Grant privileges and permission to user, to create user and database in 10g

Similar Messages

• Can't grant privilege on column to user via role?

  Hi:
  From what I read in the docs I should be able to create a role that has UPDATE privs on a column of a table, and then grant that role to a user, who should be able to update the column of the table. I get "insufficient privileges" when I try that, although it works as advertised if I grant directly to the user. Am I mis-reading the docs?
  Session GAFF:
  CREATE TABLE "GAFF"."FOO2"
     (    "F1" NUMBER,
      "F2" NUMBER,
      "F3" VARCHAR2(50),
      "F4" NUMBER,
       CONSTRAINT "FOO2_PK" PRIMARY KEY ("F1")
  create role foo2_u_f2;
  grant update (f2) on foo2 to foo2_u_f2 ;
  grant select on gaff.foo2 to play ;
  grant foo2_u_f2 to play ;session PLAY:
  update gaff.foo2 set f2 = 1 where f1 = 1ORA-01031: insufficient privileges

  Most likely role foo2_u_f2 is not a default role for user play. Initially, when user is created default role is set to ALL. Later it can be changed to NONE or a set of roles. Login as play and issue:
  select * from session_roles
  /I bet you will not see foo2_u_f2. Then issue:
  select granted_role,default_role from user_role_privs
  /That will give you a list of user play default roles. You can either issue:
  set role foo2_u_f2
  /This will enable foo2_u_f2 role in current session. Or you can login as privileged user and issue ALTER USER DEFUALT ROLE ...,foo2_u_f2.
  SY.

• Grant Privileges to a new user

  Hi,
  I would like to know whether there is any way to grant all / only select / only select & insert privileges in all tables to a newly created user at once.
  Thanks in advance...

  user12504537 wrote:
  Hi,
  I would like to know whether there is any way to grant all / only select / only select & insert privileges in all tables to a newly created user at once.
  Thanks in advance...There is no such command to do this out of the box. You need to do something like,
  FOR x IN (SELECT * FROM user_tables)
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON ' || your.table_names || ' TO <<user>>';
  END LOOP;Aman....

• Error while granting privileges to new user

  hi all,
  I created new user and i tried to grant privileges to that new user by using ( SQL> CONNECT / AS sysdba;
  Connected.
  SQL> CREATE USER cdcproj IDENTIFIED BY cdcproj
  2 QUOTA UNLIMITED ON SYSTEM
  3 QUOTA UNLIMITED ON SYSAUX;
  User created.
  SQL> GRANT CREATE SESSION TO cdcproj;
  Grant succeeded.
  SQL> GRANT CREATE TABLE TO cdcproj;
  Grant succeeded.
  SQL> GRANT SELECT_CATALOG_ROLE TO cdcproj;
  Grant succeeded.
  SQL> GRANT EXECUTE_CATALOG_ROLE TO cdcproj;
  Grant succeeded.
  SQL> EXECUTE DBMS_STREAMS_AUTH.GRANT_ADMIN_PRIVILEGE(grantee => 'cdcproj'); PL/SQL procedure successfully completed.
  SQL> GRANT ALL ON PL.PROJ_HISTORY TO cdcproj;
  Grant succeeded. ). All the commands worked except last command. It is giving error i.e (GRANT ALL ON PL.PROJ_HISTORY TO cdcproj; ) error is ( table / view not exists ).
  What i can do. Any help.
  Otherwise is there any other method to grant privileges.
  Thanks in advance.

  What is your Oracle version ?
  Are you sure the object PL.PROJ_HISTORY exists ?
  What is the output of (using the Oracle account that executes the GRANT):
  select * from session_roles;
  select * from session_privs;

• Grant the Essbase application permission to user in Shared Services

  Hi,
  We got a problem in granting the Essbase permission to user using Shared Services. We are using Hyperion 9.3.1.
  (1) We created an Essbase application + database through Essbase Administration Console, say TBC.Sales.
  (2) Provision the Essbase "Server Access" + Essbase Application "Read" roles to a user.
  (3) In Essbase Admin Console, we "Refresh Security from Shared Services".
  However, the user still cannot see the Essbase Database in SmartView. Does anyone know how to fix the problem?

  The problem is fixed with Essbase 9.3.1.3.0.5.

• Problem with granting privileges

  We are creating a separate user for loading data into staging tables on our db and are having problems granting privileges. The original user is securities_developer and the new user is securities_loader. As securities_developer, I execute the following command:
  grant delete,update,insert,select on securities_work to securities_loader;
  The output indicates success, but when I switch to that user and perform 'select * from securities_work', the table isn't found. Using Oracle Enterprise Manager, I look up the table and it indicates that the above privileges have been granted. Am I missing something?
  version info:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  PL/SQL Release 11.2.0.1.0 - Production
  "CORE     11.2.0.1.0     Production"
  TNS for Linux: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production

  Hi,
  Do you have a (public) synonym on your table securities_work ?
  Or, try to add the schema owner in your query like: 'select * from securities_developer.securities_work'
  Regards,
  Thierry

• Granting privilege through role not working for PL/SQL

  Version: 11.2.0.2
  In our shop, we don't grant privileges directly to a user, we grant it to a role and grant that role to the intended grantee.
  Granting privileges through a role seems to be fine with SQL Engine. But it doesn't work from PL/SQL engine.
  In the below example GLS_DEV user is granted SELECT access on SCOTT.pets table through a role called tstrole. GLS_DEV can select this table from SQL. But PL/SQL Engine doesn't seem to know this.
  Reproducing the issue:
  SQL> show user
  USER is "SCOTT"
  SQL> select * from pets;
  NAME
  PLUTO
  SQL> conn / as sysdba
  Connected.
  SQL> create user GLS_DEV identified by test1234 default tablespace TSTDATA;
  User created.
  SQL> alter user GLS_DEV quota 25m on TSTDATA;
  User altered.
  SQL> grant create session, resource to GLS_DEV;
  Grant succeeded.
  --- Granting SELECT privilege on scott.pets to tstrole and then grant this role to GLS_DEV.
  SQL> conn / as sysdba
  Connected.
  SQL>
  SQL> create role tstrole;
  Role created.
  SQL> grant select on scott.pets to tstrole;
  Grant succeeded.
  SQL> grant tstrole to GLS_DEV;
  Grant succeeded.
  SQL> conn GLS_DEV/test1234
  Connected.
  SQL>
  SQL> select * From scott.pets;
  NAME
  PLUTO
  ---- All fine till here. From SQL engine , GLS_DEV user can SELECT scott.pets table.
  --- Now , I am going to create a PL/SQL object in GLS_DEV which tries to refer scott.pets
  SQL> show user
  USER is "GLS_DEV"
  create or replace procedure my_proc
  is
  myvariable varchar2(35);
  begin
       select name into myvariable from scott.pets ;
       dbms_output.put_line(myvariable);
  end my_proc;
  Warning: Procedure created with compilation errors.
  SQL> show errors
  Errors for PROCEDURE MY_PROC:
  LINE/COL ERROR
  6/2      PL/SQL: SQL Statement ignored
  6/41     PL/SQL: ORA-01031: insufficient privileges
  SQL>
  SQL> 6
    6*    select name into myvariable from scott.pets ;
  --- PL/SQL Engine doesn't seem to know that GLS_DEV has select privilege on scott.pets indirectly granted through a role
  --- Fix
  --- Instead of granting privilege through a role, I am granting the SELECT privilege on scott.pets to GLS_DEV directly.
  --- The error goes away, I can compile and execute the procedure !!
  SQL> conn / as sysdba
  Connected.
  SQL>
  SQL> grant select on scott.pets to GLS_DEV;
  Grant succeeded.
  SQL> conn GLS_DEV/test1234
  Connected.
  SQL>
  SQL> create or replace procedure my_proc
  is
  myvariable varchar2(35);
  begin
          select name into myvariable from scott.pets ;
          dbms_output.put_line(myvariable);
  end my_proc;  2    3    4    5    6    7    8    9   10
  11  /
  Procedure created.
  SQL> set serveroutput on
  SQL> exec my_proc;
  PLUTO
  PL/SQL procedure successfully completed.Has anyone encountered the same issue ?

  You really should start your own new thread for this question instead of resurrecting an old one, but to answer your question.
  There are two things going on here. First, there are a number of aler session commands that can be used by any user regardless of what privileges they are granted. Although I do not have the entire list at hand, things like nls_date_format and current_schema are available to all users, sort of like the grants to public in the data dictionary.
  Second, when you use execute immediate, the PL/SQL engine never really sees the statement, as far as the compiler is concerned it is just a string. It is only when the string is passed to the sql engine that permissions are checked, and there roles are not enabled.
  SQL> create role t_role;
  Role created.
  SQL> grant select on ops$oracle.t to t_role;
  Grant succeeded.
  SQL> create user a identified by a default tablespace users;
  User created.
  SQL> grant create session, create procedure to a;
  Grant succeeded.
  SQL> grant t_role to a;
  Grant succeeded.
  SQL> connect a/a
  Connected.
  SQL> select * from ops$oracle.t;
          ID DESCR
           1 One
           1 Un
  SQL> create function f (p_descr in varchar2) return number as
    2     l_num number;
    3  begin
    4     select id into l_num
    5     from ops$oracle.t
    6     where descr = p_descr;
    7     return l_num;
    8  end;
    9  /
  Warning: Function created with compilation errors.
  SQL> show error
  Errors for FUNCTION F:
  LINE/COL ERROR
  4/4      PL/SQL: SQL Statement ignored
  5/20     PL/SQL: ORA-00942: table or view does not exist
  SQL> create or replace function f (p_descr in varchar2) return number as
    2     l_num number;
    3  begin
    4     execute immediate 'select id from ops$oracle.t where descr = :b1'
    5                       into l_num using p_descr;
    6     return l_num;
    7  end;
    8  /
  Function created.
  SQL> select f('One') from dual;
  select f('One') from dual
  ERROR at line 1:
  ORA-00942: table or view does not exist
  ORA-06512: at "A.F", line 4John

• Can't retrieve folder privileges for a specific user

  I am trying to get the granted privilege for a specified user for a certain folder. I am using the wwsec_api.get_granted_user_privilege function. When I run my code, nothing is ever returned. Here is my code:
  l_priv_varchar := wwsec_api.get_granted_user_privilege(
  p_user_id => 0,
  p_object_type_name => 'FOLDER',
  p_name => '2889');
  p_user_id is from wwsec_person.id$
  p_object_type_name is my object type
  p_name is from wwv_corners.id
  I have looked at the properties of this folder and this user, 0, is set up as the owner. So I am expecting to see 'OWN' returned. I have another user set up to only VIEW the folder and when I put that user's id into the p_user_id parameter I still do not get any return. I can run this same code (with different parameter values) and get the privileges for a 'PAGE', but never for a FOLDER.
  Does anyone have this problem or can tell what I am missing?
  Thanks.
  null

  p_name for a folder is "sitename/parentfolder/foldername". You can see that in the syspriv_name field on the WWV_CORNERS table.

• Grant privileges to all objects

  Oracle 11.0.1.7.0:
  When I create new user I do something like:
  create user abc identified by abc
  grant create session, create table, create views, create snapshot to abc - separate grant for each object
  grant unlimited tablespace to abc;So when I do that sometimes I forget privileges for sequences. Is there a way to give privilege in one sql to the user to let that user create table, views, session, tablespace etc.
  Edited by: user628400 on Jun 9, 2009 5:35 PM

  Is there a list of things like create table, session etc. that I can look at to determine what options I have?select distinct privilege from role_sys_privs order by 1;
  will give you a list of privileges which can be granted to role.
  is there a way to grant privileges to all different types like create table, session etc in one statement without having to type each one of them separately like grant create session, grant table?As other replied, this can be achieved by creating a role like:
  SQL> create role newrole;
  Role created.
  SQL> grant create table,query rewrite to newrole;  -- Or any privilege by above command.
  Grant succeeded.
  SQL> grant newrole to <YourUserName>;  --
  Grant succeeded.HTH
  Girish Sharma

• How to check granted privileges on role.

  Hi,
  Can any one explain how to check granted privileges on role.
  I have created one role called ALL_SYSPRIVS
  but I forgot what privileges granted to this role
  Thank you...

  Hi Vijay,
  Last week i saw the following thread:
  Finding the privileges assigned to a user
  Re: Finding the privileges  assigned to a user
  From there, you'll be able to find a few scripts that will provide you with an overview of grants assigned to user, or role....
  HTH,
  Thierry

• To grant  privileges to user or/and group

  Hi,
  I need information about to grant privileges on content area and folders.
  For example, if I grant privilege to view content on Content area and I grant privilege of Manage Items on folder. Can the users or group add items to folder? Or can they view the content?
  Thank you for information,
  Noel

  I changed the file (sudo vi $ORACLE_HOME/rdbms/admin/externaljob.ora) to read run_user = oracle and run_group = dba. The error remains the same - also after restart of dbconsole. Anyway, the file has note: The user and group specified here should be a lowly privileged user and group for your platform. For Linux this is nobody and nobody. Which it was, and I changed it back to that.
  Btw:
  SQL> SELECT owner, credential_name, username FROM dba_scheduler_credentials;
  no rows selected
  SQL> execute DBMS_SCHEDULER.CREATE_CREDENTIAL('oracle','oracle','password');
  After the above I was able to select "sys.oracle" as the credential name pull-down menu of the scheduler job edit mode.
  And the job succeeded: EXTERNAL_LOG_ID="job_73826_863", USERNAME="oracle"
  How does one set credentials if not in the "preferred credential setup" in dbconsole EM?
  Edited by: Dude on Jan 14, 2011 2:11 PM

• Granting Privileges on Objects and Workspace

  Hi folks,
  I'm a newbie using Workspace Manager and here is a basic question about granting privileges. I think that it's a little bit confused to me the concept regarding objects privileges versus workspace privileges.
  Here is the scenario.
  User A enable versioning in table TAB1
  User A creates a workspace WKS1
  User A grants workspace privileges to User B (ACESS, MERGE,....)
  User B connects into the database and goto workspace WKS1
  User B tries to select, insert, update data using TAB1 but got error that
  table does not exist.
  So, Should user A, previously, grant select, insert, update permission on table TAB1 to User B?
  I understood that it was not necessary once user B would, in fact, access a view created by workspace manager and the privileges would be set using the GrantWorkspacePrivs function.
  Regards,
  Luis

  Hi,
  The object and workspace privileges are separate. You would need to grant access to user B for both the workspace and the table. The object permissions can be granted prior to executing dbms_wm.enableversioning or during a DDL session.
  Regards,
  Ben

• SQL VS PLSQL privileges and grants

  Hi all
  Is there a difference in the way privileges are processed in SQL an PLSQL? I have a user that can select a table with sql, but in plsql the same query reports "table or view does not exist". Later, same thing happend with another user wich was DBA. User can query the v$session view, but can not do it from PLSQL procedure.
  Why is that?
  DB is 10.2.0.2

  When you create named PLSQL (procedures, functions, packages, triggers, methods) the default is to use the definers rights model.
  You can optionally use the invokers rights model.
  With definers rights, you must have privileges on the referenced objects granted directly to you (not via a role).
  Privileges granted via a role can be disabled in one session and enabled in another session - thus they are not reliably enabled.
  The privileges are only checked at compile time and directly granted privileges will reliably be available - those based on a role are not reliably available.
  If you create your named PLSQL with invokers rights, then the privileges are checked at parse time and can rely on session privileges which include role based privs.
  So, either use direct grants and definers rights or user roles and invokers rights.

• Grant Privileges to another user

  Hi,
  I am new to plsql. In course of my learning. I created two tables BOOKS and AUTHORS in orcl database(10g) through SYSDBA.
  Again i logged in to SCOTT user account and am unable to see the BOOKS and AUTHORS tables.
  Please let me know how do i grant administrative privileges(to edit,delete,insert,update) to SCOTT user for these tables.
  Thanks & Regards,
  Amrutha.

  808099 wrote:
  1. Got now that SYSDBA is a role and SYS is user.
  2. I was able to login to sqlplus through giving "/ as SYSDBA" as the username. Hence i thought it as user."/ as sysdba" connects to the database as the SYS user using operating system authentication with the SYSDBA role enabled.
  3. Secondly, I dont know which schema does my BOOKS table belong to. Because i just ran a create table script in scott/tiger@orcl. PLease suggest how i can know which schema it belongs to.If you connected to the database as the SCOTT user and ran the script to create the table, the table would almost certainly be owned by SCOTT. If you connected to the database as the SYS user and ran the script to create the table, the table would most likely be owned by SYS. If the script specified the schema owner, i.e.
  CREATE TABLE library.book ...the table would be created in the specified schema. But you need to have very powerful privileges in order to create objects in other user's schemas and SCOTT does not have those privileges unless you've specifically granted them.
  4. Thirdly, I will delete the BOOKS and AUTHORS from SYS and create them in SCOTT user. But thought if GRANT privileges can be an alternative.Not really. It's much better to have the tables owned by the correct schema in the first place. You use grants to allow other users to access (or modify) tables but other users are not going to have the same level of privileges (for example, they're not going to be able to run DDL against the table).
  Justin

• Grant privileges to user

  hi all,
  How to create and grant privileges to user using sql command.
  Thanks

  Hi,
  Example :-
  log on as sysdba
  grant connect, resource to test identified by test;
  test is the user.
  Go through this links
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_8003.htm#SQLRF01503
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#SQLRF01603
  Thanks
  Pavan Kumar N