Allowing a user to create/drop tables in another users schema

We have a central shared schema (TEAM). So we can monitor who is doing what users have there own login(USER1, USER2...). Is there a way to allow a user to create/drop objects in another user.
I.e.
SQL> connect USER1
SQL> create team.table1(col1 char(1));
SQL> drop table team.table1:
How can this be set up?
Ben

Here is what you can do, If you want to keep track of what users are doing.
Open the glogin.sql file and set the spool like this
spool /oracle/audit/SID_&_user.logEverytime user logs in it will be populated and you will be able to see who is doing what.
You can remove the write permission on glogin.sql so that no one can modify it.
You also need to create a script like this, which would rename it every time same user would login.
#!/bin/ksh
time=`date +"%b"_"%d"_"%H"_"%M"`
##you need to pass some more variables and while loop to include all the users## ( This is just for an example)
if [ -f /oracle/audit/SID_SYS.log ]
then
mv /oracle/audit/SYS.log /oracle/audit/SYS.log.$time
fiEdit the glogin.sql file with this script information like this
host /oracle/audit/file.kshHope this helps, if you need more information let me know.

Similar Messages

  • CREATE/DROP synonyms in another user's schema without ANY privilege

    What's the best way to enable a user to create/drop synonyms in another user's schema without doing any of the following?:
    1) Granting CREATE/DROP ANY SYNONYM or CREATE/DROP PUBLIC SYNONYM to the synonym creator.
    2) Logging in as the user that will own the synonym to create the synonym.
    * Although option #2 might be ideal, it would require reworking a lot of code in our environment.
    I thought about creating a stored procedure in the syn-owner's schema that issues the "CREATE SYNONYM" DDL command and then granting EXECUTE on this proc to the syn-creator -- but, it's my understanding that it's best to avoid putting DDL inside stored code.
    Any ideas?
    Oracle version is 10.2.0.4

    DBA should recognize"should" is the operative word here :)
    One clarification: the user from which the DBA's are planning to revoke the "ANY" privs is an account used internally by one of our ETL tools -- not a developer account. In fact, only the ETL tool itself and the DBA's can log into the account in TST/PRD (developers can log in with it in DEV). Even so, the DBA's still want to revoke "ANY" privs from ALL non-DBA accounts in ALL databases (including DEV). I kind of think that this is overkill, but then again, I don't make the rules here!
    Anyhow, it seems that what we need here is the insight of a political scientist rather than that of a DBA. (not that your perspective is not valued!!)
    Seems that I'll be going back to the drawing board...
    Thanks for your help.

  • Privilege to allow a user to create a view in another user's schema

    Hello,
    I need to allow a user to create a view in another user's schema.
    Say, to connect as USER_A and run statement: 'create view USER_B_SCHEMA.myview as select...'
    Is there any way to accomplish that without granting USER_A privilege to CREATE ANY VIEW? I want to keep USER_A at the lowest profile possible.
    Thanks!

    You have the option to create an stored procedure, here a test case (no optimized, no bug free):
    SYS@orcl > create user sp_owner identified by sp_owner;
    SYS@orcl > grant create any view to sp_owner;
    SYS@orcl> create procedure sp_owner.create_view (
      2  view_name varchar2, view_sql varchar2 ) is
      3  begin
      4    execute immediate 'create view '||view_name||' as '||view_sql;
      5  end;
      6  /
    Procedure created.
    SYS@orcl > create user test identified by test;
    SYS@orcl > grant create session to test;
    SYS@orcl > grant execute on sp_owner.create_view to test;
    TEST@orcl> execute sp_owner.create_view('scott.emp_vw','select * from scott.emp')
    PL/SQL procedure successfully completed.HTH
    Enrique
    PS. If your problem was solved, consider marking the question as answered.

  • Wich rights must a user have to copy a table to another user?

    Wich rights must a user have to copy a table to another user? If I try it while using SQLDeveloper I become a message wich says that the user has not enough rights.
    Thanks a lot
    Torsten

    If you are trying to create a table in a schema other than your own, you must have the CREATE ANY TABLE system privilege.

  • How do I create a table within another table?

    How do I create a table within another table?
    As shown in image below (document created with Words), I already have a table with 3 columns. How do I create another table with 6 columns to tabulate the data (the one below "3.1 Overall")?

    Last time I checked in Pages 5.5.2 that is not possible.
    Peter

  • Create a table from another table

    I have Windows XP with 10g 10.2.0.1.0
    I need to create a table from another table to re-arrange the table column order and add the following statement at the end of creation.
    PCTFREE 10 PCTUSED 0 INITRANS 1 MAXTRANS 255 NOCOMPRESS LOGGING STORAGE
    INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645 PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT
    TABLESPACE "TAB_DATA"
    Below iis my SQL statement, but it doesn't work. Please help.
    create table my_table as (select t1, t5, t2, t3, t4 from orig_table
    PCTFREE 10 PCTUSED 0 INITRANS 1 MAXTRANS 255 NOCOMPRESS LOGGING STORAGE
    INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645 PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT
    TABLESPACE "TAB_DATA"
    *);*

    Kee Kee wrote:
    I have Windows XP with 10g 10.2.0.1.0
    I need to create a table from another table to re-arrange the table column order Why? Column order has no meaning. The individual SELECT statement specifies the column order that particular statement wants, which may be different from the needs of some other SELECT statement.
    and add the following statement at the end of creation.
    PCTFREE 10 PCTUSED 0 INITRANS 1 MAXTRANS 255 NOCOMPRESS LOGGING STORAGE
    INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645 PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT
    TABLESPACE "TAB_DATA"
    Below iis my SQL statement, but it doesn't work. Please help.
    create table my_table as (select t1, t5, t2, t3, t4 from orig_table
    PCTFREE 10 PCTUSED 0 INITRANS 1 MAXTRANS 255 NOCOMPRESS LOGGING STORAGE
    INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645 PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1 BUFFER_POOL DEFAULT
    TABLESPACE "TAB_DATA"

  • 'File in Use' message is received when one user is in the report and another user tries to open the Excel template

    ‘File in Use’ message is received when one user is in the report and another user tried to open the excel template. how to make excel template shared for multiple users so the users don’t see the ‘File in Use’ message?

    Hi Febin,
    In addition to others’ replies, we can create a shared workbook and place it on a network location where several people can
    edit the contents simultaneously. For example, if the people in your work group each handle several projects and need to know the status of each other's projects, the group can use a shared workbook to track the status of the projects. All persons involved
    can then enter the information for their projects in the same workbook.
    Regarding how to do this,
     the following article can be referred to reference.
    Use a shared workbook to collaborate
    http://office.microsoft.com/en-in/excel-help/use-a-shared-workbook-to-collaborate-HP010096833.aspx
    Best regards,
    Frank Shen

  • Properties of an answer field allowing form users to create a table

    When using Acrobat XI, is it possible to set the properties of the answer field to allow users to put in a table as an answer?

    Create the table in aanother program Such as word  then save. Then fill in the table items.
    Check this out: http://www.screencast.com/t/FxCNROO5AQj

  • How to create view/table from other user's view/table

    Hi all
    I'm using Oracle database 10g.
    I create table/view on user XXX, how to I create table/view on user YYY from user XXX.
    Thankyou,
    Thiensu2810

    user8248216 wrote:
    Hi all
    I'm using Oracle database 10g.
    I create table/view on user XXX, how to I create table/view on user YYY from user XXX.
    Thankyou,
    Thiensu2810grant select on xxx.table_name to yyy;
    create table/view table/view_name as select * from xxx.table_name;

  • How can I create a table in other's schema?

    I have two users say 'user1' and 'sanju' along with other users in the database.Both the users are granted a connect role. I have connected as a 'sanju' user. Now I want to create a table in schema 'user1'.
    Please note that user 'sanju' should not be allowed to create table in any other user's schema.
    I have set the current schema of 'sanju' as 'user1'.
    ALTER SESSION SET CURRENT_SCHEMA=USER1
    I know that 'grant create ANY table to sanju' will allow 'sanju' to create table in all the schema. I dont want that. Is there any way to create a table in any other's schema?
    Please answer ASAP

    This is not directly possible, but you can use following workaround:
    connect user1/passwd
    create or replace procedure testCreateTable as
    begin
    execute immediate 'create table user1.testTable(c char)';
    end test;
    grant execute on testCreateTable to sanju;
    connect sanju/passwd
    execute testCreateTable
    Of course, you can make this procedure more generic by specifying the necessary parameter.
    Please not that this procedure only works, if user1 was granted the create table privilege directly, and not through a role (e.g. dba), because roles are disabled when executing

  • Grant read authorisation on all of its tables to another user

    Hi,
    we would like to read the tables of SAP directly from MaxDB. The user sap<sid> is not a good candidate. So, we create another user dbreader.
    Could somebody help me, how to grant read authorisation on all SAP tables to user dbreader?
    Thanks a lot in advance.
    Best Regards,
    Rongfeng

    Hello Rongfeng,
    do you notice to what a dilemma you bring us with your request?
    On the one hand, we're participating in this SDN community to help people, so that they can successfully use the software and enjoy it.
    On the other hand you ask for the how-to for something that is a really bad idea and that will bring you into trouble.
    By allowing a read-only access to SAP tables you bypass all permission management of SAP. As soon as any auditor sees that, the compliance certificate of your company is gone.
    You can even access all clients - how do you prevent from working with the wrong set of data?
    Also it does not seem as if you know what you're about to do there. In fact, you don't even know what data you want to see.
    It's just the "gimme-all" request, something that might be OK at the kepab booth, but surely not with data access permissions.
    Apart from the security aspect: SAP tables don't make sense on database level.
    All references and dependencies between them are only kept within the application layer.
    All the semantics of the data fields (and with them all consistency check) are only present at the application layer.
    Even the state of records is not consistent on the database, as SAP uses it's own updater concept in - you guess it - the application layer.
    So, for me the question is:
    If I tell you how to do what you asked for, does it do more harm than it's useful?
    The regular readers of this forum already know my reply to this kind of request...
    DON'T DO IT!
    Instead define and specify a API to the data you need to see.
    Better use the tools you already paid for ... ABAP, BAPI, RFC, WebServices... there are tons of options to get data out of SAP systems properly. And all of them are safe, secure, well documented and reliable.
    Best regards,
    Lars

  • Issue creating a MatView for another user w/ a private DB Link

    I am having an issue creating a materialized view for another user where the select statement for the MV uses a private db link. Looks like the following:
    Logged in as user X, I run:
    create materialzied view Y.foo
    (select blah
    from tbl@y_priv_db_link_here);
    When I try to run this, I get a permission issue. User X has DBA privilege, user Y has create MV priv and has select priv on the table in the db link.
    I can create this MV logged in as user Y. Cant create this logged in a user Y in test or prod environment, so this isn't an option.
    Any ideas on how I can create this logged in a user X? I believe the issue here is that since this is a private db link owned by user Y, user X doesn't have access to this db link.
    thanks.

    Here is what I was trying to do:
    SQL> CREATE MATERIALIZED VIEW extract.ADDRESS
    2 TABLESPACE xxx
    3 BUILD IMMEDIATE
    4 REFRESH
    5 COMPLETE
    6 ON DEMAND
    7 WITH PRIMARY KEY
    8 AS
    9 ( SELECT ... FROM address@CM_TO_CPD);
    FROM pwb_address@CM_TO_CPD)
    ERROR at line 11:
    ORA-01031: insufficient privileges
    Message was edited by:
    Jim S

  • CREATE TABLE for another OWNER/SCHEMA and in another TABLESPACE?

    I am logged in a SYSTEM user. Now I want to create a table aaa. The owner of this table should not be SYSTEM but user KARL. and the TABLESPACE should not be SYSTEM but the (existing) TABLESPACE tttt.
    As far as I know I can achieve this by issuing the following command:
    CREATE TABLE KARL.aaa ( a INTEGER, .......) TABLESPACE tttt;
    Regarding the TABLESPACE parameter I am not sure. Is it possible to allocate a TABLE for User Karl in a TABLESPACE which is not assigned to him?
    Furthermore I have an additional problem.
    I have a script with hundreds of CREATE TABLE + ALTER TABLE + CREATE INDEX DDL statements.
    All of them are not prepended with Schema/Owner and an TABLESPACE clause.
    Can I put somehow one single instruction at the top of the script which telles Oracle
    to use
    - OWNER Karl as Schema/Owner for all subsequent DDL stements
    - TABLESPACE tttt as TABLESPACE for all subsequent DDL stements
    In MYsql there is a "use <database>" statement. Is there soemthing similar for Oracle?
    Thank you
    Peter

    Yes... you can do that. Take for example a user A who has a secret password that you don't wish to give out... like an application schema. User B needs to make tables/objects in schema A and you want to track what user B is doing. First setup Oracles Fine Grained Auditing and then grant "connect through" from user A to user B as follows:
    SQL> create user b identified by abc123
      2    quota unlimited on users;
    User created.
    SQL> grant create session to b;
    SQL> create user a identified by abc123
      2    quota unlimited on users;
    User created.
    SQL> grant create table
      2      , create session
      3     to a;
    Grant succeeded.
    SQL> alter user a grant connect through b;
    User altered.
    SQL> connect b[a]/abc123@a486
    Connected.
    SQL> show user
    USER is "A"
    SQL> create table a.my_proxy_table
      2  ( c1 number
      3  , c2 varchar2(50)
      4  , c3 date
      5  );
    Table created.-----
    See that I connected using the "username[proxyuser]" syntax. Also notice that user B is by proxy user A, illustrated by my "show user" command. The connect through can be granted/revoked as needed without divulging A's password to B. In addition, your audit tables or xml logs will track the fact that user B created table a.my_proxy_table.
    Hope this helps,
    John

  • Creating extra tables while reversing the schema

    Hi,
    while reversing a schema, ODI is createing some extra tables with name starting BIN....
    BIN$n0N0JG+2TE676lf8wPm3Kw==$0
    BIN$B3QnNwKfRwiJBzUokrdaOQ==$0
    BIN$SlMSt8GRTMeRu92uIx77zA==$0
    BIN$jdFr+kpVQkKobqoU6OY4fw==$0
    BIN$iRX5BQw3TR+jEGZfvUB1cQ==$0
    BIN$3lg8BtTjQ5S0m/E2Sm5Fxw==$0
    These extra tables are creating problems.
    Please help me why these tables are getting created.....
    Thanks,
    Naveen Suram

    Oracle maintains a recycle bin for dropped objects starting with Oracle 10g. Dropped tables go "into" the recyclebin, and can be restored (undropped) from the recycle bin.
    The recycle bin is enabled by default.
    SQL>ALTER SYSTEM SET recyclebin = OFF; -- It will disable recycle bin for the entire database
    SQL> ALTER SESSION SET recyclebin = OFF; -- It will disable recycle bin for the session
    Tables can also be dropped without sending them to the recycle bin.
    DROP TABLE t1 PURGE;
    Thanks,
    Sutirtha

  • Using execute immediate creating a table from another

    hi friend i wanted to create a table from a select statement in a pl sql procedure. i am using execute immediate but getting problems with it pls can anyone help me.
    here is the query i am using
    EXECUTE IMMEDIATE 'CREATE TABLE table_name AS  (SELECT * FROM  a_view   WHERE column_name LIKE '%some_string%');
    i need to know if this can be done and if yes how. pls help me its bit urgent too. the schema name is same and the privileges are available to create tables too.

    Your syntax is wrong.
    If you would use a syntax higlighted editor, it would show.
    Yout try to execute a string where another string is embedded. Please use two times single quote or use the 'q' function:
    This one is correct:
    EXECUTE IMMEDIATE 'CREATE TABLE table_name AS (SELECT * FROM  a_view WHERE column_name LIKE ''%some_string%'')';
    or this one:
    EXECUTE IMMEDIATE q'|CREATE TABLE table_name AS (SELECT * FROM  a_view WHERE column_name LIKE '%some_string%')|';
    good luck

Maybe you are looking for