OWBSYS PROFILE MANH_NONADM;
ALTER USER OWBSYS_AUDIT PROFILE MANH_NONADM;
-Change password
ALTER USER OUTLN IDENTIFIED BY uNani8987 #;
ALTER USER IDENTIFIED BY Hg DIP $ i9CLai;
ALTER USER ORACLE_OCM IDENTIFIED BY Hg$ i9CLak;
ALTER USER IDENTIFIED BY pR DBSNMP $ YeoT3i; -> This messed up Enterprise manager
ALTER USER IDENTIFIED BY pR APPQOSSYS $ YeoT3m;
ALTER USER WMSYS IDENTIFIED BY Hg$ i9CLna;
ALTER USER EXFSYS IDENTIFIED BY Hg$ i9CLnb;
ALTER USER CTXSYS IDENTIFIED BY Hg$ i9CLns;
EDIT ANONYMOUS USER IDENTIFIED BY Hg$ i9CLnc;
ALTER USER IDENTIFIED BY Hg XDB $ i9CLnd;
-ALTER USER XS$ NULL IDENTIFIED BY Hg$ i9CLne;
ALTER USER ORDPLUGINS IDENTIFIED BY Hg$ i9CLnaf;
ALTER USER ORDSYS IDENTIFIED BY Hg$ i9CLnag;
ALTER USER ORDDATA IDENTIFIED BY Hg$ i9CLnah;
ALTER USER IDENTIFIED BY pR SI_INFORMTN_SCHEMA $ YeoT3m;
ALTER USER MDSYS IDENTIFIED BY julsi8987 #;
ALTER USER IDENTIFIED BY pR OLAPSYS $ YeoT3w;
ALTER USER MDDATA IDENTIFIED BY uNani8987 #;
ALTER USER SPATIAL_WFS_ADMIN_USR IDENTIFIED BY Hg$ i9CLai;
ALTER USER SPATIAL_CSW_ADMIN_USR IDENTIFIED BY Hg$ i9CLak;
ALTER USER IDENTIFIED BY pR MGMT_VIEW $ YeoT3i;
ALTER USER IDENTIFIED BY UI APEX_PUBLIC_USER $ YeoT3m;
ALTER USER FLOWS_FILES IDENTIFIED BY Hg$ i9CLna;
ALTER USER APEX_030200 IDENTIFIED BY Hg$ i9CLnb;
ALTER USER OWBSYS IDENTIFIED BY Hg$ i9CLnb;
ALTER USER IDENTIFIED BY pR OWBSYS_AUDIT $ YeoT3s;
The script above was performed on one of our criticisms of production DBs. After this, Enterprise manager has stopped working because the default password of DBSNMP has changed. To solve this problem, password of DBSNMP must be changed in a special way as described in 259387.1
Now I fear that other DB features may not work if I change the password of users by default.
So, we want to know if it is safe to
1. change the password of the default DB users mentioned above?
2. change the user profile DB default DEFAULT value for a custom profile as shown above?
Max wrote:
Version of the grid: 11.2.0.4.0
RDBMS version: 11.2.0.4.0
Platform: Oracle Linux 6.4
To comply with upcoming security audit, we need all DB users except users of the application to conform to the password of our firm strategy.
Currently, all of our DB users belong to the DEFAULT profile which is not to impose restrictions such as the complexity of password, password expiration.
To implement password policy, I created 3 profiles and a password check the operation.
Here are the 3 profiles, that I introduce
MANH_ADM - for SYS, SYSTEM, SYSMAN users. Associated with a password check function that responds to the lack of policies of our firm.
MANH_NONADM - for users who were created by default when you create a new database. Associated with a password check the operation comply with the policies of our firm
MANH_APP - users for the Application. Very mild. No restrictions as requested by the team of apps. No associated password policy.
Here is an excerpt of the script we used to implement all our DBs It Security.
change the profile of these users to a custom profile named MANH_NONADM and changes the password for all users by default DB.
ALTER USER OUTLN PROFILE MANH_NONADM;
ALTER USER PROFILE MANH_NONADM DIP.
ALTER USER ORACLE_OCM PROFILE MANH_NONADM;
ALTER USER APPQOSSYS PROFILE MANH_NONADM;
ALTER USER WMSYS PROFILE MANH_NONADM;
ALTER USER EXFSYS PROFILE MANH_NONADM;
-For the oracle text, do not apply
ALTER USER CTXSYS PROFILE MANH_APP;
-MGMT_VIEW used OEM Database control. Do not apply
ALTER USER MGMT_VIEW PROFILE MANH_APP;
-Used by the Manager of the company, do not apply
ALTER USER PROFILE MANH_APP DBSNMP.
-XDB stores metadata and data in Oracle XML DB. Do not apply
ALTER USER XDB PROFILE MANH_APP;
-ALTER USER XS$ PROFILE NULL MANH_NONADM;
ALTER USER PROFILE ANONYMOUS MANH_NONADM;
ALTER USER ORDPLUGINS PROFILE MANH_NONADM;
ALTER USER ORDSYS PROFILE MANH_NONADM;
ALTER USER ORDDATA PROFILE MANH_NONADM;
ALTER USER SI_INFORMTN_SCHEMA PROFILE MANH_NONADM;
ALTER USER MDSYS PROFILE MANH_NONADM;
ALTER USER OLAPSYS PROFILE MANH_NONADM;
ALTER USER MDDATA PROFILE MANH_NONADM;
ALTER USER SPATIAL_WFS_ADMIN_USR PROFILE MANH_NONADM;
ALTER USER SPATIAL_CSW_ADMIN_USR PROFILE MANH_NONADM;
ALTER USER APEX_PUBLIC_USER PROFILE MANH_NONADM;
ALTER USER FLOWS_FILES PROFILE MANH_NONADM;
ALTER USER APEX_030200 PROFILE MANH_NONADM;
ALTER USER OWBSYS PROFILE MANH_NONADM;
ALTER USER OWBSYS_AUDIT PROFILE MANH_NONADM;
-Change password
ALTER USER OUTLN IDENTIFIED BY uNani8987 #;
ALTER USER IDENTIFIED BY Hg DIP $ i9CLai;
ALTER USER ORACLE_OCM IDENTIFIED BY Hg$ i9CLak;
ALTER USER IDENTIFIED BY pR DBSNMP $ YeoT3i; ---> This messed up Enterprise manager
ALTER USER IDENTIFIED BY pR APPQOSSYS $ YeoT3m;
ALTER USER WMSYS IDENTIFIED BY Hg$ i9CLna;
ALTER USER EXFSYS IDENTIFIED BY Hg$ i9CLnb;
ALTER USER CTXSYS IDENTIFIED BY Hg$ i9CLns;
EDIT ANONYMOUS USER IDENTIFIED BY Hg$ i9CLnc;
ALTER USER IDENTIFIED BY Hg XDB $ i9CLnd;
-ALTER USER XS$ NULL IDENTIFIED BY Hg$ i9CLne;
ALTER USER ORDPLUGINS IDENTIFIED BY Hg$ i9CLnaf;
ALTER USER ORDSYS IDENTIFIED BY Hg$ i9CLnag;
ALTER USER ORDDATA IDENTIFIED BY Hg$ i9CLnah;
ALTER USER IDENTIFIED BY pR SI_INFORMTN_SCHEMA $ YeoT3m;
ALTER USER MDSYS IDENTIFIED BY julsi8987 #;
ALTER USER IDENTIFIED BY pR OLAPSYS $ YeoT3w;
ALTER USER MDDATA IDENTIFIED BY uNani8987 #;
ALTER USER SPATIAL_WFS_ADMIN_USR IDENTIFIED BY Hg$ i9CLai;
ALTER USER SPATIAL_CSW_ADMIN_USR IDENTIFIED BY Hg$ i9CLak;
ALTER USER IDENTIFIED BY pR MGMT_VIEW $ YeoT3i;
ALTER USER IDENTIFIED BY UI APEX_PUBLIC_USER $ YeoT3m;
ALTER USER FLOWS_FILES IDENTIFIED BY Hg$ i9CLna;
ALTER USER APEX_030200 IDENTIFIED BY Hg$ i9CLnb;
ALTER USER OWBSYS IDENTIFIED BY Hg$ i9CLnb;
ALTER USER IDENTIFIED BY pR OWBSYS_AUDIT $ YeoT3s;
The script above was performed on one of our criticisms of production DBs. After this, Enterprise manager has stopped working because the default password of DBSNMP has changed. To solve this problem, password of DBSNMP must be changed in a special way as described in 259387.1
Now I fear that other DB features may not work if I change the password of users by default.
So, we want to know if it is safe to
1. change the password of the default DB users mentioned above?
2. change the user profile DB default DEFAULT value for a custom profile as shown above?
(1) as far as the database is concerned, EM is just another app, which just happens to connect with the credentials for DBSNMP.
(2) any process that connects to the database must know what username and password to use for this connection.
(3) any process that connects to the database (EM, or YOUR_CORPORATE_APP or sitting in front of a keyboard) necessarily must keep their passwords somewhere - in your head, the sticky notes stuck on screen (practical baaad), in a text file and in the case of the MA, in an xml file.
(4) so whenever you change a password, the process that uses this password needs to know what the password is, and store it in all repository it uses for this purpose. That's what note ml, tell you how and where to put the new password in the repository that MS uses to remember his password.
(5) therefore the same principle will apply to all other user accounts. If you (or a process on your behalf) changes a password, you (or some process on your behalf) should inform the user in a manner in which the user can understand and take the necessary measures.
If you change a password, you must inform the user. Period. Full stop.
And that's really what are the notes of ML SYSMAN and DBNSMP. There is really nothing 'special' to their topic. The processes that use these accounts (EM, or YOUR_CORPORATE_APP or sitting in front of a keyboard) keep their passwords somewhere - in your head, on sticky notes pasted (practical baaad) onscreen, in a text file and in the case of the MA, in an xml file. So whenever you change a password, the process that uses this password needs to know what is the new password.
-
problem users, roles and privileges!
Hello world
I use oracle 10.2.0.
I have a (dba1) user who is the owner of the tables in my database. I have connected to sqlplus as sysdba and created the admin role < b > < /b > and granted the admin privileges.
Then I gave the admin < /b > < b > user dba1 role:SQL> grant all privileges to admin; Grant succeeded. SQL>
I created another role, sel_role and gave privileges to select tables. For example:SQL> grant admin to dba1; Grant succeeded.
Now, I created another user, Anton and gave this user the sel_role role:SQL> grant select on kund to sel_role; Grant succeeded.
Now when I try to login as anton and try to use the select statement that is given to Anton by sysdba, using the sel_role, to select the kund table, I get an error:grant sel_role to Anton; Grant succeeded.
What could be the solution to this problem?SQL> connect anton/oracle Connected. SQL> select * from kund; select * from kund * ERROR at line 1: ORA-00942: table or view does not exist
Thanks in advanceOops, has nothing to do with provoleges. Kund table is not owner by user anton, right? Therefore, you must perfix with the owner, that is, based on "I have a (dba1) user who is the owner of the tables in my database", dba1. Then issue:
Select * from dba1.kund;
SY.
Maybe you are looking for
-
Install OSX 10.11.4 I do cleaning but R command will not work. With the help of USB keyboard so not wifi issues to to worry. Help?
-
Pavilion dv7 4060us: dv7 4060us graphics driver under Win 10
I may be beating a dead here horse I did a bit of research on this issue, but I thought I would try once more on the HP forums. I have a good Pavilion dv7 4060us I use to transport my QuickBooks files and inventory with me at the customer site, or wh
-
Hello!Can someone tell me if there is a Wifi card that can use the 802.11ac standard and is supported by W510? Internal or expresscard maybe? see you soon, Thomsonicus
-
My computer date deadline and I get a blue screen message
My computer is less than 60 days old, and now for a week, he stops (crashes) at least once a day. When I reboot, I get a blue screen message. I have vista with all kinds of measures to protect against viruses and worms. Automatically, it downloads an
-
Windows Firewall / ics service error
We have small sharing network Windows xp sp2 is installed after the firewall /ics services are stopped and shown host generic error... We are unable to start firewall /ics services. could not print or conncet to the computer indicated not found not f