Grant option to direcotry
Hi All,
Good Morning...
i gave the grant read,write operation to my direcotry and i checked the all_tab_privs table... the grantable column for both read, write privilege are NO.
is it automatically updated while give the grant permission or we have to update the same...?
-GG
What is your problem?
You said "the grantable column for both read, write privilege are NO."
This means the user has the right to read and write but not the right to grant this rights to other users. You never specified what the user should be allowed to do.
Similar Messages
-
Hello,
Which table holds information about roles and privileges assigned to users with grant option? For e.g. DBA_ROLE_PRIVS and DBA_SYS_PRIVS gives information about WITH ADMIN option. Similarly I am looking for tables that would give me information about with grant option.
Thanks
RAll these tablese have a GRANTABLE column that is TRUE when the privilege has been granted "WITH GRANT OPTION":
ALL_COL_PRIVS
ALL_COL_PRIVS_MADE
ALL_COL_PRIVS_RECD
ALL_TAB_PRIVS
ALL_TAB_PRIVS_MADE
ALL_TAB_PRIVS_RECD
DBA_COL_PRIVS
DBA_TAB_PRIVS
ROLE_TAB_PRIVS
USER_COL_PRIVS
USER_COL_PRIVS_MADE
USER_COL_PRIVS_RECD
USER_TAB_PRIVS
USER_TAB_PRIVS_MADE
USER_TAB_PRIVS_RECD
Max
http://oracleitalia.wordpress.com -
Not showing users on "Add Grant" option
First of all, sorry for my pour english.
I'm trying to do some exercices with EM Cloud Control 12c. One is:
b. Specify who can share, edit or even delete this shared credential using one of the three
privileges (Full, Edit, View).
• SYS user with Full privilege will be able to use, edit and delete the credential.
• SYSTEM user with Edit privilege will be able to use and edit the credential.
1) Click “Add Grant” then select the user SYS to be added in the Access Control list.
2) Repeat this operation to add the user SYSTEM.
By default, the selected users are granted the View privilege only.
3) To grant Full privilege to SYS, select the SYS user and click “Change Privilege”.
Choose Full and click OK.
4) To grant Edit privilege to SYSTEM, select the SYSTEM user and click “Change
Privilege”. Choose Edit and click OK.
3. Test against the orcl database instance, click Test and Save until you get the following
message: Confirmation Credential Operation Successful. This means that the credential
was successful and saved.
When I try to add grant I can't see the users, like this:
https://dl.dropboxusercontent.com/u/23080098/erro_cloud_control_12c.jpg
Can someone help me with this?
Thanks in advance.
Regards
Vitor JrHi CourtneyLlamas. Thanks for your reply and again sorry for my english!
I'm trying to do some exercices from Oracle Database 12c: New Features for Administrators (D77758GC10) traininig, and the exercice says:
'Practice 1-3: Creating New Named Credentials
Overview
In this practice, you create the credorcl credential used for any connection as SYS user
sharable in the database instance orcl.
Assumptions
You completed the practice 1-2 to add the orcl database instance as a new target monitored
by Enterprise Manager Cloud Control.
Tasks
1. Navigate to Setup > Security > Named Credentials.
2. Click Create.
a. Enter the following values, then complete the Access Control section:
Field Choice or Value
General Properties
Credential Name credorcl
Credential description Credentials for Database
Authenticating Target Type Database Instance
Credential type Database Credentials
Scope Target
Target type Database Instance
Target Name orcl (Click the magnifying glass
to find orcl and select)
Credential Properties
Username SYS
Password oracle_4U
Confirm Password oracle_4U
Role SYSDBA
b. Specify who can share, edit or even delete this shared credential using one of the three
privileges (Full, Edit, View).
• SYS user with Full privilege will be able to use, edit and delete the credential.
• SYSTEM user with Edit privilege will be able to use and edit the credential.
1) Click “Add Grant” then select the user SYS to be added in the Access Control list.
2) Repeat this operation to add the user SYSTEM.
By default, the selected users are granted the View privilege only.
3) To grant Full privilege to SYS, select the SYS user and click “Change Privilege”.
Choose Full and click OK'
4) To grant Edit privilege to SYSTEM, select the SYSTEM user and click “Change
Privilege”. Choose Edit and click OK.
3. Test against the orcl database instance, click Test and Save until you get the following
message: Confirmation Credential Operation Successful. This means that the credential
was successful and saved.'
I'm logged with SYSMAN account, like the exercice asks, and I'm trying to Add Grant to user SYS. The exercice is wrong? Am I doing something wrong?
Thanks in advance.
Regards
Vitor Jr -
I am trying to grant permission to one of the users to have full permission in another user. this is the error message I am getting:
SQL> GRANT select, insert, delete
2 ON PEST2003.CROP, PEST2003.IMAGE, PEST2003.INSECT,
3 PEST2003.PESTICIDE, PEST2003.REPORTER, PEST2003.REVIEW
4 TO AARYN;
ON PEST2003.CROP, PEST2003.IMAGE, PEST2003.INSECT,
ERROR at line 2:
ORA-00990: missing or invalid privilege
Any ideas, suggestion! help out please.You cannot grant privs to multiple objects at the same time. You must use a seperate statement for each object.
grant select, insert, delete on pest2003.crop;
grant select, insert, delete on pest2003.image; ... -
how can i grant multiple tables at time to a user.
Create a role. Grant the tables to this role. Then grant this role to the user(s).
null -
I have create a role TD_ADM and would like grant the object privileges such as select, insert, update etc... to TD_ADM role with admin option.
here is grant that i am trying to grant to TD_ADM.
grant select on foo.dept to td_adm with admin option;
i get the ora-00993 error missing grant keyword.
i know we can do for system grants with admin option, but can we do to object privileges?
Thanks....With Admin option:
Only for system privileges, not object privileges.
You can use With Grant option.
For review:
[http://www.dba-oracle.com/t_with_grant_admin_privileges.htm] -
ORA-01720 while trying to grant select on a view
Hi Friends,
Iam getting the following error while trying to grant select privilege for the view to SchemaB, i have the view in schemaA.
I have used the tables from both the schema for creating the view and iam getting the error on showing a particular table
ORA-01720: grant option does not exist for 'schemaB.Product'.
I have looked into so many forums but i couldn't find the answer for my question.
I must have to create the view in the Schema A only(strictly), as i seen in some forums stated that while creating the view in the other schema and granting the select privilege will solve the problem.But it was an exception to me ...
Tell me something how can i proceed in this .....grant select on t1 to seconduser with admin optionNo. WITH ADMIN OPTION applies to system privileges only. Object privileges need the WITH GRANT OPTION ...
SQL> grant select on joe_soap.some_table to apc with admin option
2 /
grant select on joe_soap.some_table to apc with admin option
ERROR at line 1:
ORA-00993: missing GRANT keyword
SQL> grant select any table to apc with admin option
2 /
Grant succeeded.
SQL> grant select on joe_soap.some_table to apc with grant option
2 /
Grant succeeded.
SQL> Cheers, APC -
Grant execute on javaclass is not working
I have successfully compiled a java class in schema two which provides a connection to an OEM data source. I subsequently compiled another java class, also in schema two, that uses the connection in the connection class and loads a temp table. Now, the connection class should really be in a different schema, so I recompiled it in schema one, changed the class name in schema two and then recompiled the one in schema two to essentially remove it from the picture.
When I tested my call specification to the second class, which loads the temporary table, I get an error, as expected because the connection class no longer exists in schema two.
On page 2-15 of the Java Developer's Guide 11g Release 1, it says:
You can provide other users the right to run your class in the following ways:
Using the loadjava -grant option:
Using the following command:
SQL> grant execute on myclass to scott;However, when using the second option (as the user of schema one where I just recompiled it), I get a message that the class does not exist. I have done everything I can think of to confirm that the name I have entered is correct including:
select dbms_java.shortname('long classname') from dual;Is this not really an acceptable way to grant execute privileges on a java source to another schema?
Thanks,
GregoryHi,
you can use quotation mark, because the grant internally transform your javaclass in uppercase.
So :
grant execute on "myclass" to scott ;
will succeed as
grant execute on myclass to scott ;
will not ;o)
regards,
Virgile CREVON
Edited by: user513154 on 12 juil. 2011 04:58 -
Dear all,
11.2.0.3 on Linux 6
SQL*Plus: Release 11.2.0.3.0 Production on Thu Apr 9 10:33:07 2015
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> grant execute,debug on sys.dbms_sql to system with grant option;
Grant succeeded.
SQL> Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[medh@proddb ~]$ sqlplus system/manager
SQL*Plus: Release 11.2.0.3.0 Production on Thu Apr 9 10:33:23 2015
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> grant execute,debug on sys.dbms_sql to applsys;
grant execute,debug on sys.dbms_sql to applsys
ERROR at line 1:
ORA-01031: insufficient privileges
Any idea why grants failingSee note 174753.1 on MOS.
Also cited here (privileges - How to grant execute on dbms_lock in Oracle? - Stack Overflow) , explains quite well on the sys / inheritance front. -
Script to create grants and synonyms for objects in database
Hello,
We are building a patch to be applied to the production environment. I want to create a script/sql query that builds a list of grants and synonyms for all the objects created after august 09.
for ex:
create or replace synonym abc for schema_name.abc;
Grant execute on abc to user_xyz;
How can I use Oracle's data dictionary to do this?
thankzHi,
You'll probably want to use these views:
user_objects - includes created (DATE) column.
user_synonyms
user_tab_privs - not just tables (e.g., includes EXECUTE privileges on functions).
Data dictionary views beginning with 'user_' cover objects owned by the current user only.
Almost all of the data dictionary views (and all of the three mentioned above) also have 'all_' and 'dba_' versions.
For example:
all_objects inculdes everything in user_objects, plus objects in other schemas on which the current user has privileges.
dba_objects include every object in the database. (Not everyone is allowed to see the dba_ views.)
Here's one of many possible ways to use these views:
SELECT 'GRANT '
|| privilege
|| ' ON "'
|| table_name
|| '" TO '
|| grantee
|| CASE
WHEN grantable = 'YES'
THEN ' WITH GRANT OPTION;'
ELSE ';'
END
FROM user_tab_privs
WHERE table_name IN ( -- Only interested in objects created after August 9
SELECT object_name
FROM all_objects
WHERE created >= TO_DATE ( '10-Aug-2009'
, 'DD-Mon-YYYY'
; -
Help me granting privilege on a view (!)
I have two schema A & B.In schema A I have table T_tb.Now I want to create view T_vw (select * from T_tb) on T_tb in schema B and I want some of my users having role R make a select on this view.
I tried this way..
CONN SYS
GRANT SELECT ON A.T_tb TO B;
CREATE OR REPLACE VIEW B.T_vw AS SELECT * FROM A.T_tb;
GRANT SELECT ON B.T_vw TO B WITH GRANT OPTION;
GRANT SELECT ON B.T_vw TO R;
GRANT R TO user1;
after that when I try to access view T_vw loged in as user1 I get..
ERROR at line 1:
ORA-01031: insufficient privileges
I apreciate any help towards resolving this issue.
Bye,
ADHopefully this will help you.....
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SQL> create user a identified by a;
User created.
SQL> create user b identified by b;
User created.
SQL> grant connect,resource to a;
Grant succeeded.
SQL> grant connect,resource to b;
Grant succeeded.
SQL> conn a@inftmark
Enter password: *
Connected.
SQL> create table test (roll number(3));
Table created.
SQL> grant select on test to b;
Grant succeeded.
SQL> conn b@inftmark
Enter password: *
Connected.
SQL> select * from a.test;
no rows selected
SQL> create view test_view as select * from a.test;
create view test_view as select * from a.test
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> conn sys@inftmark as sysdba
Enter password: ******
Connected.
SQL> grant create view to b;
Grant succeeded.
SQL> conn b@inftmark
Enter password: *
Connected.
SQL> create view test_view as select * from a.test;
View created.
SQL> -
Granting SELECT to user on VIEW with FULL OUTER JOIN fails?
I have a quandary.
Using Oracle 9i, I have created a simple view. When I perform a count on it, rows are returned.
However, when I grant SELECT access to another user, they can't see the VIEW. The VIEW has a FULL OUTER JOIN operation in it.
When I do the same thing using a regular join, it works.
Any ideas why, please?
SQL> conn ifsinfo/******@DB
Connected.
SQL> ed
Wrote file afiedt.buf
1 create view mctest3 as
2 select
3 vc.idcus ,
4 ci.customer_id
5 from
6 ifsapp.vmo_company vc
7 full outer join
8 ifsapp.customer_info ci
9 on
10* vc.custno = ci.customer_id
SQL> /
View created.
SQL> select count(*) from mctest3;
COUNT(*)
73994
SQL> GRANT SELECT ON MCTEST3 TO IFSAPP WITH GRANT OPTION;
Grant succeeded.
SQL> CONN IFSAPP/******@DB
Connected.
SQL> select count(*) from IFSINFO.MCTEST3;
select count(*) from IFSINFO.MCTEST3
ERROR at line 1:
ORA-00942: table or view does not existbut with regular join:
SQL> conn ifsinfo/******@DB
Connected.
SQL> create view mctest4 as
2 select
3 vc.idcus ,
4 ci.customer_id
5 from
6 ifsapp.vmo_company vc, ifsapp.customer_info ci
7 where vc.custno = ci.customer_id;
View created.
SQL> select count(*) from mctest4;
COUNT(*)
44269
SQL> GRANT SELECT ON MCTEST4 TO IFSAPP WITH GRANT OPTION;
Grant succeeded.
SQL> conn ifsapp/******@DB
Connected.
SQL> select count(*) from IFSINFO.MCTEST4;
COUNT(*)
44269Hi,
>>SQL> conn ifsinfo/******@DB
Connected.
SQL> ed
Wrote file afiedt.buf
1 create view mctest3 as
2 select
3 vc.idcus ,
4 ci.customer_id
5 from
6 ifsapp.vmo_company vc
7 full outer join
8 ifsapp.customer_info ci
9 on
10* vc.custno = ci.customer_id
SQL> /
According to Note:244315.1, it is not possible to make a FULL OUTER JOIN on views owned by another user at the 9i version of Oracle. As above, do not use FULL OUTER JOIN on views owned by another user. Try to use outer join operator (+), and/or UNIONS instead.
Cheers -
Missing grant with full export/full import.
We have the following problem which is unexplained:
Using Oracle 9.0.1.4 we full export a database and we import it in full mode in another database which is also running Oracle 9.0.1.4. The database has 1 application schema which owns a lot of PL/SQL object packages and triggers.
In the source database, all objects are valid and schema owner has SELECT privileges on V$SESSION and execute permission on DBMS_ALERT and DBMS_PIPE.
I cannot tell you if these privileges have been granted directly or with a role.
In the target database, package bodys and triggers using V$SESSION and DBMS_ALERT/DBMS_PIPE are invalid because schema owner has not the corresponding privileges.
Schema owner already existed in the target database. Is it normal than the corresponding privileges have not been imported ?
I cannot give you the exp/imp command lines but I'm sure full export/full import have been run (I've checked the import log).
Thanks.
Message was edited by:
Pierre ForstmannSee MetaLink Note:97902.1
When performing a full export of a database, both objects belonging to SYS and object privileges on SYS's objects (e.g. admin views such as DBA_SEGMENTS, etc.) are not exported.
To generate the missing privileges you can use the follwing script
Connect to the original database (the one full export was done from) as SYSTEM using sqlplus and run this script:
set hea off
set pagesize 0
set feedback off
spool objs_upg.sql
select 'grant '||privilege||' on '||owner||'.'||
table_name||' to '||grantee||' '||
decode(grantable,'YES','WITH Grant option')||';'
from dba_tab_privs
where owner = 'SYS'
select 'grant '||privilege||' ('||column_name||') '||
' on '||owner||'.'||table_name||' to '||grantee||' '||
decode(grantable,'YES','WITH Grant option')||';'
from dba_col_privs
where owner = 'SYS'
spool off -
Grant permission to all objects of a schema to apps user(Oracle 10g)
Dear Fiiends,
I would like to grant permission on all objects of a particular schema to apps user(Oracle 10g).How do I do it?
(ex)grant all on <schemaname>.<objectname> to apps with grant option.
This is the permission i want to give but i can't do it for all objects one by one so how do i do it in a single command.
Regards,
ArunYou can't do it in a single command. You have to give object-by-object privileges (you could grant something like SELECT ANY TABLE, but that applies to every schema in the database and is generally a rather bad idea). You can, however, use a bit of dynamic SQL to do the job, i.e.
FOR x IN (SELECT * FROM user_tables)
LOOP
EXECUTE IMMEDIATE 'GRANT ALL ON schema_name.' || x.table_name || ' TO apps WITH GRANT OPTION';
END LOOP;You can do the same with other object types, hit DBA_TABLES rather than USER_TABLES if you don't want to run this as the object owner, etc.
Justin -
Can some give me a script to do the following:
I have a schema name ABC and I want to give a user XYZ read access to all objects in the ABC schema. ie (TABLES, VIEWS. SWQUENCES etc)Hi,
user8822168 wrote:
Can anyone share some light on this
select 'grant select on '
|| owner
|| '."'
|| object_name
|| '" to ABC'
from ALL_objects
where object_type in ('TABLE','VIEW','SEQUENCE')
AND owner IN ('XYZ', 'PQR')
I run the above sql and it exeute without error and it shows that the grant was given to "ABC", but when I login as ABC I cannot see any of the objects that belongs to XYZ or PQR.
I did use XYZ.object_nameThat looks like the correct way to build a GRANT statement.
Post the complete procedure, including the EXECUTE IMMEDIATE statement that runs the statement built by the query above.
Please don't post unformatted code. Type these 6 characters:
(small letters only, inside curly brackets) before and after sections of formatted text, to preserve spacing.
Do I need some special previlege to grant select access to ALL ('TABLE','VIEW','SEQUENCE') at once As far as I can tell, you're not granting privileges on all objects at once; you're granting privileges on one object at a time (if at all; I haven't seen your EXECUTE IMMEDIATE statement). There may only be a couple of milliseconds between the GRANT statements, but each one is for only one object.
I even try to use one owner at a time by login as the schema owner but it did not work.Before XYZ can grant privileges on PQR's objects, PQR must grant the same privileges to XYZ WITH GRANT OPTION.
I suggest you not try to do this; instead, have XYZ run the procedure just to grant privileges on XYZ's objects, and have PQR run it to grant privileges on PQR's objects.
Maybe you are looking for
-
Converting a class object back to a .class file
Hi, How can i convert a class object back to a .class file ? Thanks
-
Flex & PHP - Insert Query in Php Service
I have a MySql DB with 2 tables: 1. category - categoryID / category / description 2. photos - photoID / categoryID / photodescription / photo And i have a service (CategoryService.php) automatically created by Flash Builder, but i cannot get the sec
-
I have created a playlist but now cannot edit the order as the 'click & drag/drop' wont work. Any suggestions?
-
How to register and unregister Mbean server when jvm is crashed.
Hi All, how to register and unregister Mbean server when jvm is crashed with specifying like internal error(xxxxxxxxxxxsome number) I am getting error NameAlreadyBindExcetion when i call the below method in my program, how to unregister and register
-
MPLS Design Best Practices for SP
When deploying a new MPLS backbone for a Service Provider, what will be consider the best practices in general? For example what about the following list and any other items: - Define the Internet as a VRF? - Use private ASNs? - Define a VRF per spec