Find all system and object privs granted to a user

I need a query to find out all sys and ibject qyery given to a user. This is because a user was able to query all_directories few days ago in production instance, now he is unable to do it.
I found a query to find all roles inside a role. This role "APPS_QUERY_ROLE" has another 25 roles inside it. I want a query which will drill down to each role and "role within a role" to find all privileges associated to a role and hence to the user.

This may be helpful to you :
SYS@orcl> select 'create role ' || role || ';'
  2  from dba_roles
  3  where role = '&&role';
Enter value for role: APPS_QUERY_ROLE      <------Make sure it should be in CAPS
old   3: where role = '&&role'
new   3: where role = 'APPS_QUERY_ROLE'
no rows selected
SYS@orcl> select 'grant ' || privilege || ' to &&role' ||
  2  decode(admin_option,'YES',' with admin option;','NO',';')
  3  from role_sys_privs
  4  where role = '&&role';
old   1: select 'grant ' || privilege || ' to &&role' ||
new   1: select 'grant ' || privilege || ' to APPS_QUERY_ROLE' ||
old   4: where role = '&&role'
new   4: where role = 'APPS_QUERY_ROLE'
no rows selected
SYS@orcl> select 'grant ' || privilege || ' on ' || owner || '.' || table_name
  2  || ' to &&role ' || decode(grantable,'YES','with grant option;','NO',';')
  3  from role_tab_privs
  4  where role = '&&role';
old   2: || ' to &&role ' || decode(grantable,'YES','with grant option;','NO',';')
new   2: || ' to APPS_QUERY_ROLE ' || decode(grantable,'YES','with grant option;','NO',';')
old   4: where role = '&&role'
new   4: where role = 'APPS_QUERY_ROLE'
no rows selected
SYS@orcl>Source:Re: Help to Generate Role Creation Script
Regards
Girish Sharma

Similar Messages

  • System and Object privileges question

    hello everyone.
    I was really making it a priority to really understand both system and object privileges for users. I have setup a couple of 'sandboxes' at home and have done lots of testing. So far, it has gone very well in helping me understand all the security involved with Oralce (which, IMHO, is flat out awesome!).
    Anyway, a couple of quick questions.
    As a normal user, what view can I use to see what permissions I have in general? what about permissions on other schemas?
    I know I can do a:
    select * from session_privs
    which lists my session privileges.
    What other views (are they views/data dictionary?) that I can use to see what I have? Since this is a normal user, they don't have access to any of the DBA_ views.
    I'll start here for now, but being able to see everything this user has, would be fantastic.
    Cheers,
    TCG

    Sorry. should have elaborated more.
    In SQLPLUS, (logged in while logged into my Linux OS), I am working to try and get sqlplus to display the results of my query so it is easy to read. Right now, it just displays using the first 1/4 or 1/3 of the monitor screen to the left. Make sense? So it does not stretch the results out to utilize the full screen. it is hard to break down and read the results because they are "stacked" on top of each other.
    Would be nice if I could adjust sqlplus so the results are easier to read.
    HTH.
    Jason

  • Find all Connector Space Objects That Were Provisioned

    I'm trying to run a query on the FIM Synchronization Database to find all of the objects in a connectorspace that were created there via provisioning rules. Some objects in the connectorspace have joined and some have been created via provisioning but I
    can't find the field in the FIM Sync DB for where this is specified. Anyone know how I can pull this information?
    Cheers,
    Dan

    Thanks Sameera. It's part of a larger query so it would be great if I could find out where it is in the Database. I've looked all through it and joined everything I can. I thought it might be stored in the connector space hologram data which is encrypted
    in the db so I checked that with PowerShell and wmi but couldn't get anything out of that either. I'll probably just have to run the query I have and then link it up with the connection information in excel like you've described. Thanks again.

  • Need to find all Bugs and QF created for 8.0.0.13

    Hi all,
    I kneed to know how to find all bugs and possibly patches/QF created on top of 8.0.0.13 for bugs found in 8.0.0.13 after its release on Jan 2012. This is for my Customer that needs to know if they have to plan some QF in proactive way.
    I can access to Internal Support Portal, so if there is any place where Support people can go I can access.
    Thank you in advance
    Chiara Scarafiotti
    ACS TAM

    Hi radhika,,
    This the the way to go..just modify the col according to your table col names...
    You can do a CONNECT BY query without a START WITH clause to link every node with each of its ancestors.
    Getting the total is just a matter of GROUP BY.
    SELECT emp_id, employee_name, manager_id
    , CASE
              WHEN COUNT (*) = 1
              THEN 0
              ELSE COUNT (*)
         END               AS cnt0
    ,     COUNT (*)      AS cnt1
    FROM employee
    CONNECT BY emp_id     = PRIOR          manager_id
    GROUP BY emp_id, employee_name, manager_id
    ORDER BY emp_id;
    output:
    Output:
    . EMP_ID EMPLOYEE_N MANAGER_ID CNT0 CNT1
    1 Mark 0 5 5
    2 John 1 3 3
    3 Stella 1 0 1
    4 Karen 2 0 1
    5 Andrea 2 0 1
    I made this a bottom-up query (going from each node to its ancestors) rather that a top_down query (node to descendants) because you can't GROUP BY CONNECT_BY_ROOT.
    In your description you implied that each node would be counted among its own descendants, but in the sample output you had 0, not 1, as the count for all the leaves, that is, managers counted as their own descendants, but non-managers did not. The column called count0 in the query above does that; the column count1 counts each node as its own descendant, leaves included.
    Regards
    Onenessboy

  • How to find all table and views in the database

    Hi,
    I want to find all table and view name form the database can u tell me syntax.
    i.e. I am able to find out table name and view name in sql server ...like
    FOR VIEW :
    select table_name from information_schema.views where table_name not like 'sys%'
    FOR TABLE :
    select table_name from information_schema.tables where table_name not like 'sys%' and table_type='Base table'
    Thanks & Regards,
    Shirish

    Hello,
    Take a look at "dba_tables" and "dba_views" both of which are documented here:
    http://download-east.oracle.com/docs/cd/B19306_01/server.102/b14237/toc.htm
    - Mark

  • My husband gave me his iPod touch, even after resetting all settings, and even though I have a user name and password whenever I need to update apps it shows his previous user name,  and is asking for his password.  How do I fix that?

    My husband gave me his iPod touch, even after resetting all settings, and even though I have a user name and password, whenever I need to update apps it shows his previous user name,  and is asking for his password.  How do I fix that?

    dom59 wrote:
    Ok, when I go into my Apple ID account, everything looks right.  It does show my user name.  It's only on the iPod that it shows my husband's previous user name, and it asks for his password.  Everything in iTunes and my account looks right.  The issue only seems to be with the actual device, iPod Touch 4th gen.
    There is more than one way to access the Apps Store and the iTunes store.  One is via iTunes on your computer, and the other is via the apps on your iPod.
    Just because you are logged in on your computer does not mean you are logged in on your iPod.
    The reason your husband's user name comes up is because he was the last one to log on.  You can change that by going to Settings>Store.  Tap the Apple ID, Tap Sign Out, Tap Sign In, Tap Use Existing Appel ID, enter your e-mail address and Apple ID password, and tap OK.

  • Query created in production system and object changeability

    Hi,
    The production BW has the object changeability for query elements set to 'Changeable original'. Some queries which have been created in this system can be changed, others, which have also been created in the system, can not.
    All queries are assigned to the development packate $TMP. None of them have been transported anywhere, nor have they been created somewhere else and transported into the system.
    The system is BW 3.5, SP 17.
    Has anyone got any idea what the problem could be?
    Best regards,
    Rita

    Hi,
    The object changeability in the system is set to 'Changeable Original' and I know where to switch from 'not changeable' to 'changeable original' to 'everything changeable'.
    The normal development cycle sees reports being created in the development system and then being transported through to the production system. Here, they should not be changeable. However, users with the relevant authorisation should be able to either -
      - create new copies of these reports and change them or
      - create new ad-hoc reports and also change these
    We have several of these reports on the production system. The object changeability is set to 'changeable original', as I mentioned. I would expect that all queries which have been created on this system and never transported (either in or out of the system) should be changeable, based on this setting. However, some are, some ar not. The error message when trying to change the 'non-changeable' ones is 'Operation falied! No error message available from the server'. If I make a copy of one of these queries, hoping to save is as an ad-hoc query and change it, the error message is 'query could not be saved due to a problem in transport'.
    How come some can be changed, others can't? Is there anywhere I can check what the difference is between the changeable and non-changeable reports which have been created on the system?
    Best regards,
    Rita

  • Find All INSERTs and UPDATEs

    Hi All;
    I want to find out all inserts and updates of a spesific table. For instance a package l,ke that
    CREATE OR REPLACE PACKAGE BODY param_test IS
      PROCEDURE ins_test IS
      BEGIN
    insert INTO parameter_value VALUES (2);
        INSERT INTO parameter_value VALUES (9);
        INSERT  INTO
        parameter_value VALUES (4);   
        insert INTO parameter_value VALUES (54);
      END ins_test;
    END param_test;I am querying user_source view. My query is below.
    Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
    Connected as SYS
    SQL> SELECT us1.NAME, us1.line, us1.text
      2    FROM user_source us1,
      3         (SELECT us2.line, us2.NAME, us2.text
      4            FROM user_source us2
      5           WHERE regexp_like(upper(us2.text), '[[:space:]]*PARAMETER_VALUE[[:space:]]*')) us3
      6   WHERE us3.line - 1 = us1.line
      7     AND us1.NAME = us3.NAME
      8     AND regexp_like(upper(us1.text), '[[:space:]]*(INSERT[[:space:]]*INTO|UPDATE)[[:space:]]*')
      9  /
    NAME                                 LINE TEXT
    PARAM_TEST                              9 insert INTO parameter_value VALUES (2);
    PARAM_TEST                             12     INSERT  INTO
    SQL> My question is "Are tehre any solutions to overcome this situation?"
    Kindly Regards...

    You might be better off combining into your attack the use of user_dependencies. This will tell you what objects e.g., code is dependent on your table and then you can search the source of those modules for inserts and updates into the table. Even then you'll never be sure, especially if dynamic SQL is used as the statement may be pieced together from various bits if strings, as then user_dependencies won't contain the reference.

  • System and object privileges

    hi,
    when we assign the privileges to a user using connect, resource that user will be having connect privilege and create table, view... etc. but we are not assigning any alter table, updating table, drop table privileges to him, how he can perform this object level privileges on the objects.
    please let me know.
    thank u

    851707 wrote:
    hi,
    when we assign the privileges to a user using connect, resource that user will be having connect privilege and create table, view... etc. but we are not assigning any alter table, updating table, drop table privileges to him, how he can perform this object level privileges on the objects.
    please let me know.
    thank uIf the user is the owner of the object, he doesn't need to be explicitly assigned the object privs. He already has all the privs on the object . So the user can perform all the operations on the object.
    Aman....

  • Script to find OU name and object name in AD

    Hi , can any one help me on this, I need a script to find OU name along with object name in entire domain.
    Regards, Triyambak

    Hi Triyambak,
    As DexterPOSH mentioned, Get-ADObject can be used here.
    To list all OUs and the relevant objects of each OU in domain, please try the script below:
    Import-Module ActiveDirectory
    Get-ADOrganizationalUnit -Filter *|foreach{
    Get-ADObject -SearchBase $_.DistinguishedName -Filter *}
    If you have any feedback on our support, please click here.
    Best Regards,
    Anna
    TechNet Community Support

  • Solution for spotlight not finding all files and plea to apple...

    ok, here is the deal:
    you are looking for a file named "new_template.lso" which is a logic song template, that you created with logic studio.
    this file resides in ~/Library/Application Support/Logic/Song Templates/ a location where logic insists on putting the song templates.
    looking for it via the spotlight menu shows nothing.
    looking for it with the finders search reveals ... nothing. *** ?
    here is the wonderful solution:
    -open a new finder search: cmd-f.
    -goto the first dropdown menu
    -choose "others"
    -look for "system files" check the corresponding box.
    -go back to the search window and search for the file - no result
    -now go to the first dropdown menu and choose the newly added "system files" entry.
    -finally go to the second dropdown menu and choose "contains".
    boom, totally easy and fast and user friendly... you got your file.
    this solution isn't even possible in the spotlight menu!!!
    so why am i not supposed to find files in my user library?
    i am 32 years old.
    i use my computer to make a living.
    i used macs since 10 years.
    i promise i will not sue apple if i find and delete files by mistake.
    seriously this dumbing down the system starts to get unbearable.
    does anyone know of a workaround?
    are there any hidden preferences for spotlight, which i could change so it shows "system files" by default???

    I completely agree. Everyone who has a problem with this (and I see it is a hot topic in these forums) should send apple a a note and tell them that we don't all stick to iLife and some of us go into the LIBRARY. Leopard is great, but Tiger let me efficiently find stuff in the library and I was always confident I'd find all I needed.
    Send your comments here to apple feedback. http://www.apple.com/feedback/macosx.html/

  • All applicants and objects.

    Hi
    In wich table can I find a list with all applicants and all objects?
    Greets

    Hi,
    tablename TADIR
    <REMOVED BY MODERATOR>
    Edited by: Alvaro Tejada Galindo on Apr 10, 2008 1:40 PM

  • Find all Package and their related Procedure Names using a specifc Table

    I have 25 Packages
    Each Package holds 30-35 Procedures
    I need to find out all Packages and Procedures
    Each Procedure handles 5 - 20 Tables as Per The Need of Business Rule.
    I need All Package and Related Procedure Names Where a Specific Table Name Appears(DBA_SOURCE doesn't serve purpose.)
    Early Reply Appreciated.
    Thanks and Regards,

    I tried the solution provided to me, but unfortunately the issue remains the same.
    I was Advised to Execute the SQL utldtree.Sql, and then Execute deptree_fill.
    The output is given by a Table DEPTREE (Columns are: .'NESTED_LEVEL', 'TYPE', 'SCHEMA', 'NAME' and 'SEQ#')
    The output I am getting From the Table DEPTREE is as follows -
    Column TYPE value is PACKAGE; Column NAME Value is ACTUAL PACKAGE NAME
    Column TYPE value is PACKAGE BODY; Column NAME Value is ACTUAL PACKAGE NAME
    This repeats till the count the TABLE Name is found in the same PACKAGE
    Desired Output should be -
    Column TYPE value PACKAGE; Column NAME Value ACTUAL PACKAGE NAME
    Column TYPE value PACKAGE BODY; Column NAME Value ACTUAL PACKAGE BODY NAME
    This should repeat till the count the TABLE Name appears in different PACKAGE BODY of the same PACKAGE
    Warm Regards,

  • Find Universe, classes and objects used in each report

    I want to find a list of universes, classes and objects used in each report
    or the other way to find list of reports which use a particular universe. please let know, i could not get much information from activity universe in a proper way.

    Hello Venkataramat,
    plese post in more detail what kind of report you are using Crystal report ? webi ? Deski.
    Please post in the specific forums.
    If you have a Crystal Report I recommend to post this query to the [Crystal Reports Design|SAP Crystal Reports; forum.
    Best regards
    Falk

  • How do I find all pictures and videos that are in email files?

    I am trying to find and extract all pictures and videos that people have sent me in emails (and in other parts of the computer but not in the pictures area) over the years to copy them into my aperture collection.  Does anyone know how to do that.  I use Outlook 2011.  X1 on the PC can do this with a preview of the pictures so you can remove all small gifs etc.
    Thanks!

    You'll have to search the web and see if anyone's offering the videos you want. Videos from the 80s are unlikely to be legally available, but you could get lucky.
    BTW, for future questions, try posting in the iTunes for Windows forum. You'll be more likely to get help there than you will here in the iTunes for Mac forum.

Maybe you are looking for