Grant any privilege, privilege
About 4 weeks ago i got some much appreciated assistance in setting up my environment so that a user could grant object privileges on objects in another user's schema. This solution required a function to be built in the schema which owned objects.
I just found the 'GRANT ANY PRIVILEGE' privilege. Anyone know when this came about (we're using 10g) and if there's any problem to granting this?
We have the init param 07_DICTIONARY_ACCESSIBILITY set to False. Will we be able to keep people of the SYS schema?
-cf
Let me specify, I was referring to the GRANT ANY OBJECT PRIVILEGE above, although I do see the GRANT ANY PRIVILEGE out there as well.
-cf
Similar Messages
-
Granting any privilege system privilege....in Ora10g
Hi,
In order to be given to a user -Info_bi let's name him - the grant to select any table from user Info , This user (Info) must be given the system privilege "any privilege".... So :
connect sys/....@.... as sysdba;
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
Connected as SYS
SQL> GRANT ANY PRIVILEGE TO "INFO";
GRANT ANY PRIVILEGE TO "INFO"
ORA-00990:Privilege is missing or invalidWhat error do i do...????
Many thanks...
SimThere is.......!!!!
Read at :
Oracle® Database SQL Reference
10g Release 2 (10.2)
Part Number B14200-02
The Prerequisites section of the grant command....
I pasted there an extract of it...
To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege. Greetings,
Sim -
Granting table privileges on another users tables
Can anyone tell me what privilege needs to be granted to a user to be able to grant insert/update/select/delete/execute on another users tables/packages?
I had thought that 'grant any privilege' was the one to have... and - the user I am trying to use to grant the privileges on the other users schema has this however - I'm still getting : ORA-01031: insufficient privileges when trying to run the grants.
Any ideas what I'm doing wrong here?Ok... well...
The 'with grant' option doesn't appear to be the issue.
The user attempting to perform the grants:
i.e. GRANT SELECT ON user_2.table_1 TO view_role
has the 'grant any object privilege' and - that seems to be enough. When I run the statement above as a simply as typed - it works fine.
However - what I'm actually doing is concatenating that together in a string and running (from a package created by/as user_1) and doing an execute immediate...
i.e.
l_sql := 'GRANT ' || l_rec.privilege || ' ON ' || l_rec.owner || '.' || l_rec.table_name || ' TO ' || p_role;
EXECUTE IMMEDIATE l_sql;
And - it's this that's giving me the insufficient privileges...
I do not have invokers rights set on the package - so that shouldn't be an issue. And - I can't find any documented restriction on doing this (and - in fact - it works fine if I create the package as user_2 and run it as user_2 - the owner of the objects).
I'm at a loss. -
I want to grant select privileges on all tables and views belonging to database xyz to the user abc.
What's the best way to do that?
Message was edited by: Diarmuid - 11/07/07
user580522I beg to differ. Of course OP can try to 'GRANT SELECT ANY TABLE'. It's just a matter of his own privileges if he succeeds or not.
To OP: Reading about GRANT might help:
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#i2077938
Note this part from the docs:
To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege. -
How to revoked 'ANY' privileges being granted to user or role
Hi all,
I need to be revoked all 'ANY' privileges that have been granted to all non-DBA user or Role in the database.
To achieve this what i assume is
1> i need to find out Role as well all user who are non-DBA
2> For all non-DBA user i need to find out and revoked 'ANY' privileges if they would have.
Here i need some information about all tables related to privilieges and non-DBA users
The below are some example as a reference.
USER Privileges
CTXADMIN SELECT ANY TABLE
PUBLIC MERGE ANY VIEW
LAXORA ANALYZE ANY
EXECUTE ANY PROCEDURE
GRANT ANY ROLE
INSERT ANY TABLE
SELECT ANY TABLE
LAX_NEW ANALYZE ANY
CREATE ANY TABLE
DELETE ANY TABLE
DROP ANY TABLE
INSERT ANY TABLE
SELECT ANY TABLE
USER_NEW SELECT ANY TABLE
Thank n reagrds
LaxmanHi,
LAX_ORA wrote:
Hi all,
I need to be revoked all 'ANY' privileges that have been granted to all non-DBA user or Role in the database.
To achieve this what i assume is
1> i need to find out Role as well all user who are non-DBA
2> For all non-DBA user i need to find out and revoked 'ANY' privileges if they would have.
Here i need some information about all tables related to privilieges and non-DBA users
The below are some example as a reference.
USER Privileges
CTXADMIN SELECT ANY TABLE
PUBLIC MERGE ANY VIEW
LAXORA ANALYZE ANY
EXECUTE ANY PROCEDURE
GRANT ANY ROLE
INSERT ANY TABLE
SELECT ANY TABLE
LAX_NEW ANALYZE ANY
CREATE ANY TABLE
DELETE ANY TABLE
DROP ANY TABLE
INSERT ANY TABLE
SELECT ANY TABLE
USER_NEW SELECT ANY TABLE
Thank n reagrds
LaxmanYou can fiind out all the users and roles who have been granted system privileges by querying dba_sys_privs.
For example:
SELECT grantee
, privilege
FROM dba_sys_privs
WHERE privilege LIKE '% ANY %'
;The grantee column includes users and roles together.
If you want to find which users have the dba role, then query dba_role_privs. -
Grant sequence privilege issue
Hi,
OS is windows server 2008
Database oracle 11g r2
i have created a schema with name SME having DBA privilege from SME i have created another user SME_USER using the same tablespace of SME with limited privileges. The sequence was created in SME user. I am accessing the tables from SME schema. I have given insert privilege to one of the table in SME to SME_USER,but while insertiing we are using the sequnece with name IPSRNO from SME schema. Now when i tried to insert value inot the table from SME_USER its giving me the output "Sequence does not exist". I have given the grant select privilege for sequence IPSRNO.
Please guide me on this issue.
Regards,
BobbySee Using Synonyms in DML Statements in the DBA guide
http://docs.oracle.com/cd/B28359_01/server.111/b28310/views003.htm
>
You can successfully use any private synonym contained in your schema or any public synonym, assuming that you have the necessary privileges to access the underlying object, either explicitly, from an enabled role, or from PUBLIC. You can also reference any private synonym contained in another schema if you have been granted the necessary object privileges for the underlying object.
You can reference another user's synonym using only the object privileges that you have been granted. For example, if you have only the SELECT privilege on the jward.emp table, and the synonym jward.employee is created for jward.emp, you can query the jward.employee synonym, but you cannot insert rows using the jward.employee synonym.
A synonym can be referenced in a DML statement the same way that the underlying object of the synonym can be referenced. For example, if a synonym named employee refers to a table or view, then the following statement is valid:
INSERT INTO employee (empno, ename, job)
VALUES (emp_sequence.NEXTVAL, 'SMITH', 'CLERK');
If the synonym named fire_emp refers to a standalone procedure or package procedure, then you could execute it with the command
EXECUTE Fire_emp(7344); -
Bug: Grant/Revoke Privileges (11.1.0.5.10 Beta)
Started getting this when attempting to change Privileges on a proc:
"Could not launch the Grant/Revoke Privileges dialog:
Value was either too large or too small for an Int32."
This is happening consistently on one database but not on another.
JohnI am also seeing this bug. When I right click on anything in the Server Explorer under my ODP based connection, I get this same message. It happens when I right click on any table icon and select "Privileges..."
-Valkyrie-MT -
GRANT (Schema Privileges) statement
Good day!
Is it possible to access a table in system/manager by granting TYRES privileges?
Grant select on EMPLOYEE_MSTR to tyres.
Tyres is another user. I wanted to access all the tables stored in SYSTEM/MANAGER when I logged in as TYRES/TYRES. I am using ORACLE 8 and I haven't use this since.
Any help is appreciated.
Thanks!First of all: you are in the wrong forum (try the database forum).
Then: Yes this is possible, but I strongly suggest that you place specific user objects (tables, etc) in the sys tablespace, and do not access the database as system when not necessary.
cu
Andreas -
Specify in exporting dump that it will not be able to have any privileges
Dears,,
I need to implement the below steps and need your help
1- export hr dump file from DB1 and keep in mind that this dump after importing to a new user , must be not able to have any privileges.
2- Connect to DB2 and create user hr_test
3- If SYSTEM or SYS user try to grant hr_test some or any privileges , this step must be not implemented.
4- imp the dump to hr_test
How to do this ?? Can this step done by enabling and specifying something while exporting the dump or how can i make this ??
Many thanks for your advance*Oracle DBA* wrote:
Dears,,
I need to implement the below steps and need your help
1- export hr dump file from DB1 and keep in mind that this dump after importing to a new user , must be not able to have any privileges.
2- Connect to DB2 and create user hr_test
3- If SYSTEM or SYS user try to grant hr_test some or any privileges , this step must be not implemented.
4- imp the dump to hr_test
How to do this ?? Can this step done by enabling and specifying something while exporting the dump or how can i make this ??
Many thanks for your advanceWhat i feel is you can inport the data into a tablespace which is then made read only so that it couldn be modified by others. I dono whether i am correct. -
Need to grant DML privileges to all tables in few schemas
Hi,
I need to grant DML privileges to all tables in few schemas to a role. How can I achieve that?
I thought it's below syntax but it doesn't work. Please advice.
grant ALL ON ALL TABLES IN SCHEMA <Schema_name> TO <role_name>;Thanks,
GangadharGR wrote:
Hi,
I need to grant DML privileges to all tables in few schemas to a role. How can I achieve that?
I thought it's below syntax but it doesn't work. Please advice.
grant ALL ON ALL TABLES IN SCHEMA <Schema_name> TO <role_name>;
There is no single command to grant privileges at that level. There are either ANY privileges or privileges on an object.
You can write a bit of code to generate and execute what you want, but you would have to rerun it if any new tables were created. -
Find users with grant all privileges
Hello,
I am trying to figure out how to query for all users who might have grant all privileges.
Any ideas or scripts?
thanksHi,
Please check this out,
http://www.petefinnigan.com/tools.htm
There are a lot of good scripts, maybe one of them can show what you are looking for.
Cheers,
Marcello M. -
Grant select privilege to specific columns on a table to user in Oracle 9i
Can anyone tell me how to grant select privilege to a user for specific columns in a table?
I have tried the following statement
GRANT SELECT (EMP_ID) ON EMP TO USER1
But it's not working and I am getting this error "Missing ON Keyword".
Please anyone tell me how to grant select privilege for specific columns.
Edited by: 899045 on Nov 24, 2011 7:03 AM899045 wrote:
Can anyone tell me how to grant select privilege to a user for specific columns in a table?
I have tried the following statement
GRANT SELECT (EMP_ID) ON EMP TO USER1
But it's not working and I am getting this error "Missing ON Keyword".
Please anyone tell me how to grant select privilege for specific columns.
Edited by: 899045 on Nov 24, 2011 7:03 AMFrom the 9.2 SQL Reference manual, found at tahiti.oracle.com (http://docs.oracle.com/cd/B10501_01/server.920/a96540/statements_912a.htm#2062456)
*"You can specify columns only when granting the INSERT, REFERENCES, or UPDATE privilege. "* -
Granting object privileges to remote users.
Hello,
Here's the situation:
I have 2 databases located on 2 different servers both running Win2k3. In the first database the main schema is M1 and it has to read objects on the another schema M2, located on the second database.
I created a database link on the first database, to point to the second database
create database link connect2M2db connect to M2 identified by M2 using 'connect2M2db'Now I would like to grant object privileges(insert,update,delete) to M1 on M2' objects. Can anyone tell me how to do that?
Thanks in advance.I didn't put the whole thing, (my bad) but your reply was helpful. As I said before, I have 2 dbs, on 2 differents servers. I created the dblink on the first server. I also created synonyms on the first server using the following syntax:
"create or replace synonym syn_name for user2.table" which from the link you provided me, is wrong as I didn't append the dblink name.
After that, I would like to grant object privileges to user1, by executing the command from server2. For doing that, is the following syntax correct: "grant select on table_name to user1". My issue is that user1 does not exist on server2. Should I rather use the following: "grant select on table_name@dblink to user1"? -
JMS grant queue privileges problem
I have two test users set up in different schemas. They each have their own identical queue tables and queues in their own schemas.
One of the users cannot seem to grant queue privileges to the main schema owner. The error is as follows:
Eception: oracle.jms.AQjmsException: JMS-122: Internal error payload object type must be specified
at oracle.jms.AQjmsDestinatio.grantQueuePrivilege(AQjmsDestination.java:406)
at src.AQSetup.jmsInitializeQueue(AQSetup.java:246)
the offending code is as follows:
cq_conn = AQjmsQueueConnectionFactory.createQueueConnection(p_conn);
// create queue session
commQSession = cq_conn.createQueueSession(true, Session.AUTO_ACKNOWLEDGE);
// AUTO_ACKNOWLEDGE
try
cQTable = ((AQjmsSession)commQSession).getQueueTable(userID, QueueTableName);
catch (AQjmsException e)
cQTable = createJMSQueueTable(commQSession, userID, QueueTableName);
try
cQueue = ((AQjmsSession)commQSession).getQueue(userID, QueueName);
catch (AQjmsException e)
cQueue = createJMSQueue(commQSession, cQTable, QueueName);
((AQjmsDestination)cQueue).grantQueuePrivilege(commQSession, "ENQUEUE", "icowner",false);
with the error coming from the last line and the referenced table and queue definition code as folows:
private AQQueueTable createJMSQueueTable(QueueSession q_sess, String userID, String q_tableName) {
try {
AQQueueTableProperty qtable_prop = null;
AQQueueTable cq_table = null;
// Create an AQQueueTableProperty object (payload type - BYTES):
qtable_prop = new AQQueueTableProperty("SYS.AQ$_JMS_TEXT_MESSAGE");
// Create a queue table called command_table in user schema:
cq_table = ((AQjmsSession)q_sess).createQueueTable(userID, q_tableName, qtable_prop);
return cq_table;
} catch (Exception ex) {
return null;
private Queue createJMSQueue(QueueSession q_sess, AQQueueTable q_table, String q_name) {
try {
AQjmsDestinationProperty dest_prop = null;
Queue lq_queue = null;
dest_prop = new AQjmsDestinationProperty();
// create a queue
lq_queue = ((AQjmsSession)q_sess).createQueue(q_table, q_name, dest_prop);
return lq_queue;
} catch (Exception ex) {
return null;
both users seem to have the same privileges.
Can you tell me if it is an error in my code and what that is?
- Ken
nullMight be a bug.
Do you get the error when
createQueue is followed by grantQueuePrivilege OT
getQueue is followed by grantQueuePrivilege.
null -
How to grant view privilege for Instant Portal to public users?
How to grant view privilege for Instant Portal to public users?
Oracle Instant Portal was designed to offer secure access to company and departmental information, and it isn't currently possible to make instant portal pages public.
Maybe you are looking for
-
Hi, i have recently purchased an i-phone 4s and had been merrily playing away and set up an i cloud account. However when i tried to access i cloud from my pc i couldn't verify it. I had to change my apple id because i no longer had access to my ol
-
Mm02 - Sales text view update?
Hi Friends, I am working on the material master change (i.e MM02 transaction) and I need to upload Material master u2013sales text view and purchase order text view and all other additional data views. I have updated one material in recording mode (i
-
OC4J 10.1.3.2 oc4jclient.jar makes permission problems in signed applets
A signed applet on WINDOWS 2000 with JRE 1.5_10 or 1.5_12 plugin in a IE6 browser, which talks to Session beans on a SUN 5.9 OC4J 10.1.3.2 server has no permissions with this library : example: at XXX.initContext(BeanFactory.java:69)... // 69: contex
-
Regarding message error in bap webdynpro
hai friends i am new to abap webdynpro i have doubt that , i palced the table ui element in the view if that table is not initial i have to give error message, is it same way as normal abap in the view the ui element id name of table is TABLE1 can wr
-
Has anyone noticed that most of their reminders were deleted around October 5th, 2014?
I am extremely distressed that 90% of my reminders disappeared this week. I have been an avid user of reminders for years and literally hundreds of my reminders simply disappeared this week. Everything was fine at the beginning of October 2014 but