Grant execute to all procedure to a user / public

hey!
simple question:
how can i gran execute on all the procedures belong to a given user - for another user (or to public)?
should i use a roll or can i do it without it?
thanks
yair

I'm thinking that I read in 11G there was a new utility that allows you to grant all from one schema to another, but why in the world would anyone want to do that? (okay... no answer required on that one)
Sounds like you might have to write some dynamic SQL.
For tables and views, you will need to grant all on the object to the other schema.
For packages and procedures, you can grant execute to them.
Or, another option would be (arg... I hate to suggest this), grant a select any table, delete any table, insert any table, execute any procedure, etc... to the user.
This is really bad, and I don't recommend this, only noting that it is an option. If this is just for some kind of temporary purpose (e.g., testing), then this might be acceptable, however, revoke these privileges immediately.
The better option is to write dynamic SQL and grant directly to the other schema owner. You may run into problems with views and procedures if you use a role which is why I would recommend granting directly to the user. I've also run into problems with GLOBAL_LEXARs and things related to Oracle text when granting via roles.
But now, I have to still wonder why you would not just grant the necessary privileges that the other schema needs rather than granting everything?
Ji Li

Similar Messages

Grant execute to all custom stored procedures, not quite working

I would like to grant execute permissions on all custom stored procedures to a group and have tried using this:
USE myDB
select 'GRANT EXECUTE ON ['+name+'] TO [mydomain\mydb] ' from sys.objects where type ='P' and is_ms_shipped = 0
It seems to execute without error, I see the full list of stored procedures I've created listed like this:
GRANT EXECUTE ON [procUserInsert] TO [mydomain\mydb]
However the stored procedure I added earlier, which didn't have any explicit rights set for it, does not show that the execute permission has been granted. Other stored procedures, where I had already granted execute to the group, remain as they were (which
is expected). I'm viewing permissions via ssms, selecting the new stored procedure, then properties, permissions. If the grant failed there ought to be an error message...I don't get it. This is sql server 2005.

It seems like you were only printing the statement (SELECT), but it is unclear if you executed them.
You could try granting EXECUTE permission at either the DB scope or SCHEMA scope. That would grant EXECUTE on all modules (i.e. SPs, UDFs, etc.) at the chosen scope, including modules created in the future. For example:
-- Grant EXECUTE permission on all DB
GRANT EXECUTE TO [myDomain\mydbGroup1]
go
-- Grant EXECUTE permission on schema mySchema
GRANT EXECUTE ON SCHEMA::[mySchema] TO [myDomain\mydbGroup2]
go
I hope this helps.
BTW. The way you were creating the dynamic SQL for granting permissions to SPs individually is subject to 2nd order injection attacks. You should use quotename(name) in order to escape object names.
-Raul Garcia
SQL Server Security
This posting is provided "AS IS" with no warranties, and confers no rights.

Grant execute on stored procedure

I'm trying to allow the "help desk" people to connect via a special database account and execute a procedure to reset or unlock a users's password or account. I've created two stored procedures as user1 and have granted EXECUTE on user1.unlockaccount. Within the procedure I have an IF statement that basically says if the username is IN the following ('SYS','SYSTEM', ect.) then dbms_output.put_line ('not_allowed'). The ELSE is 'execute immediate 'alter user '||pUserName||' identified by '||pPassWord||' account unlock';
Then an exception when others statement to output the 'error: '||sqlerrm
The procedure compiles fine and I can execute it without error as 'user1' but when I GRANT EXECUTE ON USER1.UNLOCKACCOUNT TO USER2 and try to 'execute user1.unlockaccout ('username'); I get insufficient privileges.
I've also switched to SYS and "GRANT EXECUTE ON USER1.UNLOCKACCOUNT TO USER2;" but I still get the same insufficient privs error. If I don't 'set serveroutput on;' I don't see the error message, but it still fails.
Actually, one correction. I'm getting insufficient privs as user1 as well. user1 can unlock a user's account and reset a password outside of the procedure but I'm getting insufficient privs when executing the procedure.
Edited by: wolfeet on Jun 8, 2011 8:49 PM

Hi,
wolfeet wrote:
Granting ALTER USER directly to the user defeats the whole purpose. I want to allow this user to reset user passwords and unlock user passwords but I don't want the user to be able to reset passwords for dba accounts, sys, system, yada yada. I was hoping I could do this via GRANT EXECUTE on a stored procedure.Solomon said to grant ALTER USER directly to user1, the owner of the procedure, who already has this privilege via a role.
User2, who will run the procedure, needs only EXECUTE privileges on the procedures. User2 will not need the ALTER USER privilege.

Grant execute permission to stord proc for user setup on inital DB server creation

When I setup my SQL Azure DB it asked for me to create a login, which I did. Now I need to give that users execute permission on some stored proc but when I run
GRANT EXECUTE ON ELMAH_GetErrorsXml TO MyUser;
I get the error
Cannot find the user 'MyUser', because it does not exist or you do not have permission.
If I look under Security -> Users I do not see my user listed I only see dbo, quest, INFORMATION_SCHEMA, and sys.

Hi,
Please refer these links for more details.
http://azure.microsoft.com/en-us/documentation/articles/sql-database-get-started/
http://msdn.microsoft.com/en-us/library/ms187965.aspx
http://msdn.microsoft.com/en-us/library/ms173463%28v=SQL.100%29.aspx
Girish Prajwal

Grants on Function and Procedure for Network user

Hi all,
On my computer (user1), i created one function ( fun1 ). In the network, another user(user2) is there. I want to give execute or alter privilege on this function to user2. I created TNS name for user2 in my TNSNAMES.ORA.
what is the statement for this.
Thanks in advance,
Pal

I'm not sure I follow...
- You create TNS aliases for databases, not for users.
- A function can only be executed by a user connected to the database.
If you have databases A & B, you can create a database link between them. If user1 is a user on database A that owns a function, and user2 is a user on database B, you could create a new user, user3 in database A, create a database link from B to A that connects to A as user3, grant user3 in database A access to user1's function, and grant user2 in database B access to the database link.
Justin

Grant execute to newly created user upon user creation

Hi
I have a procedure test in schema of user1.
I have to grant exec on this procedure to the new user upon creation of the new user.
like upon
create user USER1 identified by ....
then USER1 should be able to execute user1.test after that
in short every user created should have grant to execute this procedure.
Please suggest.
Thanks in Advance

Hello, if you have a procedure in the schema of user1 then the user is user1, i.e., you cannot be creating a new user if user1 if user1 owns the test procedure.
To grant execute for a user on a procedure, just run:
GRANT EXECUTE ON user1.TEST TO <new_user>;If you want to allow every user to execute this procedure then run something like:
BEGIN
FOR cur_rec IN (SELECT username FROM ALL_USERS WHERE username NOT IN ('SYS','SYSTEM'))
 LOOP
 EXECUTE IMMEDIATE 'GRANT EXECUTE ON user1.test TO ' || cur_rec.username;
 END LOOP;
END;
/And that will grant execute on the procedure for all users.

Grant execute any function or package

Hi,
Does the below command give execute priviliges on functions and packages too ?
grant execute any procedure to <user>;
When i give same for fucntion it gives following error,
SQL> grant execute any function to user2;
grant execute any function to user2
ERROR at line 1:
ORA-00990: missing or invalid privilege
Thanks.

EXECUTE ANY PROCEDURE grants permission to all procedures and all functions, whether stand alone or packaged.
Hopefully, you're well aware of this, but the various ANY privileges, like EXECUTE ANY PROCEDURE, are exceptionally powerful. You want to be very cautious about granting those privileges because they can introduce a number of security holes.
Justin

Unique Constraint error while executing statspack.snap procedure

The following is the error which popped up when i was trying to execute statspack.snap procedure from perfstat user:
ORA-00001: unique constraint (PERFSTAT.STATS$LATCH_CHILDREN_PK) violated
ORA-06512: at "PERFSTAT.STATSPACK", line 1619
ORA-06512: at "PERFSTAT.STATSPACK", line 71
ORA-06512: at line 1
How could i resolve such a problem, as all the constraints and objects for this user are created while running the oracle supplied script 'spcreate.sql'.
If any 1 knows how to handle such a situation , can come forward n please help me out.

SQL> execute statspack.snap (i_snap_level=>10);
ERROR at line 1:
ORA-00001: unique constraint (PERFSTAT.STATS$LATCH_CHILDREN_PK) violated
ORA-06512: at "PERFSTAT.STATSPACK", line 1619
ORA-06512: at "PERFSTAT.STATSPACK", line 71
ORA-06512: at line 1
Cause
-- Its because of the bug # 2384758.
"STATSPACK.SNAP GIVES ORA-1 ON STATS$LATCH_CHILDREN_PK WHEN I_SNAP_LEVEL=>10"
-- The STATS$LATCH_CHILDREN table has a primary key constraint on (snap_id, dbid, instance_number, latch#, child#).
Fix
-- This is fixed in 9.0.2 and will not be backported to earlier versions because the level 10 is not a normal level to be setting unless requested by oracle support.

Privilege to execute a stored procedure

Hi,
I have developped a Portal Application which is attached to the
same schema that the data. I have a stored procedure in that
schema, but when i try to execute it in a form trigger using the
insert button and additional PL/SQL, an error occurs and telle
me that privileges: are insufficient to do that. By the way, i
was logged using portal30 and I have granted the execute
statement of the proceure to portal30.
Any Ideas will be very helpfull.
Thanks

Lahiani
Alright, I'll have a crack at it.
If I understand your question, you have:
1. a data-owning schema with a procedure;
2. a portal application addressing that data;
3. granted execute on the <schema>.<procedure> to portal30;
But you can't execute the procedure from the application.
My first question is: which schema does your portal application belong to? ie. when you run your application it will operate in the database as a schema user you have chosen when you created the application. You must grant execute on the procedure to this application schema.
Now maybe portal30 owns the application, in which case what you've done should work.
However, once you have verified which schema your application operates as, then you should login to sql*plus as that schema and attempt to execute the procedure.
ie. execute <schema>.<procedure>
What is the result when you try that? Let us know how you go, and write out the results as clearly as you can. If you still get an error please paste it in.
Greg

How to GRANT SELECT on all the tables in 1 go?

Hi
I have many tables (close to 200) in my Schema. I want to grant SELECT ON ALL TABLES to another user. How do I achieve this in one go?
Thanking you in advance,
...

Although Justin has given a wonderful answer. You might also review the following threads;
Grant select on a schema
Re: Grant select on a schema
grant select on
grant select on
grant select on tables
Re: grant select on tables
Adith

GRANT SELECT ON ALL TABLES

Is there a direct SQL to grant select on all tables in the schema for a user? Or do we need to write a PLSQL for this?
Also, if a new table T1 is created or existing table T2 is dropped and recreated after granting the select all privilege, will the user have access to T1 and T2?
thanks

Is there a direct SQL to grant select on all tables
in the schema for a user? Or do we need to write a
PLSQL for this?There is no privilege that would give user A access to all the tables in schema B. You would need to grant access to each object, which can certainly be done via dynamic SQL in PL/SQL.
There is a privilege SELECT ANY TABLE which allows the user to query any table in the system, but this is generally very dangerous and probably not something you would want to give a normal user.
Also, if a new table T1 is created or existing table
T2 is dropped and recreated after granting the select
all privilege, will the user have access to T1 and
T2?Unless you grant SELECT ANY TABLE, you would need to explicitly grant A access to any new tables created in schema B (or to tables after they are dropped and re-created). Potentially, you could create a DDL trigger that submitted a job that would, in turn, make the grant whenever a new table was created in schema B.
Justin

Does GRANT CREATE ANY PROCEDURE auto grants EXECUTE on created obj to user?

I have a User ABC which has GRANT CREATE ANY PROCEDURE on schema XYZ. Now, I create a new Function in schema XYZ using my ID ABC named "func123". My question is, would my User ID ABC being creator of func123 be able to EXECUTE it by default ???
Note: ID ABC has not been explicitly given GRANT EXECUTE on this func123 function, neither it has GRANT EXECUTE ANY PROCEDURE on schema XYZ.
Thanks in advance.

There is no such thing as 'create any procedure on schema xyz'. When an user has create any procedure, he can create a procedure in any schema, including SYS.
You have an unprotected and unsecured database by granting this powerful privilege to multiple users.
Also when you create a procedure in a different schema, that schema becomes the owner, not the user creating it.
Kindly brush up your basics and (re)read documentation.
Sybrand Bakker
Senior Oracle DBA

GRANT EXECUTE ON SCHEMA.PACKAGE.PROCEDURE TO USER

Hi,
GRANT EXECUTE ON SCHEMA.PACKAGE.PROCEDURE TO USER
returns:
ORA-00905, do you know why? Can I grant privileges on procedure inside package?
thanks

As per my knowledge of oracle, we cannot grant privileges on procedure inside a package.
 
Raj 
www.oraclebrains.com<a>
 POWERED by the people, to the people and for the people WHERE ORACLE IS PASSION.
 
Sorry Leonardo Horikian & Kamal Kishore, I was late and didn't know that you guys have already posted the answer.
Message was edited by:
rajs

Unable to Grant execute permissoin for all Stored Procedures.

Hi,
We have a DB called ABC, which has two schema of it ABC_DEV and ABCR1.
there are 2 login users (userdev for ABC_DEV) and (userR1 for ABCR1).
I careated a package and some stored procedure with userR1 for schema ABCR1.
Now I want these package and stored procedures to be available for execution for userdev.
How to do this usegin Oracle SQL Developer.
Thanks in Advance

Connect as ABCR1, or any other user that has GRANT EXECUTE privilege with the ADMIN option on the objects in the schema and select the object in the connections tab and right-click on it, select grant and then select the appropriate user and privilege.
Chris

Why doesn't the "grant execute any procedure" work?

Hi to all.
I want to grant the execute privilege for all SYS schema functions/procedures. To achieve it I do the following:
SQL> connect sys/*****@orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as SYS
SQL> create user test identified by test;
User created
SQL> grant create session to test;
Grant succeeded
SQL> grant execute any procedure to test;
Grant succeeded
According to the [http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm] the "grant execute any procedure" - grants Execute procedures or functions, either standalone or packaged.
So, the steps seem to be right. Then, I try to connect to the test user and execute any procedure from the SYS schema, for example, dbms_lock.sleep:
SQL> connect test/test@dizzy/orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as test
SQL> begin
2 sys.dbms_lock.sleep(1);
3 end;
4 /
begin
sys.dbms_lock.sleep(1);
end;
ORA-06550: line 3, column 1:
PLS-00201: identifier 'SYS.DBMS_LOCK' must be declared
ORA-06550: line 3, column 1:
PL/SQL: Statement ignored
So, the execution fails due to insufficient rights. However, the direct grant on the sys.dbms_lock works!
SQL> connect sys/*****@dizzy/orcl as sysdba
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as SYS
SQL> grant execute on dbms_lock; to test;
grant execute on dbms_lock; to test
ORA-00911: invalid character
SQL> grant execute on dbms_lock to test;
Grant succeeded
SQL> connect test/test@dizzy/orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as test
SQL> begin
2 sys.dbms_lock.sleep(1);
3 end;
4 /
PL/SQL procedure successfully completed
So, to be sure that the grant on any procedure from the definite scheme is given, should I avoid giving the execute any procedure grant?
P.S. Is there any special tag for code?
Thanks in advance.

Sybrand, thank you for the reply.
You are right. I tried to connect by another user NOT SYS and created the function:
SQL> create user testic identified by i;
User created
SQL> grant create session, execute any procedure to testic;
Grant succeeded
SQL> create or replace function get1 return number is
2 begin
3 return 1;
4 end;
5 /
Function created
SQL> connect testic/i@orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as testic
SQL> select get1 from dual;
select get1 from dual
ORA-00904: "GET1": invalid identifier
SQL> select kaisa_rgali.get1 from dual;
      GET1
         1Thank you for the tag. This's exactly what I asked about.
Finally, I tried t open the hyperlink http://download.oracle.com/docgs/cd/B10501_01/server.920/a96521/privs.htm but it failed.

Grant execute to all procedure to a user / public

Similar Messages

Maybe you are looking for