ALTER USER USERNAME DEFAULT ROLE ALL;

Hi,
I want to know, what is the meaning of "ALTER USER CARDS DEFAULT ROLE ALL"

It's easy to understand things when you try them,
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options
SQL> grant connect to newuser identified by newuser;
Grant succeeded.
SQL> conn newuser/newuser
Connected.
SQL> select * from session_roles;
ROLE
CONNECT
SQL> conn / as sysdba
Connected.
SQL> create role new_user;
Role created.
SQL> grant select any table to new_user;
Grant succeeded.
SQL> grant new_user to newuser;
Grant succeeded.
SQL> conn newuser/newuser
Connected.
SQL> select * from session_roles;
ROLE
CONNECT
NEW_USER
SQL> conn / as sysdba
Connected.
SQL> alter user newuser default role connect;
User altered.
SQL> conn newuser/newuser
Connected.
SQL> select * from session_roles;
ROLE
CONNECT
SQL> set role new_role;
set role new_role
ERROR at line 1:
ORA-01919: role 'NEW_ROLE' does not exist
SQL> set role new_user;
Role set.
SQL> select * from scott.dept;
    DEPTNO DNAME          LOC
        10 ACCOUNTING     NEW YORK
        20 RESEARCH       DALLAS
        30 SALES          CHICAGO
        40 OPERATIONS     BOSTONHTH
Aman....

Similar Messages

Identifying users without DEFAULT ROLE ALL

I want to query the database catalog to identify users who have been defined without DEFAULT ROLE ALL. Unfortunately I do not see anything in DBA_USERS that would tell me this.
I suppose I could run DBMS_METADATA.EXTRACT_DDL to generate scripts for all users, and examine the output, but I would like something more direct.
Thanks,
Mike Tefft

DBA_ROLE_PRIVS will tell me if there are any non-default roles. But it will not tell me if the user has been set for DEFAULT ROLE ALL.
Here is the scenario I am trying to detect:
06:56:27 > create user mjt_test_user_a identified by xxxx;
User created.
Elapsed: 00:00:00.01
06:56:27 > create user mjt_test_user_b identified by xxxx;
User created.
Elapsed: 00:00:00.03
06:56:27 >
06:56:27 > create role mjt_test_role1;
Role created.
Elapsed: 00:00:00.01
06:56:27 > create role mjt_test_role2;
Role created.
Elapsed: 00:00:00.00
06:56:27 >
06:56:27 > grant mjt_test_role1 to mjt_test_user_a ;
Grant succeeded.
Elapsed: 00:00:00.00
06:56:27 > grant mjt_test_role1 to mjt_test_user_b ;
Grant succeeded.
Elapsed: 00:00:00.01
06:56:27 >
06:56:27 >
06:56:27 > alter user mjt_test_user_a default role mjt_test_role1 ;
User altered.
Elapsed: 00:00:00.03
06:56:27 > alter user mjt_test_user_b default role all;
User altered.
Elapsed: 00:00:00.00
06:56:27 >
06:56:27 > select * from dba_role_privs where grantee like 'MJT%TEST%' order by 1,2;
GRANTEE                        GRANTED_ROLE                   ADM DEF
MJT_TEST_USER_A                MJT_TEST_ROLE1                 NO YES
MJT_TEST_USER_B                MJT_TEST_ROLE1                 NO YES
2 rows selected.
Elapsed: 00:00:00.03
06:56:27 > At this point, both users look the same from DBA_ROLE_PRIVS. But if I add another role, it may be added as a non-default role (the scenario which burned me last night, and which I want to find out if it exists elsewhere).
06:56:27 >
06:56:27 > grant mjt_test_role2 to mjt_test_user_a ;
Grant succeeded.
Elapsed: 00:00:00.00
06:56:27 > grant mjt_test_role2 to mjt_test_user_b ;
Grant succeeded.
Elapsed: 00:00:00.00
06:56:27 >
06:56:27 > select * from dba_role_privs where grantee like 'MJT%TEST%' order by 1,2;
GRANTEE                        GRANTED_ROLE                   ADM DEF
MJT_TEST_USER_A                MJT_TEST_ROLE1                 NO YES
MJT_TEST_USER_A                MJT_TEST_ROLE2                 NO NO
MJT_TEST_USER_B                MJT_TEST_ROLE1                 NO YES
MJT_TEST_USER_B                MJT_TEST_ROLE2                 NO YES
4 rows selected.
Elapsed: 00:00:00.07
06:56:27 >

DEFAULT ROLE ALL

Hi,
I wanted to know what does this ROLE contain?
One of my application user has this role and I am wondering which all privileges does this ROLE has?
Thanks!

Hi user9104898,
From Oracle documentation;
DEFAULT ROLE Clause
+Specify the roles granted by default to the user at logon. This clause can contain only roles that have been granted directly to the user with a GRANT statement. You cannot use the DEFAULT ROLE clause to enable+
*Roles not granted to the user+
*Roles granted through other roles+
*Roles managed by an external service (such as the operating system), or by the Oracle Internet Directory+
Oracle Database enables default roles at logon without requiring the user to specify their passwords or otherwise be authenticated. If you have granted an application role to the user, you should use the DEFAULT ROLE ALL EXCEPT role clause to ensure that, in subsequent logons by the user, the role will not be enabled except by applications using the authorized package.
Ogan

Alter USer Username

i am using oracle 8i version db .
Is there any possibility to change the schema name in oracle 8i ..and keep new name ...
For eg my schema name is ... SCHEMA1 can change it to SCHEMA2

I'm afraid there is no 'alter schema ... rename...;'
You need to export the schema, create your new (renamed) user and import into that schema. Finally drop the old schema.
Be careful if you're using public synonyms as well because they will obviously not be valid afterwards.

Default roles... by default

Is there a way to have a role be default by default. In other words rather than
1. grant a role to a user
and then
2. make that role default for each user granted the role (i.e. ALTER USER user_name DEFAULT ROLE role_name;)
is there a way to have #2 above happen automatically when granting a role to a user? So that by default, roles granted are enabled as a default role for the user?
Thanks.

when granting a role to a user? So that by default,
roles granted are enabled as a default role for the user?The user attribute of sys.user$.defrole seem to play a part in whether subsequent grant <role> to <theuser> commands will put roles on the "default roles" list or not. But as far as I know this is not (widely) documented.
What you could do is to once issue
alter user <theuser> default role all | all except <list of roles> This will set defrole to 1 and 3, respectively, and subsequent grants will make roles default roles for the user. Using the grant command with none | <list of roles> implies that subsequent role grants will not be enabled by default.
(So, somebody issued another alter user user default role command with none or role_name, before you granted another role to the user.
Also, I've mentioned this in another post just recently:
Re: user can not do select,insert,update,delete on view when user has the role

Users, privileges and roles problem!

Hi everyone,
I am using oracle 10.2.0.
I have a user (dba1) who is the owner of tables in my database. I have connected to sqlplus as sysdba and created the role admin and granted the admin all the privileges.
SQL> grant all privileges to admin;
Grant succeeded.
SQL>Then I granted the admin role to the user dba1:
SQL> grant admin to dba1;
Grant succeeded.I have created another role, sel_role and given that role the privileges to select tables. For example:
SQL> grant select on kund to sel_role;
Grant succeeded.Now I have created another user, Anton, and have given that user the role sel_role:
grant sel_role to Anton;
Grant succeeded.Now when I try to log in as anton and try to use the select statement which is given to Anton by sysdba, using the sel_role, to select the table kund, I got an error:
SQL> connect anton/oracle
Connected.
SQL> select * from kund;
select * from kund
ERROR at line 1:
ORA-00942: table or view does not existWhat could be the solution to this problem?
Thanks in advance

Solomon Yakobson wrote:
Connect as sysdba and issue:
ALTER USER anton DEFAULT ROLE ALL;SY.Same problem!
SQL> alter user anton default role all;
User altered.
SQL> connect anton/oracle
Connected.
SQL> select * from kund;
select * from kund
ERROR at line 1:
ORA-00942: table or view does not exist

Default roles and grants

I have role called role_test and this is granted to user user_test and made it as default role.
but role_test is protected by password i.e to set role need to give password.
set role role_test identified by test_role_pass;
My question is when the user user_test loggs in will automatically gets this role_test as it is grated as default role ?
or still he needs to call set role identified by password to enable this role.
I am using oracle 11g database.Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
Is there any change of this behaviour with oracle versions 10g to 11g ?
Thanks,
Phani

Phani_Orcl wrote:
Is there any change of this behaviour with oracle versions 10g to 11g ?Yes, there is. Password protected roles in 11g are not enabled at login time even if it is a default role:
SQL> create role r1;
Role created.
SQL> create role r2 identified by r2;
Role created.
SQL> create user u1 identified by u1
2 /
User created.
SQL> grant create session to u1
2 /
Grant succeeded.
SQL> grant r1,r2 to u1
2 /
Grant succeeded.
SQL> alter user u1 default role all
2 /
User altered.
SQL> connect u1/u1
Connected.
SQL> select * from session_roles;
ROLE
R1
SQL>
And it is documented
Authorizing a Role by Using the Database
You can protect a role authorized by the database by assigning the role a password. If a user is granted a role protected by a password, then you can enable or disable the role by supplying the proper password for the role in the SET ROLE statement. You cannot authenticate a password-authenticated role on logon, even if you add it to the list of default roles. You must explicitly enable it with the SET ROLE statement using the required password.
SY.

DEFAULT ROLE FOR USER

I swich to Oracle11g express and create user
CREATE USER LEO
IDENTIFIED BY xy
DEFAULT TABLESPACE USERS
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
ACCOUNT UNLOCK;
-- 3 Roles for LEO
GRANT AUTHENTICATEDUSER TO LEO;
GRANT CONNECT TO LEO;
GRANT FER_ADMIN TO LEO WITH ADMIN OPTION;
ALTER USER LEO DEFAULT ROLE FER_ADMIN;
-- 1 System Privilege for LEO
GRANT CREATE SESSION TO LEO;
-- 1 Tablespace Quota for LEO
ALTER USER LEO QUOTA UNLIMITED ON USERS;
and after login i check
select * from SESSION_ROLES
and i have none role
if I set role all works fine.
Why I doesn't have DEFAULT ROLE after login.
Pleas for help .

here is the solution
default roles and grants
Edited by: Leo Lakota on 4.10.2012 5:52

Alter user default tablespace and temporary tablespace

Hi guru,
target : to ensure that users don't have the SYSTEM tablespace as their TEMPORARY or DEFAULT tablespace
scenario :
user default tablespace temporary tablespace
xxyym system system
Question: How to alter user ?
tq

In a scenario, let's say you want to make USERS the default tablespace for existing users and TEMP the default temporary tablespace, you can also create the alter statements as below into one script based on the output and run it.
select 'ALTER USER '||username||' DEFAULT TABLESPACE USERS;' FROM DBA_USERS WHERE DEFAULT_TABLESPACE IN('SYSTEM')
and username not in('SYS','SYSTEM');
select 'ALTER USER '||username||' TEMPORARY TABLESPACE TEMP;' FROM DBA_USERS WHERE TEMPORARY_TABLESPACE IN('SYSTEM');As magnus mentioned, don't forget to do this(if USERS and TEMP is what you want to go with) :
ALTER DATABASE DEFAULT TABLESPACE USERS;
ALTER DATABASE DEFAULT TEMPORARY TABLESPACE TEMP;

Default role

When we perform this code :
alter user smith default role r1,r2;
Does this mean the only enabled role for smith are r1 and r2,if yes how about the others including the ones with passwords ? are they disabled now if yes do we have to use set role to enabled them ?
I'm a little bit confused .Any help would be thankful.

Check the following link.
http://download-west.oracle.com/docs/cd/B10501_01/appdev.920/a96590/adgsec01.htm#1005730

Re: How to alter user using variable

I need to reset all Oracle default accounts to a custom password in one of our databases (11.1.0.7). I am using two files:
File 1 called mydb.sh
This file is Solaris shell script to run sql file. Here is the content:
#!/bin/bash
cd $HOME
. ./agsdb
sqlplus "/as sysdba"<<EOF
start /h/bin/mydb.sql
exit
EOF
if [$? !=0 ]; then
echo "Error, mydb.sh did not run"
echo "Exiting."
exit 1
fi
echo "********** mydb.sh is complete **********"And here is file2 mydb.sql
This file has content similar this the following:
>
alter user anonymous identified by password;
alter user oracle_ocm identified by password;
alter user DI identified by password;
alter user system identified by password;
Our problem is we don't want to use the password in plain text. To get arround, we will pass the password as a variable instead of the plain password text.
Maybe something like this:
alter user anonymous identified by variable_name;How can I mitigate this by passing this variable from solaris to sqlplus?
Thanks in advance.

Alex wrote:
01. Create a procedure to get the username and password and then alter that user. For this you can use synamic sql
CREATE OR REPLACE PROCEDURE (username VARCHAR2, password VARCHAR2)
IS
BEGIN
EXECUTE IMMEDIATE 'ALTER USER '||username||' IDENTIFIED BY ||password;
END;
I have already dealt with the above. My problem is how to get the procedure to pass the password in variable as you mentioned below:
02. Then in your shell script call that procedure by passing username and password variables..

Alter User Tablespace

To alter user TESTER's tablespace on 11g
BEFORE ALTER:
select username, tablespace_name from dba_ts_quotas where username = 'TESTER';
USERNAME TABLESPACE_NAME
TESTER test_ts
TESTER lob_ts
ALTER:
ALTER USER TESTER default tablespace USERS quota unlimited on USERS
AFTER ALTER:
select username, tablespace_name from dba_ts_quotas where username = 'TESTER';
USERNAME TABLESPACE_NAME
TESTER test_ts
TESTER lob_ts
TESTER USERS
QUESTIONS:
1) Why after the TESTER's tablespace is alterted, the old tablespace still showed up, i.e., test_ts and lob_ts?
2) How can I drop the TESTER from the test_ts and lob_ts?
3) After the TESTER is moved to the new tablespace, will the previously granted privileges still be effective? (such as resource, connect, and others)
Thanks

(1) & (2): A user can create objects in any tablespace he has quotas on, not just the default tablespace.
If you want to prevent the users from creating anything in tablespaces which they already have existing quotas defined, you have to remove it by setting the quota to 0.
Existing objects already created by the user will stay where they are though, so if your need is otherwise you will have to move the objects over to the new default tablespace manually.
alter user tester quota 0 on test_ts;
alter user tester quota 0 on lob_ts;(3): As you have not instructed Oracle to revoke any privileges, all other settings are unchanged.

Create object on user's default tablespace only

Hi all,
Is there anyway I can limit a user to create tables NOT on system tablespace , besides alter user quota 0M on system ?
Can I limit a user to create objects only on his own default tablespace ?
alter user quota 0M on < all other tablespaces except user's default> ?
Thanks.

Hi,
I have really no idea why oracle is behaving like this. How can you create a table without a quota.
1) Write here the oracle version for your database software
2) Can you try connecting to the database with same user id but from a remote client using TNS method instead of logging in locally, and they try creating the table.
3) Can you give only CREATE SESSION privilege (not create table) and then perform the same task again.
PS: Please paster your code/output enclosed withing code tag. Write **, then your code/output and then again *{code*
Salmam

Alter user

Hi,
When im using these command the session remains hang
alter user username identified by password
kindly let me know the issues behind these
Thanks

oracle version?
whats in the alertlog?
Post last 10 lines.

How do I permanently STOP the Bing Suggested Sites icon from being in the IE 9 toolbar for everyone and make it the default for all new users

Non of the other post on this subject were correctly answered and they are now old so here is a new thread for a question that a Microsoft Engineer should have answered a long time ago in one of the other threads.
I have IE 9 installed.
I am setting up my default profile which will be used for ALL users to configure their profile when they log on. All profiles are destroyed on system reboot. All PCs are frozen.
Every time I log in as a new user and open IE 9, the favorites bar shows up as I want it with NO BING Suggested Site crapware in site. Then about .5 secs after IE starts and the Favorites bar is shown, the EVIL "Bing Suggested Sites" button appears.
I can delete it and it seems to stay away until I delete the users profile folder etc and have them log in again. When the profile is recreated the Favorites folder does not have a "Suggested Sites" option in the c:\users\username\favorites\links"
folder. (I have deleted the hidden .ini files in the default folder) Nor does one exist in the "c:\users\default\favorites\links" folder from which the newly created user profile folder comes. But as soon as I start IE 9, one is created and placed
in the users favorites links folder. This MUST STOP!!!!!!!!!!!!! This is UNACCEPTABLE. AND IT MUST BE STOPPED!!!!! Where in the Windows 7 x64 Enterprise OS is the location of this evil action and how do I PERMANENTLY delete it.
I don't EVER want to see the EVIL BING Suggested Sites button anywhere on the PC especially in the Favorites Tool bar on IE 9. An I expect/demand that Microsoft tell us how to 100% cannot fail get rid of it for ALL USERS FOREVER NO MATTER WHAT!!!!!!!!!!!! I
have spent a lot of time perfecting my default profile making sur that ALL options are decide by me NOT MICROSOFT. I NEVER USE SYSPREP as that will destroy ALL custom defaults every time.
When a user logs in in to one of my PCs and they start IE 9 they get REAL Google for the default search engine, not the version Microsoft will give you which first sends all search requests to Microsoft so they can spy on what you searched in Google for etc.,
but real Google, not sent to Microsoft 1st. (I'll bet more than 90% of the readers of this site did not notice how if you let Microsoft set your default search provider to Google, they fix it so that all search requests go to Microsoft 1st, before it gets
sent to Google. Look at the search string under manage your search providers, in IE 7 & 8. In IE 9 it is hidden, but still there. HOW EVIL OF MICROSOFT)
With my default profile IE does not ask how you want to set it up, I have already made those decisions. I have made all those decisions for my users. But as of recently I have started installing IE 9 and now this unacceptable BING Suggested Sites junk ware
keeps showing up. HOW DO I STOP IT. Do I have to put a line in my HOSTS file to send all request for Bing.com to 127.0.0.1 just to make sure that it can't be used. There by removing all possibility of my users ever being able to use Bing FOREVER.
I would rather not do that but unless a Microsoft representative will tell me how to keep that useless Bing Suggested Sites button from appearing on the Favorites tool bar I will have to. I would love to let my user decide if they want to use Bing and waist
their time trying to find good search results, but I will not have it forced on them and I will not allow it to be on the Favorites tool Bar ever. So will a Microsoft Engineer please tell us how to put a permanent end to the "Bing Suggested Sites"
button for ALL users ALWAYS FOREVER.
Thanks,
Ralph

Hi,
I suggest you try the steps in this thread for test:
Disable Suggested Sites does not work.
http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/disable-suggested-sites-does-not-work/4ba064b1-1c6e-43f1-939e-2db1d335b2ef
Regards,
Vincent Wang
TechNet Community Support

ALTER USER USERNAME DEFAULT ROLE ALL;

Similar Messages

Maybe you are looking for