Grant read only-rights to own schema

Similar Messages

• Granting Read Only Access to user in another schema

  Oracle Database 10g
  Red Hat Enterprise Linux Server release 5.3
  We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
  I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
  And some views are in INVALID status.
  I tried to compile them using alter view owner.viewname compile;
  But got this ---- Warning: View altered with compilation errors.
  Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
  Then I used the following
  SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
  select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
  It turns out some reference types are non existent.
  Does that mean DBAs cannot do anything about this ?

  Nilton wrote:
  We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
  I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
  TABLES -> YES grant SELECT
  VIEWS -> YES grant SELECT
  SEQUENCE -> YES grant SELECT
  INDEXES -> There is no read access for indexes...indexes are put on tables and a user who has read access on tables can read the index as well.
  FUNCTIONS / PROCEDURES / PACKAGES -> I am not sure what you mean by read access on procedures, functions and packages. You may grant EXECUTE privilege on these.
  TRIGGERS -> there is no read access on triggers required. They are implemented on tables for a DML event. If the user has DML access he has the execute access on the trigger as well.
  JOBS -> I am not sure what to read from Jobs.
  And some views are in INVALID status.
  I tried to compile them using alter view owner.viewname compile;
  But got this ---- Warning: View altered with compilation errors.
  Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
  Then I used the following
  SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
  select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
  It turns out some reference types are non existent.
  Does that mean DBAs cannot do anything about this ?There are compilation errors in the Views. e.g. the view may be referring to a table which doesn't exist etc.
  Unless you fix the error in the view you can't compile it and male it valid. Fix the view errors. If objects are non existing create them or refer to view to some where else.
  If the nonexistent objects were mistakenly dropped, or the data file which contained those objects was dropped, no matter what was the reason for that object to be gone a DBA can bring it back if he is a well prepared DBA and has setup his database for such kind of disasters.
  Now tell us why those objects are non-existent ? were they meant to be gone ? or they were dropped mistakenly?
  Now here are my guesses:
  If they were meant to be gone then probably the views definitions need to be adjusted not to refer them anymore.
  If they were mistakenly dropped then:
  Do you have them in recyclebin? (only tables) if YES just FLASHBACK TABLE <<tablename>> AS BEFORE DROP.
  Is your database has Flashback database ON? if YES FLASHBACK DATABASE until 'time/scn just before the object was dropped'
  Do you have backups and your database is running in ARCHIVE LOG mode? if YES perform an incomplete recovery using RMAN.

• I want to give a user to read only rights on sql server agent 2008

  I want to give a user to read only rights on sql server agent 2008.When I giving SQLAgentuser Role then user is only able to view SQL Server agent as Green but no job visible in job activity monitor.Currently he has db_reader rights on one user database.
  What rights should I give?
  Thanks

  There are 3 SQL server Agent fixed database roles in sql server.
  1.SQL AgentUSerRole:- To create and manage jobs
  2.SQLAgentReaderRole: To grant read acces.
  3.SQLAgentOperatorRole : to run and delete jobs.
  For you question you can create a user and grant him SQLAgentReaderRole.
  Example:
  Create LOGIN test with Password='abc'
  Use msdb;
  GO
  Create User test for login test
  use msdb;
  EXECUTE sp_addrolemember @rolename='SQLAgentReaderRole',@membername='test'
  Hope this solves your problem!!!

• Granting read only access

  Is there a way to grant read only access to all tables in a schema, rather than doing it for each individual table in the schema?

  I have a package that does something just like this, here is a snippit. It uses dynamic SQL to build the GRANT statements. I'm not sure if this is a 'best practice', but it works for me.
        --Find the tables to GRANT SELECT privileges on
        string_query := 'SELECT DISTINCT ''' || LOWER(schema_name) || '.''|| ' || 'table_name FROM all_tables WHERE UPPER(owner) LIKE ''%' || UPPER(schema_name) || '%''';
        OPEN c FOR string_query;
           LOOP
              FETCH c INTO table_name;
           EXIT WHEN c%NOTFOUND;
              --Build the GRANT string
              string_grant := 'GRANT SELECT ON ' || LOWER(table_name) || ' TO ' || UPPER(role_name);
              --GRANT privilege
              EXECUTE IMMEDIATE string_grant;
           END LOOP;
        CLOSE c;

• Grant read only permission on my stored procedure.

  I have a requirement like give reaonly access on my stored procedure to another user , not even execute permission on that steored procedure.
  Could you please let us know the command ?

  Marwim wrote:
  You can read the source of any PL/SQL code in dba_sourceBut that requires a priv such as select any dictionary to be granted. Why would you want to give a schema access to reading any and all source code in the database?
  This is why I think it is important that the OP provides the reasons behind the question of granting read-only source code access.
  Security is a critical component of software engineering. The basic security principle is to grant the absolute minimum privileges required to s/w and users to get the job done. Granting access to a schema read access to a dictionary view like DBA_SOURCE violates it.
  If userB wants to see userA's source code - then why not have userA simply mail it to userB, or check the code into a common source code repository?

• How to grant LOGON ONLY Rights to two users (no domain admins) on Domain Controllers

  Dear Techies,
  I wish to grant LOGON ONLY Rights to two users, who are not the members of Domain Admins, on Domain Controllers.
  Can someone please suggest the best and easiest possible way to do this keeping up with Compliance?
  Regards
  Amit Kumar

  I think it is by design, the readers don't have access to the operations and application management section. If you look at the URL's you will notice they are of the form  http://servername:portnumber/_admin/operations.aspx and http://servername:portnumber/_admin/applications.aspx. Giving read only access to these pages means, they will be not able to modify the settings on these pages.
  Looks like it is not possible to give read only access.
  Thanks,
  Prashanth

• Read only rights Personal directory

  I'm using cucm 9.1. I want to give Read only rights on Personal directory to some of my IPT users.
  How can i acheive this in CUCM 9.1.
  Regards

  That's not an option with personal directories; they are always editable by the end user account. You can use ecosystem partner products (or your own coding if you're so inclined) to create read-only directories and then subscribe these to the phone(s) that you want to see that custom set of listings.
  To be honest, at very small scale you could just write the XML flat file in accordance with the XML SDK, create a phone service with the URL to that XML file, and subscribe a single phone to it. Anything more ellaborate than this just makes it easier to maintain at scale.
  Please remember to rate helpful responses and identify helpful or correct answers.

• I have an external hardrive for MAC, I needed to save something from my work computer so I can pass it on to my MAC, it requiered me to re-format my external HD and now when I connected to my MAC I only have "read only rights". How do I fix it?

  I have an external hardrive for MAC, I needed to save something from my work computer so I can pass it on to my MAC, it requiered me to re-format my external HD and now when I connected to my MAC I only have "read only rights". How do I fix it? I run my Itnues from this external and now my library is gone. Luckily I have it saved somewhere else, which is not a problem, but I won't be able to write to this HD for right now. I can't see an option to give those permission back.

  cptjuanjvarona wrote:
  I have an external hardrive for MAC, I needed to save something from my work computer so I can pass it on to my MAC, it requiered me to re-format my external HD and now when I connected to my MAC I only have "read only rights". How do I fix it?...
  Unless what you have to transfer is enormous, skip the external HD altogether and use a USB flash drive; you can get them with capacities to 128GB. Format the flash drive as FAT32 or ExFAT as LowLuster suggests so it can be read and written to on both PC's and your Mac.

• "Edit Locally" for Repository having "Read only" rights

  hi,
      I am on EP6.0 SP9.
  When I go to
       Content Administrator --> KM Content --> Repository(having "Read Only" rights),  and click on "Context Menu" an option "Edit Locally" come there. But as the repository has "Read only" rights, I need to disable that option.
  Is there any way to do that?
  Regards
  Mridul.

  Hi Patricio,
              Perhapps that link is not woking fine, so i have pasted that code here, so please have a look at the code here,
  public void received(IEvent event) {     IRecipient recipient = null;
       IResourceEvent myEvent = (IResourceEvent) event;
       IResource res = (IResource)event.getParameter();
       System.out.println("Event");
       String resname = res.getDisplayName();
       try{
       ISubscriptionManager subscriptionManager =
  com.sapportals.wcm.repository.service.subscription.SubscriptionUtils.getSubscriptionManager(res);
       ISubscriptionCondition mycondition =
  subscriptionManager.createSubscriptionCondition();
       mycondition.setInterval("ALWAYS");
       mycondition.setRecursionLevel("999");
       mycondition.setRidTracking
  (subscriptionManager.getDefaultConditionRidTracking(res));
       ISubscription simpleSubscription =
  subscriptionManager.createSubscription( res.getContext(),resname,  mycondition, res, null, recipient,  null);
       }catch (WcmException e){
            System.out.println(e);     } 
  Thanks And Regards,
  Mridul.

• User with read-only rights!

  Hello. i need to create user that have read only rights to every table on database, but only read only.
  Could you please provide a statment for that or a link where can i find that kind of information.

  Hi;
  Similar topic mention here many times. Please see:
  Read only user creation
  Read only user creation
  PS:Please dont forget to change thread status to answered if it possible when u belive your thread has been answered, it pretend to lose time of other forums user while they are searching open question which is not answered,thanks for understanding
  Regard
  Helios

• CDR Admin Read Only rights

  I would like to set up a CAR Admin with read only rights.  Meaning they can generate reports but not change any of the setting.  Ie CDR dial-plan config, Auto report generation.  Is there really a way to do that or do I have to make a "CARUser" account and then make "CARUser" a manager for the whole company?

  There are only 3 kinds of users you can have in CAR and they're not configurable beyond that. There is no MLA here.
  Understanding the Role of CAR Administrators, Managers, and Users
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/8_0_2/car/carovrvw.html#wp1022182
  HTH
  java
  If this helps, please rate
  www.cisco.com/go/pdihelpdesk

• Grant read only to one user

  Hello everyone,
  I'd gone through unlimited forums and blogs but not got any proper solution and is getting confused as I'm not good in sql.
  I had created a db user.
  I need grant it following privileges same as read only apps user:-
  (1) It can only select all tables except dba related tables, views etc.
  (2) It can only select any table of any user
  (3) It can only select any function, procedures and every custom objects.
  (4) it can select any table without prefixing apps. before table.
  Step by step instructions required with sql statements.

  Hi,
  Richa wrote:
  Hello everyone,
  I'd gone through unlimited forums and blogs but not got any proper solution and is getting confused as I'm not good in sql.
  I had created a db user.
  I need grant it following privileges same as read only apps user:-
  (1) It can only select all tables except dba related tables, views etc.
  (2) It can only select any table of any userThe SELECT ANY TABLE system privilege enables a user to select from any table including dba related tables and views. If you want to exclude them, then you have to give SELECT privileges on all the other tables, one at a time, and remember to do it for new tables as they are created.
  (3) It can only select any function, procedures and every custom objects.The EXECUTE ANY PROCEDURE system privilege does that.
  (4) it can select any table without prefixing apps. before table.Don't be sill. That's like saying "it can select from any table without giving the table name", or "without typing anything".
  You might reduce how often you have to qualify the table name with the schema name by using "ALTER SESSION SET CURRENT_SCHEMA = schema_name;".
  Step by step instructions required with sql statements.To give the privileges mentioned in (1), (2) and (3) to user FUBAR, log in as SYSTEM and say
  GRANT  SELECT ANY TABLE          TO fubar;
  GRANT  EXECUTE ANY PROCEDURE     TO fubar;

• User with read only access on a schema - How?

  Hi all,
  I want to create a user with ready only access to a particular schema. The user should have only 'SELECT' option on all objects of the schema.
  Thanks !

  Ven wrote:
  Hi all,
  I want to create a user with ready only access to a particular schema. The user should have only 'SELECT' option on all objects of the schema.
  Thanks !There is no single command. You have to grant object privelges by object.
  Use sql to write sql
  connect <schema_owner>
  spool doit.sql
  select 'grant select on ' || table_name || 'to <selected_user>;'
  spool off;Probably best if <selected_use> is a role instead of a specific user, then grant the role to whoever.

• Read only rights in a content server

  Hello, we have a content server which we can access from 2 different SAP systems.
  Now we want to secure the content server that read/write access is only possible from SAP system A, and from SAP system B we would like only to have read access.
  Working with certificates did not give till now any solution.
  From the moment we submit a certificate from server B, we can do read/write towards the content server
  Removing the certificate in CSADMIN on SAP system B will prevent reading of the content server.
  We run Contentserver 6.40 in a AIX5.3 /MaxDB 7.6 environment with adminsecurity in cs.conf set to 1
  Regards, Danny

  Yes this has been tried.
  When you have updated with system B and content looks like
  contRep-ZSTR057
  DefaultDocProt=r
  If you then go to system A and look into CSADMIN, you see also
  contRep-ZSTR057
  DefaultDocProt=r
  You could change this to for example on SYSTEM A to
  contRep-ZSTR057
  DefaultDocProt=ruc
  If you then go to system B in CSADMIN you wil also see
  contRep-ZSTR057
  DefaultDocProt=ruc
  the CSADMIN settings are stored in the file on the contentserver (Apache part) and not in SAP
  We were hoping that with the certificates we could do something.
  But as what I can tell after all test we have done is that a content server is standing on its own, and only link it has to identify systems is via a certificate.
  I have a user who says he has done this kind of a test on an other environment we have and there he was successfull, but we can not repeat the test, nor does the user know how he had set it up.
  That is why I am asking how this could be done.

• Read only access of a full schema ?

  Hi all,
  Can i create a role having read only access of a full schema ?
  Thanks in advance.

  Can i create a role having read only access of a
  full schema ?The point here is that there is not a single command to perform this task, so you will have to do it on a per object basis. If you want to give access to the complete schema then it is advisable to create a script to grant on each table and on each view from the source schema. By providing read only to the full schema, I understand you are referring not also to the tables but also to the views, sequences, and may be stored program units, so you will have to properly define the scope of this 'full schema'.
  Once you have properly defined the scope and have granted, as suggested by means of a role, then you may want to create synonyms for each granted object, so you don't have to qualify it with the schema name prefix when the object is being accessed.
  ~ Madrid