Grant privileges on a package

Similar Messages

• Grant execute on DBMS_CRYPTO package (11R1)

  I figured out I needed to grant my user access to this SYS package using:
  SQL> grant execute on DBMS_CRYPTO to lob_demo;
  Grant succeeded.
  yet after doing this, I still get this error:
  SQL> select DBMS_CRYPTO.HASH(bytes, DBMS_CRYPTO.HASH_SH1) from blobslicer where id=1;
  select DBMS_CRYPTO.HASH(bytes, DBMS_CRYPTO.HASH_SH1) from blobslicer where id=1
  ERROR at line 1:
  ORA-06553: PLS-221: 'HASH_SH1' is not a procedure or is undefined
  Yet if I use the numeric constant for DBMS_CRYPTO.HASH_SH1 (3), it works:
  SQL> select DBMS_CRYPTO.HASH(bytes, 3) from blobslicer where id=1;
  F5A7338EFFEB15A49AFC9545393EF685BB51F931
  So what am I missing that prevents me from having access to a constant in the package when I can successfully use one of the function of that same package?
  Thanks, --DD                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  Maybe, that makes a little bit clearer the difference
  between usage of package constants in sql and pl sql...That's what I suspected, thank you for hammering the point home Maxim.
  The taken away for me is that package constants are not available to SQL code, only to PL/SQL code. (irrelevant of their type most likely).
  I actually tried to grant my user SELECT privileges on the package, because accessing a constant from a package is more akin to SELECT than EXECUTE, but of course one cannot do that.
  Thank you both again for the help. --DD                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Grant Privilege to Role instead of Direct grant doesn't work

  Hi all
  My scenario is sas follow:
  create user a identified by a;
  create user b identified by b;
  grant connect,resource to a ;
  grant connect,resource to b ;
  conn a/a
  create table tbl( c1 number(10));
  conn system/sys
  create role roll;
  grant roll to b;
  conn a/a
  grant select on tbl to roll;
  conn b/b
  set role roll;
  create or replace procedure b.pr
  as
  v number(10);
  begin
  select a into v
  from a.tbl
  where a=0;
  end;
  show error
  Errors for PROCEDURE B.P:
  LINE/COL ERROR
  6/1 PL/SQL: SQL Statement ignored
  7/6 PL/SQL: ORA-00942: table or view does not exist
  This happen because i granted the SELECT privilege to user b through the role ROLL but if i granted the user b the SELECT privilege directly it work properly
  Why???
  And how could I grant the privilege from within a role, Because i don't want to grant it directly
  Thank in advance
  Bassil

  There is no other way. The owner of stored code must have been directly granted all necessary (used in code) select, insert, update, or delete privileges. The code owner cannot just have the referenced privileges granted to them via a role. There is no workaround, nor should there be as this is a security feature. Just because you have been granted insert or delete to another user's tables does not mean you should be able to grant that access to some other user. This is exactly what you do when you grant execute to stored code that referenced another user's objects.
  The referenced article is by Tom Kyte and there are few people who understand how to use Oracle to better effect than Tom. The same information can be found in the official documentation and is referenced by the article.
  You can write packages that use the privileges of the executing person. Perhaps for the specific problem you are writing the code to handle this is the route you want to take. See the manuals for the details.
  Note - If user A grants insert to user B on table_a then user B can write a procedure, proc_b, and grant execute to a role and anyone with the role can perform inserts into table_a via proc_b, without having any grants on table_a. You do not need to grant privileges on the objects referenced in stored code that runs as the code owner if this is what you are worried about. The users just need execute on the package, procedure, or function that performs the DML operations in this case and they can get that from a role.
  If you still do not understand you need to state exactly what it is you either do not understand or want to know how to do.
  HTH -- Mark D Powell --

• Make execute privileges on a package default to all schemas

  I have to grant execute privileges on dbms_aq package to schemas created in our database. Instead of granting these privileges explicitly after a schema is created is there a way to make dbms_aq to be executable for all schemas and any new schemas created there after.
  Something along the lines of dbms_utility having executable privileges for all schemas.
  thanks for your help

  "grant execute on dbms_aq to public"

• GRANT EXECUTE ON SCHEMA.PACKAGE.PROCEDURE TO USER

  Hi,
  GRANT EXECUTE ON SCHEMA.PACKAGE.PROCEDURE TO USER
  returns:
  ORA-00905, do you know why? Can I grant privileges on procedure inside package?
  thanks

  As per my knowledge of oracle, we cannot grant privileges on procedure inside a package.
  <br><br>
  Raj<br>
  <b>www.oraclebrains.com<a>
  <br><font color="#FF0000">POWERED by the people, to the people and for the people WHERE ORACLE IS PASSION.</font></b>
  <br>
  Sorry Leonardo Horikian & Kamal Kishore, I was late and didn't know that you guys have already posted the answer.
  Message was edited by:
  rajs

• Oracle recommends that you revoke EXECUTE privileges on powerful packages f

  Oracle recommends that you revoke EXECUTE privileges on powerful packages from PUBLIC
  Got on error on the home page of Enterprise Manager and read that I should run the code below to correct the problem, but when I click on the link at the bottom of EM to go to iSQL*Plus and choose to connect as sysdba I get a popup asking for me to input a password for my computer so I tried my local computer username and password, my network username and password and even my database username and password and neither lets me in. I can login under Normal but then I do not have rights to execute the command.
  revoke execute on utl_file from public;
  I know I have my computer username and password correct because I had to enter it to shutdown the database yesterday.
  And I had a problem with my listener not knowing the SID, but the error has since went away, but I do have an error on my listener saying
  Disk Utilization for 0 C: is 151.45%
  Edited by: jamesH2 on Aug 29, 2008 9:20 AM

  Hi James,
  Where you saw that Oracle recommend that? If you are refering to the Db console recomendations please take a look on this note also: Note:343620.1
  If you revoke any privilege from PUBLIC it becomes your own responsibility
  to ascertain that all your applications will keep working. The same goal can often be accomplished
  by replacing the privileges formerly granted to PUBLIC to some individual users or
  roles.
  Please take a look on this Metalink Note: 247093.1 Be Cautious When Revoking Privileges Granted to PUBLIC
  Regards,
  Francisco Munoz Alvarez
  www.oraclenz.com
  Edited by: F. Munoz Alvarez on Aug 30, 2008 1:31 AM

• Privilege to view package body

  Hi all,
  I have two users... user 'A' and user 'B' (real user names changed to protect the innocent). User A creates a package spec and package body.
  I want user B to be able to see the code in the package body that user A owns. Ideally I would like user B to be able to view the body code in TOAD via the schema browser or via a DESC. Is this possible?
  Thanks,
  Scott
  PS user B can see the package spec just fine...

  Having the execute privilege on a package should not give anyone the ability to see the source for the package body in all_source and if definitely does not give the user the ability to change the package. The privilege only allows them to execute the package.
  By default only the owner and DBA privileged users can read both the package specification and the body from all_source. Having execute privilege will allow a user to read the specification.
  One way to provide access is to create your own version of the all_source views and grant this to whoever needs the access. You can either write a very specific tailored view for the one user or create a user security table that you use to control who can see what via this special view. Plus you have to grant select access to the special view before anyone can use it.
  HTH -- Mark D Powell --

• Granting Privileges question

  This is not a duplicate post. User Wilhem posted it in the wrong forum.
  In the below mentioned link, user CD has provided a quick way to grant privileges to another user. But it didn't work for me. Is there something wrong with with the DECODE expressions?
  Re: Granting Privileges question

  Instead of granting privileges to a user, i wanted to grant these privileges to a role. So i created a role
  CREATE ROLE jenrole;
  And then i tried the below mentioned script. But i am getting error
  DECLARE
  v_sql VARCHAR2(4000);
  BEGIN
  FOR obj IN (SELECT object_name
  , object_type
  , DECODE (OBJECT_TYPE,
  'PROCEDURE','EXECUTE',
  'FUNCTION' ,'EXECUTE',
  'PACKAGE' ,'EXECUTE',
  'SYNONYM' ,'SELECT' ,
  'SELECT, INSERT, UPDATE, DELETE') rights
  FROM user_objects)
  LOOP
  v_sql := 'GRANT '|| obj.rights ||' ON '|| obj.object_name ||' TO JENROLE' ;
  dbms_output.put_line(v_sql);
  EXECUTE IMMEDIATE v_sql; END LOOP;
  END;
  ERROR at line 1:
  ORA-00911: invalid character
  ORA-06512: at line 16
  Why am i getting error? The error line is boldened

• Grant privileges to a user for user_lock

  user_lock.sleep (3000);
  i am using it in my procedure.
  is it require to grant privileges to a user for user_lock.

  There is no built-in package namely user_lock. Actually it is dbms_lock.
  http://download-east.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_lock.htm#sthref3898
  I was using dbms_lock few days ago. Yes dba has to give the privilege to use this package.
  SQL> grant execute on dbms_lock to scott;
  Grant succeeded.
  [My experiment]
  http://mamohiuddin.blogspot.com/2007/02/plsql-block-abnormal-termination-ed.html

• Grant privilege disappeared after modify versioned table

  After adding two columns to a version table using wm package, the previous grant privilege on the version table disappeared. Is it expected behavior or a bug?
  Ashley

  Ashley
  This is a bug. We have since fixed it and it will be available in the next release. For now, the workaround is that you have to grant the privilege again. Sorry for the inconvenience.
  Arun

• Grant privilege to index,trigger

  Dear all,
  Is there any way to grant privilege to index,trigger,proc,function (only select) with oracle9i?
  Pls suggest.
  Thanks for advance
  Chara

  not possible to grant privilages on index and a trigger, you can grant privilages on object for which these are created.
  you can grant execute on procedure/function/package.
  rgds

• Error while granting privileges to new user

  hi all,
  I created new user and i tried to grant privileges to that new user by using ( SQL> CONNECT / AS sysdba;
  Connected.
  SQL> CREATE USER cdcproj IDENTIFIED BY cdcproj
  2 QUOTA UNLIMITED ON SYSTEM
  3 QUOTA UNLIMITED ON SYSAUX;
  User created.
  SQL> GRANT CREATE SESSION TO cdcproj;
  Grant succeeded.
  SQL> GRANT CREATE TABLE TO cdcproj;
  Grant succeeded.
  SQL> GRANT SELECT_CATALOG_ROLE TO cdcproj;
  Grant succeeded.
  SQL> GRANT EXECUTE_CATALOG_ROLE TO cdcproj;
  Grant succeeded.
  SQL> EXECUTE DBMS_STREAMS_AUTH.GRANT_ADMIN_PRIVILEGE(grantee => 'cdcproj'); PL/SQL procedure successfully completed.
  SQL> GRANT ALL ON PL.PROJ_HISTORY TO cdcproj;
  Grant succeeded. ). All the commands worked except last command. It is giving error i.e (GRANT ALL ON PL.PROJ_HISTORY TO cdcproj; ) error is ( table / view not exists ).
  What i can do. Any help.
  Otherwise is there any other method to grant privileges.
  Thanks in advance.

  What is your Oracle version ?
  Are you sure the object PL.PROJ_HISTORY exists ?
  What is the output of (using the Oracle account that executes the GRANT):
  select * from session_roles;
  select * from session_privs;

• How to grant privileges on all the tables in a schema

  Hi All,
  Can you tell me how to grant privileges on all the tables of a schema A
  to schema B.
  For Example:
  There are 200 tables in schema A, I wanted to grant select privilege on all the tables of a scheme A to schema B.
  Thanks in advance.

  note that USER is the user that will have the select priviledge
  the procedure includes views as well
  CREATE OR REPLACE PROCEDURE GRANT_ACCESS_ON_USER IS
  CURSOR c1 is select table_name from user_tables;
  CURSOR c2 is select view_name from user_views;
  tablename user_tables.TABLE_NAME%TYPE;
  viewname user_views.VIEW_NAME%TYPE;
  BEGIN
  tmpVar := 0;
  OPEN c1;
  loop
       fetch c1 into tablename;
       EXIT WHEN c1%NOTFOUND;
       EXECUTE IMMEDIATE 'GRANT SELECT on '||tablename ||' to USER';
  end loop ;
  close c1;
  OPEN c2;
  loop
       fetch c2 into viewname;
       EXIT WHEN c2%NOTFOUND;
       EXECUTE IMMEDIATE 'GRANT SELECT on '||viewname ||' to USER';
  end loop ;
  close c2;
  EXCEPTION
  WHEN NO_DATA_FOUND THEN
  NULL;
  WHEN OTHERS THEN
  -- Consider logging the error and then re-raise
  RAISE;
  END;
  /

• Problem with granting privileges

  We are creating a separate user for loading data into staging tables on our db and are having problems granting privileges. The original user is securities_developer and the new user is securities_loader. As securities_developer, I execute the following command:
  grant delete,update,insert,select on securities_work to securities_loader;
  The output indicates success, but when I switch to that user and perform 'select * from securities_work', the table isn't found. Using Oracle Enterprise Manager, I look up the table and it indicates that the above privileges have been granted. Am I missing something?
  version info:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  PL/SQL Release 11.2.0.1.0 - Production
  "CORE     11.2.0.1.0     Production"
  TNS for Linux: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production

  Hi,
  Do you have a (public) synonym on your table securities_work ?
  Or, try to add the schema owner in your query like: 'select * from securities_developer.securities_work'
  Regards,
  Thierry

• Grant privileges to all objects

  Oracle 11.0.1.7.0:
  When I create new user I do something like:
  create user abc identified by abc
  grant create session, create table, create views, create snapshot to abc - separate grant for each object
  grant unlimited tablespace to abc;So when I do that sometimes I forget privileges for sequences. Is there a way to give privilege in one sql to the user to let that user create table, views, session, tablespace etc.
  Edited by: user628400 on Jun 9, 2009 5:35 PM

  Is there a list of things like create table, session etc. that I can look at to determine what options I have?select distinct privilege from role_sys_privs order by 1;
  will give you a list of privileges which can be granted to role.
  is there a way to grant privileges to all different types like create table, session etc in one statement without having to type each one of them separately like grant create session, grant table?As other replied, this can be achieved by creating a role like:
  SQL> create role newrole;
  Role created.
  SQL> grant create table,query rewrite to newrole;  -- Or any privilege by above command.
  Grant succeeded.
  SQL> grant newrole to <YourUserName>;  --
  Grant succeeded.HTH
  Girish Sharma