Can grant truncate table permission to a user?
Whether can grant truncate table permission to a user separately.
I know that the role db_ddladmin can do,but the create,alter and drop permissions will be granted the same time(These permissions are not what we want to
grant to user).
Is there any solution?
Best regards!!
If you haven't all the things you want,be grateful for the things you don't have that you didn't want.
You can't grant truncate because for whatever reason, that permission doesn't exist. What you can do is use a stored procedure and use EXECUTE AS OWNER to get around it.
create database foo
go
create login foobar with password = 'alkdsfji9eorngv';
go
use foo
go
create user foobar from login foobar;
go
create table test(rowid int identity)
go
insert into test default values;
go
select * from test
go
create procedure dbo.truncate_test
with execute as owner
as
truncate table test
go
grant execute on dbo.truncate_test to foobar
go
execute as login='foobar'
execute dbo.truncate_test
revert
go
select * from test
go
use master
go
drop database foo
drop login foobar
This keeps your database safe and allows you to grant execute on the truncate procedure to allow them to truncate the table.Jonathan Kehayias
http://sqlblog.com/blogs/jonathan_kehayias/
http://www.twitter.com/SQLSarg
http://www.sqlclr.net/
Please click the Mark as Answer button if a post solves your problem!
Similar Messages
-
Provide truncate table permission for a user
Please let me know the best possible way to provide truncate table permission to a SQL Server Database user (ddl_admin role cannot be granted to the user in my case)
Grant CONTROL permissions on table, user will be able to truncate table.
GRANT CONTROL ON user_table TO User
http://www.sqlservercentral.com/blogs/steve_jones/2011/03/07/sql-server-truncate-table-permissions/
Other ways check this:
Grant Truncate Table Permissions in SQL Server without ALTER Table
http://www.mssqltips.com/sqlservertip/2583/grant-truncate-table-permissions-in-sql-server-without-alter-table/
The ALTER permission provides the access required to alter the schema of a tables, this includes truncating the data in the table.
http://www.jasonstrate.com/2013/05/security-questions-truncate-table-permissions/ -
Question about GRANT CREATE TABLE permission
Hi,
How can I grant permission to UserA to create tables in UserB/SchemaB. I understand that "CREATE TABLE" will give permission to the user to create tables within its own schema and "CREATE ANY TABLE" will give permission to the user to create tables in ANY schema.
Is there a command to give CREATE TABLE to specific schema? Please advice ... Thanks!Is there a command to give CREATE TABLE to specific schema? Please advice ... Thanks!No but you can create your own solution
have SCHEMA_B create a procedure, MAKE_SCHEMA_B_TBL, that issues command below
EXECUTE IMMEDIATE CREATE TABLE ........
then do as below
GRANT EXECUTE ON MAKE_SCHEMA_B_TBL TO SCHEMA_A; -
How to grant create table privilege for a user on a specific table
Hi:
I created a user, for a test scenario. I granted this user create any table, and I made the default tablespace as example.
When I connect as the user and try to create a table, I get this:
SQL> create table T1 (NAME varchar2 (500), AGE number(2));
create table T1 (NAME varchar2 (500), AGE number(2))
ERROR at line 1:
ORA-01950: no privileges on tablespace 'EXAMPLE'
How can I grant the necessary privilege to have user create/delete tables on tablespace example?
Thanks.
DAcreate user ADAM identified by radge default tablespace EXAMPLE
quota 10M on EXAMPLE;
for example 10Mbytes given to Example tablespace.... or you can write:
.....quota unlimited on EXAMPLE
and
grant connect to ADAM
grant create table to ADAM .....
or
grant connect , resource to ADAM .... although grant resource is not recommended...
....and something else....
you should define temporary tablespace in create user command... otherwise the system would be used...
Greetings...
Sim
Message was edited by:
sgalaxy -
TRUNCATE TABLE NOT WORKING AFTER DROPPING CONSTRAINTS
Hi,
I have a table with a foreign key constraint. I know you can't truncate tables when there are foreign key constraints. So I drop the constraints before running the TRUNCATE TABLE command. But SQL Server is still stating there are foreign key constraints
even after they have just been dropped.
When I use SQL Server Management Studio to generate a drop & create script on this table or any other table with an FK consttaint, the generated script fails stating that there are still foreign key constraints??
I have the same problem for every table that has FK constraints, for those without FK, TRUNCATE table works without issues.
The end goal is to reset the identity value of the primary key. Since DBCC does not work on Azure, TRUNCATE TABLE is the only way left, especially if you can't even drop and recreate tables with FK constraints.
What am I missing here?
PeterHi,
Thanks for posting here.
TRUNCATE TABLE is similar to the DELETE statement with no WHERE clause; however, TRUNCATE TABLE is faster and uses fewer system and transaction log resources.
TRUNCATE TABLE removes all rows from a table, but the table structure and its columns, constraints, indexes, and so on remain. To remove the table definition in addition to its data, use the DROP TABLE statement.
If the table contains an identity column, the counter for that column is reset to the seed value defined for the column. If no seed was defined, the default value 1 is used. To retain the identity counter, use DELETE instead.
Restrictions
You cannot use TRUNCATE TABLE on tables that:
•Are referenced by a FOREIGN KEY constraint. (You can truncate a table that has a foreign key that references itself.)
•Participate in an indexed view.
•Are published by using transactional replication or merge replication.
For tables with one or more of these characteristics, use the DELETE statement instead.
TRUNCATE TABLE cannot activate a trigger because the operation does not log individual row deletions. For more information, see CREATE TRIGGER (Transact-SQL).
Truncating Large Tables
Microsoft SQL Server has the ability to drop or truncate tables that have more than 128 extents without holding simultaneous locks on all the extents required for the drop.
Permissions--------------------------------------------------------------------------------
The minimum permission required is ALTER on table_name. TRUNCATE TABLE permissions default to the table owner, members of the sysadmin fixed server role, and the db_owner and db_ddladmin fixed database roles, and are not transferable. However, you
can incorporate the TRUNCATE TABLE statement within a module, such as a stored procedure, and grant appropriate permissions to the module using the EXECUTE AS clause.
You cannot truncate a table which has an FK constraint on it.
Typically my process for this is:
Drop the constraints
Trunc the table
Recreate the constraints.
Hope this helps you.
Girish Prajwal -
Is it can grant an admin right for special application ?(No Runas as Administrator)
Dear All
Background: We have an application which run on users group in server 2000 SP4 is normal.
We want upgrade the OS to Win7 , on the Win7 the application can not launch on normal users group.
I was try the properties of compatibility to server 2000 and choose "Run this program as an administrator" and edit the regedit key permission , both of all is not work on my case.
It is ok right-click the application and runas as administrator, but on the other hand I find runas administrator has some other error with the application.
May I know is it has a method can grant the admin right to special user when running special application ?
Regards AllHi,
What application can not run in Windows 7? I think there is a application compatibility issue, so please attempt to run Program Compability troubleshooter.
Also, you said you got some error while you ran as administrator with runas command. And what are the errors?
RUNAS /user:<Username> Program
Based on my knowledge, we cannot grant the special user with admin right unless you add this special user to Administrators group. When a special user is running a application requiring administrator permission, it will prompt to input administrator username
and password.
Andy Altmann
TechNet Community Support -
Sql query to grant TRUNCATE permission to a table
Need help to write sql query to grant TRUNCATE permission to a table
sujnan wrote:
Need help to write sql query to grant TRUNCATE permission to a tableThis would require DROP ANY TABLE privilege.
However, this is a rather powerful privilege and should not be granted to non admin users.
Alternatively you can create a stored procedure in table owner's schema which would truncate specified table.
Grant execute rights on this SP only to required users.
See an example below:
http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:1458414958491
You could(rather should) put in more validations in this SP to prevent users from truncating tables that they are not supposed to. -
What is the version of grant alter table, drop table to user in Oracle 10g?
Hi,
Oracle support "grant alter table and drop table" before, but I get the "invalid privilege" error in Oracle 10g. Oracle 10g have the "DROP ANY TABLE" and "Alter any table". Is these two means can drop and alter tables belonging to other users? How do I grant the total control (CRUD) of tables in the owner's schema to the owner in Oracle10g?
Thanks,
JiangCREATE TABLE privilege grants complete control on owner's tables :
SYS@db102 SQL> create user test01 identified by test01;
User created.
SYS@db102 SQL> grant create session, create table to test01;
Grant succeeded.
SYS@db102 SQL> alter user test01 quota unlimited on users;
User altered.
SYS@db102 SQL> conn test01/test01
Connected.
TEST01@db102 SQL> create table test(a number);
Table created.
TEST01@db102 SQL> alter table test add(b varchar2(100));
Table altered.
TEST01@db102 SQL> drop table test purge;
Table dropped.
TEST01@db102 SQL> -
Granting table privileges on another users tables
Can anyone tell me what privilege needs to be granted to a user to be able to grant insert/update/select/delete/execute on another users tables/packages?
I had thought that 'grant any privilege' was the one to have... and - the user I am trying to use to grant the privileges on the other users schema has this however - I'm still getting : ORA-01031: insufficient privileges when trying to run the grants.
Any ideas what I'm doing wrong here?Ok... well...
The 'with grant' option doesn't appear to be the issue.
The user attempting to perform the grants:
i.e. GRANT SELECT ON user_2.table_1 TO view_role
has the 'grant any object privilege' and - that seems to be enough. When I run the statement above as a simply as typed - it works fine.
However - what I'm actually doing is concatenating that together in a string and running (from a package created by/as user_1) and doing an execute immediate...
i.e.
l_sql := 'GRANT ' || l_rec.privilege || ' ON ' || l_rec.owner || '.' || l_rec.table_name || ' TO ' || p_role;
EXECUTE IMMEDIATE l_sql;
And - it's this that's giving me the insufficient privileges...
I do not have invokers rights set on the package - so that shouldn't be an issue. And - I can't find any documented restriction on doing this (and - in fact - it works fine if I create the package as user_2 and run it as user_2 - the owner of the objects).
I'm at a loss. -
SSPR - Unlock User - No policy grants the Requestor permission to complete all changes.
When trying to unlock a user in FIM Portal I get the below error with FIM Admin account.
Error processing your request: The operation was rejected because of access control policies.
Reason: The operation failed as a result of insufficient access rights.
Attributes: GateData
Correlation Id: eda9f21c-a777-4ef2-b12f-25e82aef7973
Request Id:
Details: No policy grants the Requestor permission to complete all changes.
Any ideas?You need to update the MPR for Administration: Administrators can read and update Users and under the Target Resources tab, add the Attribute GateData in the Attributes Box.
If you are doing this through the Sync Engine, also do the same in the MPR
Synchronization: Synchronization account controls users
it synchronizes
That should solve the problem.
You need to do this for all the attributes you get the error for. FIM does not give all the attributes that it fails with insufficient rights, it fails at the first attribute, so once you have solved this attribute there may be others generating the same
error. So watchout for that Attributes: GateData it may change, so any attribute that fails you need to follow the above streps. -
How i can grant permissions a user to pakege body
i would like to know how i can grant permission to user on a pakege body. so the user can see that. i created a pakage and it has couple pakage body but the user can see the pakage body. however i did grand execute on pakage.
thanksin order to be able to see the package spec as well as the body in the schema browser of the tool you are using, you will have to grant
EXECUTE ANY PROCEDURE
to that user.
beaware of the consequences of granting this privledge to the user though.
read more about it here:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:454220160386#55242292670725
This is one of the security model feature that you automatically get by using packages.
if you do not like the benefits (which will be hard to understand), you can start writing simple procedures and functions.
Message was edited by:
Kamal Kishore -
How we can lock No more than one user can use the table at a single time
Hi Abapers,
0) which function modules to lock & unlock a table.
1) When you execute the program, we can check if there is any lock on this table. If yes, the user should be able to only view the table contents and not modify.
2) If there is no lock, then lock the table and go into change mode.
3) On exiting from the program, unlock the table using the function module.
4) more than one user can't modify the table just display.
Note: If there is any lock, display message saying table is locked.
Plz help me for this requirement.
Thanks
NaniHello Nani
Have a look at the lock object EMMARAE (<i>Lock MARA and MARM/MAKT exclusively</i>) in transaction SE11.
Inspect the F1 help for field <b>Lock mode</b>:
DE ENQMODE
Short Text
Lock mode
Definition
Defines how to synchronize table record access by several users.
The following modes exist:
Exclusive lock
The locked data can be read or processed by one user only. A request
for another exclusive lock or for a shared lock is rejected.
Shared lock
Several users can read the same data at the same time, but as soon
as a user edits the data, a second user can no longer access this
data. Requests for further shared locks are accepted, even if they
are issued by different users, but exclusive locks are rejected.
Exclusive but not cumulative lock
Exclusive locks can be requested by the same transaction more than
once and handled successively, but an exclusive but not cumulative
lock can only be requested once by a given transaction. All other
lock requests are rejected.
If you want to lock a standard table search whether the table is used in lock objects (<i>Where-Used-List</i>). If it is a customer table you have to create your own lock object (including two function modules: one for enqueuing and the other for dequeuing).
The lock modules can be found in menu <b>GoTo -> Lock Modules</b>.
Given these lock modules the logic should be quite clear after starting the program:
1. Request lock -> if successful, continue in Change mode; -> if failed, continue in Display mode
2. Before leaving the report remove lock (note: no problem if no lock has been set in the beginning).
Regards
Uwe -
OID users ( EUS) problem with grant create table with admin
Hi,
We activated enterprise users in the OID.
There is a role APP_ADMIN that has the following grants:
create user
drop user
create table with admin option
this is for an application that creates BI schemas, so it needs to be able to create other users.
I have granted these to a local role, and the user has access to the local role, thanks to the OID setup.
The create and drop user work.
however, the grant create table to another user does not work.
Is there an issue with 'with admin option' grants in Enterprise user security?
Regards,
PeterIf I grant
grant create table to test_role with admin option;
it does not work
if I grant
GRANT GRANT ANY PRIVILEGE to test_role WITH ADMIN OPTION;
it does work.
The test command as user with test_role is:
grant create table to test_usr;
very strange!
If the user is a standard user and I create role test_role
and grant create table to test_role with admin option it works.
but if I convert the user to an EUS user and the same privilege is given to the role ( role is granted to a global role to an enterprise role)
it doesnt work
Edited by: Peter on Dec 7, 2012 2:36 PM -
Can i change table in query as per user given data
hi master
sir,
can i change table in query as per user given data
see
select * from @variable
i need use in lov
please give me idea
thankingyou
AamirYou cant directly use in sql instead you can write an anonymous block and frame the query as per the input table name and then use execute immediate to execute the query.
Something like this
declare
qry_table varchar2(30);
qry_stmt varchar2(1000);
type typ_sample is table of VARCHAR2(100) index by binary_integer;
tab_sample typ_sample ;
begin
qry_table := &Table_name
qry_stmt := 'select a from '||qry_table;
execute immediate qry_stmt bulk collect into tab_sample ;
end;
Message was edited by:
Shasi -
User X can view SCOTT table (all_object)
I understand, a user views all the objects that he owns plus the objects to which he has access to in table all_objects.
I'm trying to trace for this user where he can view objects where owner='SCOTT'.
I'm trying to find what access user X has on objects under SCOTT schema, but I can't find anything in DBA_TAB_PRIVS, DBA_SYS_PRIVS, user X is assigned a role which has following SYS privs CREATE TABLE, CREATE TRIGGER, CREATE SESSION, and CREATE SEQUENCE.
How can I know what other privs user X is assigned that he can view objects in SCOTT schema.The application is ArcCatalog from ESRI, and it knows
that the owner of database is user Y. so you mean
it's filtering for all users except SYS/SYSTEM/user Y
and showing the objects other than that?Of course I don't know. But the point is I trust SQL*Plus much more than some app... And from SQL*Plus I can much easier understand what I can see, what I cannot see and why.
To my mind there are following options, if you really want to know that:
1. Try to guess what is the reason probably finding one, probably not.
2. Try to find app documentation that describes the way how it filters out objects.
3. Run trace and see what statements it issues, of course it may filter out something in the frontend app.
4. Wait for a while probably someone knows this app behaviour and can give you more precise answer.
Gints Plivna
http://www.gplivna.eu
Maybe you are looking for
-
I use Time Machine to back up my entire computer with my external hard drive. I am getting a brand new iMac this month and was wondering what is the process of using this back up to restore my new computer exactly how my old computer was? I want to m
-
Database connection error with JSP
I'm having problems connecting to a mysql database via a helper object in my jsp pages. I've researched this for the last two days and nothing I have tried is yet to make a difference. My java code is essentially the following (minus try/catch for re
-
How to use a ".generate" file in JDeveloper 11g ?
hi Using JDeveloper 11g (11.1.1.0.1) I created a Database Diagram and dropped both SCOTT.EMP and SCOTT.DEPT tables on it, creating Offline Database Objects. After that I used the "Generate..." option from the right-click menu on the SCOTT Offline Dat
-
Material Assignment Problem urgent!!
Hi!! All, I need your help, In a perticular Recipe(PPPI) I am getting Information message that "Double assignment Exist' I am able to assign materials to Operations but msg is same. if I remove all assignments... from all operations mgs is still comi
-
Oracle HRMS Designation change
Hi, We already have Vice President as Designation in our Oracle HRMs(core HR) system. We have requirement to split Vice President into VP1,VP2 and VP3. We are asked to to do Impact analysis on the same in Core HRMS . Please can you help me to find ou