Comments on: Oracle Designer – Script for verifying the privileges assigned to roles against the Module Table Usages http://technology.amis.nl/2005/11/23/oracle-designer-script-for-verifying-the-privileges-assigned-to-roles-against-the-module-table-usages/ Friends of Oracle and Java Tue, 30 Sep 2014 16:49:43 +0000 hourly 1 http://wordpress.org/?v=4.0 By: Lucas Jellema http://technology.amis.nl/2005/11/23/oracle-designer-script-for-verifying-the-privileges-assigned-to-roles-against-the-module-table-usages/#comment-2611 Tue, 24 Jan 2006 16:25:04 +0000 http://technology.amis.nl/blog/?p=910#comment-2611 Victor,

I have tried to provide help in a new post. See http://technology.amis.nl/blog/?p=1023

]]>
By: Victor Bax http://technology.amis.nl/2005/11/23/oracle-designer-script-for-verifying-the-privileges-assigned-to-roles-against-the-module-table-usages/#comment-2610 Tue, 24 Jan 2006 15:14:11 +0000 http://technology.amis.nl/blog/?p=910#comment-2610 Hi Lucas,

I indeed meant that the relevant user was removed as a Repository user (not a database user, yet). When this was done obviously all sorts of privileges were dropped at the same time. Next my colleague (really!) realised that the user account she just dropped was “important” and she reinstated the user as a Repository, to no avail.

The reinstated user account is now available in the SDW_USERS table. When the ODWA is used to grant and revoke privileges, a difference can be detected in that some roles can grant more privileges than others. The reason for this is not clear.

I am still trying to make a match between the RAU on the one side and ODWA on the other. Stupid or what? In the RAU I am still wondering why there is no way of modifying properties. When you position the cursor on any USER the properties button comes alive. Not with the ROLES. So where are you supposed to modify the ROLES’ properties?

So seeking consolation in the ODWA for some reason (my colleague persists it is because this one user was deleted) certain roles just lack a number of options, like ‘Grant role’, ‘Edit role properties’ and ‘Reconcile role’. Where or how can you add these privileges to the relevant roles?

Thanks, Lucas!

Victor

]]>
By: Lucas Jellema http://technology.amis.nl/2005/11/23/oracle-designer-script-for-verifying-the-privileges-assigned-to-roles-against-the-module-table-usages/#comment-2609 Tue, 24 Jan 2006 14:14:45 +0000 http://technology.amis.nl/blog/?p=910#comment-2609 Victor,

I am not entirely sure what your situation is. When you say ‘deleted a user’do you mean removed that user from the group of Repository Users? You cannot delete (drop) the Repository owner and continue to use the Repository – as the entire repository owner’s database schema along with all Designer’s database objects would have vanished. So the owner must still exist as a database user.

Is the situation such that the database user who owns the repository is not currently a user in the repository? Which sounds strange but could be the case. That would means that the SDW_USERS table does not have a record where USERNAME=.

Please give me a little more information.

Lucas

]]>
By: Victor Bax http://technology.amis.nl/2005/11/23/oracle-designer-script-for-verifying-the-privileges-assigned-to-roles-against-the-module-table-usages/#comment-2608 Tue, 24 Jan 2006 11:49:46 +0000 http://technology.amis.nl/blog/?p=910#comment-2608 Hello Lucas,

At the moment I am struggling with a problem where a key user within the Repository environment (Designer 6.5.93.2.8) deleted another user who apparently installed the Repository in the very beginning. In the environment there is no account called something like REPOS_OWNER or REPOS_MANAGER. It appears that the owner in this Repository is D6I_OWNER, but somehow this account does not have sufficient privileges to grant rights to roles.

Do we need to run scripts to grant privileges to the D6I_OWNER in order to reinstate the original situation? The roles administration is done through the ODWA.

Hope you can quote some keywords that I can use.

Regards,

Victor Bax

]]>
By: Lucas Jellema http://technology.amis.nl/2005/11/23/oracle-designer-script-for-verifying-the-privileges-assigned-to-roles-against-the-module-table-usages/#comment-2607 Thu, 24 Nov 2005 13:47:58 +0000 http://technology.amis.nl/blog/?p=910#comment-2607 Darn. I had not thought of that. You know what: you bring that functionality in the script and I will cheer you on. Deal??

You are unfortunately right of course. Another ‘weak spot’ is the fact that the script does not check for modules that were granted through nested roles – so even if a role may look OK, it is possible that it has been granted modules through nested roles that require database object privileges that are not also granted through these nested roles. However, if you check all roles, this discrepancy will at least be reported.

]]>
By: anton http://technology.amis.nl/2005/11/23/oracle-designer-script-for-verifying-the-privileges-assigned-to-roles-against-the-module-table-usages/#comment-2606 Thu, 24 Nov 2005 08:46:19 +0000 http://technology.amis.nl/blog/?p=910#comment-2606 A very useful script (I work on the same project :) ), but not perfect: what happens if someone has “All” rights on a object, but not specific “Select”, “Update”, “Insert” or “Delete” rigths?

]]>