Grant privileges on DB View in HANA Trial

Hello!
I created DB View on my scheme. View uses table SNWD_BPA of EPMSAMPLEDATA schema. I created OData service with this View. I can browse content of metadata OData service without no issue.
https://s3hanaxs.hanatrial.ondemand.com/.../BusinessPartners.xsodata/$metadata
However, if I try to get to the element level like this:
https://s3hanaxs.hanatrial.ondemand.com/.../BusinessPartners.xsodata/BusinessPartners
I receive: exception  1: no.71000258  (ptime/query/checker/check_clause.cc:579)
    Not authorized NO exception throw location recorded. Stack generation suppressed.
I executed successfully
call "HCP"."HCP_GRANT_SELECT_ON_ACTIVATED_OBJECTS"
But this doesn't help.
Does anyone know what privileges should be assigned to user and how can this be done?

I changed main idea of my OData service.
First, I created service with direct access to SNWD_BPA of EPMSAMPLEDATA. I created role with select access to SNWD_BPA of EPMSAMPLEDATA. But I used the wrong order of parameters with procedure call HCP_GRANT_ROLE_TO_USER.
Second time, I created view for access to SNWD_BPA of EPMSAMPLEDATA and changed Odata service. But view cannot be granted on trial hana cloud platform.
Current solution is: Odata service is same as first time and correct granted role.

Similar Messages

  • Help me granting privilege on a view (!)

    I have two schema A & B.In schema A I have table T_tb.Now I want to create view T_vw (select * from T_tb) on T_tb in schema B and I want some of my users having role R make a select on this view.
    I tried this way..
    CONN SYS
    GRANT SELECT ON A.T_tb TO B;
    CREATE OR REPLACE VIEW B.T_vw AS SELECT * FROM A.T_tb;
    GRANT SELECT ON B.T_vw TO B WITH GRANT OPTION;
    GRANT SELECT ON B.T_vw TO R;
    GRANT R TO user1;
    after that when I try to access view T_vw loged in as user1 I get..
    ERROR at line 1:
    ORA-01031: insufficient privileges
    I apreciate any help towards resolving this issue.
    Bye,
    AD

    Hopefully this will help you.....
    Connected to:
    Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - 64bit Production
    With the Partitioning, OLAP and Data Mining options
    SQL> create user a identified by a;
    User created.
    SQL> create user b identified by b;
    User created.
    SQL> grant connect,resource to a;
    Grant succeeded.
    SQL> grant connect,resource to b;
    Grant succeeded.
    SQL> conn a@inftmark
    Enter password: *
    Connected.
    SQL> create table test (roll number(3));
    Table created.
    SQL> grant select on test to b;
    Grant succeeded.
    SQL> conn b@inftmark
    Enter password: *
    Connected.
    SQL> select * from a.test;
    no rows selected
    SQL> create view test_view as select * from a.test;
    create view test_view as select * from a.test
    ERROR at line 1:
    ORA-01031: insufficient privileges
    SQL> conn sys@inftmark as sysdba
    Enter password: ******
    Connected.
    SQL> grant create view to b;
    Grant succeeded.
    SQL> conn b@inftmark
    Enter password: *
    Connected.
    SQL> create view test_view as select * from a.test;
    View created.
    SQL>

  • GRANTing privileges on some DBA_ views not working

    DB Version: 10g Release 2
    I installed the Oracle Software and created the database manually using CREATE DATABASE command. Later I ran ORACLE_HOME/rdbms/admin/catalog.sql . But, now when i try to GRANT SELECT ON some DBA_ views, i receive error. GRANT SELECTs on V$ views are working fine. Why is it that GRANT SELECT on some DBA_ views (like dba_objects) are working fine but not for views like DBA_LOCKS, DBA_WAITERS
    SQL> grant select any dictionary to  scott    ;
    Grant succeeded.
    SQL> grant select on dba_objects to  scott    ;
    Grant succeeded.
    SQL> grant select on dba_lock to  scott    ;
    grant select on dba_lock to  scott
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL> grant select on dba_locks to  scott    ;
    grant select on dba_locks to  scott
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL> grant select on dba_waiters to  scott    ;
    grant select on dba_waiters to  scott
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL> grant select on dba_blockers to  scott    ;
    grant select on dba_blockers to  scott
    ERROR at line 1:
    ORA-00942: table or view does not exist
    SQL> grant select on v_$session to  scott    ;
    Grant succeeded.
    SQL> grant select on v_$process to  scott    ;
    Grant succeeded.
    SQL> grant select on v_$locked_object to  scott    ;
    Grant succeeded.
    SQL> grant select on v_$parameter to  scott    ;
    Grant succeeded.
    SQL> grant select on v_$lock to  scott    ;
    Grant succeeded.

    Those are views created by catblock.sql (which is not run by default)
    not catalog.sql

  • ORA-01720 while trying to grant select on a view

    Hi Friends,
    Iam getting the following error while trying to grant select privilege for the view to SchemaB, i have the view in schemaA.
    I have used the tables from both the schema for creating the view and iam getting the error on showing a particular table
    ORA-01720: grant option does not exist for 'schemaB.Product'.
    I have looked into so many forums but i couldn't find the answer for my question.
    I must have to create the view in the Schema A only(strictly), as i seen in some forums stated that while creating the view in the other schema and granting the select privilege will solve the problem.But it was an exception to me ...
    Tell me something how can i proceed in this .....

    grant select on t1 to seconduser with admin optionNo. WITH ADMIN OPTION applies to system privileges only. Object privileges need the WITH GRANT OPTION ...
    SQL> grant select on joe_soap.some_table to apc with admin option
      2  /
    grant select on joe_soap.some_table to apc with admin option
    ERROR at line 1:
    ORA-00993: missing GRANT keyword
    SQL> grant select any table  to apc with admin option
      2  /
    Grant succeeded.
    SQL> grant select on joe_soap.some_table to apc with grant option
      2  /
    Grant succeeded.
    SQL> Cheers, APC

  • Error while granting privileges to new user

    hi all,
    I created new user and i tried to grant privileges to that new user by using ( SQL> CONNECT / AS sysdba;
    Connected.
    SQL> CREATE USER cdcproj IDENTIFIED BY cdcproj
    2 QUOTA UNLIMITED ON SYSTEM
    3 QUOTA UNLIMITED ON SYSAUX;
    User created.
    SQL> GRANT CREATE SESSION TO cdcproj;
    Grant succeeded.
    SQL> GRANT CREATE TABLE TO cdcproj;
    Grant succeeded.
    SQL> GRANT SELECT_CATALOG_ROLE TO cdcproj;
    Grant succeeded.
    SQL> GRANT EXECUTE_CATALOG_ROLE TO cdcproj;
    Grant succeeded.
    SQL> EXECUTE DBMS_STREAMS_AUTH.GRANT_ADMIN_PRIVILEGE(grantee => 'cdcproj'); PL/SQL procedure successfully completed.
    SQL> GRANT ALL ON PL.PROJ_HISTORY TO cdcproj;
    Grant succeeded. ). All the commands worked except last command. It is giving error i.e (GRANT ALL ON PL.PROJ_HISTORY TO cdcproj; ) error is ( table / view not exists ).
    What i can do. Any help.
    Otherwise is there any other method to grant privileges.
    Thanks in advance.

    What is your Oracle version ?
    Are you sure the object PL.PROJ_HISTORY exists ?
    What is the output of (using the Oracle account that executes the GRANT):
    select * from session_roles;
    select * from session_privs;

  • How to grant privileges on all the tables in a schema

    Hi All,
    Can you tell me how to grant privileges on all the tables of a schema A
    to schema B.
    For Example:
    There are 200 tables in schema A, I wanted to grant select privilege on all the tables of a scheme A to schema B.
    Thanks in advance.

    note that USER is the user that will have the select priviledge
    the procedure includes views as well
    CREATE OR REPLACE PROCEDURE GRANT_ACCESS_ON_USER IS
    CURSOR c1 is select table_name from user_tables;
    CURSOR c2 is select view_name from user_views;
    tablename user_tables.TABLE_NAME%TYPE;
    viewname user_views.VIEW_NAME%TYPE;
    BEGIN
    tmpVar := 0;
    OPEN c1;
    loop
         fetch c1 into tablename;
         EXIT WHEN c1%NOTFOUND;
         EXECUTE IMMEDIATE 'GRANT SELECT on '||tablename ||' to USER';
    end loop ;
    close c1;
    OPEN c2;
    loop
         fetch c2 into viewname;
         EXIT WHEN c2%NOTFOUND;
         EXECUTE IMMEDIATE 'GRANT SELECT on '||viewname ||' to USER';
    end loop ;
    close c2;
    EXCEPTION
    WHEN NO_DATA_FOUND THEN
    NULL;
    WHEN OTHERS THEN
    -- Consider logging the error and then re-raise
    RAISE;
    END;
    /

  • Grant Privilege to Role instead of Direct grant doesn't work

    Hi all
    My scenario is sas follow:
    create user a identified by a;
    create user b identified by b;
    grant connect,resource to a ;
    grant connect,resource to b ;
    conn a/a
    create table tbl( c1 number(10));
    conn system/sys
    create role roll;
    grant roll to b;
    conn a/a
    grant select on tbl to roll;
    conn b/b
    set role roll;
    create or replace procedure b.pr
    as
    v number(10);
    begin
    select a into v
    from a.tbl
    where a=0;
    end;
    show error
    Errors for PROCEDURE B.P:
    LINE/COL ERROR
    6/1 PL/SQL: SQL Statement ignored
    7/6 PL/SQL: ORA-00942: table or view does not exist
    This happen because i granted the SELECT privilege to user b through the role ROLL but if i granted the user b the SELECT privilege directly it work properly
    Why???
    And how could I grant the privilege from within a role, Because i don't want to grant it directly
    Thank in advance
    Bassil

    There is no other way. The owner of stored code must have been directly granted all necessary (used in code) select, insert, update, or delete privileges. The code owner cannot just have the referenced privileges granted to them via a role. There is no workaround, nor should there be as this is a security feature. Just because you have been granted insert or delete to another user's tables does not mean you should be able to grant that access to some other user. This is exactly what you do when you grant execute to stored code that referenced another user's objects.
    The referenced article is by Tom Kyte and there are few people who understand how to use Oracle to better effect than Tom. The same information can be found in the official documentation and is referenced by the article.
    You can write packages that use the privileges of the executing person. Perhaps for the specific problem you are writing the code to handle this is the route you want to take. See the manuals for the details.
    Note - If user A grants insert to user B on table_a then user B can write a procedure, proc_b, and grant execute to a role and anyone with the role can perform inserts into table_a via proc_b, without having any grants on table_a. You do not need to grant privileges on the objects referenced in stored code that runs as the code owner if this is what you are worried about. The users just need execute on the package, procedure, or function that performs the DML operations in this case and they can get that from a role.
    If you still do not understand you need to state exactly what it is you either do not understand or want to know how to do.
    HTH -- Mark D Powell --

  • Grant privileges to all objects

    Oracle 11.0.1.7.0:
    When I create new user I do something like:
    create user abc identified by abc
    grant create session, create table, create views, create snapshot to abc - separate grant for each object
    grant unlimited tablespace to abc;So when I do that sometimes I forget privileges for sequences. Is there a way to give privilege in one sql to the user to let that user create table, views, session, tablespace etc.
    Edited by: user628400 on Jun 9, 2009 5:35 PM

    Is there a list of things like create table, session etc. that I can look at to determine what options I have?select distinct privilege from role_sys_privs order by 1;
    will give you a list of privileges which can be granted to role.
    is there a way to grant privileges to all different types like create table, session etc in one statement without having to type each one of them separately like grant create session, grant table?As other replied, this can be achieved by creating a role like:
    SQL> create role newrole;
    Role created.
    SQL> grant create table,query rewrite to newrole;  -- Or any privilege by above command.
    Grant succeeded.
    SQL> grant newrole to <YourUserName>;  --
    Grant succeeded.HTH
    Girish Sharma

  • Granting privilege through role not working for PL/SQL

    Version: 11.2.0.2
    In our shop, we don't grant privileges directly to a user, we grant it to a role and grant that role to the intended grantee.
    Granting privileges through a role seems to be fine with SQL Engine. But it doesn't work from PL/SQL engine.
    In the below example GLS_DEV user is granted SELECT access on SCOTT.pets table through a role called tstrole. GLS_DEV can select this table from SQL. But PL/SQL Engine doesn't seem to know this.
    Reproducing the issue:
    SQL> show user
    USER is "SCOTT"
    SQL> select * from pets;
    NAME
    PLUTO
    SQL> conn / as sysdba
    Connected.
    SQL> create user GLS_DEV identified by test1234 default tablespace TSTDATA;
    User created.
    SQL> alter user GLS_DEV quota 25m on TSTDATA;
    User altered.
    SQL> grant create session, resource to GLS_DEV;
    Grant succeeded.
    --- Granting SELECT privilege on scott.pets to tstrole and then grant this role to GLS_DEV.
    SQL> conn / as sysdba
    Connected.
    SQL>
    SQL> create role tstrole;
    Role created.
    SQL> grant select on scott.pets to tstrole;
    Grant succeeded.
    SQL> grant tstrole to GLS_DEV;
    Grant succeeded.
    SQL> conn GLS_DEV/test1234
    Connected.
    SQL>
    SQL> select * From scott.pets;
    NAME
    PLUTO
    ---- All fine till here. From SQL engine , GLS_DEV user can SELECT scott.pets table.
    --- Now , I am going to create a PL/SQL object in GLS_DEV which tries to refer scott.pets
    SQL> show user
    USER is "GLS_DEV"
    create or replace procedure my_proc
    is
    myvariable varchar2(35);
    begin
         select name into myvariable from scott.pets ;
         dbms_output.put_line(myvariable);
    end my_proc;
    Warning: Procedure created with compilation errors.
    SQL> show errors
    Errors for PROCEDURE MY_PROC:
    LINE/COL ERROR
    6/2      PL/SQL: SQL Statement ignored
    6/41     PL/SQL: ORA-01031: insufficient privileges
    SQL>
    SQL> 6
      6*    select name into myvariable from scott.pets ;
    --- PL/SQL Engine doesn't seem to know that GLS_DEV has select privilege on scott.pets indirectly granted through a role
    --- Fix
    --- Instead of granting privilege through a role, I am granting the SELECT privilege on scott.pets to GLS_DEV directly.
    --- The error goes away, I can compile and execute the procedure !!
    SQL> conn / as sysdba
    Connected.
    SQL>
    SQL> grant select on scott.pets to GLS_DEV;
    Grant succeeded.
    SQL> conn GLS_DEV/test1234
    Connected.
    SQL>
    SQL> create or replace procedure my_proc
    is
    myvariable varchar2(35);
    begin
            select name into myvariable from scott.pets ;
            dbms_output.put_line(myvariable);
    end my_proc;  2    3    4    5    6    7    8    9   10
    11  /
    Procedure created.
    SQL> set serveroutput on
    SQL> exec my_proc;
    PLUTO
    PL/SQL procedure successfully completed.Has anyone encountered the same issue ?

    You really should start your own new thread for this question instead of resurrecting an old one, but to answer your question.
    There are two things going on here. First, there are a number of aler session commands that can be used by any user regardless of what privileges they are granted. Although I do not have the entire list at hand, things like nls_date_format and current_schema are available to all users, sort of like the grants to public in the data dictionary.
    Second, when you use execute immediate, the PL/SQL engine never really sees the statement, as far as the compiler is concerned it is just a string. It is only when the string is passed to the sql engine that permissions are checked, and there roles are not enabled.
    SQL> create role t_role;
    Role created.
    SQL> grant select on ops$oracle.t to t_role;
    Grant succeeded.
    SQL> create user a identified by a default tablespace users;
    User created.
    SQL> grant create session, create procedure to a;
    Grant succeeded.
    SQL> grant t_role to a;
    Grant succeeded.
    SQL> connect a/a
    Connected.
    SQL> select * from ops$oracle.t;
            ID DESCR
             1 One
             1 Un
    SQL> create function f (p_descr in varchar2) return number as
      2     l_num number;
      3  begin
      4     select id into l_num
      5     from ops$oracle.t
      6     where descr = p_descr;
      7     return l_num;
      8  end;
      9  /
    Warning: Function created with compilation errors.
    SQL> show error
    Errors for FUNCTION F:
    LINE/COL ERROR
    4/4      PL/SQL: SQL Statement ignored
    5/20     PL/SQL: ORA-00942: table or view does not exist
    SQL> create or replace function f (p_descr in varchar2) return number as
      2     l_num number;
      3  begin
      4     execute immediate 'select id from ops$oracle.t where descr = :b1'
      5                       into l_num using p_descr;
      6     return l_num;
      7  end;
      8  /
    Function created.
    SQL> select f('One') from dual;
    select f('One') from dual
    ERROR at line 1:
    ORA-00942: table or view does not exist
    ORA-06512: at "A.F", line 4John

  • Granting select on X$ views?

    Hi,
    Is it possible to select from X$ views from users other than sys? Is it not possible to grant privileges on these structures/views?
    Cheers,
    Warren

    What you would need to do: create a view on the X$ view and grant select on the view. See Steve Adams' create_xviews.sql script for an example.

  • To grant  privileges to user or/and group

    Hi,
    I need information about to grant privileges on content area and folders.
    For example, if I grant privilege to view content on Content area and I grant privilege of Manage Items on folder. Can the users or group add items to folder? Or can they view the content?
    Thank you for information,
    Noel

    I changed the file (sudo vi $ORACLE_HOME/rdbms/admin/externaljob.ora) to read run_user = oracle and run_group = dba. The error remains the same - also after restart of dbconsole. Anyway, the file has note: The user and group specified here should be a lowly privileged user and group for your platform. For Linux this is nobody and nobody. Which it was, and I changed it back to that.
    Btw:
    SQL> SELECT owner, credential_name, username FROM dba_scheduler_credentials;
    no rows selected
    SQL> execute DBMS_SCHEDULER.CREATE_CREDENTIAL('oracle','oracle','password');
    After the above I was able to select "sys.oracle" as the credential name pull-down menu of the scheduler job edit mode.
    And the job succeeded: EXTERNAL_LOG_ID="job_73826_863", USERNAME="oracle"
    How does one set credentials if not in the "preferred credential setup" in dbconsole EM?
    Edited by: Dude on Jan 14, 2011 2:11 PM

  • Granting Privileges on Objects and Workspace

    Hi folks,
    I'm a newbie using Workspace Manager and here is a basic question about granting privileges. I think that it's a little bit confused to me the concept regarding objects privileges versus workspace privileges.
    Here is the scenario.
    User A enable versioning in table TAB1
    User A creates a workspace WKS1
    User A grants workspace privileges to User B (ACESS, MERGE,....)
    User B connects into the database and goto workspace WKS1
    User B tries to select, insert, update data using TAB1 but got error that
    table does not exist.
    So, Should user A, previously, grant select, insert, update permission on table TAB1 to User B?
    I understood that it was not necessary once user B would, in fact, access a view created by workspace manager and the privileges would be set using the GrantWorkspacePrivs function.
    Regards,
    Luis

    Hi,
    The object and workspace privileges are separate. You would need to grant access to user B for both the workspace and the table. The object permissions can be granted prior to executing dbms_wm.enableversioning or during a DDL session.
    Regards,
    Ben

  • Grant Privileges on schema objects

    Hello all,
    I need to grant all privs to one user on another user all objects.
    I am not findign exact command to do so.
    eg: x have y objects.
    user z should be able to select,update, delete all x.y objects.
    Any help/insight is highly appreciated. !

    You have to grant the privileges on an object by object basis.
    You can use a bit of dynamic SQL to automate the process (note that I'm only showing the process of granting privileges on tables-- you can write similar bits of code to grant privileges on views and other types of objects as well).
    BEGIN
      FOR i IN (SELECT * FROM dba_tables where owner = 'X')
      LOOP
        EXECUTE IMMEDIATE 'grant select, update, delete on x.' || i.table_name || ' to z';
      END LOOP;
    END;If Z does not need the privileges granted directly, you would probably be better off creating a role, granting the privileges to the role, and then granting the role to Z. That will make it easier in the future if you need to create another user that has the same privileges as Z.
    Justin
    Edited by: Justin Cave on Oct 15, 2012 11:50 AM

  • Privileges needed to view procedures, triggers, package bodies

    What privileges are needed for a user to view procedures, triggers, package bodies in another schema? I don't want to grant privileges more powerful than needed like 'select ANY'.

    If you want to give somebody access to view only some of objects without giving read/execute access to them probably the best method is to build your own view and give select acces to this view.
    Example:
    create view special_definitions as
      select view_name obj_name, 'VIEW' obj_type text
        from dba_views
       where owner='OTHERSCHEMA'
           and view_name in ('VIEW1', 'VIEW2', ...)
    union all
      select trigger_name,'TRIGGER', trigger_body
        from dba_triggers
       where .....
    grant select on special_definitions to special_user;Bartek

  • Why do I get a "ORA-01031: insufficient privileges" in my view creation?

    Why do I get a "ORA-01031: insufficient privileges" in my view creation for the table which exists in the same schema?
    Oracle version is 10g R2.
    connect cim/lion;
    create table cim.table1 (a number, b varchar2(10));
    create view cim.view1 as select * from cim.table1;
    create view cim.view1 as select * from cim.table1
    ERROR at line 1:
    ORA-01031: insufficient privileges

    Thanks it works now after giving CREATE VIEW permission to user CIM.
    This script was working fine in Oracle 10g R1.
    Looks like i need to execute the following GRANT permission explicitly
    grant create view to cim;

Maybe you are looking for

  • OSD to Dell Venue 11 pro 5130 tablet

    Hi, I am setting up a deployment of Windows 8.1 x64 to Dell Venue 11 pro 5130 tablets from SCCM 2012 R2. I am docking the tablet and using the dock USB port to boot from a USB stick into the SCCM Boot Image. the image loads and allows me to select th

  • Serial numbers on sales orders

    Hi can somebody tell me how do we maintain the serial number in Sales order in VA01/02... Inputs on SD serial numbers also welcome Thanks Muthu

  • My iPhone 4 no longer syncs my calendars with Outlook...?

    Hi.  I've always synced my Outlook with my iPhone and haven't had any issues.  Now, I've noticed that my Oulook Calendar doesn't have the same appointments my iPhone does.  For example, I have many appointments this month on my iPhone, but they don't

  • Ping.vi

    When I use the Ping.vi I get : Error 7 occurred at Open File+.vipen File Possible reason(s): LabVIEW:  File not found. The file might have been moved or deleted, or the file path might be incorrectly formatted for the operating system. For example, u

  • [iPhone SDK] Multiple Apps and App ID nightmare

    Maybe I don't understand this quite well or there's something wrong with Apple's Documentation. I've setup a single App ID using an asterisk for all my apps: "com.me.*" and the resulting App ID is something like: "##########.com.me.*" I've used this