Can't grant privilege on column to user via role?

Similar Messages

• How can I grant Application access to a user via API ) programattically

  how do I grant access to a portal user from API
  I want to grant access to a user from an API, ie I need a
  command to grant "SCOTT" access to "EXAMPLE_APP" APPLICATION as
  an end user?

  Hi,
  I am assuming that you have already updated the EUL in the Administrator Edition, correct? If not, open Discoverer Administrator and login to the database you want to connect to. You must use your EUL user name which I assume has already been created and assigned the correct privileges in the database. You will be asked to update your EUL. Follow the prompts.
  Once logged into the EUL, go to Tools \ Privileges and find the user that you want to give administrator access to.
  Hopefully, this answers your question.
  Regards,
  Nancy

• Grant privileges and permission to user, to create user and database in 10g

  Hi,
  I'm very much new to Oracle 10g database and after all my search, I think this forum will help me to solve my puzzle. Installed Oracle 10g database and during installation created a Global database "TestDB". I created an user "user1" in sqlplusw, by logging in as system.
  Now I need to know, what privileges and permissions should be given to this "user1", so that I can create new users and create database by logging as "user1". I don't want to Inherit all the sytem privileges of SYSTEM or SYSDBA or SYS or SYSOPER.
  Is there a way where I could achieve this by explicitly granting the required privileges and permissions

  You may need to know all the views to get the privilege information.
  SQL> conn /as sysdba
  SQL> select table_name from dict where table_name like '%PRIV%';
  And also, take a look into below Oracle Documentations.
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#SQLRF01603
  Regards,
  Sabdar Syed.

• Grant Privileges to a new user

  Hi,
  I would like to know whether there is any way to grant all / only select / only select & insert privileges in all tables to a newly created user at once.
  Thanks in advance...

  user12504537 wrote:
  Hi,
  I would like to know whether there is any way to grant all / only select / only select & insert privileges in all tables to a newly created user at once.
  Thanks in advance...There is no such command to do this out of the box. You need to do something like,
  FOR x IN (SELECT * FROM user_tables)
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON ' || your.table_names || ' TO <<user>>';
  END LOOP;Aman....

• Get an error when grant execute on dbms_lock to user?

  Hi all,
  i have to grant several privileges/roles to user X, it works fine if only one privilege/role is granted one time, but an error raised when i put them together in one grant command, does anyone have any ideas regarding this? thanks in advance.
  sqlplus sys/*****@*** as sysdba
  SQL> grant execute on dbms_lock to X;
  Grant succeeded.
  SQL> grant resource to X;
  Grant succeeded.
  SQL> grant execute on dbms_lock,resource to X;
  grant execute on dbms_lock,resource to X
  ERROR at line 1:
  ORA-00905: missing keyword
  SQL> grant resource,execute on dbms_lock to X;
  grant resource,execute on dbms_lock to X
  ERROR at line 1:
  ORA-01953: command no longer valid, see ALTER USER

  >
  SQL> grant execute on dbms_lock,resource to X;
  grant execute on dbms_lock,resource to X
  ERROR at line 1:
  ORA-00905: missing keyword
  SQL> grant resource,execute on dbms_lock to X;
  grant resource,execute on dbms_lock to X
  ERROR at line 1:
  ORA-01953: command no longer valid, see ALTER USER
  >
  It will help to read the documentation on grant statement.
  You can't grant privileges on two different objects or roles in one statement. However you can grant two or more privileges on same object in one statement.
  SQL> grant select,update on emp to X;

• How to revoked 'ANY' privileges being granted to user or role

  Hi all,
  I need to be revoked all 'ANY' privileges that have been granted to all non-DBA user or Role in the database.
  To achieve this what i assume is
  1> i need to find out Role as well all user who are non-DBA
  2> For all non-DBA user i need to find out and revoked 'ANY' privileges if they would have.
  Here i need some information about all tables related to privilieges and non-DBA users
  The below are some example as a reference.
  USER Privileges
  CTXADMIN SELECT ANY TABLE
  PUBLIC MERGE ANY VIEW
  LAXORA ANALYZE ANY
  EXECUTE ANY PROCEDURE
  GRANT ANY ROLE
  INSERT ANY TABLE
  SELECT ANY TABLE
  LAX_NEW ANALYZE ANY
  CREATE ANY TABLE
  DELETE ANY TABLE
  DROP ANY TABLE
  INSERT ANY TABLE
  SELECT ANY TABLE
  USER_NEW SELECT ANY TABLE
  Thank n reagrds
  Laxman

  Hi,
  LAX_ORA wrote:
  Hi all,
  I need to be revoked all 'ANY' privileges that have been granted to all non-DBA user or Role in the database.
  To achieve this what i assume is
  1> i need to find out Role as well all user who are non-DBA
  2> For all non-DBA user i need to find out and revoked 'ANY' privileges if they would have.
  Here i need some information about all tables related to privilieges and non-DBA users
  The below are some example as a reference.
  USER Privileges
  CTXADMIN SELECT ANY TABLE
  PUBLIC MERGE ANY VIEW
  LAXORA ANALYZE ANY
  EXECUTE ANY PROCEDURE
  GRANT ANY ROLE
  INSERT ANY TABLE
  SELECT ANY TABLE
  LAX_NEW ANALYZE ANY
  CREATE ANY TABLE
  DELETE ANY TABLE
  DROP ANY TABLE
  INSERT ANY TABLE
  SELECT ANY TABLE
  USER_NEW SELECT ANY TABLE
  Thank n reagrds
  LaxmanYou can fiind out all the users and roles who have been granted system privileges by querying dba_sys_privs.
  For example:
  SELECT     grantee
  ,     privilege
  FROM     dba_sys_privs
  WHERE     privilege     LIKE '% ANY %'
  ;The grantee column includes users and roles together.
  If you want to find which users have the dba role, then query dba_role_privs.

• Error while granting privileges to new user

  hi all,
  I created new user and i tried to grant privileges to that new user by using ( SQL> CONNECT / AS sysdba;
  Connected.
  SQL> CREATE USER cdcproj IDENTIFIED BY cdcproj
  2 QUOTA UNLIMITED ON SYSTEM
  3 QUOTA UNLIMITED ON SYSAUX;
  User created.
  SQL> GRANT CREATE SESSION TO cdcproj;
  Grant succeeded.
  SQL> GRANT CREATE TABLE TO cdcproj;
  Grant succeeded.
  SQL> GRANT SELECT_CATALOG_ROLE TO cdcproj;
  Grant succeeded.
  SQL> GRANT EXECUTE_CATALOG_ROLE TO cdcproj;
  Grant succeeded.
  SQL> EXECUTE DBMS_STREAMS_AUTH.GRANT_ADMIN_PRIVILEGE(grantee => 'cdcproj'); PL/SQL procedure successfully completed.
  SQL> GRANT ALL ON PL.PROJ_HISTORY TO cdcproj;
  Grant succeeded. ). All the commands worked except last command. It is giving error i.e (GRANT ALL ON PL.PROJ_HISTORY TO cdcproj; ) error is ( table / view not exists ).
  What i can do. Any help.
  Otherwise is there any other method to grant privileges.
  Thanks in advance.

  What is your Oracle version ?
  Are you sure the object PL.PROJ_HISTORY exists ?
  What is the output of (using the Oracle account that executes the GRANT):
  select * from session_roles;
  select * from session_privs;

• Can't retrieve folder privileges for a specific user

  I am trying to get the granted privilege for a specified user for a certain folder. I am using the wwsec_api.get_granted_user_privilege function. When I run my code, nothing is ever returned. Here is my code:
  l_priv_varchar := wwsec_api.get_granted_user_privilege(
  p_user_id => 0,
  p_object_type_name => 'FOLDER',
  p_name => '2889');
  p_user_id is from wwsec_person.id$
  p_object_type_name is my object type
  p_name is from wwv_corners.id
  I have looked at the properties of this folder and this user, 0, is set up as the owner. So I am expecting to see 'OWN' returned. I have another user set up to only VIEW the folder and when I put that user's id into the p_user_id parameter I still do not get any return. I can run this same code (with different parameter values) and get the privileges for a 'PAGE', but never for a FOLDER.
  Does anyone have this problem or can tell what I am missing?
  Thanks.
  null

  p_name for a folder is "sitename/parentfolder/foldername". You can see that in the syspriv_name field on the WWV_CORNERS table.

• Granting privilege through role not working for PL/SQL

  Version: 11.2.0.2
  In our shop, we don't grant privileges directly to a user, we grant it to a role and grant that role to the intended grantee.
  Granting privileges through a role seems to be fine with SQL Engine. But it doesn't work from PL/SQL engine.
  In the below example GLS_DEV user is granted SELECT access on SCOTT.pets table through a role called tstrole. GLS_DEV can select this table from SQL. But PL/SQL Engine doesn't seem to know this.
  Reproducing the issue:
  SQL> show user
  USER is "SCOTT"
  SQL> select * from pets;
  NAME
  PLUTO
  SQL> conn / as sysdba
  Connected.
  SQL> create user GLS_DEV identified by test1234 default tablespace TSTDATA;
  User created.
  SQL> alter user GLS_DEV quota 25m on TSTDATA;
  User altered.
  SQL> grant create session, resource to GLS_DEV;
  Grant succeeded.
  --- Granting SELECT privilege on scott.pets to tstrole and then grant this role to GLS_DEV.
  SQL> conn / as sysdba
  Connected.
  SQL>
  SQL> create role tstrole;
  Role created.
  SQL> grant select on scott.pets to tstrole;
  Grant succeeded.
  SQL> grant tstrole to GLS_DEV;
  Grant succeeded.
  SQL> conn GLS_DEV/test1234
  Connected.
  SQL>
  SQL> select * From scott.pets;
  NAME
  PLUTO
  ---- All fine till here. From SQL engine , GLS_DEV user can SELECT scott.pets table.
  --- Now , I am going to create a PL/SQL object in GLS_DEV which tries to refer scott.pets
  SQL> show user
  USER is "GLS_DEV"
  create or replace procedure my_proc
  is
  myvariable varchar2(35);
  begin
       select name into myvariable from scott.pets ;
       dbms_output.put_line(myvariable);
  end my_proc;
  Warning: Procedure created with compilation errors.
  SQL> show errors
  Errors for PROCEDURE MY_PROC:
  LINE/COL ERROR
  6/2      PL/SQL: SQL Statement ignored
  6/41     PL/SQL: ORA-01031: insufficient privileges
  SQL>
  SQL> 6
    6*    select name into myvariable from scott.pets ;
  --- PL/SQL Engine doesn't seem to know that GLS_DEV has select privilege on scott.pets indirectly granted through a role
  --- Fix
  --- Instead of granting privilege through a role, I am granting the SELECT privilege on scott.pets to GLS_DEV directly.
  --- The error goes away, I can compile and execute the procedure !!
  SQL> conn / as sysdba
  Connected.
  SQL>
  SQL> grant select on scott.pets to GLS_DEV;
  Grant succeeded.
  SQL> conn GLS_DEV/test1234
  Connected.
  SQL>
  SQL> create or replace procedure my_proc
  is
  myvariable varchar2(35);
  begin
          select name into myvariable from scott.pets ;
          dbms_output.put_line(myvariable);
  end my_proc;  2    3    4    5    6    7    8    9   10
  11  /
  Procedure created.
  SQL> set serveroutput on
  SQL> exec my_proc;
  PLUTO
  PL/SQL procedure successfully completed.Has anyone encountered the same issue ?

  You really should start your own new thread for this question instead of resurrecting an old one, but to answer your question.
  There are two things going on here. First, there are a number of aler session commands that can be used by any user regardless of what privileges they are granted. Although I do not have the entire list at hand, things like nls_date_format and current_schema are available to all users, sort of like the grants to public in the data dictionary.
  Second, when you use execute immediate, the PL/SQL engine never really sees the statement, as far as the compiler is concerned it is just a string. It is only when the string is passed to the sql engine that permissions are checked, and there roles are not enabled.
  SQL> create role t_role;
  Role created.
  SQL> grant select on ops$oracle.t to t_role;
  Grant succeeded.
  SQL> create user a identified by a default tablespace users;
  User created.
  SQL> grant create session, create procedure to a;
  Grant succeeded.
  SQL> grant t_role to a;
  Grant succeeded.
  SQL> connect a/a
  Connected.
  SQL> select * from ops$oracle.t;
          ID DESCR
           1 One
           1 Un
  SQL> create function f (p_descr in varchar2) return number as
    2     l_num number;
    3  begin
    4     select id into l_num
    5     from ops$oracle.t
    6     where descr = p_descr;
    7     return l_num;
    8  end;
    9  /
  Warning: Function created with compilation errors.
  SQL> show error
  Errors for FUNCTION F:
  LINE/COL ERROR
  4/4      PL/SQL: SQL Statement ignored
  5/20     PL/SQL: ORA-00942: table or view does not exist
  SQL> create or replace function f (p_descr in varchar2) return number as
    2     l_num number;
    3  begin
    4     execute immediate 'select id from ops$oracle.t where descr = :b1'
    5                       into l_num using p_descr;
    6     return l_num;
    7  end;
    8  /
  Function created.
  SQL> select f('One') from dual;
  select f('One') from dual
  ERROR at line 1:
  ORA-00942: table or view does not exist
  ORA-06512: at "A.F", line 4John

• Grant Privileges Use

  How I can use the "Grant" on the following :
  Trigger
  PACKAGE
  PACKAGE BODY
  VIEW
  Edited by: kingadmin on Dec 23, 2010 6:44 AM

  kingadmin wrote:
  How I can use the "Grant" on the following :
  Trigger
  PACKAGE
  PACKAGE BODY
  VIEW
  Edited by: kingadmin on Dec 23, 2010 6:44 AMIf you mean giving grant to users then there is not such matter for triggers.But if you want give execute procedure or function of packages then you can use
  grant executeon <package name> to <user name>And about views you can give SELECT,INSERT,UPDATE,DELETE privileges as well.For example
  grant select,insert on <view name> to <user name>

• Problem with granting privileges

  We are creating a separate user for loading data into staging tables on our db and are having problems granting privileges. The original user is securities_developer and the new user is securities_loader. As securities_developer, I execute the following command:
  grant delete,update,insert,select on securities_work to securities_loader;
  The output indicates success, but when I switch to that user and perform 'select * from securities_work', the table isn't found. Using Oracle Enterprise Manager, I look up the table and it indicates that the above privileges have been granted. Am I missing something?
  version info:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  PL/SQL Release 11.2.0.1.0 - Production
  "CORE     11.2.0.1.0     Production"
  TNS for Linux: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production

  Hi,
  Do you have a (public) synonym on your table securities_work ?
  Or, try to add the schema owner in your query like: 'select * from securities_developer.securities_work'
  Regards,
  Thierry

• Foreign keys to same table / Who columns in User table???

  Hi All,
  We are designing a database for our client and we are using common columns in all tables like CreatedBy and UpdatedBy which are foreign keys to USER table. My question is can we use these two columns in USER table and have the foreign key constraints to the same tables?
  USER table script will look like following..
  CREATE TABLE XX_USER
       User_ID                              VARCHAR2(10)
  ,     CreatedBy                         NUMBER(10)
  ,     UpdatedBy                         NUMBER(10)
  ,     User_Name                         VARCHAR2(100)     NOT NULL
  ,     Designation                         VARCHAR2(100)     NOT NULL
  ,     CONSTRAINT USER_ISACTIVE_CHECK CHECK (Is_Active in ('Y', 'N'))
  ,     CONSTRAINT USER_KEY PRIMARY KEY (User_ID),
  ,     CONSTRAINT USER_CREATED_BY FOREIGN KEY (CREATED_BY)
       REFERENCES XX_USER (USER_ID)
  ,     CONSTRAINT USER_UPDATED_BY FOREIGN KEY (UPDATED_BY)
       REFERENCES XX_USER (USER_ID)
  );I think what I am doing (the above script) is not correct. Could someone please suggest me how can solve this issue?
  Thanks in advance,
  Oraebs

  user8644385 wrote:
  We are designing a database for our client and we are using common columns in all tables like CreatedBy and UpdatedBy which are foreign keys to USER table. My question is can we use these two columns in USER table and have the foreign key constraints to the same tables?You can. After fixing synatx errors:
  SQL> CREATE TABLE XX_USER
    2  (
    3   User_ID        VARCHAR2(10)
    4  , CreatedBy     NUMBER(10)
    5  , UpdatedBy     NUMBER(10)
    6  , User_Name     VARCHAR2(100) NOT NULL
    7  , Designation   VARCHAR2(100) NOT NULL
    8  , Is_Active     VARCHAR2(1)
    9  , CONSTRAINT USER_ISACTIVE_CHECK CHECK (Is_Active in ('Y', 'N'))
  10  , CONSTRAINT USER_KEY PRIMARY KEY (User_ID)
  11  , CONSTRAINT USER_CREATED_BY FOREIGN KEY (CreatedBy)
  12       REFERENCES XX_USER(USER_ID)
  13  , CONSTRAINT USER_UPDATED_BY FOREIGN KEY (UpdatedBy)
  14       REFERENCES XX_USER(USER_ID)
  15  )
  16  /
  Table created.
  SQL> Now USER_ID is a string while CreatedBy/UpdatedBy is a number. Even though it is allowed, it limits USER_ID to numeric strings and causes implicit conversions while validating. So I would change CreatedBy/UpdatedBy data type to VARCHAR2(10).
  SY.

• Grant Privileges to another user

  Hi,
  I am new to plsql. In course of my learning. I created two tables BOOKS and AUTHORS in orcl database(10g) through SYSDBA.
  Again i logged in to SCOTT user account and am unable to see the BOOKS and AUTHORS tables.
  Please let me know how do i grant administrative privileges(to edit,delete,insert,update) to SCOTT user for these tables.
  Thanks & Regards,
  Amrutha.

  808099 wrote:
  1. Got now that SYSDBA is a role and SYS is user.
  2. I was able to login to sqlplus through giving "/ as SYSDBA" as the username. Hence i thought it as user."/ as sysdba" connects to the database as the SYS user using operating system authentication with the SYSDBA role enabled.
  3. Secondly, I dont know which schema does my BOOKS table belong to. Because i just ran a create table script in scott/tiger@orcl. PLease suggest how i can know which schema it belongs to.If you connected to the database as the SCOTT user and ran the script to create the table, the table would almost certainly be owned by SCOTT. If you connected to the database as the SYS user and ran the script to create the table, the table would most likely be owned by SYS. If the script specified the schema owner, i.e.
  CREATE TABLE library.book ...the table would be created in the specified schema. But you need to have very powerful privileges in order to create objects in other user's schemas and SCOTT does not have those privileges unless you've specifically granted them.
  4. Thirdly, I will delete the BOOKS and AUTHORS from SYS and create them in SCOTT user. But thought if GRANT privileges can be an alternative.Not really. It's much better to have the tables owned by the correct schema in the first place. You use grants to allow other users to access (or modify) tables but other users are not going to have the same level of privileges (for example, they're not going to be able to run DDL against the table).
  Justin

• Grant privileges to the user to edit only his own information

  Hi all,
  my Portal version is 9.0.4.0.99
  I would like to grant to all users the privilege to change/edit only his own information.
  When I go to the Administer Tab, enter the username in the portlet User, and then I check the checkbox: "Allow User editing", then this User can edit all users.
  How can I grant the privilege to edit only his own information?
  Regards
  Leonid Pavlov

  The Portal does not expose the DAS Edit My Profile link until version 10.1.4. Prior to this version, if the associated DAS actually supports this, you can just add the link on your portal page as a URL item:
  http://host.domain.com:7777/oiddas/ui/oracle/ldap/das/mypage/AppEditMyPage?homeURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal &doneURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal&cancelURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal
  I.e., it takes the url:
  <infra-host>/oiddas/ui/oracle/ldap/das/mypage/AppEditMyPage
  with 3 url-encoded parameters:
  homeURL - link rendered with Home icon in DAS
  doneURL - target for [ OK ] in DAS
  cancelURL - target for [ Cancel ] in DAS

• How to restrict a schema owner from granting privileges to other users.

  How can we restrict a schema owner from granting privileges to other users on his objects (e.g. tables). Lets say we have user called XYZ and he has tables in his schema TAB1, TAB2 an TAB3. How can we restrict user XYZ from granting privileges on TAB1, TAB2 and TAB3 to other users in the database. Is it possible in Oracle 10g R2? Any indirect or direct way to achieve this? Please help on this.
  Thanks,
  Manohar

  Whenever someone is trying to prevent an object owner from doing something, that's generally a sign of a deeper problem. In a production database, the object owner shouldn't generally have CREATE SESSION privileges, so the user shouldn't be able to log in, which would prevent the user from issuing any grants.
  As a general rule, you cannot stop an object owner from granting privileges on the objects it owns. You can work around this by creating a database-level DDL trigger that throws an exception if the user issuing the statement is XYZ and the DDL is a GRANT. But long term, you probably want to get to the root of the problem.
  Justin
  Edited by: Justin Cave on Nov 6, 2008 9:52 PM
  Enrique beat me to it.