Should we use triggers to deny alter access to views?

hello all - the requirement is let a group access all the views in the schema but not be able to alter, delete views or stored procedures or functions. what is the best way to do this? thanks in advance...

It is three step process
--Step 1 Create database role
CREATE
ROLE [view_access]
GO
--Step2 Write a store procedure to grant all the views to that role, in this example I gave for Stored Procedure
--You can change appropriately
USE
[master]
GO
CREATE
PROCEDURE [dbo].[sp_GrantAllviews]
@user sysname,
@DB varchar(30)
AS
SET
NOCOUNT ON
-- 1 - Variable declarations
DECLARE
@CMD1 varchar(8000)
DECLARE
@MAXOID int
DECLARE
@OwnerName varchar(128)
DECLARE
@ObjectName varchar(128)
-- 2 - Create temporary table
CREATE
TABLE #StoredProcedures
(OID
int IDENTITY (1,1),
StoredProcOwner
varchar(128)
NOT NULL,
StoredProcName
varchar(128)
NOT NULL)
SET
@CMD1 =
'SELECT ROUTINE_SCHEMA, ROUTINE_NAME FROM [' +
@DB +
'].INFORMATION_SCHEMA.ROUTINES WHERE NOT(ISNULL(ROUTINE_TYPE,'''') = ''FUNCTION'' AND ISNULL(DATA_TYPE,'''') = ''TABLE'') AND ROUTINE_NAME NOT LIKE ''dt_%'''
INSERT
INTO #StoredProcedures
(StoredProcOwner,
StoredProcName)
EXEC(@CMD1)
-- 4 - Capture the @MAXOID value
SELECT
@MAXOID =
MAX(OID)
FROM #StoredProcedures
-- 5 - WHILE loop
WHILE
@MAXOID > 0
BEGIN
-- 6 - Initialize the variables
SELECT
@OwnerName =
StoredProcOwner,
@ObjectName
= StoredProcName
FROM
#StoredProcedures
WHERE
OID =
@MAXOID AND StoredProcName
not like
'sp_%' AND StoredProcName
not like
'xp_%'
-- 7 - Build the string
SELECT @CMD1
= 'USE ['
+ @DB +
'];GRANT EXEC ON ' +
'[' +
@OwnerName + ']'
+ '.'
+ '[' +
@ObjectName +
']' +
' TO ' + @user
SELECT @CMD1
-- 8 - Execute the string
SELECT @CMD1
EXEC(@CMD1)
-- 9 - Decrement @MAXOID
SET
@MAXOID =
@MAXOID - 1
END
-- 10 - Drop the temporary table
DROP
TABLE #StoredProcedures
SET
NOCOUNT OFF
GO
--Step 3 Assign the user to this role.

Similar Messages

  • I want to convert a pdf file into xml.Which programme should I use and how do I access it?

    I want to convert a pdf file into xml.Which programme should I use and how do I access it?I am based in India.

    Hello,
    if you create your doc files by the help of WORD, you could use a Microsoft add on (it depends of your WORD Version).
    Hans-Günter

  • ORA-24247: network access denied by access control list (ACL) using FTP

    What used to work on our 10g server now doesn't work on 11g. We recently migrated to a new server and this FTP download process is the only thing that is giving me problems.
    I have tried using the IP Address and Domain name, opened up the ports 10 to 80 (just in case) and even tried FTPing to a local FTP site and cannot seem to get past the ORA-24247 error. At this point I am not sure what else to try. The FTP process worked great in 10g...
    begin
    dbms_network_acl_admin.create_acl (
    acl => 'cwtoto_acl_file.xml',
    description => 'FTP Access',
    principal => 'CWT_OPERATOR',
    is_grant => TRUE,
    privilege => 'connect',
    start_date => null,
    end_date => null
    dbms_network_acl_admin.add_privilege (
    acl => 'cwtoto_acl_file.xml',
    principal => 'CWT_OPERATOR',
    is_grant => TRUE,
    privilege => 'resolve',
    start_date => null,
    end_date => null
    dbms_network_acl_admin.assign_acl (
    acl => 'cwtoto_acl_file.xml',
    host => '69.30.63.173',
    lower_port => 10,
    upper_port => 80
    dbms_network_acl_admin.assign_acl (
    acl => 'cwtoto_acl_file.xml',
    host => 'ftp.rmpc.org',
    lower_port => 10,
    upper_port => 80
    dbms_network_acl_admin.assign_acl (
    acl => 'cwtoto_acl_file.xml',
    host => 'ftp.taglab.org',
    lower_port => 10,
    upper_port => 80
    dbms_network_acl_admin.assign_acl (
    acl => 'cwtoto_acl_file.xml',
    host => '146.63.252.61',
    lower_port => 10,
    upper_port => 80
    commit;
    end;
    Edited by: tfrawley on Jan 20, 2011 10:23 AM

    So, I have contacted support to fix my inability to login to Oracle Support. In the meantime I'll just run through this problem one more time:
    I executed the following:
    begin
    dbms_network_acl_admin.create_acl (
    acl => 'cwtoto_acl_file.xml',
    description => 'FTP Access',
    principal => 'CWT_OPERATOR',
    is_grant => TRUE,
    privilege => 'connect',
    start_date => null,
    end_date => null
    dbms_network_acl_admin.assign_acl (
    acl => 'cwtoto_acl_file.xml',
    host => 'ftp.rmpc.org',
    lower_port => 1,
    upper_port => 1000
    commit;
    end;
    This should give me an ACL xml file and permission for CWT_OPERATOR to connect to ftp.rmpc.org on ports 1 through 1000.
    I can look and see if the creation was successful: SELECT host, lower_port, upper_port, acl FROM dba_network_acls t ;
         HOST     LOWER_PORT     UPPER_PORT     ACL
    1     ftp.rmpc.org     1     1000     /sys/acls/cwtoto_acl_file.xml
    Looks good right?
    So I test it using the following:
    DECLARE
    l_conn UTL_TCP.connection;
    BEGIN
    l_conn := ftp.login('ftp.rmpc.org','21','[email protected]','anonymous');
    ftp.logout( l_conn);
    END;
    And get the following errors:
    ORA-24247: network access denied by access control list (ACL)
    ORA-06512: at "SYS.UTL_TCP", line 17
    ORA-06512: at "SYS.UTL_TCP", line 246
    ORA-06512: at "SYSTEM.FTP", line 49
    ORA-06512: at line 4
    Has anyone else tried to use UTL_TCP and experienced a simliar issue?

  • Which RFC module/s should I use to access DSO tables?

    Hello,
    I am in a proccess of creating an adaptive RFC model in Web Dynpro.
    I am in a stage where I need to select my RFC modules.
    My requirement is to access our DSO tbles.
    I see many BAPI's and functions under the SAP Business Information Warehous tree. Which one should I use for needs?
    Roy

    Hi Roy,
    You should use BI SDK for Java to connect to BW from Web Dynpro (https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/how%20to%20use%20the%20bi%20java%20sdk%20in%20a%20web%20dynpro%20application.pdf)
    http://help.sap.com/saphelp_nw04/helpdata/en/6e/011e681cf74ab4b3acf73f77653405/frameset.htm
    https://media.sdn.sap.com/public/html/submitted_docs/BW/BI_SDK_JavaDocs/bi_sdk_doc/docs/documentation.html
    /people/moya.watson/blog/2004/04/05/the-bi-java-sdk-whats-in-it-for-you
    /people/moya.watson/blog/2004/12/27/three-new-how-to-guides-for-the-bi-java-sdk
    Best regards, Maksim Rashchynski.

  • Which RFC module/s should I use to access BW tables?

    Hello,
    I am in a proccess of creating an adaptive RFC model in Web Dynpro.
    I am in a stage where I need to select my RFC modules.
    My requirement is to access our BW tables.
    I see many BAPI's and functions under the SAP Business Information Warehous tree. Which one should I use for needs?
    Roy

    Hi Roy,
    You should use BI SDK for Java to connect to BW from Web Dynpro (https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/how%20to%20use%20the%20bi%20java%20sdk%20in%20a%20web%20dynpro%20application.pdf)
    http://help.sap.com/saphelp_nw04/helpdata/en/6e/011e681cf74ab4b3acf73f77653405/frameset.htm
    https://media.sdn.sap.com/public/html/submitted_docs/BW/BI_SDK_JavaDocs/bi_sdk_doc/docs/documentation.html
    /people/moya.watson/blog/2004/04/05/the-bi-java-sdk-whats-in-it-for-you
    /people/moya.watson/blog/2004/12/27/three-new-how-to-guides-for-the-bi-java-sdk
    Best regards, Maksim Rashchynski.

  • Which access sequence of Partner determination should be used?

    Now my company is upgraded from CRM 2.0c to CRM 5.0 HR1. I found the different result about partner determination on business activity (via transaction code: CIC0) between two version.
    <b>On CRM 2.0C</b>
    <b><u>Tcode: CIC0</u></b>
    Enter sold-to party code: 5300001 as activity partner, Contact person:244 on 'BP searching' workspace. Then on 'Maintain Business Transaction' workspace will display  5300001 as activity partner and 244 as Contact person.
    <b><u>Configuration:</u></b>
    Partner Function: 00000015 Contact person (CRM) using Access sequence 0002
    Access sequence 0002 from activity partner
    Dialog seq:10 has partner origin COM_PARTNER_A Preceding document and mark 'Determine in incorrect source partner'.
    Dialog seq:20 has partner origin CRM_PARTNER_D General business partner model and have origin details; Partner Function category '0006 Activity partner' and Usage 'CRM'.
    <b>CIC0 of CRM 5.0 HR1</b>
    <u>Tcode: CIC0</u>
    Enter sold-to party code: 5300001 as activity partner, Contact person:244 on 'BP searching' workspace. Then on 'Maintain Business Transaction' workspace will display  5300001 as activity partner and 66 as Contact person (66 is the first contact person of sold-to party master record:5300001).
    <b><u>Configation:</u></b>
    Partner Function: 00000015 Contact person (CRM) using Access sequence 0002
    Access sequence 0002 from activity partner
    Dialog seq:10 has partner origin COM_PARTNER_A Preceding document and mark 'Allow Incorrect Source'.
    Dialog seq:20 has partner origin CRM_PARTNER_D DO NOT USE - General business partner model and have details on the source; Partner Function category '0006 Activity partner' and Usage 'CRM'.
    Dialog seq:30 has partner origin CRM_PARTNER_C Business Partner Relationship and have details on the source; Partner Function category '0006 Activity partner' and Usage 'CRM'.
    Please suggest me which access sequence should be used for getting the correct contact person (result same as CRM 2.0C).
    Thanks you so much for support.

    Hi,
    to you receive the same result also in CRMD_ORDER, or only in CIC0. Please keep in mind that there is a difference! In CIC0 no pop-ups for selecting partners is executed, so the first contact person is taken (note 487734 gives a modification. Also the partner function of ICAGENT is necessary within CIC0.
    From the view of CRMD_ORDER the following access sequence should be used:
    10     COM_PARTNER_A Preceding Document
    20     CRM_PARTNER_A BP Relationships By Sales Organization  + Wait Flag + Partner Function category '0006 Activity partner' and Usage 'CRM'.
    30     CRM_PARTNER_C Business Partner Relationships + Partner Function category '0006 Activity partner' and Usage 'CRM'.
    Hope that this information is helpful!
    Regards, Gerhard

  • I am using an iMac with OS 10.5.8 and either Safari or Firefox. What should I do if I need to access internet explorer?

    I am using an iMac with OS 10.5.8 . What should I do if I need to access internet explorer? I use either  Safari or Firefox.
    Thank you
    Earl

    There hasn't been an IE that would work on a Mac since 2002. The only way to use IE today is to run Windows on your Mac:
    Windows on Intel Macs
    There are presently several alternatives for running Windows on Intel Macs.
    1. Install the Apple Boot Camp software.  Purchase Windows XP w/Service Pak2, Vista, or Windows 7.  Follow instructions in the Boot Camp documentation on installation of Boot Camp, creating Driver CD, and installing Windows.  Boot Camp enables you to boot the computer into OS X or Windows.
    2. Parallels Desktop for Mac and Windows XP, Vista Business, Vista Ultimate, or Windows 7.  Parallels is software virtualization that enables running Windows concurrently with OS X.
    3. VM Fusionand Windows XP, Vista Business, Vista Ultimate, or Windows 7.  VM Fusion is software virtualization that enables running Windows concurrently with OS X.
    4. CrossOver which enables running many Windows applications without having to install Windows.  The Windows applications can run concurrently with OS X.
    5. VirtualBox is a new Open Source freeware virtual machine such as VM Fusion and Parallels that was developed by Solaris.  It is not as fully developed for the Mac as Parallels and VM Fusion.
    Note that Parallels and VM Fusion can also run other operating systems such as Linux, Unix, OS/2, Solaris, etc.  There are performance differences between dual-boot systems and virtualization.  The latter tend to be a little slower (not much) and do not provide the video performance of the dual-boot system. See MacTech.com's Virtualization Benchmarking for comparisons of Boot Camp, Parallels, and VM Fusion. Boot Camp is only available with Leopard or Snow Leopard. Except for Crossover and a couple of similar alternatives like DarWine you must have a valid installer disc for Windows.
    You must also have an internal optical drive for installing Windows. Windows cannot be installed from an external optical drive.

  • How many ghz should I get if I plan on using my IPAD2 for internet access, email, facebook and games for my children?

    How many ghz should I get if I plan on using my IPad2 for internet access, email, facebook and games for my daughters children?

    Ghz is the CPU speed and that is fixed for each iPad model.
    The GB is the number of Gigabytes of storage.
    I had a 32G iPad1 and filled it up with 5000 songs, 20,000 photos and about 50 apps.  It doesn't sound like you will need anything larger than that.  If you are just talking about a few dozen apps and email, the 16G version should be adequate.

  • I can't access messages in folders only in my in box.   What settings should I use?

    I can't access messages in folders only in my in box.   What settings should I use?  This has just recently happened

    Please rephrase your question and provide additional details so we can visualize.

  • Why is Yahoo screening my internet searches and denying me access to websites like parts of CBC?

    Why is it that yahoo has started filtering my internet usage? I get messages like:
    "We did not find results for thumbnail cbc because SafeSearch is active and your query contains some restricted word(s). Try the suggestions below or type a new query above.
    To search for thumbnail cbc, change your SafeSearch preferences."
    I do not use yahoo for anything! Yahoo has been denying me access to certain websites that I've been accessing for a long time. This used to only seem to affect some video content, now I'm having problems accessing all kinds of websites. Is this a virus? How do I get rid of this? The only solution I have found is to use internet explorer and I much prefer firefox!

    If you see the problem with Fireox but not with Internet Explorer, then it does seem to be a Firefox related problem, rather than say globally installed software or something to do with your Internet Provider.
    I note in the UK (Great Britain) new connections to Internet Providers now offer porn etc filters.
    Two possibilities I immediately think of are
    # You have not installed a standard Mozilla version of Firefox but have used a third party, modified build.
    #* In which case do a clean install, deleting program files (NOT profile files)
    #*Obtain an installer for an official version from https://www.mozilla.org/firefox/all/ see [[Troubleshoot and diagnose Firefox problems#w_5-reinstall-firefox]]'''_5-reinstall-firefox'''
    # You are using Yahoo without knowing it or you have some other software filtering search results
    #* Please attach a screenshot of the problem <br /> See [[How do I create a screenshot of my problem?]] <br /> You will need to use a compressed image type such as often used elsewhere on the web: .jpeg or .png types not a large bitmap image.
    #* Please let us have our full troubleshooting information as explained under
    To find the correct solution to your problem, we require some more non-personal information from you. Please do the following:
    *'''For Firefox versions previous to 29.0''': Click the Firefox button at the top left, then click the ''Help'' menu and select ''Troubleshooting Information'' from the submenu. If you don't have a Firefox button, click the Help menu at the top and select ''Troubleshooting Information'' from the menu.
    *'''For Firefox 29.0 and above''': Click the menu button [[Image:New Fx Menu]], click help [[Image:Help-29]] and select ''Troubleshooting Information''.
    Now, a new tab containing your troubleshooting information should open.
    *At the top of the page, you should see a button that says "Copy text to clipboard". Click it.
    *Now, go back to your forum post and click inside the reply box. Press Ctrl+V to paste all the information you copied into the forum post.
    If you need further information about the Troubleshooting information page, please read the article [[Use the Troubleshooting Information page to help fix Firefox issues]].
    Thanks in advance for your help!

  • Can you use Object Relational SQL to access XML content ?

    Is there a possibility to use the generated object types and collection types to conveniently access the xml data?

    Technically there is nothing to prevent you from using the object types generared when an XML Schema is registered to access and manipulate the contents of the instance documents that conform to the Schema. This would be done using the notation x.xmldata.attribute In this case x would be the object table, xmldata is the name of the instance of the SQL object type associated with the table in question.
    However we do not encourage or recommend this approach. Currently XML DB provides the application developer with DML / DDL independence. This holds true as long as you use XPATH expressions to express your DML operations. Using XPATH expressions to access the content of an XML document maintains an abstraction between the DML (XPATH) and the underlying Object Relational Storage Structure derived from the information in the corresponding XML Schema. Whereever possible, when you express a query using an XPATH expression, under the covers we attempt to re-write the query into Object Relational SQL, based on the meta data contained in the Schema, as access v
    If you use the object notation to access the content of the document you break this abstraction. Your application now needs to be aware of the physical (object relational) storage model being used to manage the instance documents.
    One of the key features of XML DB is that it allow a developer to use Schema Annotations to alter the storage model used to manage the instance documents. The most common example of this is using annotations to control the way in which collections are managed. Depending on the annotation in the schema you can store collections as a VARRAY, as a NestedTable or as a separate XMLType table. Dependong on the technique chosed the objects that are generated during the XML Schema registration process will change.
    If you use the XPATH expressions to accesss the content of your documents, and you decided to change the annotations in your schema so as to revise the way your documents are stored, XML DB will ensure your code should continue to work unchanged, regardless of which objects are generated during Schema registration. On the other hand, if you use the object notation to access the content of the documents, and then change the annotation you will have to change your code.
    I hope this clarifies the situation..

  • What lite client installation i should to use for OraOLEDB.Oracle

    I have code in VBScript and connection opens when i use oracle full installation, but when script is used on another client machine installation should be compact. What I should to use for it? I try ODAC xCopy but when i installed oledb with instant client i got "General run error" when script try to open connection. Also I registed manualy OraOleDB11.dll becouse it not registred by xcopy installation.
    strCon = "Provider=OraOLEDB.Oracle; Data Source=(DESCRIPTION =(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = hostname)(PORT = 1521)))(CONNECT_DATA =(SERVICE_NAME = serviceName)));User Id=userID;Password=passID;"
    Set objCon= CreateObject("ADODB.Connection")
    objCon.Open strCon
    msgbox objCon.State

    There are two configsets by default. Configset 1 is
    for synchronization and Configset 0 is used by
    provisioning (again, these are default settings).
    You cannot have two odisrv (Provisioning and Synch)
    with the same instance #.
    So, instance 1 could be Provisioning and instance 2
    could be Synch.
    Have you setup your synchronization mapping files?
    I would suggest you use the DIPTester utility to
    setup the synch. It might also be helpful to post the
    commands and the odisrv* logs (not the full dump, but
    the last snippet).Well I was trying to use ConfigSet 1 for synchronization but it either wouldn't let me because of how it is designed or I had screwed it up at that point since I didn't know what numbers to use for anything and it prevented me from using Set1 because of that. In the end I created a ConfigSet 2 and was able to get another instance of ODISRV running with that. That finally got the sync working on a scheduled basis. I'm now trying to get SSO working between OID and ADS and it seems that OID is too stupid to know that a user exists. I log onto the Windows PC into the domain and attempt to go to http://ssoServer.com:7778/pls/portal and login and I get an authorization denied message.
    I have debugging turned on as much as I can and the defaultIsland log file (forget the full filename but its an OC4J file in $ORACLE_HOME\opmn\logs directory). It says that I was denied access because the user could not be found and yet I see the user in the directory tree and it comes back in a search as well. The krbprinicipalname, uid, and orclcommonprinicipalname (I think that's what it's called) are all the same ([email protected]) and the orclusersearchbase is set to dc=mycompany,dc=com so I don't know why the account can't be found.
    ANy ideas on that issue?

  • Deny Alter permissions to a table

    Hello,
    I want to deny alter permissions and permissions to insert, update and delete to a specific table to the users in our team. All the users should have only the select permission. I am using the statement for denying the delete permissions as
    DENY DELETE ON OBJECT::dbo.Table_To_Deny TO ABCD\UserName;
    This is throwing an error as Incorrect syntax near '\'. I also tried just by putting username but no luck. I have no option to put the table in seperate readonly database.
    Please help.
    Thanks

    Why DENY?  Users don't have permissions until you grant them.  Just don't grant these users permissions to do things they shouldn't do.
    Your syntax is invalid because of the '\', exactly as the error states.  The deny would look something like
    deny delete on [SchemaName].[TableName] to [userName]
    David
    David http://blogs.msdn.com/b/dbrowne/

  • Denying Telnet Access on Catalyst 6509

    Hello,
    I was wondering if anyone could tell me how to disable or deny telnet access to my 6509s (CATOS). I recently put a crypto image on and I have SSH running. I would like to replace telnet access with SSH for remote management. However, I couldn't find a way to turn telnet off...right know both SSH and telnet are working, which kind of defeats the purpose of me putting the crypto image on.
    I was able to do this on my IOS switches with the command: switch(config-line)#transport input ssh.
    Thank you,
    Scott

    Just read your post correctly and deleted my last post...DOH!
    You can use ip permit lists on CATOS
    # set ip permit
    ds-sw> (enable) set ip permit 1.1.1.1 ?
    Set IP permit mask
    telnet Set telnet permit entry
    snmp Set snmp permit entry
    I'm running an old version of CATOS on a 5500 which doesn't support SSH but you should see SSH on your list of protocols.
    I think you will need use "clear ip permit telnet" first.
    HTH
    Paddy

  • How do I use my apple tv to access my netflix account?

    how do I use my apple tv to access my netflix account?

    You should see a Netflix icon on your main menu. Simply select it and login. If you happen to own a 1st gen device then you won't be able to access.

Maybe you are looking for

  • How do I add the rotate button to the main toolbar for all users

    How do I add the rotate button to the main toolbar for all users. I have a Windows 2003 Citrix farm with Adobe Reader 8. I can add it user by user but I want to add it to all users at once. All users need this rotate button, Thanks in advance ND

  • Newest version of iTunes will not add files to library.

    When I go to add a file to my iTunes library (11.01.1), the file does not show up in my Library. However, it shows up in the "Recently Added" playlist. Bizarre. Anyone else have this problem?

  • Sort order - Finnish_Swedish_CI_AS

    Don´t get the sort order here: I would say that aggr_gem-01 and aggr_gem-02 should come next to each other - but apparantly not. - anyone know why ? SELECT [name] FROM [LagringsAdm].[dbo].[FLtest] order by [name] gives: name aggr_gem-01 aggr_gem01_mi

  • Refreshing af:selectOneChoice values in multi-user environment

    Imagine the following scenario: a) User 1 is looking at a af:selectOneChoice on a web (ADF Faces) page showing some data b) User 2 inserts a new row in the table (from different jsf page) whose data is shown on that af:selectOneChoice, and commits th

  • Why would double-tap zoom stop working?

    I created a Pages document, into which I've put a number of photos. All are inline; longest dimension 1600 pixels, exported from Aperture at 200 dpi. (Liz Castro suggests max 1600 pixels so it will zoom to full screen.) I export as ePub. Formatting w