Admin and Security Track 2007 Pre-Summit Workshop & User Cooperative Admin and Security Track Bruce Knox University of Arkansas Division of Agriculture.

Slides:



Advertisements
Similar presentations
Argos Moving Quickly into the Community
Advertisements

BOF - Reporting University of Arkansas Division of Agriculture Cooperative Extension Service Robert Long Financial Services - Technical.
Tech Track 2007 Pre-Summit Workshop & User Cooperative Tech Track Bruce Knox University of Arkansas Division of Agriculture Cooperative Extension Service.
How your Database Professionals can Improve your Argos Reporting1 How Your DBA or Database Programmer Can Improve Your Argos Reporting! Presented By Bruce.
Arkansas Banner User Group 2007 Arkansas State University ABUG 2007 | abug.uaex.edu 1 Argos - Moving into the Community Presented by: Bruce Knox University.
University of Arkansas Division of Agriculture Cooperative Extension Service Argos - Moving Quickly into the Community Presenter: Bruce.
Pennsylvania BANNER Users Group 2006 Self- Service Leave Lookup on the Web: Two Approaches.
Password Management for Oracle8 Ari Kaplan Independent Consultant.
101 Complete Moodle Tutorial. Logging In Navigate to Your login name will.
File Server Organization and Best Practices IT Partners June, 02, 2010.
Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.
Just Beyond Simple SQL – How to Dramatically Improve Your Argos Queries Session ID: Evisions Conference Bruce Knox Project/Program Director (A.K.A.
Securing Oracle Databases CSS-DSG JTrumbo. Audit Recommendations -Make sure databases are current with patches. -Ensure all current default accounts &
System Administration Accounts privileges, users and roles
Advanced Databases Basic Database Administration Guide to Oracle 10g 1.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Argos - Moving into the Community Presented by: Bruce Knox University of Arkansas Division of Agriculture Cooperative Extension Service March 23, 2009.
Security and Integrity
December 5, OBIEE Technical Conference Security Overview Dan Malone.
Copyright CHS Payroll, Inc 2004 (Click anywhere to advance screen.) MyPayrollWeb.com Tour The ultimate online payroll experience from CHS Payroll.
Title: My New Favorite Argos Feature Session or, How Argos Helps Keep Banner Working for us Bruce Knox University of Arkansas Division of Agriculture.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
DocuShare Training Welcome to DocuShare Training.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Web Site User Management Deborah Lee Soltesz USGS.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
Security.
Are you feeling secure ? Lee Donaldson Information Builders.
A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Argos - Moving into the Community Presented by: Bruce Knox University of Arkansas Division.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Dale Roberts 1 Department of Computer and Information Science, School of Science, IUPUI Dale Roberts, Lecturer Computer Science, IUPUI
Database Role Activity. DB Role and Privileges Worksheet.
Controlling User Access Fresher Learning Program January, 2012.
© 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 1 (SQL) Controlling User Access Asif Sohail University of the.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Session ID:4077 Presenter:Bruce Knox Institution:University of Arkansas Argos Reporting and Value Based Security.
Database Access Control IST2101. Why Implementing User Authentication? Remove a lot of redundancies in duplicate inputs of database information – Your.
Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions.
Privilege Management Chapter 22.
Chapter 13Introduction to Oracle9i: SQL1 Chapter 13 User Creation and Management.
Page 1 of 42 To the ETS – Create Client Account & Maintenance Online Training Course Individual accounts (called a Client Account) are subsets of the Site.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
1 Copyright © 2009, Oracle. All rights reserved. Controlling User Access.
Dr. Chen, Oracle Database System (Oracle) 1 Chapter 7 User Creation and Management Jason C. H. Chen, Ph.D. Professor of MIS School of Business Gonzaga.
6/19/2016 أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 4.
9 Copyright © 2004, Oracle. All rights reserved. Getting Started with Oracle Migration Workbench.
Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED ADMINISTRATION.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Administrating a Database
Controlling User Access
Controlling User Access
Effective T-SQL Solutions
CollegeSource Security Application &
Welcome! To the ETS – Create Client Account & Maintenance
Controlling User Access
Controlling User Access
Database Security.
Database Security.
Copyright © 2013 – 2018 by Curt Hill
Administrating a Database
Security - Forms Authentication
Cloud Migration Training
Presentation transcript:

Admin and Security Track 2007 Pre-Summit Workshop & User Cooperative Admin and Security Track Bruce Knox University of Arkansas Division of Agriculture Cooperative Extension Service

Admin and Security Track Pre-Summit Admin and Security Track Copyright 2002 Cision Studios Mad Tea Party

Admin and Security Track Argos Pre-Summit Admin and Security Track How are you supporting your users? What tools have you developed? What works for you? Got some code to share?

Admin and Security Track Topics and Questions? Argos and Banner Security Banner Value Based Security Create a CSV Import File for creating MAPS Users Reports that help our security administrators. I need to know when a user is set up in Argos, but is no longer an employee? Using Argos with Operational Data Store (ODS)? How to handle continuous updates from Evisions? How to handle problems with using LDAP server on Argos? Implementation of any of the various Banner Security models in Argos? How to approach end-user account creation and security?

Admin and Security Track Argos and Banner Security

Admin and Security Track Argos and Banner Security Banner Reporting ultimately requires an Oracle grant for the Tables being used.

Admin and Security Track Argos and Banner Security Within Banner: Grants are provided for the Forms or other Objects via a complex password authentication and obscuration scheme. This Banner Security relies upon changing the users default role to the role set up in GSASECR, User Maintenance, for specific Banner Objects.

Admin and Security Track Argos and Banner Security So, unless you are set up in a Payroll Role, you cannot get into the Payroll Objects. This works fine for Banner provided Objects.

Admin and Security Track Argos and Banner Security This same scheme is how the Argos and Banner Security Script works. An USR_ARGOS User Class Object is created and it is assigned to specific users. When the user logs in to Argos, the user is authenticated using this User Class. This depends upon the Argos and Banner User ID being the same.

Admin and Security Track SQL*Plus Scripts This same concept is used by many Banner sites for their SQL*Plus scripts. In this use, each SQL*Plus script is paired to an Object name which is passed to a Banner Security Script similar to the Argos and Banner Security Script. This allows some improvement in security by allowing only specific Tables to be used in a SQL*Plus script. The End-Users are limited to seeing only certain objects. The exposure of these scripts is limited by the Operating Systems security and to a degree by obscuration.

Admin and Security Track Argos and Banner Security The Argos and Banner Security Script is exposed only to the Argos Administrator.

Admin and Security Track Argos and Banner Security The Argos and Banner Security Script allows for the Banner User ID to be used to authenticate Argos Users. Once past this point, the question becomes: How to limit the users to seeing only information they should see.

Admin and Security Track Argos and Banner Security One can use the Argos Security to allow only specific users into Argos Folders set up by Functional Areas. This works and it keeps the user from even seeing the contents of other Folders, if desired. Alone, this does not limit the access to the Tables for the Designers.

Admin and Security Track End-User Ad Hoc reporting Since the Banner Security concept relies upon the Form or Procedure source code for part of the security, it is not suitable for End-User Ad Hoc reporting.

Admin and Security Track Ad Hoc Reporting Security Solutions vary, but often fall into two categories: GRANT specific SELECT ON Table to a User or GRANT SELECT ANY TABLE to a User

Admin and Security Track Ad Hoc Reporting Security Solutions vary, but often fall into two categories: GRANT specific SELECT ON Table to a User (Very DBA Intensive) or GRANT SELECT ANY TABLE to a User(Very Insecure).

Admin and Security Track Argos and Banner Security plus Oracle Role Another way to handle this is to use an Oracle Role directly instead of the Banner Classes. (Note that I am still using the Argos and Banner Security Script to limit which Users can actually Logon to Argos.) The Role further limits access after this Connection Login.

Admin and Security Track Oracle Roles A Role is a collection of grants. The Role can be assigned to specific users. While this is semi-DBA Intensive, it is normal stuff for them. They are in Control.

Admin and Security Track Argos and Banner Security using Oracle Roles We would create a new BAN_DEFAULT_BANNERARGOS role for Argos table access, then: GRANT SELECT ON owner.table_name TO BAN_DEFAULT_BANNERARGOS; GRANT SELECT ON owner.view_name TO BAN_DEFAULT_BANNERARGOS;

Admin and Security Track Argos and Banner Security using Oracle Roles Then, you revoke "SELECT ANY TABLE" privileges from those users and assign the BAN_DEFAULT_BANNERARGOS role to them instead. Since this would be done through roles instead of classes, the Banner Security Script wouldn't be used (since it only deals with Classes).

Admin and Security Track Argos and Banner Security using Oracle Roles This would allow you to reduce the security effort for the Argos Administrator since exposing an Argos Folder or DataBlock would still not give the User access to the underlying Banner Tables. I prefer to view Argos Security as a further limit upon the Banner and Oracle Security rather than the mainstay of my security for Argos users.

Admin and Security Track Security for Any Ad Hoc Reporting Tool The BANNERARGOS role could be used for any Ad Hoc Reporting Tool. This idea is far simpler than any other scheme I have seen for providing security for Ad Hoc Banner Reporting.

Admin and Security Track Banner Value Based Security

Admin and Security Track Banner Value Based Security This is the Fund/Orgn security that allows one to see just their Funds and Orgns when running a report.

Admin and Security Track Banner Value Based Security There are basically two ways to handle this. One is to put the restricting logic into each Argos DataBlock. The other, more secure way, is to put the logic into Oracle Views.

Admin and Security Track Banner Value Based Security Once you are into Oracle Views of the Banner Tables, you are confronted with the Banner naming conventions and their exceptions. While PEVEMPL is a view for PEBEMPL, FTVORGN is a Table.

Admin and Security Track Banner Value Based Security This security is based upon the User ID and the values in the FOBUSFN and FOBUSOR Tables. (Forms used to update Fund/Orgn security are FOMUSFN and FOMUSOR.)

Admin and Security Track Create a CSV Import File for creating MAPS Users

Admin and Security Track SQL*Plus script to create a CSV Import File for creating MAPS Users: maps_users.sql maps_users.sql To use this, one must have the Users already assigned to the Argos Security Class Object. Which is a reasonable expectation, I think. Description is always Finance, that is easily changed. (Determining Department assignments can be a difficult Banner issue.) The password for the Users' first logon to MAPS will be their Banner User ID + the last four digits of their SSN Be sure to check mark the "User must password change at next login" when Importing the file so that the User can sync their Banner and MAPS password. (Relates to using "Argos and Banner Security" option.)

Admin and Security Track SQL*Plus script to create a CSV Import File for creating MAPS Users: SELECT gurucls_userid Sort_Name, '"MAPS","'||LOWER(gurucls_userid)||'","'||LOWER(gurucls_userid)||SUBSTR(spbpers_ssn,6,9)||'","Finance","'||TRIM(goremal_ _address)||'"' FROM goremal, gurucls, spbpers, gobeacc WHERE gurucls_class_code = 'ARGOS' -- Your Argos Security Class Object AND goremal_pidm = spbpers_pidm AND goremal_status_ind = 'A' AND goremal_preferred_ind = 'Y' AND gobeacc_pidm = goremal_pidm AND gurucls_userid = gobeacc_username ORDER BY Sort_Name;

Admin and Security Track Topics and Questions? Slide 5. Argos and Banner Security Slide 23. Banner Value Based Security Slide 28. Create a CSV Import File for creating MAPS Users

Admin and Security Track 2007 Pre-Summit Workshop & User Cooperative Admin and Security Track Bruce Knox uaex.edu University of Arkansas Division of Agriculture Cooperative Extension Service Book Dragon copyright 2006 J. Wilson Spence, Cision Studios Images are used with the permission of J. Wilson Spence.J. Wilson Spence

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.