Create user statement on Procedures
Hi,
How to use create user command in oracle procedure.
Whenever I am using the statemet create user <username> identified by <password> it gives me the error. But whenever I am removing this statement the procedure is compiling successfully.
Is there anyway to use create user statement inside procedure?
Regards,
Indraneel
You have to use dynamic sql :
SQL> begin
2 execute immediate ('create user test_user identified by test_user');
3 end;
4 /
PL/SQL procedure successfully completed.
SQL>Of course the command should be completed with other information (e.g. default tablespace, temporary tablespace, and so on).
Paul
Similar Messages
-
I'm getting an error on a line in the middle of a larger sql script, only in SQL Azure.
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'foouser')
CREATE USER [foouser] FOR LOGIN [foouser] WITH DEFAULT_SCHEMA=[dbo]
GO
Error: "The CREATE USER statement must be the only statement in the batch."
I don't actually understand what 'the only statement in the batch' means.
What is a batch? Is it a SQL file? Is it related to a 'GO' statement or an 'IF' statement? What is the reason for the error? And how do I avoid it?
Thanks,
Tim>IF...ELSE imposes conditions on the execution of a Transact-SQL statement
I understand the general purpose of an If statement. I could let go of our definition of statement counting disagreeing too except that because of the error I'm stuck.
It's less important for Create User but what I am really puzzled over now is a very similar issue how am I supposed to do a safe version of CREATE LOGIN, when I don't know whether a login has been previously created on the server or whether I
am setting up the database on a clean server?
IF NOT EXISTS (SELECT * FROM sys.server_principals WHERE name = N'foouser')
CREATE LOGIN [foouser] WITH PASSWORD = 'asdfasdf'
GO
If I try and execute this script, it throws the same error as above.
The first unworkable workaround idea is to omit the if statement
CREATE LOGIN [foouser] WITH PASSWORD = 'asdfasdf'
GO
But if the login already exists on the server (because a similar script was already run), then the script throws an error.
The second unworkable workaround idea is to do
DROP LOGIN [foouser]
GO
CREATE LOGIN [foouser] WITH PASSWORD = 'asdfasdf'
GO
Obviously this throws an error in the second block if the login doesn't already exist on the server.
The third workaround idea I have is to go conditional by putting an IF condition around DROP instead of CREATE:
Unfortunately that doesn't work for me either!
"The DROP LOGIN statement must be the only statement in the batch"
(This is despite the fact that 'drop login' is listed on the
supported commands page, not the partially supported page..?! Which disagrees with the notes on
this page.)
Anyway the real question I am interesting in addressing is: is there actually a way to have a 'Create/Delete login
if exists' operation which is SQL-Azure compatible and doesn't throw me error messages (which messes with the sql execution tool I am using)?
If there is no way, I would like to believe it's because it would be a bad idea to do this. But in that case why is it a bad idea?
Tim -
Exclude create user statements using datapump API
I’m trying to perform a schema import and exclude the "create user" statements using the datapump API but I can’t get the syntax correct for the dbms_datapump.metadata_filter call.
Using impdp I use a parfile that includes the following statements:
schemas=bob, john
exclude=user
How do I achieve the same effect using the dbms_datapump.metadata_filter API?
Any assistance greatly appreciated.
GavinDid you ever figure out your issue? I'm having the same issue after I try to set attributes.
-
Blank lines in create user statement
Hi everyone,
DataModeler still has problems with blank lines in statements. My "create user" statements look like
CREATE USER HTTPUSR
IDENTIFIED BY httpusr
DEFAULT TABLESPACE HTTP_BIG
TEMPORARY TABLESPACE TEMP
QUOTA UNLIMITED ON HTTP_BIG
QUOTA UNLIMITED ON HTTP_LOG
QUOTA UNLIMITED ON HTTP_SMALL
ACCOUNT LOCK
and fail. I have to remove the blank lines manually.
Is this a known bug or a new one?Bug 14248076 resolved for DM 3.1.2.704 and DM 3.2.0.720
-
Finding create user statement using the export dump
I have an Oracle export dump and it is a schema level export only.
Is there any way that I can get the create user statement from that dump using import full=y show=y ?
How do I identify the create user statement once I did the show=yYes with full export this is possible because full export will create all schemas but this is not possible with schema level export because schema level import does not recreate schema.
-
Create user using stored-procedures
Would anyone know of a way to create a user and assign role(s) using stored-procedures from a DOS shell? With MS SQL, one could issue the following commands from the DOS shell to connect to the database engine (osql -ULoginID -PPassword) and then "sp_addlogin loginid password". Additionally, can it be used in a VB app?
Your help is much appreciated.
tkyes, in the code editor.
Auto-completion suggestions as you type? -
Creating User account via SQL query
Hi,
Is it possible to create a user account programmatically?
thanks,
DekelIn SQL, use the CREATE USER statement. In PL/SQL, see Re: Creating user in PL/sql procdure.
-
Oracle datapump extracting ddl for create user
Hi All, I do have 11gr1 database on linux. I do have the full expdp dump of the source database I just need to extract the sql ddl for all the users(mroe than 10000) . . how can i extract ddl for create user statement from this dump file.
user9074365 wrote:
Hi All, I do have 11gr1 database on linux. I do have the full expdp dump of the source database I just need to extract the sql ddl for all the users(mroe than 10000) . . how can i extract ddl for create user statement from this dump file.impdp help=yes
your desired option is listed -
Execute CreateUser() Procedure without "create user" rights
Is it possible to create and execute a procedure that would use Dynamic SQL (or some other method) to create a user even though the user executing the procedure does not have "create user" privileges?
Thank You for any assistanceYes, with a default definer's rights procedure, only the owner of the procedure would need the CREATE USER privilege. The invoker of the procedure would only need EXECUTE on the procedure.
-
Need to authenticate a user and create session thru a procedure.
I am doing loadtest on portal and I need to authenticate a user and create user session to simulate user logging thru the web and I want to see a record is created in the wwctx_sso_session$ table.
can we do this from stored procedure ?
thanks.Hi,
I guess the message is pretty clear !! you lack privilege.
SQL> conn imx/imx
Connected.
SQL>
SQL> create user testproc identified by testproc;
create user testproc identified by testproc
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> create or replace procedure sp_createsuser(username varchar2)
2 as
3 begin
4 execute immediate 'create user ' || username || ' identified by ' || username;
5 end;
6 /
Procedure created.
SQL> exec sp_createsuser('testproc');
BEGIN sp_createsuser('testproc'); END;
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "IMX.SP_CREATESUSER", line 4
ORA-06512: at line 1
SQL> conn sys/******* as sysdba
Connected.
SQL> grant create user to imx;
Grant succeeded.
SQL> conn imx/imx
Connected.
SQL> exec sp_createsuser('testproc');
PL/SQL procedure successfully completed.
SQL> conn sys/syssys as sysdba
Connected.
SQL> select username from dba_users where username like 'TESTP%';
USERNAME
TESTPROC
SQL>Regards -
Modify Script to Create User Role on Single Database.
Hi All,
Below is the script to create user role on database. Here problem is when I execute this script, it creates user role for all database within an instance and I want it to create user role only on 2 database say TEST1 and TEST2
Can anyone help me to modify the script?
--===================================================================================
-- Description
-- Database Type: MSSQL
-- This script creates a role called 'gdmmonitor' for ALL databases.
-- It grants some system catalogs to this role to allow Classification and Assessment on the database.
-- It then adds a user called "sqlguard" to all databases and grants this user gdmmonitor role.
-- before runnign this script
-- you MUST CREATE A SQL LOGIN CALLED 'sqlguard'
-- This sqlguard login doesn't need to be added to any database or given
-- any privilege. The script will take care of that.
-- Note:
-- If you wish to use a different login name (instead of 'sqlguard') you need to change
-- the value of the variable '@Guardium_user' in the script below;
-- (Look for the string: "set @Guardium_user = 'sqlguard'" and replace the 'sqlguard')
-- after runnign this script
-- Nothing to do, the script already creates the db user
-- User/Password to use
-- User: sqlguard (or any other name, if changed)
-- Pass: user defined
-- Role: gdmmonitor
--===================================================================================
PRINT '>>>==================================================================>>>'
PRINT '>>> Creating role: "gdmmonitor" at the server level.'
PRINT '>>>==================================================================>>>'
-- Change to the master database
USE master
-- *** If a different login name is desired, define it here. ***
DECLARE @Guardium_user AS varchar(50)
set @Guardium_user = 'sqlguard'
DECLARE @dbName AS varchar(256)
DECLARE @memberName AS varchar(256)
DECLARE @dbVer AS nvarchar(128)
SET @dbVer = CAST(serverproperty('ProductVersion') AS nvarchar)
SET @dbVer = SUBSTRING(@dbVer, 1, CHARINDEX('.', @dbVer) - 1)
IF (@dbVer = '8') SET @dbVer = '2000'
ELSE IF (@dbVer = '9') SET @dbVer = '2005'
ELSE IF (@dbVer = '10') SET @dbVer = '2008'
ELSE IF (@dbVer = '11') SET @dbVer = '2012'
ELSE SET @dbVer = '''Unsupported Version'''
IF (@dbVer != '2000')
BEGIN
-- This privilege is required to peform a specific MSSQL test.
-- Test name: SQL OLEDB disabled (DisallowAdhocAccess registry key)
-- Procedure execute: EXEC master.dbo.sp_MSset_oledb_prop
-- Purpose: To display provider property, not changing anything.
PRINT '==> Granting MSSSQL 2005 and above setupadmin server role'
EXEC master..sp_addsrvrolemember @loginame = @Guardium_user, @rolename = N'setupadmin'
END
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if they exist
CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL)
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND mbr.groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the role gdmmonitor on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the role gdmmonitor on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.spt_values TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysconfigures TO gdmmonitor
GRANT SELECT ON dbo.sysdatabases TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syslogins TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
-- Grant execute privileges to the role for MSSql Common
PRINT '==> Granting common EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON sp_helpdbfixedrole TO gdmmonitor
GRANT EXECUTE ON sp_helprotect TO gdmmonitor
GRANT EXECUTE ON sp_helprolemember TO gdmmonitor
GRANT EXECUTE ON sp_helpsrvrolemember TO gdmmonitor
GRANT EXECUTE ON sp_tables TO gdmmonitor
GRANT EXECUTE ON sp_validatelogins TO gdmmonitor
GRANT EXECUTE ON sp_server_info TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sql_logins TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
GRANT SELECT ON sys.server_role_members TO gdmmonitor
GRANT SELECT ON sys.configurations TO gdmmonitor
GRANT SELECT ON sys.master_key_passwords TO gdmmonitor
GRANT SELECT ON sys.server_principals TO gdmmonitor
GRANT SELECT ON sys.server_permissions TO gdmmonitor
GRANT SELECT ON sys.credentials
TO gdmmonitor
--This is called by master.dbo.sp_MSset_oledb_prop.
--By defautl it should have already been granted to public.
GRANT EXECUTE ON sys.xp_instance_regread TO GDMMONITOR
GRANT EXECUTE ON sys.sp_MSset_oledb_prop TO GDMMONITOR
END
-- Re-add the dropped members
IF EXISTS (SELECT 1 FROM #rolemember)
BEGIN
PRINT '==> Re-adding the role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- END of role creation on database
PRINT '==> END of role creation on: ' + @dbName
PRINT ''
-- Change to the msdb database
USE msdb
set @memberName = ''
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if it exists
TRUNCATE TABLE #rolemember
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM .dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the gdmmonitor role on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the gdmmonitor role on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
GRANT SELECT ON dbo.backupset TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
-- Grant execute privileges to the role for MSSql 2005 or above
PRINT '==> Granting MSSql 2005 and above EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON msdb.dbo.sp_enum_login_for_proxy TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
END
IF (@dbVer > '2000' and @dbVer < '2012')
--This sp is not available in SQL 2012
BEGIN
GRANT EXECUTE ON sp_get_dtspackage TO gdmmonitor
END
-- Re-add the dropped members
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Re-adding the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the temporary table
DROP TABLE #rolemember
-- END of role creation on database
PRINT '==> END of gdmmonitor role creation on: ' + @dbName
-- Role creation complete
PRINT '<<<==================================================================<<<'
PRINT '<<< END of creating role: "gdmmonitor" at the server level.'
PRINT '<<<==================================================================<<<'
PRINT ''
PRINT '>>>==================================================================>>>'
PRINT '>>> Starting application database role creation'
PRINT '>>>==================================================================>>>'
use master
DECLARE @databaseName AS varchar(80)
DECLARE @executeString AS varchar(7950)
DECLARE @dbcounter as int
set @dbcounter = 0
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases where name not in ('master', 'msdb')
and not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @dbcounter = @dbcounter + 1
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'PRINT ''>>> Starting MSSql ' + @dbVer + ' role creation on database: ' + @databaseName + ''' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'/* Variable @memberNameDBname must be declare within the string or else it will fail */ ' +
'DECLARE @memberName' + cast(@dbcounter as varchar(5)) + ' as varchar(50) ' +
'/*find any members of the role if it exists*/ ' +
'CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL) ' +
'INSERT INTO #rolemember ' +
'SELECT DISTINCT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr ' +
'WHERE usr.uid = mbr.memberuid ' +
'AND groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'/*Drop the Role Members If they exist*/ ' +
'IF EXISTS (SELECT * FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Dropping the role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Dropping member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_droprolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/*drop the role if it exists*/ ' +
'IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'BEGIN ' +
'PRINT ''==> Dropping the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_droprole ''gdmmonitor'' ' +
'END ' +
'/* Create the role */ ' +
'PRINT ''==> Creating the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_addrole ''gdmmonitor'' ' +
'/* Grant select privileges to the role for MSSql Common */ ' +
'PRINT ''==> Granting common SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON dbo.sysmembers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysobjects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysprotects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysusers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON dbo.syspermissions TO gdmmonitor ' +
'/* Check if the version is 2005 or greater */ ' +
'IF (' + @dbVer + ' != ''2000'') ' +
'BEGIN ' +
'/* Grant select privileges to the role for MSSql 2005 and above */ ' +
'PRINT ''==> Granting MSSql 2005 and above SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON sys.database_permissions TO gdmmonitor ' +
'GRANT SELECT ON sys.all_objects TO gdmmonitor ' +
'GRANT SELECT ON sys.database_principals TO gdmmonitor ' +
'GRANT SELECT ON sys.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON sys.database_role_members TO gdmmonitor ' +
'END ' +
'/* Re-add the dropped members */ ' +
'IF EXISTS (SELECT 1 FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Re-adding the gdmmonitor role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Re-adding member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_addrolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/* drop the temporary table */ ' +
'DROP TABLE #rolemember ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT ''<<< END of role creation on: ' + @databaseName + ''' ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT '' ''' +
'PRINT '' '''
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
-- Adding user to all the databases
-- and grant gdmmonitor role, only if login exists.
PRINT '>>>==================================================================>>>'
PRINT '>>> Add and Grant gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '>>> on all databases.'
PRINT '>>>==================================================================>>>'
USE master
/* Check if @Guardium_user is a login exist, if not do nothing.*/
IF NOT EXISTS (select * from syslogins where name = @Guardium_user)
BEGIN
PRINT ''
PRINT '************************************************************************'
PRINT '*** ERROR: Could not find the login: ''' + @Guardium_user + ''''
PRINT '*** Please add the login and re-run this script.'
PRINT '************************************************************************'
PRINT ''
END
ELSE
BEGIN
DECLARE @counter AS smallint
set @counter = 0
-- This loop runs 4 time just to make sure that the @Guardium_user gets added to all db.
-- 99% of the time, this is totally unnecessary. But in some rare case on SQL 2005
-- the loop skips some databases when it tried to add the @Guardium_user.
-- After two to three executions, the user is added in all the dbs.
-- Might be a SQL Server bug.
WHILE @counter <= 3
BEGIN
set @counter = @counter + 1
set @databaseName = ''
set @executeString = ''
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases
where not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'/*Check if the login already has access to this database */ ' +
'IF EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'/*Check if login already have gdmmonitor role*/ ' +
'IF NOT EXISTS (SELECT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr WHERE usr.uid = mbr.memberuid ' +
'AND mbr.groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'AND usr.name = ''' + @Guardium_user + ''') ' +
'BEGIN ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END ' +
'END ' +
'IF NOT EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'PRINT ''==> Adding user [' + @Guardium_user + '] to database: ' + @databaseName + ''' ' +
'execute sp_adduser [' + @Guardium_user + '] ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END '
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
END -- end while
-- Required for Version 2005 or greater.
IF (@dbVer != '2000')
BEGIN
-- Grant system privileges to the @guardium_user. This is a requirement for >= SQL 2005
-- or else some system catalogs will filter our result from assessment test.
-- This will show up in sys.server_permissions view.
PRINT '==> Granting catalog privileges to: ''' + @Guardium_user + ''''
execute ('grant VIEW ANY DATABASE to [' + @Guardium_user + ']' )
execute ('grant VIEW ANY DEFINITION to [' + @Guardium_user + ']' )
END
PRINT '<<<==================================================================<<<'
PRINT '<<< Finished Adding and Granting gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '<<< on all databases.'
PRINT '<<<==================================================================<<<'
PRINT ''
END
GOThanks a lot Sir... it worked.
Can you also help me in troubleshooting below issue?
This script is working fine on all databases except one MS SQL 2005 database. build of this database is 9.00.3042.00
SA account with highest privileges is been used for script execution. errors received are as follow:
>>>==================================================================>>>
>>> Creating role: "gdmmonitor" at the server level.
>>>==================================================================>>>
==> Granting MSSSQL 2005 and above setupadmin server role
==> Starting MSSql 2005 role creation on database: master
(0 row(s) affected)
==> Dropping the gdmmonitor role members on: master
==> Creating the role gdmmonitor on: master
Msg 15002, Level 16, State 1, Procedure sp_addrole, Line 16
The procedure 'sys.sp_addrole' cannot be executed within a transaction.
==> Granting common SELECT privileges on: master
Msg 15151, Level 16, State 1, Line 117
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 118
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 119
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 120
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 121
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 122
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 123
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 124
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 125
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 126
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
==> Granting common EXECUTE privileges on: master
Msg 15151, Level 16, State 1, Line 130
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 131
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 132
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 133
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 134
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 135
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 136
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission. -
Using SQL Server 2012 SP1
I have a user that is submitting a procedure that uses sp_send_dbmail. I have also noticed that they have the following code in their procedure
DECLARE @rc INT
IF NOT EXISTS (SELECT * FROM msdb.sys.service_queues
WHERE name = N'ExternalMailQueue' AND is_receive_enabled = 1)
EXEC @rc = msdb.dbo.sysmail_start_sp
The user submits the procedure and she gets the email but she also gets the following error message:
Msg 15151, Level 16, State 1, Procedure sysmail_start_sp, Line 8
Cannot alter the queue 'ExternalMailQueue', because it does not exist or you do not have permission.
Mail (Id: 2402) queued.
(1 row(s) affected)
I have granted execute to sp_send_dbmail and sysmail_start_sp. I have also granted select to service_queues.
Does anyone have any solutions for the above error message?
lcerniThe contents of sysmail_start_sp is this:
CREATE PROCEDURE sysmail_start_sp
AS
SET NOCOUNT ON
DECLARE @rc INT
DECLARE @localmessage nvarchar(255)
ALTER QUEUE ExternalMailQueue WITH STATUS = ON
SELECT @rc = @@ERROR
IF(@rc = 0)
BEGIN
ALTER QUEUE ExternalMailQueue WITH ACTIVATION (STATUS = ON);
SET @localmessage = FORMATMESSAGE(14639, SUSER_SNAME())
exec msdb.dbo.sysmail_logmailevent_sp @event_type=1, @description=@localmessage
END
RETURN @rc
The user get the error, because she does not have any permission on the queue in question. To be able to alter the queue, the following applies according to Books Online:
Permission for altering a queue defaults to the owner of the queue, members of the db_ddladmin or db_owner fixed database roles, and members of the sysadmin fixed server role.
Note that is would be db_ddladmin or db_owner in msdb. Now, supposedly the queue is already active, and in that case I think that it is sufficient that the user has VIEW DEFINITION on the view. This would permit her to see the row in sys.service_queues,
why there would be no need to call sysmail_start_sp.
Altertanively, change the check to:
DECLARE @isenabled bit
SELECT @isenabled = (SELECT is_receive_enabled FROM msdb.sys.service_queues
WHERE name = N'ExternalMailQueue')
IF @isenabled = 0
EXEC @rc = msdb.dbo.sysmail_start_sp
The idea here is that, if the user has no permission to read the information in the DMV, @isenabled will be NULL, and you just pray and hope that the queue is up and running.
I suspect that the reason this worked for you on SQL 2005 is that on that instance someone at some point in made all the required configurations for it to work, but all that is forgotten now. That happens to me too.
If you really want the user to be able to start the queue, I have some better ideas than adding her to a role, but I skip the details for now.
Erland Sommarskog, SQL Server MVP, [email protected] -
NW2004s EP create user fails; error in persistence
I am trying to create user and add roles, however whenever I attempt to save, I get an error message that states there is an error in persistence, please contact administrator.
Has anyone seen this error before?
Thanks,
JRHi All,
I had the similar problem while creating users. I was able to create users in ABAP but not in JAVA.When I logged into UME using J2EE_ADMIN, and tried creating a user it gave an error.
"Error occured in the Persistence, Contact your administrator"
I found a solution for the error.
Check the roles for SAPJSF user on the ABAP
system
If the role assigned is SAP_BC_JSF_COMMUNICATION_RO change it to SAP_BC_JSF_COMMUNICATION.
Restart your SAP Server and try whether u get the same error.
If the situation persists,
Check dataSourceConfiguration XML file in configtool.
Refer SAP Note 718383 for the procedure.
Read the following link for details before making any changes: http://help.sap.com/saphelp_nw04/helpdata/en/81/0e0f61b566dc44bbb4055b3ccd25be/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/81/0e0f61b566dc44bbb4055b3ccd25be/frameset.htm
Reward points if solution given helps in solving!
Thanks,
Jeya Preethika -
How to create user using Form Builder
How can use Oracle Developer2000 Form6 to create user in database (oracle 8i) from Trigger of Form6. I've try to use statement "create user ..... identified by ...." in PL/SQL editor of When-Button-Pressed trigger and it had complilation error with that statement.
Probably best not to create the user directly from Forms.
Create a DB Package with a procedure to create a user. This proc should take, e.g. username & password as parameters (& maybe other things - default tablespace, etc.):
PROCEDURE cre_user(p_username VARCHAR2, p_password VARCHAR2) IS
BEGIN
EXECUTE IMMEDIATE('CREATE USER '||p_username||' IDENTIFIED BY '||p_password);
END cre_user;
Give the package the correct user creation privileges & DEFINER or INVOKER s rights.
Grant EXECUTE on the package (or its SYNONYM) to the appropriate end-users
Finally, call the packaged procedure from your Form with the appropriate parameters.
If you need to return info. to the Form, use OUT parameters.
Also, consider the security implications of sending the password in an unencrypted form. -
Capturing user state........ Retaining files for a specific time?
Can I retain the user files/data for a specific time as a copy after capturing user states then restoring them? If so what's the procedure and location of the files?
tconnersIf you are using a SMP, yes, this is built-in functionality. The files are located in the location(s) specified on your SMP configuration. You'll also need the computer association that created them because it contains the encryption key.
Jason | http://blog.configmgrftw.com
Maybe you are looking for
-
"no data from device" when trying to capture HDV
I need to capture additional footage for an HDV project I am already editing. Capturing the initial footage (about a month ago) went smoothly. Now however, when trying to capture footage from a new tape shot just last week, I simply cannot. If I try
-
Unable to open files made in iWork '08 without installing original software
After re-installing my original Mac OSX to try to cure another issue, I find I'm unable to open my Numbers '08 files unless I re-install the original software. The following message appears: Files that iWork needs are missing. To restore the missing
-
Can any tell me how can i study all these?
Good in Business Process/Functional Areas Requirements, GAP Analysis, Design, Configuration, Development, Testing, Deployment, Planning & Executing Data Conversion & User Training. Exposure to ASAP methodology, rollouts & upgrades. Does all these com
-
Oracle Financials Expert Certification
Hi All, I am working as oracle Apps DBA for past 6 yrs. I am interested to learn oracle financials. I am ready to prepare for the certifying exams. After obtaining a certification in financials domain do i stand the chance to broaden my work area? W
-
Declare as record not opening VISIO (vsd) file in sharepoin 2010
We have uploaded .vsd file to sharepoint and declare this as a record through record management. now this document is not opening and showing error that file already in use and would you like to open a copy of it? This declaration working fine with w