Debug the procedure of "REVOKE" object privilege

I creates two procedures, one for "GRANT ... on object" and other for "REVOKE.. from object".
# for GRANT
CREATE or REPLACE PROCEDURE grant_proc AS
own VARCHAR2(30);
nam VARCHAR2(30);
v_cur INTEGER;
cursor pkgs is
select ora_dict_obj_owner, ora_dict_obj_name from SYS.event_table;
begin
open pkgs;
loop
fetch pkgs into own, nam;
exit when pkgs%notfound;
v_cur := dbms_sql.open_cursor;
dbms_sql.parse(v_cur, 'GRANT SELECT ON ' || own || '.' ||nam|| ' to READ_BAANDB', dbms_sql.native);
dbms_sql.close_cursor(v_cur);
commit;
delete from sys.event_table;
commit;
end loop;
end;
# for REVOKE
CREATE or REPLACE PROCEDURE revoke_proc AS
own VARCHAR2(30);
nam VARCHAR2(30);
v_cur INTEGER;
cursor pkgs is
select ora_dict_obj_owner, ora_dict_obj_name from SYS.event_table;
begin
open pkgs;
loop
fetch pkgs into own, nam;
exit when pkgs%notfound;
v_cur := dbms_sql.open_cursor;
dbms_sql.parse(v_cur, 'REVOKE SELECT ON ' || own || '.' ||nam|| ' from READ_BAANDB', dbms_sql.native);
dbms_sql.close_cursor(v_cur);
commit;
delete from sys.event_table;
commit;
end loop;
end;
The problem is at the "delete from sys.event_table". The GRANT procedure works fine, but the same syntax in REVOKE procedure did not execute, despite the "REVOKE SELECT..." run ok. So how can I debug / write out any error from the step in the procedure?

It took me a while to remember how to write out the result of a query.
As you can see from the metalink note example which "GRANT SELECT... to user" when I created a table in the schema. And I added DROP event in the trigger and wrote my "REVOKE SELECT..from user" procedure similar to that of GRANT. So everytime when a table was CREATED or DROPPED from schema, system would return 1 rowcount of the event_table before the GRANT or REVOKE process run.
I also checked the total row count before and after both GRANT and REVOKE procedures in either trigger and in grant_job procedure, the total row count return from before and after is always 1 no matter whether is GRANT or REVOKE process. The end of trigger commits everything. However, only the GRANT commits completely, ie delete from sys.event_table; not the REVOKE section.
SQL> set serveroutput on
SQL> create table a1 (c number);
row count before: 1
row count after: 1
Table created.
SQL> select * from sys.event_table;
no rows selected
SQL> drop table a1;
row count before: 1
row count after: 1
Table dropped.
SQL> select * from sys.event_table;
ORA_DICT_OBJ_OWNER ORA_DICT_OBJ_NAME
BAANDB A1
Message was edited by:
CIATECPCV

Similar Messages

  • Debugging the procedure

    Hi, How can we debug the procedure in a package without sufficient privilages, is it possible ?
    if possible / if not possible which is the best way/tool for debugging the stored procedures
    thanks a lot

    Perhaps the answer is to research Oracle security vulnerabilities and attempt a privilege escalation hack. Oh... Pete Finnigan can help to find some security holes...
    Nicolas.

  • How to handle the procedure that reutrn object types as out parameter

    I have a procedure where it returns object(CREATE OR REPLACE TYPE xyz AS OBJECT) as a OUT parameter.
    Now i have to pull the data from this type and need to send the data in excel.
    Procedure will fetch data and assign it to object with lot of validations and local parameters variables..
    How can i push the data from the out parameter and need to send that in excel..Its an oracle database 10g..

    here's a basic example...
    SQL> set serveroutput on;
    SQL> create or replace type t_obj as object (x number, y number);
      2  /
    Type created.
    SQL> ed
    Wrote file afiedt.buf
      1  create or replace package mypkg as
      2    procedure testit(p_obj out t_obj);
      3    procedure callme;
      4* end;
      5  /
    Package created.
    SQL> ed
    Wrote file afiedt.buf
      1  create or replace package body mypkg as
      2    procedure testit(p_obj out t_obj) is
      3    begin
      4      p_obj := t_obj(1,2);
      5    end;
      6    procedure callme is
      7      v_obj t_obj;
      8    begin
      9      testit(v_obj);
    10      dbms_output.put_line('X='||v_obj.x||' Y='||v_obj.y);
    11    end;
    12* end;
    SQL> /
    Package body created.
    SQL> exec mypkg.callme;
    X=1 Y=2
    PL/SQL procedure successfully completed.
    SQL>

  • What is meant by debugging? and the procedure of debugging?

    what is meant by debugging? and the procedure of debugging?

    What is mean by debugging ? http://en.wikipedia.org/wiki/Debugging
    The procedure is many: use your own methods like dbms_output, utl_file to debug your program, some third party debugger like PL/SQL developer (my favorite), TOAD or SQL Developer.

  • Granting system privileges DEBUG ANY PROCEDURE and CONNECT SESSION in 10gXE

    I am using Oracle DB 10g Express Edition and trying out SQL Developer. Whenever I want to debug a procedure I got the error:
    This session requires DEBUG CONNECT SESSION and DEBUG ANY PROCEDURE user privileges.
    But I don't see these privileges to grant in the XE GUI for users.
    Does anybody know if this is supported in XE.
    Thanks.

    Hi
    Use SQL*Plus (or the apex interface), logon as dba and type this sql statements:
    grant DEBUG CONNECT SESSION to <username>;
    grant CONNECT SESSION to <username>;

  • How to revoke the  ddl statements in the same user's objects

    anyone pls,
    I need to restrict ddl on the same user's objects.
    means, i'm having a user common. my developers are keep on creating tables and alter the existing tables. Even if they are the owner of the objects, can possible to revoke the create and alter only?
    if possible means, could u advice with queries.. because now only i'm learning dba sides.
    Thanks in advance,
    Regards,
    RengarajR

    Hi Vadim.
    GREAT! Our requirement is fulfilled by that way you described. Special thanks for your help!!!
    Best regards,
    Masa

  • Query to get objects list for which the current user has 'SELECT' privilege

    Hi,
    I want to get tables and views list for which the current user has 'SELECT' privilege excluding sytem tables and views. The privilege information for the current user is scattered in more than one system views. I have following system views
    USER_TAB_PRIVS_RECD - Object grants for which the current user is the grantee
    ROLE_TAB_PRIVS - describes table privileges granted to roles. Information is provided only about roles to which the user has access.
    If the object privilege is granted explicitly like "GRANT ALL ON TABLE_NAME TO "USERNAME" then this privilege entry goes to USER_TAB_PRIVIS_RECD
    If the object privilege is granted by ROLE. Role is created with certain object privileges. this role is assigned to user "GRANT ROLE_NAME TO "USERNAME"", then this entry goes to ROLE_TAB_PRIVS
    From these findings, I have composed below query
    (SELECT DISTINCT TABLE_NAME FROM USER_TAB_PRIVS_RECD) UNION (SELECT DISTINCT TABLE_NAME FROM ROLE_TAB_PRIVS WHERE PRIVILEGE = 'SELECT')
    Have I got user's all prvilege details? should I look some other system views?
    How to exclude system table privileges details?
    (SELECT DISTINCT TABLE_NAME FROM USER_TAB_PRIVS_RECD) UNION (SELECT DISTINCT TABLE_NAME FROM ROLE_TAB_PRIVS WHERE PRIVILEGE = 'SELECT' AND OWNER NOT IN ('SYS','SYSTEM') Is this right?
    What about Public role in Oracle? Should I consider public role here?
    Oracel Version :11g
    I want make this query to work on Oracle 8i or above version
    Thanks

    >
    I want to get tables and views list for which the current user has 'SELECT' privilege excluding sytem tables and views.
    >
    You will need a hierarchical query to do that.
    Try this script for Listing privileges recursively for Oracle users
    http://www.adp-gmbh.ch/ora/misc/recursively_list_privilege.html

  • How to get the debug sqlserver procedure calling from powerbuilder

    How to get sqlserver debug while calling   the procedure from PowerBuilder. Please can you help
    Many Thanks
    Pol

    You are better off doing this through the native SQL server tools.  You can debug your PB code to find the variables being sent to the stored proc (if any) from PB and then use them in SQL Server Management Studio or similar.

  • How can we debug the deleted object?

    If one of the object is deleted from the universe and which is in the existing universe, The report will not work. if we refresh the data in the report we will get an error like "Some objects are no longer available in the universe". Is there any way to debug the deleted object?
    please help me......

    HI,
    If you want to see which object is deleted then follow below steps.
    1) Open the Webi report
    2) click on -> Tools & Change source.
    3) Chose the existing data source and click -> next
    4)  in the next window you can find which object is missing or deleted from the universe and you can remap the objects.
    regards,
    Amit

  • Want to know how to debug the Business Object Method called from CRM

    Hi all,
    I have to debug a Method of a custom Business Object. This is being called when a certain action is performed
    on the CRM  ( CIC0 screen). I can not see an option to set an external break point in the Program of the Business Object
    Method.
    This Business Object calls a standard SAP FM. I tried setting an external break point in that FM and tried executing that.
    But it  is not stopping there.
    Can any one please let me know how I can debug this when triggered from CRM?
    Thanks  in advance.
    Thanks & regards,
    Y Gautham

    Hi,
    I have tried checking the option 'IP MATCHING' option. I have given my user id and also the 'WEBUSER' as well.
    But still I am unable to debug the application.
    Can you please let me know if I am missing anything further.
    Thanks & regards,
    Y Gautham

  • Comparing the object privileges

    hi,
    i have used export and import across different databases using fromuser and touser clause. i can see 50 object privileges are missing after import. could not find the correct using the log file.
    by firing the below query i am getting lot of results like more then 500 rows..
    select grantee,privilege,owner,table_name from dba_tab_privs where grantee ='SCHEMANAME';
    is there any way i can find the missing object privileges?

    user13051945 wrote:
    i can see 50 object privileges are missing after import
    is there any way i can find the missing object privileges?
    Aren't you contradicting yourself here?
    Why, if you can see 50 are missing, can you not find them?
    How do you see it?

  • Which view I can query to get the granted objects privilege to a user?

    Hi all,
    which view I can query to get the granted objects privilege to a user?
    for example:
    grant execute on accounting.get_name to scott;
    Which view has above object granted information?
    Thanks

    SQL> select * FROM all_tab_privs where grantor = upper('accounting');
    no rows selected

  • What is the procedure to package the SAP BI Objects for RDS.

    Hi,
    We need to create an RDS for HCM Implementation in SAP BI 7.3 & BO4.1.
    Need help on how to add the Customized and Developed objects into SAP Business Content, so that customers can directly install from business content and run the business.
    Thanks
    Vivek.

    Hi Vivek,
    for SAP owned rapid-deployment solution, we export our BI objects as .lcmbiar files and a specific BW ABAP Addon, have an automated zip before publish it on SAP Software distribution center.
    regards,
    Oliver

  • Roles/System privileges/Object privileges

    Oracle 10g. we created a role and assigned this role to the user. We also assigned some system privileges and Object privileges directly to the same user. Now the company's new policy is that the user's permissions have to be assigned only via role. system privileges and Object privileges cannot be assigned directly to the user. So I have to alter the role. The steps are:
    1. grant system privileges and Object privileges to role. (this will be executed as a script)
    These privileges were directly assigned to the user.
    2. revoke all privileges which were directly assigned to the user.
    Do I miss anything?
    Please advise.
    Thanks
    S.

    Object privileges cannot be assigned directly to the user.Privileges acquired via ROLE do not apply within PL/SQL procedures.
    You may face some coding challenges in the future due to this policy.

  • DEBUG ANY PROCEDURE

    Oracle 9.2.0.6, soon to be 11.1.0.7...
    Please double-check my understanding of the documentation.
    We have at least one developer who likes to use the PL/SQL Debugger functionality, which requires DEBUG ANY PROCEDURE (http://docs.oracle.com/cd/B10501_01/appdev.920/a96590/adg10pck.htm#37819).
    Our system DBAs are wisely hesitant in granting an "ANY" privilege. My understanding is that even though this privilege has "ANY" in the name, it is not highly privileged like ALTER ANY TABLE, EXECUTE ANY PROCEDURE, etc.
    Should I (or the system DBAs) have any reservation with this privilege in development and test environments?
    The SQL reference notes that it is equivalent to granting DEBUG on every applicable object. (http://docs.oracle.com/cd/B10501_01/server.920/a96540/statements_912a.htm#2075179).
    If I read this right, and if a DBA will not grant DEBUG ANY PROCEDURE, I should be able to grant DEBUG on each PL/SQL object to the developer to get the same result?
    Thanks

    in my opinion the Debug is quite safe privilege. It will not alter the procedure.
    however still I chose not to grant it in Prod environment since it may cause locking issue (library cache pin).

Maybe you are looking for