exGENT (Gentoo) live 64 bit with Xfce4 and kernel 3.18.1-gentoo-exton

Exton's International Blog

exGENTNEWS 20141227
I’ve made yet a new version (20141227) of exGENT. Now with Xfce4 and Lxqt. It is for the 64 bit architecture. I call it exGENT 2015 Xfce4 Live DVD. It replaces version 20141130. Version 141227 of exGENT uses kernel 3.18.1. (The latest stable kernel). The ISO file is of 1690 MB due to the fact that this version has a lot of packages preinstalled. Among them four different Web Browsers: Firefox, Opera, Chromium and Seamonkey. Despite this exGENT version 141227 runs surprisingly fast from DVD or USB. Faster than most other Linux live systems. All installed packages in exGENT have been updated to the latest available version by 141227.

Quick install to Hard Drive
exGENT Linux can be installed to hard drive in 3 – 10 min. (Depending on computer type). This means that all of you who might hesitate to perform a…

View original post 77 more words

Advertisements

exGENT (Gentoo) live 64 bit with Xfce4 and kernel 3.18.1-gentoo-exton

Exton's International Blog

exGENTNEWS 20141227
I’ve made yet a new version (20141227) of exGENT. Now with Xfce4 and Lxqt. It is for the 64 bit architecture. I call it exGENT 2015 Xfce4 Live DVD. It replaces version 20141130. Version 141227 of exGENT uses kernel 3.18.1. (The latest stable kernel). The ISO file is of 1690 MB due to the fact that this version has a lot of packages preinstalled. Among them four different Web Browsers: Firefox, Opera, Chromium and Seamonkey. Despite this exGENT version 141227 runs surprisingly fast from DVD or USB. Faster than most other Linux live systems. All installed packages in exGENT have been updated to the latest available version by 141227.

Quick install to Hard Drive
exGENT Linux can be installed to hard drive in 3 – 10 min. (Depending on computer type). This means that all of you who might hesitate to perform a…

View original post 77 more words

MeX 64 bit Linux based on Linux Mint 17.1 “Rebecca” with Cinnamon 2.4

Exton's International Blog

MeX LinuxNEWS 141229
All packages in MeX Linux have been upgraded to the latest version by 141229. Cairo-Dock has been added. The most important change is that I have replaced the install program Ubiquity with MeX Installer. The installation to hard drive is now so simple that a 10 year old child can do it. Watch a SLIDESHOWof the hard drive installation process.

MORE NEWS 141229
1. MeX Linux is once again based on Linux Mint. (I.e. Linux Mint 17.1 – codenamed “Rebecca“, released 20141129 and on Ubuntu 14.04.1 LTS – codenamed “Trusty Tahr“, released 20140725).
2. The MeX ISO is now a ISO-hybrid, which means that it can very easily be transferred (copied) to a USB pen drive. You can then even run MeX from the USB stick and save all your system changes on the stick. I.e. you will enjoy…

View original post 139 more words

Oracle 11g VPD

Guenadi N Jilevski's Oracle BLOG

Oracle 11g VPD

In this article you will see how to use a VPD to provide a record-level security across applications tables. In VPD you attach security policies directly to tables, views and synonyms so there is no ways for users to bypass your security settings.

In a VPD any SQL used to access a table, view or synonym protected by VPD policy is dynamically modified to include a limiting condition such as where clause or and clause. The modification occurs transparently and the user sees only the data that passes the limiting conditions in the where clause. The find grained access allows a great deal of control over the access to application tables. VPD policies can be applied to select, insert, update, index and delete commands. You can create different security policies for each type of access, one for selects another for inserts and so on.

Implementing VPD requires…

View original post 2,309 more words

SSHing efficiently

Bashing Linux

I personally have a numerous number of hosts which I sometimes have to SSH to. It can get rather confusing and inefficient if you get lost among them.

I’m going to show you here how you can get your SSHing to be heaps more efficient with just 5 minutes of your time.

.ssh/config

In $HOME/.ssh/config I usually store all my hosts in such a way:

You obviously got the idea. So if I’d like to ssh to host2, all I have to do is:

That will ssh to root@host2.potentially.very.long.domain.name.com:5678 – saves a bit of time.

I usually manage all of my hosts in that file. Makes life simpler, even use git if you feel like it…

Auto complete

I’ve added to my .bashrc the following:

Sweet. All that you have to do now is:

We are a bit more efficient today.

View original post

How to deploy WSO2-greg-4.0.0 on WebLogic

Here, I have used WSO2-greg-4.0.0, WebLogic 11g and JDK 1.6 to explain about the “How to deploy the WSO2-greg-4.0.0 on WebLogic”.

The subtopics of the above  subject are  as follows:

1) How to create a domain in WebLogic.
2) Create a war file from WSO2-greg-4.0.0.
3) How to configure the greg repository.
4) How to configure the newly created domain.
5) Deploy the greg web app archive file (war file) on WebLogic.

How to create a domain in WebLogic.

You can follow the steps which I have mentioned in CreateNewDomain.pdf to create a new domain.

Create a war file from WSO2-greg-4.0.0.

I) Create a directory in your system (we named it as WAR_DIR) and copy the WEB-INF directory which is under wso2greg-4.0.0/lib/core  to  WAR_DIR.

II) If you want to enable the carbon logging in WebLogic , copy the log4j.properties file which is under wso2greg-4.0.0/lib to the WAR_DIR/WEB-INF/class directory.

III) Copy all the libraries under wso2greg-4.0.0/lib/api to the WAR_DIR/WEB-INF/lib.

You can do the above three steps using an ant task (executing ant createWAR). You only need to run that command from wso2greg-4.0.0/bin. After executing that command relevant WEB-INF directory will be created in directory under wso2greg-4.0.0/tmp/wso2 .

iv) Navigate your command shell to WAR_DIR directory and execute the following command to create the web app archive file.

jar -cvf ./greg.war ./* 

How to configure the greg repository.

I) You need to create a new directory in your file system(we named it as greg-repo) and it will be the repository in our deployment.

II) Copy the repository which is under wso2greg-4.0.0 to the greg-repo.

III) Now, you need to configure the carbon.xml, axis2.xml, registry.xml, and user-mgt.xml.
(You can find those files under wso2greg-4.0.0/repository/conf directory)

Open the carbon.xml and changed the values of the  ServerURL and  WebContextRoot.

<serverurl>https://localhost:7002/greg/services/</serverurl>  
<webcontextroot>/greg</webcontextroot> 

Open the axis2.xml and change the http and https ports according to WebLogic settings.

<transportreceiver class="org.wso2.carbon.core.transports.http.HttpTransportListener" name="http">  
        
<parameter name="port">7001</parameter>  
   
</transportreceiver>
<transportreceiver class="org.wso2.carbon.core.transports.http.HttpsTransportListener" name="https">  
   
<parameter name="port">7002</parameter>  
  
</transportreceiver>

Open the registry.xml and change the database URL of data base configuration as follows.
You need to add the absolute path of WSO2CARBON_DB as the database url.

<url>jdbc:h2:/home/ajith/greg-repo/repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE</url>

Open the user-mgt.xml and change the value of the database url property.
(Keep remember to add the absolute path of WSO2CARBON_DB as the url).

<property name="url">jdbc:h2:/home/ajith/greg-repo/repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE</property>

Deploy the greg web app archive file (greg.war file) on WebLogic.

Copy xalan-*.jar, xercesImpl-*.jar and xml-apis-*.jar from  wso2greg-4.0.0/lib/endorsed to the ext directory of your JDK installation. (/home/ajith/programes/jdk1.6.0_26/jre/lib/ext)

I) Open a new command shell and set the CARBON_HOME environment variable. (Linux : export CARBON_HOME=/home/ajith/greg-repo ,
Windows: set CARBON_HOME=/home/ajith/greg-repo)

II) Locate your command shell to the bin (Oracle/Middleware/user_projects/domains/greg_domain/bin) directory of your domain and execute the startWebLogic command. (in linux sh startWebLogic.sh)

III) After successfully started the WebLogic server locate your browser  to the http://localhost:7001/console and login using the credentials which you have entered during the domain creation.

IV) After login to AdminiServer Console , navigate your browser to Home>Summary of Environment> Summary of Servers >AdminServer and select the Keystores tab.And also change the Keystores: to “Custom Identity and Custom Trust” and save it.

V) Enter the following values to the relevant fields of the  keystores configuration.

Identity section.

Custom Identity Keystore: /home/ajith/greg-repo/repository/resources/security/wso2carbon.jks  
Custom Identity Keystore Type: JKS  
Custom Identity Keystore Passphrase: wso2carbon  
Confirm Custom Identity Keystore Passphrase: wso2carbon

Trust section.

Custom Trust Keystore: wso2carbon  
Custom Trust Keystore Type: JKS  
Custom Trust Keystore Passphrase: wso2crbon  
Confirm Custom Trust Keystore Passphrase: wso2carbon  

VI) Click on the SSL tab on WebLogic AdminServer console and enter the following values for the relevant fields.

Private Key Alias: wso2carbon  
Private Key Passphrase: wso2carbon  
Confirm Private Key Passphrase: wso2carbon

VII) Navigate the AdminServer console to the deployment section and start to install the greg.war file clicking on the “install” button.

VIII) Browse the directory which is contain the greg.war. Then go forward with default configurations until the installation is complete.

IX) After finishing the installation , you should see the greg.war deployment on your command shell.

X) After successfully started the WSO2-greg-4.0.0 server , locate your browser to https://localhost:7002/greg/carbon on your favorite browser and login using the default user name(admin) and password(admin).

Advanced JVM Tuning – Low Latency

The standard Java Virtual Machine (JVM) is configured to optimize for throughput. But some systems are more interested in low pause/reduced latency and GC (garbage collection) might be one source of pausing. (you can read an interesting article about what latency means to your business)

I have found a post on GigaSpaces forum providing some possible JVM configurations to optimize on latency:

-Xms2g -Xmx2g -Xmn150m 
-XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode 
-XX:+CMSIncrementalPacing -XX:CMSIncrementalDutyCycleMin=10 
-XX:CMSIncrementalDutyCycle=50 -XX:ParallelGCThreads=8 
-XX:+UseParNewGC -XX:MaxGCPauseMillis=2000 
-XX:GCTimeRatio=10 -XX:+DisableExplicitGC

Please note that -XX:+UseConcMarkSweepGC has the heaviest impact on performance – decrease of 40%.

The following set of parameters shows 20% better performance than with -XX:+UseConcMarkSweepGC while the pause size still is below 100msec in embedded test with payload 10KB and 100 threads:

-Xms2g -Xmx2g -Xmn150m 
-XX:GCTimeRatio=2 -XX:ParallelGCThreads=8 
-XX:+UseParNewGC -XX:MaxGCPauseMillis=2000 
-XX:+DisableExplicitGC

While I’m pretty sure that most of the applications do no need such an advanced VM configuration, it is interesting to see what strategies are employed when low latency is needed.

Option Details
-XX:+UseConcMarkSweepGC Sets the garbage collector policy to the concurrent (low pause time) garbage collector (also known as CMS)
-XX:+CMSIncrementalMode Enables the incremental mode. (works only with -XX:+UseConcMarkSweepGC)
-XX:+CMSIncrementalPacing Enables automatic adjustment of the incremental mode duty cycle based on statistics collected while the JVM is running
-XX:CMSIncrementalDutyCycleMin The percentage (0-100) which is the lower bound on the duty cycle when CMSIncrementalPacing is enabled
-XX:CMSIncrementalDutyCycle The percentage (0-100) of time between minor collections that the concurrent collector is allowed to run. If CMSIncrementalPacing is enabled, then this is just the initial value.
-XX:ParallelGCThreads Sets the number of garbage collector threads
-XX:+UseParNewGC Enables multi threaded young generation collection.
-XX:MaxGCPauseMillis A hint to the throughput collector that it’s desirable that the maximum pause time is lowed than the given value. (n.b. it looks like this value can also be used with the CMS garbage collector)
-XX:GCTimeRatio A hint to the virtual machine that it’s desirable that not more than 1 / (1 + GCTimeRation) of the application execution time be spent in the collector
-XX:+DisableExplicitGC Disables explicit garbage collection calls (System.gc())

There is no need to learn all these flags by heart as you can find them covered in various documents:

Oracle Database Clone User

Fill the empty string with existing user name for cloning process, copy the result and replace with new user name.

select dbms_metadata.get_ddl(‘USER’, ‘…..’) FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL(‘ROLE_GRANT’,’…..’) FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL(‘SYSTEM_GRANT’,’…..’) FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL(‘OBJECT_GRANT’,’…..’) FROM DUAL;
SELECT DBMS_METADATA.GET_granted_DDL(‘TABLESPACE_QUOTA’, ‘…..’) FROM dual;

Oracle Roles Version 12.1.0.2

Oracle Roles
Version 12.1.0.2
General Information
Library Note
The Library is currently in the process of being upgraded from Oracle Database Version 11.2.0.3 to 12.1.0.1. Demos are being upgraded to reflect the new Container paradigm as well as EBR (Edition Based Redefinition) and may contain references to CDBs, PDBs, and other objects you may not be familiar with such as CDB_OBJECTS_AE: Welcome to 12c.
Notes
  • The maximum number of roles that can be enabled for a single session is 148. A small maximum value can be set with the init parameter MAX_ENABLED_ROLES
  • A common role must have a name that begins with C##.
  • Roles can contain system privileges
  • Roles can contain object privileges
  • Roles can contain roles
  • Object privileges granted through roles do not work within PL/SQL objectsw unless those permissions must be granted explicitly to the user by defining the object with invoker (CURRENT_USER) rights
Data Dictionary Objects
CDB_ROLES ROLE_ROLE_PRIVS USER_APPLICATION_ROLES
CDB_ROLE_PRIVS ROLE_SYS_PRIVS USER$
DBA_ROLES ROLE_TAB_PRIVS USER_ROLE_PRIVS
DBA_ROLE_PRIVS SESSION_ROLES V$PWFILE_USERS
DEFROLE$
Related System Privileges
ALTER ANY ROLE DROP ANY ROLE GRANT ANY ROLE
CREATE ROLE
Page Sections
Creating CDB Roles
Create Role CREATE ROLE <role_name> [NOT IDENTIFIED] CONTAINER = <ALL | CURRENT>;
CREATE ROLE read_only;
or
CREATE ROLE read_only NOT IDENTIFIED;
Create Password Protected Role CREATE ROLE <role_name> IDENTIFIED BY <password>;
CREATE ROLE read_only IDENTIFIED BY “S0^Sorry”;
Create Package Protected Role CREATE ROLE <role_name> IDENTIFIED USING <schema_name>.<package_name>.<procedure_name>;
conn c##uwclass/c##uwclass@pdbdev

CREATE OR REPLACE PACKAGE db_security AUTHID CURRENT_USER IS
PROCEDURE enable_role;
END db_security;
/

CREATE OR REPLACE PACKAGE BODY db_security IS
PROCEDURE enable_role IS
BEGIN
dbms_session.set_role(‘read_only’);
END enable_role;
END db_security;
/

col schema format a20
col package format a30

SELECT * FROM dba_application_roles;

CREATE ROLE read_only IDENTIFIED USING db_security;

SELECT * FROM dba_application_roles;

GRANT select on uwclass.airplanes TO read_only;
GRANT execute ON db_security TO uwclass;
GRANT x2dba TO scott;
ALTER USER scott DEFAULT ROLE connect, resource;

conn scott/tiger

SELECT * FROM user_role_privs;

SELECT * FROM session_roles;

— this time it will fail
SELECT * FROM uwclass.airplanes;

exec uwclass.db_security.enable_role;

— this time it will succeed
SELECT * FROM uwclass.airplanes;

Identified Externally CREATE ROLE <role_name> IDENTIFIED EXTERNALLY;
CREATE ROLE dba IDENTIFIED EXERNALLY;
Identified Globally CREATE ROLE <role_name> IDENTIFIED GLOBALLY;
CREATE ROLE dba IDENTIFIED GLOBALLY;
Creating PDB Roles
Create Role CREATE ROLE <role_name> [NOT IDENTIFIED] CONTAINER = <ALL | CURRENT>;
CREATE ROLE read_only CONTAINER = CURRENT;
or
CREATE ROLE c##read_only NOT IDENTIFIED;
Create Password Protected Role CREATE ROLE <role_name> IDENTIFIED BY <password>;
CREATE ROLE dba IDENTIFIED BY “S0^Sorry”;
Create Package Protected Role CREATE ROLE <role_name> IDENTIFIED USING <schema_name>.<package_name>.<procedure_name>;
CREATE OR REPLACE PACKAGE db_security AUTHID CURRENT_USER IS
PROCEDURE enable_role;
END db_security;
/

CREATE OR REPLACE PACKAGE BODY db_security IS
PROCEDURE enable_role IS
BEGIN
dbms_session.set_role(‘x2dba’);
END enable_role;
END db_security;
/

SELECT * FROM dba_application_roles;

CREATE ROLE x2dba IDENTIFIED USING uwclass.db_security;

SELECT * FROM dba_application_roles;

GRANT select on uwclass.airplanes TO x2dba;
GRANT execute ON db_security TO scott;
GRANT x2dba TO scott;
ALTER USER scott DEFAULT ROLE connect, resource;

conn scott/tiger

SELECT * FROM user_role_privs;

SELECT * FROM session_roles;

— this time it will fail
SELECT * FROM uwclass.airplanes;

exec uwclass.db_security.enable_role;

— this time it will succeed
SELECT * FROM uwclass.airplanes;

Identified Externally CREATE ROLE <role_name> IDENTIFIED EXTERNALLY;
CREATE ROLE dba IDENTIFIED EXERNALLY;
Identified Globally CREATE ROLE <role_name> IDENTIFIED GLOBALLY;
CREATE ROLE dba IDENTIFIED GLOBALLY;
Assign and Revoke Role Privileges
Assign Privilege To A Role GRANT <privilege_name> TO <role_name>;
GRANT create session TO read_only;
Create A Role Heirarchy GRANT <role_name> TO <role_name>;
CREATE ROLE ap_clerk;

GRANT read_only TO ap_clerk;
GRANT select ON general_ledger TO ap_clerk;
GRANT insert ON ap_master TO ap_clerk;
GRANT update ON ap_master TO ap_clerk;
GRANT insert ON ap_detail TO ap_clerk;
GRANT update ON ap_detail TO ap_clerk;

Add Another Layer To The Heirarchy GRANT <roles and privileges> TO <role_name>;
CREATE ROLE ap_manager IDENTIFIED BY appwd;

GRANT ap_clerk TO ap_manager;
GRANT delete ON ap_master TO ap_manager;
GRANT delete ON ap_detail TO ap_manager;
GRANT select any table TO ap_manager;

Revoke Privilege REVOKE <privilege_name> FROM <role_name>;
REVOKE select any table FROM ap_manager;
Assign and Revoke User Roles
Assigning Roles To Users GRANT <roles_name> TO <user_name>;
GRANT read_only TO jbiden CONTAINER=CURRENT;

GRANT ap_clerk TO jstough CONTAINER=CURRENT;
GRANT ap_clerk TO ckeizer CONTAINER=CURRENT;
GRANT ap_clerk TO rallen CONTAINER=CURRENT;

GRANT ap_manager TO escott CONTAINER=CURRENT;

Revoke a role from a user REVOKE <role_name> FROM <user_name>;
REVOKE ap_manager FROM escott;
Revoke A Role And Drop Any Invalidated Constraints REVOKE ALL ON <table_name> FROM <schema_name> CASCADE CONSTRAINTS;
REVOKE ALL ON invoices FROM abc CASCADE CONSTRAINTS;
Activating & Decactivating Roles
Activate A Session Role SET ROLE <role_name>;
SET ROLE ap_clerk;
Activating A Password Protected Role SET ROLE <role_name> IDENTIFIED BY <role_password>;
SET ROLE ap_manager IDENTIFIED BY appwd;
Activate All Available Roles SET ROLE all;
SET ROLE all;
Activating All Roles Except One SET ROLE all EXCEPT <role_name>;
SET ROLE all EXCEPT ap_manager;
Deactivating A Role Can not be done on an individual basis
Deactivate All Roles SET ROLE none;
SET ROLE none;
Drop Role
Drop A Role DROP ROLE <role_name>;
DROP ROLE manager_role;
PLUSTRACE Role
Creating And Assigning The PLUSTRACE Role For AUTOTRACE This role must be created by SYS in the PDB (not the CDB) and grants SELECT on the following v_$ views:

  • V_$SESSTAT
  • V_$STATNAME
  • V_$MYSTAT
conn sys@orabase as sysdba

SQL> SELECT sys_context(‘USERENV’, ‘CON_NAME’) FROM dual;

SYS_CONTEXT(‘USERENV’,’CON_NAME’)
——————————————————–
ORABASE

SQL> @c:\oracle\product\12.1.0\dbhome_1\sqlplus\admin\plustrce.sql

GRANT plustrace TO uwclass;

Role Related Queries
Roles are treated like users in the data dictionary — users
SELECT name USER_NAMES, DECODE(spare1, 0, ‘USER’, ‘SYSTEM’) CREATED_BY, spare6 CREATE_DATE
FROM user$
WHERE type# = 1
ORDER BY 1;

— roles
SELECT name ROLE_NAMES, DECODE(spare1, 0, ‘USER’, ‘SYSTEM’) CREATED_BY
FROM user$
WHERE type# = 0
ORDER BY 1;

Roles Granted to the Current User col granted_role format a30

SELECT granted_role, admin_option, default_role, os_granted, common
FROM user_role_privs
ORDER BY 2;

Privileges Granted to a Role col role format a30

SELECT *
FROM role_sys_privs
ORDER BY 1;

Grant SELECT On All Tables in a Schema to a Role CREATE OR REPLACE PROCEDURE GRANT_SELECT AUTHID CURRENT_USER IS
CURSOR ut_cur IS
SELECT table_name
FROM user_tables;

RetVal  NUMBER;
sCursor INT;
sqlstr  VARCHAR2(250);
BEGIN
FOR ut_rec IN user_tabs_cur;
LOOP
sqlstr := ‘GRANT SELECT ON ‘ || ut_rec.table_name || ‘ TO dm216q‘;
sCursor := dbms_sql.open_cursor;
dbms_sql.parse(sCursor,sqlstr, dbms_sql.native);

RetVal := dbms_sql.execute(sCursor);
dbms_sql.close_cursor(sCursor);
END LOOP;
END grant_select;

Roles Granted To Schemas SELECT grantee, granted_role
FROM dba_role_privs
ORDER BY 1,2;
Tables And Columns That Can Be Modified by a User — you will want to add a WHERE clause to this query to limit the rows returned for relevancy

SELECT *
FROM all_updatable_columns
ORDER BY 1;

Installation Roles
Roles Created by Database Installation

You may not find all of these roles in your database depending on edition and feature’s chosen.

Role Name Description
ADM_PARALLEL_EXECUTE_TASK Provides privileges to update table data in parallel by using the DBMS_PARALLEL_EXECUTE PL/SQL package
APEX_ADMINISTRATOR_ROLE Grants EXECUTE on APEX_030200.WWV_FLOW_INSTANCE_ADMIN
APEX_GRANTS_FOR_NEW_USERS_ROLE Contains multiple SYS privs
AQ_ADMINISTRATOR_ROLE Privilege to administer Advanced Queuing 
AQ_USER_ROLE De-supported but maintained for backward compatibility to version 8.0
AUDIT_ADMIN Provides privileges to create unified and fine-grained audit policies, use the AUDIT and NOAUDIT SQL statements, view audit data, and manage the audit trail administration
AUDIT_VIEWER Provides privileges to view and analyze audit data
AUTHENTICATEDUSER Used by the XDB protocols to define any user who has logged in to the system
CAPTURE_ADMIN Provides the privileges necessary to create and manage privilege analysis policies
CDB_DBA Provides the privileges required for administering a CDB, such as SET CONTAINER, SELECT ON PDB_PLUG_IN_VIOLATIONS, and SELECT ON CDB_LOCAL_ADMIN_PRIVS. If your site requires additional privileges, then you can create a role (either common or local) to cover these privileges, and then grant this role to the CDB_DBA role
CONNECT Contains the CREATE SESSION and SET CONTAINER system privileges
CSW_USR_ROLE Provides user privileges to manage the Catalog Services for the Web (CSW) component of Oracle Spatial
CTXAPP Enables developers create Oracle Text indexes and index preferences, and to use PL/SQL packages
DATAPUMP_EXP_FULL_DATABASE Granted EXP_FULL_DATABASE role
DATAPUMP_IMP_FULL_DATABASE Granted EXP_FULL_DATABASE and IMP_FULL_DATABASE roles
DBA Example Database Administrator role. Should not be used. Granted 19 other roles in an act of pure insanity.
DBFS_ROLE Provides access to the DBFS (the Database Filesystem) packages and objects
DBHADOOP Created but, at least at install, has no associated roles or privileges
DELETE_CATALOG_ROLE Present but deprecated
DV_ACCTMGR Use the DV_ACCTMGR role to create and maintain database accounts and database profiles. In this manual, the example DV_ACCTMGR role is assigned to a user named amalcolm_dvacctmgr.
DV_ADMIN The DV_ADMIN role controls the Oracle Database Vault PL/SQL packages.
DV_AUDIT_CLEANUP Grant to any user who is responsible for purging the Database Vault auit trail in a non-unified auditing environment
DV_GOLDENGATE_ADMIN Intended for any user with responsibility for GoldenGate configuration by default it contains no privileges
DV_GOLDENGATE_REDO_ACCESS For any user who is responsible for using the Oracle GoldenGate TRANLOGOPTIONS DBLOGREADER method to access redo logs in an Oracle Database Vault environment
DV_MONITOR Enables the Oracle Enterprise Manager Grid Control agent to monitor Oracle Database Vault for attempted violations and configuration issues with realm or command rule definitions. This enables Grid Control to read and propagate realm definitions and command rule definitions between databases.
DV_OWNER The DV_OWNER role has the administrative capabilities that the DV_ADMIN role provides, and the reporting capabilities the DV_SECANALYST role provides.
DV_PATCH_ADMIN Temporarily grant the DV_PATCH_ADMIN role to any database administrator who is responsible for performing database patching or adding languages to Database Vault. After the patch operation or language addition is complete, you should immediately revoke this role. The role does not provide access to any secured data.
DV_PUBLIC Oracle Database Vault does not enable you to directly grant object privileges in the DVSYS schema to PUBLIC. You must grant the object privilege on the DVSYS schema object the DV_PUBLIC role, and then grant DV_PUBLIC to PUBLIC.
DV_REALM_OWNER Use the DV_REALM_OWNER role to manage database objects in multiple schemas that define a realm. Grant this role to the database account owner who is responsible for managing one or more schema database accounts within a realm and the roles associated with the realm.
DV_REALM_RESOURCE Use the DV_REALM_RESOURCE role for operations such as creating tables, views, triggers, synonyms, and other objects that a realm would typically use.
DV_SECANALYST DV_SECANALYST can query DVSYS schema objects through Oracle Database Vault-supplied views only.
DV_STREAMS_ADMIN Grant to a user who is responsible for configuring Streams replication in an Oracle Database Vault environment.
DV_XSTREAM_ADMIN Grant to a user who is responsible for configuring XStreams replication in an Oracle Database Vault environment.
EJBCLIENT Provides privileges to connect to EJBs from a Java stored procedure
EM_EXPRESS_ALL Enables users to connect to Oracle Enterprise Manager (EM) Express and use all the functionality provided by EM Express (read and write access to all EM Express features). The EM_EXPRESS_ALL role includes the EM_EXPRESS_BASIC role.
EM_EXPRESS_BASIC Enables users to connect to EM Express and to view the pages in read-only mode. The EM_EXPRESS_BASIC role includes the SELECT_CATALOG_ROLE role
EXECUTE_CATALOG_ROLE Allow users EXECUTE privileges for packages and procedures in the data dictionary. Granted HS_ADMIN_EXECUTE_ROLE role
EXP_FULL_DATABASE Provides the privileges required to perform full and incremental database export. Granted EXECUTE_CATALOG_ROLE and SELECT_CATALOG_ROLE roles.
GATHER_SYSTEM_STATISTICS To update the dictionary system statistics a user must have DBA privileges or the GATHER_SYSTEM_STATISTICS role.
GDS_CATALOG_SELECT Provides access to 10 objects owned by GSMADMIN_INTERNAL
GLOBAL_AQ_USER_ROLE Required to register through LDAP using JDBC connection parameters as this requires the ability to write access to the connection factory entries in the LDAP server (which requires the LDAP user to be either the database itself or be granted GLOBAL_AQ_USER_ROLE).
GSMADMIN_ROLE Granted AQ_ADMINISTRATOR_ROLE and CONNECT roles: Inlcudes EXECUTE on DBMS_GSM_UTILITY and related resources
GSMUSER_ROLE Granted CONNECT role: Includes EXECUTE on DBMS_GSM_DBADMIN
GSM_POOLADMIN_ROLE Granted CONNECT role: Inlcudes EXECUTE on DBMS_GSM_POOLADMIN
HS_ADMIN_EXECUTE_ROLE Provides the EXECUTE privilege for users who want to use the Heterogeneous Services (HS) PL/SQL packages
HS_ADMIN_ROLE Provides privileges for DBAs who need to use the DBA role using Oracle Database Heterogeneous Services to access appropriate tables in the data dictionary.

Used to protect access to the Heterogeneous Services (HS) data dictionary tables (grants SELECT) and packages (grants EXECUTE). It is granted to SELECT_CATALOG_ROLE and EXECUTE_CATALOG_ROLE such that users with generic data dictionary access also can access the HS data dictionary.

HS_ADMIN_SELECT_ROLE Provides privileges to query the Heterogeneous Services data dictionary views
IMP_FULL_DATABASE Provides the privileges required to perform full database imports. Includes an extensive list of system privileges (use view DBA_SYS_PRIVS to view privileges) and the following roles: EXECUTE_CATALOG_ROLE and SELECT_CATALOG_ROLE. This role is provided for convenience in using the export and import utilities.
JAVADEBUGPRIV Grants permissions to run the Java debugger
JAVAIDPRIV Deprecated
JAVASYSPRIV Grants permissions for Java administrators including updating JVM-protected packages. Granted the JAVAUSERPRIV role.
JAVAUSERPRIV Grants permissions for Java users such as examining properties
JAVA_ADMIN Java administration privileges including permission to modify PolicyTable.
JAVA_DEPLOY Undocumented
JMXSERVER Provides permissions to start and maintain a JMX agent in a session. The procedure dbms_java.start_jmx_agent starts the agent in a specific session that generally remains active for the duration of the session.
LBAC_DBA Provides permissions to use the SA_SYSDBA PL/SQL package
LOGSTDBY_ADMINISTRATOR A prototype role created by default with the RESOURCE role. It is advisable to not use this role but rather to craft your own specific to your needs. Read Oracle’s comments, in red with respect to RESOURCE. They apply here too.
OEM_ADVISOR Provides privileges to create, drop, select (read), load (write), and delete a SQL tuning set through the DBMS_SQLTUNE PL/SQL package, and to access to the Advisor framework using the ADVISOR PL/SQL package
OEM_MONITOR Provides privileges needed by the Management Agent component of Oracle Enterprise Manager to monitor and manage a database
OLAP_DBA Provides privileges needed by the Management Agent component of Oracle Enterprise Manager to monitor and manage the database
OLAP_USER Provides application developers privileges to create dimensional objects in their own schemas for Oracle OLAP
OLAP_XS_ADMIN Administer OLAP data security. Granted the XS_RESOURCE role
OPTIMIZER_PROCESSING_RATE Provides privileges to execute the GATHER_PROCESSING_RATE, SET_PROCESSING_RATE, and DELETE_PROCESSING_RATE procedures in the DBMS_STATS package. These procedures manage the processing rate of a system for automatic degree of parallelism (Auto DOP). Auto DOP uses these processing rates to determine the optimal degree of parallelism for a SQL statement.
ORDADMIN After installing Oracle Multimedia DICOM, the ORDADMIN role is created, with the database system privileges required for administration of the DICOM data model repository.

The ORDADMIN role must be assigned to the administrator of the DICOM data model repository.

OWB$CLIENT Provides privileges to perform standard client-related tasks for Oracle Warehouse Builder, such as creating projects, modules, tables, views, maps, and so on. Warehouse Builder automatically grants this role to all workspace owners and users. (That is, you do not need to explicitly grant it to anyone who must use Warehouse Builder.) For security reasons, the OWB$CLIENT role is not a default role for Warehouse Builder users: Oracle Warehouse Builder enables this role only when it is needed.
OWB_DESIGNCENTER_VIEW Provides privileges from the database level for any registered Oracle Warehouse Builder user to query the Warehouse Builder public views, such as ALL_IV_PROJECTS. A Warehouse Builder administrator can use the ACCESS_PUBLICVIEW_BROWSER system privilege from the Warehouse Builder security level to control an Warehouse Builder user’s access to those public views.
OWB$CLIENT Provides privileges to perform standard client-related tasks for Oracle Warehouse Builder, such as creating projects, modules, tables, views, and maps.
OWB_DESIGNCENTER_VIEW Provides privileges from the database level for any registered Oracle Warehouse Builder user to query the Warehouse Builder public views, such as ALL_IV_PROJECTS.
OWB_USER Provides privileges to create and own an Oracle Warehouse Builder workspace. When a workspace owner registers other database users to this workspace, Oracle Database grants this role to these users. Users with this role also have access to Warehouse Builder Control Center public views and other Control Center utilities. Oracle Warehouse Builder grants this role to all Warehouse Builder users.
PDB_DBA Granted automatically to the local user that is created when you create a new pluggable database (PDB) from the seed PDB. No privileges are provided with this role.
PLUSTRACE Grants privlileges on V$ views required to use AUTOTRACE. Can be created in a PDB but not in the CDB.
PROVISIONER Provides privileges to register and update global callbacks for Oracle Database Real Application sessions and to provision principals
PUBLIC
RECOVERY_CATALOG_OWNER Provides privileges for owner of the recovery catalog. Includes: CREATE SESSION, ALTER SESSION, CREATE SYNONYM, CREATE VIEW, CREATE DATABASE LINK, CREATE TABLE, CREATE CLUSTER, CREATE SEQUENCE, CREATE TRIGGER, and CREATE PROCEDURE
RESOURCE Provides the following system privileges: CREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE TABLE, CREATE TRIGGER, CREATE TYPE. This role is provided for compatibility with previous releases of Oracle Database. You can determine the privileges encompassed by this role by querying the DBA_SYS_PRIVS data dictionary view. Note: Oracle recommends that you design your own roles for database security rather than relying on this role. This role may not be created automatically by future releases of Oracle Database.
SCHEDULER_ADMIN Allows the grantee to execute the procedures of the DBMS_SCHEDULER package. It includes all of the job scheduler system privileges and is included in the DBA role.
SELECT_CATALOG_ROLE Provides SELECT privilege on objects in the data dictionary. Granted the HS_ADMIN_SELECT_ROLE role.
SPATIAL_CSW_ADMIN Privileges granted the Catalog Services for the Web(CSW) account used by the Oracle Spatial CSW cache manager to load all record type metadata, and record instances from the database into the main memory for the record types that are cached.
SPATIAL_WFS_ADMIN Privileges granted the Web Feature Service (WFS) account used by the Oracle Spatial WFS cache manager to load all feature type metadata, and feature instances from the database into main memory for the feature types that are cached.
TKPROFER To grant SELECT on dynamic views for TKPROF, run utltkprf.sql in a PDB. TKPROF needs this to dereference wait events.
WFS_USR_ROLE Privileges granted a Web Feature Service (WFS) user
WM_ADMIN_ROLE Contains all Workspace Manager privileges with the grant option. By default, the database administrator (DBA role) is granted the WM_ADMIN_ROLE role.
XDBADMIN Allows the grantee to register an XML schema globally, as opposed to registering it for use or access only by its owner. It also lets the grantee bypass access control list (ACL) checks when accessing Oracle XML DB Repository.
XDB_SET_INVOKER Allows the grantee to define invoker’s rights handlers and to create or update the resource configuration for XML repository triggers. By default, Oracle Database grants this role to the DBA role but not to the XDBADMIN role.
XDB_WEBSERVICES Allows the grantee to access Oracle Database Web services over HTTPS. However, it does not provide the user access to objects in the database that are public. To allow public access, you need to grant the user the XDB_WEBSERVICES_WITH_PUBLIC role. For a user to use these Web services, SYS must enable the Web service servlets.
XDB_WEBSERVICES_OVER_HTTP Allows the grantee to access Oracle Database Web services over HTTP. However, it does not provide the user access to objects in the database that are public. To allow public access, you need to grant the user the XDB_WEBSERVICES_WITH_PUBLIC role.
XDB_WEBSERVICES_WITH_PUBLIC Allows the grantee access to public objects through Oracle Database Web services.
XS_CACHE_ADMIN the mid-tier cache. It is required for caching the security policy at the mid-tier level for the checkAcl (authorization) method of the XSAccessController class. Grant this role to the application connection user or the Real Application Security dispatcher.
XS_NAMESPACE_ADMIN In Oracle Database Real Application Security, enables the grantee to manage and manipulate the namespace and attribute for a session. Grant this role to the Real Application Security session user.
XS_RESOURCE In Oracle Database Real Application Security, enables the grantee to manage objects in the attached schema, through the XS_ACL PL/SQL package. This package creates procedures to create and manage access control lists (ACLs). It contains the ADMIN SEC POLICY privilege. It is similar to the Oracle Database RESOURCE role.
XS_SESSION_ADMIN In Oracle Database Real Application Security, enables the grantee to manage the life cycle of a session, including the ability to create, attach, detach, and destroy the session. Grant this role to the application connection user or Real Application Security dispatcher.
This site is maintained by Dan Morgan. Last Updated: 12/17/2014 13:34:27 This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2014 Daniel A. Morgan All Rights Reserved