Grant permission to a role.
Oracle 11g R2 Windows.
I have an oracle user, named user_1. User_1 needs to be able to grant select on a table owned by another user, User_2, to a role. I keep getting the error ORA-01031: insufficient privileges.
User_1 has the following system privileges:
ALTER ANY INDEX
ALTER ANY PROCEDURE
ALTER ANY ROLE
ALTER ANY SEQUENCE
ALTER ANY TABLE
ALTER ANY TRIGGER
ALTER USER
CREATE ANY INDEX
CREATE ANY PROCEDURE
CREATE ANY SEQUENCE
CREATE ANY TABLE
CREATE ANY TRIGGER
CREATE ANY TYPE
CREATE ANY VIEW
CREATE DATABASE LINK
CREATE SEQUENCE
CREATE SYNONYM
CREATE TABLE
CREATE USER
CREATE VIEW
DELETE ANY TABLE
DROP ANY INDEX
DROP ANY PROCEDURE
DROP ANY SEQUENCE
DROP ANY TABLE
DROP ANY TRIGGER
DROP ANY VIEW
EXECUTE ANY PROCEDURE
EXECUTE ANY TYPE
GRANT ANY PRIVILEGE
GRANT ANY ROLE
INSERT ANY TABLE
SELECT ANY DICTIONARY
SELECT ANY SEQUENCE
SELECT ANY TABLE
UNLIMITED TABLESPACE
UPDATE ANY TABLE
It has the following system roles:
CONNECT
DBA
RESOURCE
SELECT_CATALOG_ROLE
What permissions must User_1 have to allow it to grant select on a table in another schema to a role? Both SYS and SYSDBA can do it, but I don’t want to give such elevated permissions to User_1.
I have even granted SYSDBA to User_1 and I still get the ORA-01031 error!
Thanks,
Matthew
I believe you're looking for the GRANT ANY OBJECT PRIVILEGE privilege.
The ANY privileges are all very powerful privileges and they often create opportunities for crafty humans to do things that you might not have anticipated. They are generally frowned upon heavily in any sort of audit situation. I'd be very, very cautious about giving non-DBAs these privileges.
It would make much more sense to me, particularly when you appear to want to restrict things to a single schema, to have a DBA user create a stored procedure that does the actual grant (implementing whatever validations, logging, etc. are appropriate) and grant the user the privilege to execute this stored procedure.
Justin
Similar Messages
-
Grant Permission in BPEL Domain
I,
i need the execute the command to grant permission in domain BPEL:
java -Xbootclasspath/a:/home/oc4j/bpel/lib/orabpel-boot.jar -jar jazn.jar -shell -grantperm jazn.com -role BPMsoaAdminDomainAdmin com.collaxa.security.DomainPermission soaAdmin all
but i execute said that not found the 'chass java.lang.NoClassDefFoundError: com.evermind.security.UserManager', and i find this class in security-api.jar, but in't find this jar to download.
Thanks,
MestiDont see BPMsoaAdminDomainAdmin role in jazn. Anyhow u can create the user and assign the role from EM also along with the command line utility.
ApplicationServer > OC4J > SecurityProviders >InstanceLevelSecurity
Thanks -
Unexpected error while granting permission in site permission !
Hello,
While granting permission to user in site permission it throws unexpected error in IE while in chrome it works perfect !
Any idea ?
Thank you in advance !
Dipti ChhatrapatiHi Dipti,
I agreed with Scott, please check the log file to find more information based on the correlation ID.
More information about checking log based on correlation ID, please refer to the link:
http://mroffice365.com/2011/09/using-correlation-id-to-find-out-sharepoint-problem/
In addition, whether you used the same account when using the IE and Chrome.
Which version did you use for IE? Please try to use IE 10 32-bit, compare the result.
Make sure that account you used in IE have manage permission on the site.
Please add the site into IE Trusted Site, compare the result.
Best Regards,
Wendy
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Wendy Li
TechNet Community Support -
How add grant permission in java.policy
hi master
sir serch in my system
C:\Program Files\j2sdk_nb\j2sdk1.4.2\jre\lib\security
C:\Program Files\j2sdk_nb\_jvm\lib\security
C:\Program Files\Java\j2re1.4.1_03\lib\security
C:\Program Files\Java\jre1.5.0_10\lib\security
sir i have many java.policy file which one is default java.policy file
how i add the code
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
and this code
grant codeBase "C:\Program Files\j2sdk_nb\j2sdk1.4.2\jre\lib\security
permission java.security.AllPermission;
give me idea how i add my code in java.policy file of using the oracle database in applete
thank
aamirin the control panel see what runtime is used by ur applet, mostly the lastest one u installed.
C:\Program Files\Java\jre1.5.0_10\lib\security
in this folder grant permission for the codebase where ur database is located. -
How to revoke all grants given to a role
Hi,
I need a single sql query to revoke all grants given to a role. Dropping a role is not a option before me .
Can someone help me with the query:
Regds,
KunwarHi Pawan,
I used this query to find out the grants given to a role.
But i dont know PL/SQL. Can you help me with the pl/sql code ? :)
++++++++++++++++++++
select 'ROLE' typ,
grantee grantee,
granted_role priv,
admin_option ad,
'--' tabnm,
'--' colnm,
'--' owner
from dba_role_privs
where grantee='KUNDBO91_ALL'
union
select 'SYSTEM' typ,
grantee grantee,
privilege priv,
admin_option ad,
'--' tabnm,
'--' colnm,
'--' owner
from dba_sys_privs
where grantee='KUNDBO91_ALL'
union
select 'TABLE' typ,
grantee grantee,
privilege priv,
grantable ad,
table_name tabnm,
'--' colnm,
owner owner
from dba_tab_privs
where grantee='KUNDBO91_ALL'
union
select 'COLUMN' typ,
grantee grantee,
privilege priv,
grantable ad,
table_name tabnm,
column_name colnm,
owner owner
from dba_col_privs
where grantee='KUNDBO91_ALL'
order by 1;
++++++++++++++++++++ -
Grant permission through dynamic parameters entered by user through web app
This is my code.
f1=request.getParameter("URL");
out.println("parameter f1 ===>"+f1);//user name
f2=request.getParameter("URL1");
out.println("parameter f2 ===>"+f2);//table name
f3=request.getParameter("URL2");
out.println("parameter f3 ===>"+f3);//privilege name
sql="GRANT f3 to \"" + f1 + "\""+"on \""+f2+"\"";
st= con.createStatement();
st.execute(sql);
out.println("grant succeeded");
it is giving error that invalid SQL query.please help in writing this code.Any other method for giving dynamic SQL query for granting permission.Welcome to the forum!
>
Any other method for giving dynamic SQL query for granting permission.
>
You should NOT be using dynamic SQL for issuing grants. Security is something that should be taken seriously and grants should ONLY be given to users that need the permission. The necessary grants should be created and reviewed BEFORE they are executed.
Best practices are to create scripts containing your DDL and place those scripts in a version control system.
The scripts can then be executed in sql*plus, sql developer or another tool and the results reviewed to ensure that they executed properly.
If dynamic SQL is needed you:
1. create a sql statement manually and test it to make sure it works properly
2. create the code to assemble similar statements and VIEW the output DDL to make sure that it is valid
3. add exception handling and security handling to the code so that is can only be used for the intended operations and is not subject to SQL injection.
4. manually execute the DDL produced by the code to make sure there are no syntax errors.
Clearly you did not even test your SQL before trying to write code to produce it or you would have known your syntax is invalid.
>
sql="GRANT f3 to \"" + f1 + "\""+"on \""f2"\"";
>
>
it is giving error that invalid SQL query.
>
Of course it is. That code might try to produce the equivalent of:
GRANT select to "scott" on "hr.employees";There are SEVERAL errors in that code.
1. You are enclosing the SCHEMA in double-quotes. That means the actual user name will be treated as case-sensitive. So if someone provides 'scott' it will be considered lower-case. There is NO user "scott" in Oracle unless you created that user yourself and used double-qoutes to preserve the case.
ALL of the schemas created by Oracle, and most users, are UPPER case. So your code will not find any name if the user supplies a LOWER case or mixed-case value.
2. You are enclosing the target schema and object name in double quotes. There are two things wrong. The same case issue applies again. And the string "hr.employees" will be treated as ONE value. The proper way to quote such a value is:
"HR"."EMPLOYEES"3. You have the DDL components in the wrong order, hence it is invalid. The ON clause comes BEFORE the target schema.
GRANT select to on hr.employees to scott;See the SQL Language doc for the GRANT statement
http://docs.oracle.com/cd/B28359_01/server.111/b28286/statements_9013.htm
All of the issues you have demonstrate why you should NOT be using dynamic SQL to do DDL. You don't understand the syntax so you can't write code to implement that syntax.
The syntax is much more complex than the siimple code you are trying to use.
Grant statements often need to include "SCHEMA.OBJECT" syntax and your code makes no provision for that.
DDL needs to be tightly controlled and doing it in code can create huge, gaping security holes.
Abandon your method and use prepared scripts for the DDL commands you need to execute. -
Grant permission to all objects of a schema to apps user(Oracle 10g)
Dear Fiiends,
I would like to grant permission on all objects of a particular schema to apps user(Oracle 10g).How do I do it?
(ex)grant all on <schemaname>.<objectname> to apps with grant option.
This is the permission i want to give but i can't do it for all objects one by one so how do i do it in a single command.
Regards,
ArunYou can't do it in a single command. You have to give object-by-object privileges (you could grant something like SELECT ANY TABLE, but that applies to every schema in the database and is generally a rather bad idea). You can, however, use a bit of dynamic SQL to do the job, i.e.
FOR x IN (SELECT * FROM user_tables)
LOOP
EXECUTE IMMEDIATE 'GRANT ALL ON schema_name.' || x.table_name || ' TO apps WITH GRANT OPTION';
END LOOP;You can do the same with other object types, hit DBA_TABLES rather than USER_TABLES if you don't want to run this as the object owner, etc.
Justin -
How to grant permission to user to access Lync 2013 OcsPowerShell
I'm writing script for our first line for creating Lync users. I need give access to connect to https://lyncpool.domain.local/OcsPowerShell via powershell. Only users in CSAdministrator group have permission to connect, but this group have to much
privileges. I created custom group with custom permissions and I need grant permission to this group to access OcsPowerShell.Try giving them CsUserAdministrator RBAC membership. They should be able to run the following cmdlets to manage the users only:
Disable-CsUser
Enable-CsUser
Get-CsAdUser
Get-CsUser
Get-CsUserClusterInfo
Move-CsUser
Move-CsLegacyUser
Set-CsUser
Grant-CsClientPolicy
Grant-CsClientVersionPolicy
Grant-CsConferencingPolicy
Grant-CsDialPlan
Grant-CsExternalAccessPolicy
Grant-CsHostedVoicemailPolicy
Grant-CsLocationPolicy
Grant-CsPinPolicy
Grant-CsVoicePolicy
Get-CsArchivingPolicy
Get-CsClientPolicy
Get-CsClientVersionPolicy
Get-CsConferencingPolicy
Get-CsExternalAccessPolicy
Get-CsHostedVoicemailPolicy
Get-CsLocationPolicy
Get-CsPinPolicy
Get-CsVoicePolicy
Get-CsClientPinInfo
Unlock-CsClientPin
Lock-CsClientPin
Set-CsClientPin
Get-CsClientVersionConfiguration
Get-CsDialPlan
Get-CsSite
Get-CsComputer
Get-CsNetworkInterface
Get-CsPool
Get-CsService
Get-CsSipDomain
Revoke-CsClientCertificate
If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog
www.lynced.com.au | Twitter
@imlynced -
Grant Permission In Access Database
Hello All
How to set Grant Permission in Access Database, I get an error here
what's wrong in my SQL syntax?
Best Regard
Xan ToHello Matthias Kläy
I Have try your code and I get an error
this my code
Imports System.Data.OleDb
Imports System.Data
Imports ADOX.ObjectTypeEnum
Imports ADOX.ActionEnum
Imports ADOX.RightsEnum
Public Class Form1
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Dim cat As ADOX.Catalog
Dim grp As New ADOX.Group
Dim Builder As New OleDb.OleDbConnectionStringBuilder
Try
With Builder
.Provider = "Microsoft.ACE.OLEDB.12.0"
.DataSource = "C:\Users\Xan To\Desktop\Test.mdb"
End With
'Using cn As New OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Xan To\Desktop\Test.mdb; Jet OLEDB:System Database=system.mdw;")
Using cn As New OleDb.OleDbConnection
With cn
.ConnectionString = Builder.ConnectionString
End With
Using cmd As New OleDb.OleDbCommand
With cmd
.Connection = cn
.CommandText = "GRANT SELECT ON TABLE MSysObjects TO PUBLIC"
End With
cn.Open()
'cmd.ExecuteNonQuery()
cat = New ADOX.Catalog
cat.ActiveConnection = cn
grp.Name = "Public"
cat.Groups.Append(grp)
grp.SetPermissions("MSysObjects", adPermObjTable, adAccessGrant, adRightRead)
End Using
End Using
Catch ex As Exception
MessageBox.Show(ex.ToString)
End Try
End Sub
End Class -
Set Grant Permission to table in Access Database
Hello All,
How to set grant permission in Access 2003 Database. I am using Microsoft ACE OLEDB 12.0 Connection String, Using System.Data.OleDb Component and want to set Grant DELETE, INSERT, PROCEDURE, SELECT, UPDATE ON MSysObjects TO Admin
Best Regard
Xan ToHello Kevin And Paul
I have tried what you all say, but I get an error like this
this my code:
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Dim Builder As New OleDb.OleDbConnectionStringBuilder
Try
With Builder
.Provider = "Microsoft.ACE.OLEDB.12.0"
.DataSource = "C:\Users\Xan To\Desktop\Test.mdb"
End With
'Using cn As New OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Xan To\Desktop\Test.mdb; Jet OLEDB:System Database=system.mdw;")
Using cn As New OleDb.OleDbConnection
With cn
.ConnectionString = Builder.ConnectionString
End With
Using cmd As New OleDb.OleDbCommand
With cmd
.Connection = cn
.CommandText = "GRANT SELECT ON TABLE MSysObjects TO Admin"
End With
cn.Open()
cmd.ExecuteNonQuery()
End Using
End Using
Catch ex As Exception
MessageBox.Show(ex.ToString)
End Try
End Sub -
Hi All,
We are installing AIA FP 11.1.1.7 on SOA Suite 11.1.1.7(no patch has been applied, after SOA Suite ODI 11.1.1.7 is installed on it) this is for AIA Comms 11.4 PIP. Below error can be seen in oracle inventory logs while installing AIA FP11.1.1.7 -
BUILD FAILED
/u02/app/Oracle/Middleware/AIAHOME/Infrastructure/Install/AID/AIAExecuteDriver.xml:223: The following error occurred while executing this line:
/u02/app/Oracle/Middleware/AIAHOME/Infrastructure/Install/AID/AIAExecuteDriver.xml:65: The following error occurred while executing this line:
/u02/app/Oracle/Middleware/AIAHOME/aia_instances/DEVAIA/tmp/AIDExecuteDP_temp_2130290318.xml:12: The following error occurred while executing this line:
/u02/app/Oracle/Middleware/AIAHOME/Infrastructure/Install/AID/lib/AIDConfigurationLibraryTasks.xml:298: java.sql.SQLSyntaxErrorException: ORA-01031: insufficient privileges
Also before this i can see,
[exec] Command FAILED, Reason: JPS-04201: Cannot grant permission(s). Grant already exists for grantee [GranteeEntry: codeSource=file:${soa.oracle.home}/soa/modules/oracle.soa.ext_11.1.1/classes/oracle/apps/aia/core/util/- principals=[]].
[exec]
[exec] WARNING!!! Grant already exists for grantee.
[exec] No stack trace available.
[exec] Disconnected from weblogic server: AdminServer
[delete] Deleting: /u02/app/Oracle/Middleware/AIAHOME/aia_instances/DEVAIA/tmp/keyFile
[delete] Deleting: /u02/app/Oracle/Middleware/AIAHOME/aia_instances/DEVAIA/tmp/propFile
Also,
In processFieldStringXREF Admin Password
In processFieldStringJMSDB Temporary Tablespcae
In processFieldStringInvalid Database Schema name - Is this an error
In processFieldStringAIA Lifecycle Port
In processFieldStringAIADB SYS. USER
In processFieldStringInvalid Database Schema name
In processFieldStringJMSDB Default Tablespcae
In processFieldStringXREF SYS. USER
do anyone had idea on it, we are installing on Solaris SPARC machine.
Thanks and Warm Regards,
RR -
How do I grant permission in privacy setting?
Ever since updating to iOS7, any apps that require permission in my privacy setting are not actually showing up under the privacy setting. For example, if I want to use Instagram, it won't access my photo albums. It says to grant permission under settings>privacy>photos. When I do that, there are no apps listed requesting permission to access my photos. Any ideas/suggestions? Thanks in advance!
I had a similar issue and to solve it I simply erased the app and redownloaded it and when it initally asks for permission in a pop up be sure to say yes.
I am sure there is a more technical solution for this issue but I have not been able to find one. Let me know how this works for you
Regards,
Jake -
I am writing an applet which needed to read and write files with user's local machine, so i need to grant the permissions.
It seem the only way to grant the permissions for applets is needed user have some manually setup before running the applet. (Either modify the security policy
file or and add trust cert. ).
but i see some applets in the web and grant permission by a pop-up dialog
and user only need to answer "yes" or "no". how can they do this? is this supported by Java Plug-in? and How can i do it ??Without policy file in your own class you can do this (i think NS only):
(import netscape.security.PrivilegeManager;)
try {
PrivilegeManager.enablePrivilege("UniversalLinkAccess");
System.out.println("\tUniversalLinkAccess Success!");
PrivilegeManager.enablePrivilege("UniversalPropertyWrite");
System.out.println("\tUniversalPropertyWrite Success!");
PrivilegeManager.enablePrivilege("UniversalPropertyRead");
System.out.println("\tUniversalPropertyRead Success!");
} catch (netscape.security.ForbiddenTargetException e) {
System.out.println(
"\tFailed! Permission to read system properties denied by user.");
} catch (Exception e) {
System.out.println("\tFailed! Unknown exception while enabling privilege.");
e.printStackTrace(System.out);
} -
How to revoke and grant permission in java using Security Manager ??
I like to revoke and grant permission through java code..can anybody give me a sample code.
Discussion is here:
http://forum.java.sun.com/thread.jspa?threadID=731363 -
Can I grant permission to write in specific attributes using security groups
Hi
I Created GPO that write the computer name in the one of the user attribute "comment attribute " when he logged on
then i went to OU and grant self delegate permissions to allow the users of that OU to write on "comment attribute
but this did not work for the users how have been disabled form inheritance
so instead of grant delegate permissions to the OU
Can I grant permission to write in specific attribute "comment attribute " using security groups "Domain User "??Hi,
Open Active Directory Users and Computers.
On the View menu, select Advanced Features.
Right-click the object for which you want to assign, change, or remove permissions, and then click Properties.
On the Security tab, click Advanced to view all of the permission entries that exist for the object.
To assign new permissions on an object or attribute, click Add.
Type the name of the group, computer, or user that you want to add, and then clickOK.
In the Permission Entry for ObjectName dialog
box, on the Object and Properties tabs,
select or clear the Allow or Deny check
boxes, as appropriate.
http://technet.microsoft.com/en-us/library/cc757520(v=ws.10).aspx
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!
Maybe you are looking for
-
Hi, I wish to have a VI that works as a main menu from which you start new VI's depending on your choice. When the new VI start I want the main menu to hide it's front panel temporarily until it the second VI returns. Anyone has a solution to this? /
-
HP 5610v All in One continually showing 'error; and not printing
Have uninstalled and reinstalled in last couple of days but goes back to same 'error' failure to print.
-
How to determine the file type in FTP
What command code that should be sent to FTP server in order to identify if a given name (return from NLST command code) is a file, a folder, or even a link? Any help is greately appreciated. Thanks in advance, ferdieabtik
-
Show the Static Filter in the print page header
Our customer need the static filter on the head of each printing page. Now i can display the static filter once on the page using: <object> <param name="OWNER" value="SAP_BW"/> <param name="CMD" value="GET_ITEM"/> <param na
-
Nokia C2-01 IM service contains only ovi chat comm...
I bought a new Nokia C2-01 on 23rd of june this year. I have no other complaints till now but one is that my IM application shows only Ovi chat i've no friends in ovi chat and I want facebook chat in that how can i get it can anyone tell of the way m