Grant and Revoke

Similar Messages

• Grant and Revoke privliege

  Hi,
  Could anybody suggest on this please?
  Can a user grant or revoke create session privliage to another user? If can what are the roles should the user have to grant or revoke create session privliage from another user.
  thanks
  kamalesh

  Hello Kamalesh JK,
  A user can grant any system or role privilege he received WITH ADMIN OPTION, and any object privilege he received WITH GRANT OPTION.
  Ex:SQL> CREATE USER u1 IDENTIFIED BY u1;
  User created.
  SQL> GRANT CREATE SESSION TO u1 WITH ADMIN OPTION;
  Grant succeeded.
  SQL> CREATE USER u2 IDENTIFIED BY u2;
  User created.
  SQL> CONNECT u1/u1;
  Connected.
  SQL> GRANT CREATE SESSION TO u2;
  Grant succeeded.Regards,
  Yoann.

• Grant and revoke privilages from command line interface

  hi all,
  I have a lot of users that I need to give them a set of privileges to folders and containers of the repository, i thought that using the command line interface should help in loading a script.
  i checked the manual for the syntax for such a command (i.e. to grant privileges) but i couldn't, searched the net and i didn't find anything.
  So can we grant privileges from the command line interface and how ?
  by the way is there anyway to create users from command line interface as well ?\
  thanks in advance and have a good one

  The granting of access rights cannot be done with a CLI script in Designer. Instead you have to use the Designer API Pl/Sql packages.
  For detailed information, refer to the "API and Model Reference Guide", which is
  installed with the Designer Repository Documentation, or can be found on OTN > Doco > Designer site.
  Scroll through that document to the Reference section. You will need to read up on two topics at least: Workarea and Container Context, Privileges and Access Rights.
  To grant rights, the easiest way is to grant them "just like some existing ones".
  To do this, you'll need a Pl/Sql procedure with 5 input parameters:
  1) the workarea context
  2) the container to look at
  3) the user to look like
  4) the container to grant access to
  5) the user to grant access for
  The Pl/Sql procedure then needs to make a series of Repository API package calls to set context and get container IRIDs:
  JR_CONTEXT.Set_Workarea (workareaname) - to set the context workarea
  JR_CONTEXT.Set_Working_Folder (sourcefoldername) - to specify the source container
  JR_CONTEXT.Working_Folder (sourcefolderid) - to get the ID of the source container
  JR_CONTEXT.Set_Working_Folder (targetfoldername) - to specify the target container
  JR_CONTEXT.Working_Folder (targetfolderid) - to get the ID of the target container
  OR you can just do a couple queries after you set the WA CONTEXT such as ...
  Select IRID from CI_Application_Systems where NAME = <sourcefoldername>
  Select IRID from CI_Application_Systems where NAME = <targetfoldername>
  Then you get the list of rights desired, and grant them back to the target user.
  JR_ACC_RIGHTS.Get_Acc_Rights (sourcefolderid, sourceusername) > AccessList
  [gets list of existing rights for some user on a container]
  JR_ACC_RIGHTS.Grant_Priv_List (targetfolderid, targetusername, AccessList, Cascade? = TRUE)
  [to set the list of rights for a user against the target container and its subcontainers]
  There are other ACC_RIGHTS packages, like Grant_Priv, Revoke_Prive, Revoke_Priv_List, etc that you can use as well to build up a set of access management scripts.
  Hope this helps

• Re: audit using ddl trigger for dcl (grant and revoke)

  Why are you trying to re-invent oracle's own auditing feature?

  No, there is no way to unbranch.
  I'll lock this branch and you can answer Ed on your original thread (I'll leave it to you to copy/paste Ed's question in your reply).

• Error while running Re-create grants and synonyms for APPS schema

  Hi,
  I have upgraded customer's Oracle Apps 11i (11.5.10) database to Oracle 10g R2. While executing '+Re-create grants and synonyms+ ' as given in Note: 362203.1, I am gettng error:
  plus80 -s APPS/***** @E:\EBSTEST\ebstestappl\ad\11.5.0\admin\sql\adappsgs.pls &systempwd 1 INV APPLSYS APPS TRUE FALSE TRUE
  Error:
  Program exited with status 3
  Cause: The program terminated, returning status code 3.
  Action: Check your installation manual for the meaning of this code on this operating system.Connected.
  old 2: ad_apps_private.create_grants_and_synonyms(&2,'&3','&4','&5','FALSE');
  new 2: ad_apps_private.create_grants_and_synonyms(1,'INV','APPLSYS','APPS','FALSE');
  begin
  *+
  ERROR at line 1:
  ORA-20000: ORA-00955: name is already used by an existing
  object:create_grants_and_synonyms(1,INV,APPLSYS,APPS): create_base_gs(INV,APPS): In Synonyms
  Loop:create_synonym(INV,MTL_ONHAND_DISCREPANCY,APPS,MTL_ONHAND_DISCREPANCY):
  do_apps_ddl(APPS,CREATE SYNONYM "MTL_ONHAND_DISCREPANCY" FOR INV."MTL_ONHAND_DISCREPANCY"):
  ORA-06512: at line 5
  MTL_ONHAND_DISCREPANCIES
  I checked the database and there isn't MTL_ONHAND_DISCREPANCY synonym. But there is MTL_ONHAND_DISCREPANCIES synonym.
  This is an upgraded instance from 11.0.3 and first time I am running Re-create grants and synonyms for APPS schema.
  Plz let me know if anyone of you faced this issue.
  Rgds,
  Thiru

  Hi,
  there is no such table MTL_ONHAND_DISCREPANCY or synonym in Applications 11.5.10.2. Is that custom table created in your db?
  After dropping this table from APPS schema 'Re-create grants and synonyms for APPS schema' went thru fine.Its correct
  This table does not exist in INV schema in 11.5.10.2.
  Could be possible that the consultant could have created this table in INV and APPS schema by mistake or whatever.Yes, with the same name, there might be table in APPS SCHEMA. When you run recreate grants and synonyms, adadmin tries to create synonym for that table in APPS schema. since there is object available with the same name in apps chema, you got that error.

• Error In Adadmin Re-Create Grants And Synonyms For Apps Schema

  HI,
  I upgraded the my DB from 9.2.6 to 10.2.4.It was sucessfull.
  While doing Postupgradayion steps -
  Recreate grants and synonym for apps
  a. Log in to server with applmgr user
  b. Execute adadmin
  c. Choose -> Maintain Applications Database Entities menu
  d. Choose -> Re-create grants and synonyms for APPS schema
  2 workers got failed ...
  i chked the worker log file i found
  sqlplus -s APPS/***** @/stageAPP/stageappl/ad/11.5.0/admin/sql/adappsgs.pls &systempwd 1 PO APPLSYS APPS TRUE FALSE TRUE
  Connected.
  old 2: ad_apps_private.create_grants_and_synonyms(&2,'&3','&4','&5','FALSE');
  new 2: ad_apps_private.create_grants_and_synonyms(1,'PO','APPLSYS','APPS','FALSE');
  begin
  ERROR at line 1:
  ORA-20000: ORA-00955: name is already used by an existing
  object:create_grants_and_synonyms(1,PO,APPLSYS,APPS): create_base_gs(PO,APPS):
  In Synonyms
  Loop:create_synonym(PO,XXGOD_SEQ_DECORTIMESHEET_HDR,APPS,XXGOD_SEQ_DECORTIMESHEE
  T_HDR): do_apps_ddl(APPS,CREATE SYNONYM "XXGOD_SEQ_DECORTIMESHEET_HDR" FOR
  PO."XXGOD_SEQ_DECORTIMESHEET_HDR"):
  ORA-06512: at line 5
  Workaround $adctrl
  Control
  Worker Code Context Filename Status
  1 Run Grants/Synonyms R115 adappsgs.pls FAILED
  2 Run Grants/Synonyms R115 Wait
  3 Run Grants/Synonyms R115 Wait
  4 Run Grants/Synonyms R115 Wait
  5 Run Grants/Synonyms R115 Wait
  6 Run Grants/Synonyms R115 Wait
  7 Run Grants/Synonyms R115 Wait
  8 Run Grants/Synonyms R115 Wait
  9 Run Grants/Synonyms R115 Wait
  10 Run Grants/Synonyms R115 Wait
  11 Run Grants/Synonyms R115 Wait
  12 Run Grants/Synonyms R115 Wait
  13 Run Grants/Synonyms R115 Wait
  14 Run Grants/Synonyms R115 Wait
  15 Run Grants/Synonyms R115 Wait
  16 Run Grants/Synonyms R115 Wait
  SQL> select owner, object_type from dba_objects where object_name = 'XXGOD_SEQ_DECORTIMESHEET_HDR';
  OWNER OBJECT_TYPE
  PO SEQUENCE
  APPS SEQUENCE
  Its Cutom Object .. I think i need to drop/rename anyone .. which one i should drop / rename .
  Or
  Is it possible to skip the failed workers .. if do .. please give me the steps ...
  Thanks

  Hi;
  There is 8 option(hidden) avaliable but i suggest dont use this option.(As you mention its a custom,if you belive it wont problem you can use this hidden option or drop 'XXGOD_SEQ_DECORTIMESHEET_HDR' and recreate it later,its own your risk) By the way please check below notes which is similar error like yours
  Run Adadmin To Recreate Grants And Synonyms ORA-20000 ORA-00955 In Synonyms Loop:create_synonym(GL,PLAN_TABLE,APPS,PLAN_TABLE) [ID 437714.1]
  ADADMIN MAINTAINING APPLICATIONS GRANTS AND SYNONYMS APP-931 ORA-955 ORA-20000 [ID 1014455.102]
  Regard
  Helios

• Script to create grants and synonyms for objects in database

  Hello,
  We are building a patch to be applied to the production environment. I want to create a script/sql query that builds a list of grants and synonyms for all the objects created after august 09.
  for ex:
  create or replace synonym abc for schema_name.abc;
  Grant execute on abc to user_xyz;
  How can I use Oracle's data dictionary to do this?
  thankz

  Hi,
  You'll probably want to use these views:
  user_objects - includes created (DATE) column.
  user_synonyms
  user_tab_privs - not just tables (e.g., includes EXECUTE privileges on functions).
  Data dictionary views beginning with 'user_' cover objects owned by the current user only.
  Almost all of the data dictionary views (and all of the three mentioned above) also have 'all_' and 'dba_' versions.
  For example:
  all_objects inculdes everything in user_objects, plus objects in other schemas on which the current user has privileges.
  dba_objects include every object in the database. (Not everyone is allowed to see the dba_ views.)
  Here's one of many possible ways to use these views:
  SELECT     'GRANT '
  ||     privilege
  ||     ' ON "'
  ||     table_name
  ||     '" TO '
  ||     grantee
  ||     CASE
            WHEN  grantable = 'YES'
            THEN  ' WITH GRANT OPTION;'
            ELSE  ';'
       END
  FROM     user_tab_privs
  WHERE     table_name  IN (          -- Only interested in objects created after August 9
                   SELECT  object_name
                   FROM    all_objects
                   WHERE   created >= TO_DATE ( '10-Aug-2009'
                                                         , 'DD-Mon-YYYY'
  ;

• Do I need to reapply grants and synonyms. Altering Rename for other schema

  Hi,
  We are following the process to replace some tables in UAT/PROD with new structure of tables.
  So for example for Table A in Schema A:
  Step1- Create TableA_NEW with the required structure and partitions.
  Step2- Insert into TableA_NEW Select * from TableA.
  Step3- Alter Table TableA Rename to TableA_OLD --Take Backup of TableA
  Step4- Alter Table TableA_NEW Rename to TableA --Change the New table ti Original Table
  Now do I need to reapply all the grants and synonyms originally applied to TableA.
  When I test in Dev, all the grants and synonyms still hold. But I can't take any chances for UAT/PROD.
  Also when I rollback these changes and Rename the tables back to Original table.
  Then do I need to Reapply all the grants and synonyms originally applied to TableA.
  Please suggest..

  user8941550 wrote:
  Hi,
  We are following the process to replace some tables in UAT/PROD with new structure of tables.
  So for example for Table A in Schema A:
  Step1- Create TableA_NEW with the required structure and partitions.
  Step2- Insert into TableA_NEW Select * from TableA.
  Step3- Alter Table TableA Rename to TableA_OLD --Take Backup of TableA
  Step4- Alter Table TableA_NEW Rename to TableA --Change the New table ti Original Table
  Now do I need to reapply all the grants and synonyms originally applied to TableA.
  When I test in Dev, all the grants and synonyms still hold. But I can't take any chances for UAT/PROD.
  Also when I rollback these changes and Rename the tables back to Original table.
  Then do I need to Reapply all the grants and synonyms originally applied to TableA.
  Please suggest..
  Step1- Create TableA_NEW with the required structure and partitions. New table - does not have grants
  Step2- Insert into TableA_NEW Select * from TableA.
  Step3- Alter Table TableA Rename to TableA_OLD --Take Backup of TableA Renamed table keeps grants. Synonym not valid at this point
  Step4- Alter Table TableA_NEW Rename to TableA --Change the New table ti Original Table New table still does not have grants, synonym now valid
  So, grants disappear but synonym will be valid at end of process.

• Grants and Snynyms -ORA-01031: insufficient privileges

  Hi
  I did a script for DBA to execute, this script contain GRANTS and creation of the synonyms, the Owner
  of tableS is OLOGBGF
  I create synonym as :
          CREATE OR REPLACE SYNONYM ULOGBGF.ZBI_STOCK FOR OLOGBGF.ZBI_STOCK;
  CREATE OR REPLACE SYNONYM ULOGBGF.ZBI_STOCK FOR OLOGBGF.ZBI_STOCK
      Why did not work, see code below
  thank you in advance
  Script executado.
  SQL> select * from global_name;
  GLOBAL_NAME
  ISLQ.WORLD
  SQL> PROMPT **********************************
  SQL> PROMPT GRANTS/SYNONYMS
  GRANTS/SYNONYMS
  SQL> PROMPT **********************************
  SQL> GRANT SELECT, INSERT, UPDATE, DELETE ON OLOGBGF.TEMPO_FILA TO ULOGBGF;
  Grant succeeded.
  SQL> GRANT DELETE, INSERT, SELECT, UPDATE ON OLOGBGF.ZBI_STOCK TO ULOSBGF;
  Grant succeeded.
  SQL> CREATE OR REPLACE SYNONYM ULOGBGF.TEMPO_FILA FOR OLOGBGF.TEMPO_FILA;
  CREATE OR REPLACE SYNONYM ULOGBGF.TEMPO_FILA FOR OLOGBGF.TEMPO_FILA
  ERROR at line 1:
  ORA-01031: insufficient privileges
  SQL> CREATE OR REPLACE SYNONYM ULOGBGF.ZBI_STOCK FOR OLOGBGF.ZBI_STOCK;
  CREATE OR REPLACE SYNONYM ULOGBGF.ZBI_STOCK FOR OLOGBGF.ZBI_STOCK
  ERROR at line 1:
  ORA-01031: insufficient privileges

  Check the privileges that have been granted to the user running the script.
  For example, if "HEMANT" is running the script :
  select granted_role from dba_role_privs where grantee = 'HEMANT'
  union
  select privilege from dba_sys_privs where grantee = 'HEMANT'
  order by 1;Hemant K Chitale
  http://hemantoracledba.blogspot.com

• Recreate Grants and Synonyms for APPS schema

  Hi,
  how can I Recreate Grants and Synonyms for APPS schema ?
  Many thanks.

  Hi,
  You can recreate grants and sysnonyms through adadmin utility.
  Navigation : adadmin - > Maintain Applications Database Entities menu - > Re-create grants and synonyms for APPS schema.
  Rgds,
  S.Jai
  Shanthi Gears (LTD)

• Public grants and permissions

  Hi,
  could any one please answer to these queries.
  1.)what is the difference between normal grants and permissions & public grants and permissions?
  2.)what is the sql to find out public permissions/grants in database

  Hi,
  could any one please answer to these queries.
  1.)what is the difference between normal grants and
  permissions & public grants and permissions?
  You may be granted Permissions to write or read from certain folder or to access or execute certain objects.
  A privilege granted to normal user (private) is only to that specified user. A grant to Public means every user in the database has access to it (for security, this is not recommended unless you know what you are doing)
  2.)what is the sql to find out public
  permissions/grants in databaseQuery the DBA_xxx_PRIVS views
  DBA_AQ_AGENT_PRIVS
  DBA_COL_PRIVS
  DBA_ROLE_PRIVS
  DBA_SYS_PRIVS
  DBA_TAB_PRIVS
  E.g
  SQL> select * from dba_tab_privs where grantee ='PUBLIC';

• Grants and Permissions

  Need to find out how to implement grants and permissions for a Page. Which module/responsibility/navigation path we have to select to set this

  Hi,
  could any one please answer to these queries.
  1.)what is the difference between normal grants and
  permissions & public grants and permissions?
  You may be granted Permissions to write or read from certain folder or to access or execute certain objects.
  A privilege granted to normal user (private) is only to that specified user. A grant to Public means every user in the database has access to it (for security, this is not recommended unless you know what you are doing)
  2.)what is the sql to find out public
  permissions/grants in databaseQuery the DBA_xxx_PRIVS views
  DBA_AQ_AGENT_PRIVS
  DBA_COL_PRIVS
  DBA_ROLE_PRIVS
  DBA_SYS_PRIVS
  DBA_TAB_PRIVS
  E.g
  SQL> select * from dba_tab_privs where grantee ='PUBLIC';

• Forms Authentication Error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed

  I created a custom security extension following the steps listed in the Readme_Security Extension Sample. It works fine if I login as the user that is specified AdminConfiguration section of the rsreportserver.config file but if I
  log in as another user, I get this error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.  I've added the user to both System Administrator
  and System User roles to try to get it to work but still no luck.
  Does anyone know how to fix this?
  Thanks.

  Hi MetronM,
  The issue is due to that user have no permission to access the report server. In report manager, Reporting Services includes predefined roles that we can assign to users and groups to provide immediate access to a report server. Each role defines a collection
  of related tasks.
  You can refer to the following steps to assign corresponding role to the user.
  Open report manager.
  Click “Folder Setting” button. 
  Click “New Role Assignment” icon.
  Type the user name and select the corresponding role.
  There is an article about Granting Permissions on a Native Mode Report Server, you can refer to it.
  http://technet.microsoft.com/en-us/library/ms156014.aspx
  Regards,
  Alisa Tang
  Alisa Tang
  TechNet Community Support

• GRANT to PUBLIC and REVOKE for USER

  Hi
  Is it possible to revoke grant for a particular user for which PUBLIC have access? I understand, the PUBLIC grant supersedes all ROLE level security, but I am just intrigued to know is there a way to revoke the grants from a particular user ( and still leave it for PUBLIC to access them?)
  I might sound funny - I am sorry, if I have asked a silly question.
  I am using Oracle 9.2.
  Warm Regards
  Guru

  hi
  there is no such question as silly
  please be clear that is public is a profile that a user is assigned or what?
  check the sites
  http://www.psoug.org/reference/roles.html
  http://www.dba-oracle.com/art_builder_security.htm

• Oracle users and revoking privileges

  Hello,
  To test out some error conditions in an application, I'd like to temporarily revoke a privilege on a table from a database user.
  I am trying to do that, logged into SQL*Plus as "sys" or "system", and running the command:
  REVOKE UPDATE ON USERX.TABLE_A FROM USERX;
  However, this is failing with the following message:
  ORA-01927: cannot REVOKE privileges you did not grant
  I've also tried logging into my server as oracle, typing "sqlplus /nolog" at the command line, then "connect internal as sysdba;" from the SQL*Plus prompt, and then running the REVOKE command, but that results in the same error message.
  So basically my question is: if neither the "sys" nor the "system" user is able to revoke the privilege from the "userx" user (because they did not specifically grant it), how would I determine which oracle user would be able to do this? Or how else would I go about revoking the privilege?
  I'm running Oracle8i Enterprise Edition Release 8.1.6.1.0 on Linux.
  Thanks for your help with this. I am not very familiar with Oracle DBA concepts.

  Hello,
  I am fully agree with Eric....Yes! a User created a table means...the User is OWNER of the table....and that means......the User is by default having the privilege of DML operations...i belive...OK
  And the privilege which you have not granted...then how could you revoke them...Whether it may b e SYS or SYSTEM or for that matter any User a/c.
  If you really want to restrict the restrict option on table owned by your User, then i can suggest to put a Schema Level Trigger on DML action. This will be fired when update in invoked on table by the user and there you can have your STOP mechanism.....BUT..this is not really suggested.
  Regards,
  Kamesh Rastogi
  Oracle - DBA