Grant Privileges on schema objects
Hello all,
I need to grant all privs to one user on another user all objects.
I am not findign exact command to do so.
eg: x have y objects.
user z should be able to select,update, delete all x.y objects.
Any help/insight is highly appreciated. !
You have to grant the privileges on an object by object basis.
You can use a bit of dynamic SQL to automate the process (note that I'm only showing the process of granting privileges on tables-- you can write similar bits of code to grant privileges on views and other types of objects as well).
BEGIN
FOR i IN (SELECT * FROM dba_tables where owner = 'X')
LOOP
EXECUTE IMMEDIATE 'grant select, update, delete on x.' || i.table_name || ' to z';
END LOOP;
END;If Z does not need the privileges granted directly, you would probably be better off creating a role, granting the privileges to the role, and then granting the role to Z. That will make it easier in the future if you need to create another user that has the same privileges as Z.
Justin
Edited by: Justin Cave on Oct 15, 2012 11:50 AM
Similar Messages
-
Grant privileges to all objects
Oracle 11.0.1.7.0:
When I create new user I do something like:
create user abc identified by abc
grant create session, create table, create views, create snapshot to abc - separate grant for each object
grant unlimited tablespace to abc;So when I do that sometimes I forget privileges for sequences. Is there a way to give privilege in one sql to the user to let that user create table, views, session, tablespace etc.
Edited by: user628400 on Jun 9, 2009 5:35 PMIs there a list of things like create table, session etc. that I can look at to determine what options I have?select distinct privilege from role_sys_privs order by 1;
will give you a list of privileges which can be granted to role.
is there a way to grant privileges to all different types like create table, session etc in one statement without having to type each one of them separately like grant create session, grant table?As other replied, this can be achieved by creating a role like:
SQL> create role newrole;
Role created.
SQL> grant create table,query rewrite to newrole; -- Or any privilege by above command.
Grant succeeded.
SQL> grant newrole to <YourUserName>; --
Grant succeeded.HTH
Girish Sharma -
Grant privileges for future object?
Hi all. Need help.
1) Bob grants object priveleges on cars to Anna
2) Anna renames cars to cars_old
3) Anna creates cars .
4) Bob has no privelges to cars:(
How to grant privelges on 'created in future' tables?Here Demo
test - as Anna
monitor - Bob
Session : As Sys User
SQL>
SQL>
SQL> create user test identified by test default tablespace users quota unlimited on
2 users;
User created.
SQL> create user monitor identified by monitor default tablespace users quota
2 unlimited on users;
User created.
SQL> grant create session, create table, create procedure to test;
Grant succeeded.
SQL> grant create session, create ANY table to monitor;
Grant succeeded.
SQL> create role test_access;
Role created.
SQL>
SQL>
Session : 2
Test User
SQL> create table job_parm_table( job number primary key, tname varchar2(30) )
2 organization index;
Table created.
SQL> create or replace procedure do_grant( p_job in number )
2 as
3 l_rec job_parm_table%rowtype;
4 begin
5 select * into l_rec from job_parm_table where job = p_job;
6 execute immediate 'grant select, insert, update, delete on ' || l_rec.tname || ' to
7 test_access';
8 delete from job_parm_table where job = p_job;
9 end;
10 /
Procedure created.
SQL> grant insert on job_parm_table to sys;
Grant succeeded.
SQL> grant execute on do_grant to sys;
Grant succeeded.
SQL>
Sys User -- SEssion 1
SQL> create table msg ( txt varchar2(255) );
Table created.
SQL> create or replace trigger test_schema_trig
2 before CREATE on database
3 declare
4 l_str varchar2(255);
5 l_job number;
6 begin
7 if ( ora_dict_obj_type = 'TABLE' and ora_dict_obj_owner = 'TEST' )
8 then
9 dbms_job.submit( l_job, 'test.do_grant(JOB);' );
10 insert into test.job_parm_table( job, tname ) values ( l_job,
11 ora_dict_obj_name );
12 end if;
13 end;
14 /
Trigger created.
SQL>
Test - USer
SQL> create table t1( x int );
Table created.
monitor - User
SQL> create table test.t2(name varchar2(30));
Table created.
Sys User
SQL> select grantee, privilege from dba_tab_privs where owner = 'TEST';
GRANTEE PRIVILEGE
SYS EXECUTE
SYS INSERT
TEST_ACCESS DELETE
TEST_ACCESS INSERT
TEST_ACCESS SELECT
TEST_ACCESS UPDATE
TEST_ACCESS DELETE
TEST_ACCESS INSERT
TEST_ACCESS SELECT
TEST_ACCESS UPDATE
10 rows selected.
SQL> select * from test.job_parm_table;
no rows selected
{ Code }
- Failed Atlast.. Checking the Code give osm time...
I can access the table's created in "TEST" by monitor got the privlileges.... Successs but one thing is could not able to
find the records in job_parm_table...
Is It Okay with you know...
Problem.. Solved... :-)
- Pavan Kumar N
Edited by: Pavan Kumar on Sep 20, 2008 12:58 AM -
How to restrict a schema owner from granting privileges to other users.
How can we restrict a schema owner from granting privileges to other users on his objects (e.g. tables). Lets say we have user called XYZ and he has tables in his schema TAB1, TAB2 an TAB3. How can we restrict user XYZ from granting privileges on TAB1, TAB2 and TAB3 to other users in the database. Is it possible in Oracle 10g R2? Any indirect or direct way to achieve this? Please help on this.
Thanks,
ManoharWhenever someone is trying to prevent an object owner from doing something, that's generally a sign of a deeper problem. In a production database, the object owner shouldn't generally have CREATE SESSION privileges, so the user shouldn't be able to log in, which would prevent the user from issuing any grants.
As a general rule, you cannot stop an object owner from granting privileges on the objects it owns. You can work around this by creating a database-level DDL trigger that throws an exception if the user issuing the statement is XYZ and the DDL is a GRANT. But long term, you probably want to get to the root of the problem.
Justin
Edited by: Justin Cave on Nov 6, 2008 9:52 PM
Enrique beat me to it. -
Can some give me a script to do the following:
I have a schema name ABC and I want to give a user XYZ read access to all objects in the ABC schema. ie (TABLES, VIEWS. SWQUENCES etc)Hi,
user8822168 wrote:
Can anyone share some light on this
select 'grant select on '
|| owner
|| '."'
|| object_name
|| '" to ABC'
from ALL_objects
where object_type in ('TABLE','VIEW','SEQUENCE')
AND owner IN ('XYZ', 'PQR')
I run the above sql and it exeute without error and it shows that the grant was given to "ABC", but when I login as ABC I cannot see any of the objects that belongs to XYZ or PQR.
I did use XYZ.object_nameThat looks like the correct way to build a GRANT statement.
Post the complete procedure, including the EXECUTE IMMEDIATE statement that runs the statement built by the query above.
Please don't post unformatted code. Type these 6 characters:
(small letters only, inside curly brackets) before and after sections of formatted text, to preserve spacing.
Do I need some special previlege to grant select access to ALL ('TABLE','VIEW','SEQUENCE') at once As far as I can tell, you're not granting privileges on all objects at once; you're granting privileges on one object at a time (if at all; I haven't seen your EXECUTE IMMEDIATE statement). There may only be a couple of milliseconds between the GRANT statements, but each one is for only one object.
I even try to use one owner at a time by login as the schema owner but it did not work.Before XYZ can grant privileges on PQR's objects, PQR must grant the same privileges to XYZ WITH GRANT OPTION.
I suggest you not try to do this; instead, have XYZ run the procedure just to grant privileges on XYZ's objects, and have PQR run it to grant privileges on PQR's objects. -
Grant privileges, roles within Forms
Hello,
i have a forms application where each year can appear new users (e.g. employees), and i when a new employee appears i wanna grant him privileges, roles, etc within Forms. so is it possible having a form(accesible just for dba user) from where he can assign roles to another users ? (in employee table i have a column 'username'). also, when i insert a new employee, in post-insert query (i think) is it possible to have something like
create user .... identified by ....... but here is a problem.. where can i write the password?
Please clarify :)
Regards,Roger22 wrote:
but when i run the script how can i specify the password?what do you mean by specify the password? What's exactly your problem/requirement with specifying the pw?
You can do this in forms using forms_ddl, but I'd use a database procedure for this which creates the user, does the granting stuff etc.
e.g.:
create or replace procedure createUser(ivUsername in varchar2) is
cursor cGrants(cvUsername varchar2) is
select 'grant '||decode(object_type, 'TABLE', 'select, insert, update, delete ', 'PROCEDURE', 'execute ', [...])|| ' to '||cvUserName as grant_stmt,
'create synonym '||object_name||' for '||cvUserName||'.'||object_name as syn
from user_objects
where object_name != 'CREATEUSER'
and object_name not in (select synonym_name from all_synonyms where owner = upper(cvUserName);
begin
execute immediate 'create user '||ivUserName||'identified by '||ivUserName||' default tablespace my_tbs temporary tablespace my_temptbs quota unlimited on my_tbs';
execute immediate 'grant connect, resource to '||ivUserName;
for rGrants in cGrants(ivUsername) loop
execute immediate rGrants.grant_stmt;
execute immediate rGrants.syn;
end loop;
end;
/A user with pw = username get's created (maybe you should provide your users a pw change functionality to change their passwords afterwards), he gets granted all the privilages to objects from the current user, and also synonyms get's created (if you want to use this the calling user should have the create any synonym privilage). Beware: If you want to do this you MUST NOT grant this procedure to the other users (so object_name != 'CREATEUSER') or use any other database procedures in it, as you'll get a lock when executing the grant statement and the procedure hangs.
If you want to manage more schemas, you could create this procedure with the system user, modify the cursor to do a query on all_objects and restrict it to the schema from where you want to grant the privilages to (grant execute on schema.object to user), and pass the schema and the user to create to it. -
Grant Privilege to Role instead of Direct grant doesn't work
Hi all
My scenario is sas follow:
create user a identified by a;
create user b identified by b;
grant connect,resource to a ;
grant connect,resource to b ;
conn a/a
create table tbl( c1 number(10));
conn system/sys
create role roll;
grant roll to b;
conn a/a
grant select on tbl to roll;
conn b/b
set role roll;
create or replace procedure b.pr
as
v number(10);
begin
select a into v
from a.tbl
where a=0;
end;
show error
Errors for PROCEDURE B.P:
LINE/COL ERROR
6/1 PL/SQL: SQL Statement ignored
7/6 PL/SQL: ORA-00942: table or view does not exist
This happen because i granted the SELECT privilege to user b through the role ROLL but if i granted the user b the SELECT privilege directly it work properly
Why???
And how could I grant the privilege from within a role, Because i don't want to grant it directly
Thank in advance
BassilThere is no other way. The owner of stored code must have been directly granted all necessary (used in code) select, insert, update, or delete privileges. The code owner cannot just have the referenced privileges granted to them via a role. There is no workaround, nor should there be as this is a security feature. Just because you have been granted insert or delete to another user's tables does not mean you should be able to grant that access to some other user. This is exactly what you do when you grant execute to stored code that referenced another user's objects.
The referenced article is by Tom Kyte and there are few people who understand how to use Oracle to better effect than Tom. The same information can be found in the official documentation and is referenced by the article.
You can write packages that use the privileges of the executing person. Perhaps for the specific problem you are writing the code to handle this is the route you want to take. See the manuals for the details.
Note - If user A grants insert to user B on table_a then user B can write a procedure, proc_b, and grant execute to a role and anyone with the role can perform inserts into table_a via proc_b, without having any grants on table_a. You do not need to grant privileges on the objects referenced in stored code that runs as the code owner if this is what you are worried about. The users just need execute on the package, procedure, or function that performs the DML operations in this case and they can get that from a role.
If you still do not understand you need to state exactly what it is you either do not understand or want to know how to do.
HTH -- Mark D Powell -- -
Grant permission to all objects of a schema to apps user(Oracle 10g)
Dear Fiiends,
I would like to grant permission on all objects of a particular schema to apps user(Oracle 10g).How do I do it?
(ex)grant all on <schemaname>.<objectname> to apps with grant option.
This is the permission i want to give but i can't do it for all objects one by one so how do i do it in a single command.
Regards,
ArunYou can't do it in a single command. You have to give object-by-object privileges (you could grant something like SELECT ANY TABLE, but that applies to every schema in the database and is generally a rather bad idea). You can, however, use a bit of dynamic SQL to do the job, i.e.
FOR x IN (SELECT * FROM user_tables)
LOOP
EXECUTE IMMEDIATE 'GRANT ALL ON schema_name.' || x.table_name || ' TO apps WITH GRANT OPTION';
END LOOP;You can do the same with other object types, hit DBA_TABLES rather than USER_TABLES if you don't want to run this as the object owner, etc.
Justin -
ORACLE - How to GRANT privilegies on ALL the tables belonging to a schema
Is there a way to grant to a user the same privilegies on ALL the tables belonging to the same schema, so that, in case a new table is created afterwards, the grant is automatically given ?
Thanks in adance for any replyYes of course ! Just do the same as Oracle Applications: an end user has no Oracle account, the application code connects with the Oracle account that is the schema owner:
no more grant needed ... That's a joke but it's also true ! In this case, your application must implement its own security (password management, audit, privileges) and you will not be able to use Oracle privileges, auditing and advanced security features ... just like Oracle Applications.
The above answers are of course correct. You can also create an Oracle role that you can grant to the Oracle users and grant the privileges to this role everytime a new table is created to avoid granting privileges for each new object to each user. -
Grant access to all object/tables in other schemas to a user
Is there any and simple way to grant access to all object/tables in other schemas (more than one) to a scheme/user?
Thanks.
Tarman.HI.
grant SELECT ANY TABLE,delete any table, insert any table to user; Giving this delete,insert ANY TABLE privilege to a user can be dangerous and the use can mislead it. Its better to create a dynamic script and then grant it.
E.g Suppose you want to give select,inert,delete,update privileges to user A on user B's object.
sql> spool grants.sql
sql> select 'grant select,insert,update,delete on '||owner||'.'||table_name||' to A;' from dba_tables where owner='B';
sql>@grants.sqlHTH
Anand -
ORA-04021 while granting sys privilege to an object
Hello,
While granting a system privilege to an object using the TOAD software, ORA-04021 error arised, ORA-00600 was written in the alert.log, and a new trace file appeared. Can you help understand the reason for the error
Here is the trace file:
mis64_ora_2210.trc
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.1.0 - Production
ORACLE_HOME = /mis64/ora/oracle
System name: HP-UX
Node name: ncdb001
Release: B.11.11
Version: U
Machine: 9000/800
Instance name: MIS64
Redo thread mounted by this instance: 1
Oracle process number: 17
Unix process pid: 2210, image: oracle@ncdb001 (TNS V1-V3)
*** SESSION ID:(31.923) 2004-12-03 13:04:03.754
*** 2004-12-03 13:04:03.754
ksedmp: internal or fatal error
ORA-00600: internal error code, arguments: [qerfxFetch_01], [], [], [], [], [], [], []
Current SQL statement for this session:
SELECT
s.username,
s.osuser,
S.PROGRAM "Program",
s.serial# "Serial#",
s.sql_address "address", s.sql_hash_value "Sql hash",
lk.sid, DECODE(lk.TYPE,
'MR', 'Media Recovery',
'RT', 'Redo Thread',
'UN', 'User Name',
'TX', 'Transaction',
'TM', 'DML',
'UL', 'PL/SQL User Lock',
'DX', 'Distributed Xaction',
'CF', 'Control File',
'IS', 'Instance State',
'FS', 'File Set',
'IR', 'Instance Recovery',
'ST', 'Disk Space Transaction',
'TS', 'Temp Segment',
'IV', 'Library Cache Invalidation',
'LS', 'Log Start or Switch',
'RW', 'Row Wait',
'SQ', 'Sequence Number',
'TE', 'Extend Table',
'TT', 'Temp Table',
'BL','Buffer hash table instance',
'CI','Cross-instance function invocation instance',
'CU','Cursor bind',
'DF','Data file instance',
'DL','Direct loader parallel index create',
'DM','Mount/startup db primary/secondary instance',
'DR','Distributed recovery process',
'HW','Space management operations on a specific segment',
'IN','Instance number',
'JQ','Job queue',
'KK','Thread kick',
'LA','Library cache lock instance lock namespace A',
'LB','Library cache lock instance lock namespace B',
'LC','Library cache lock instance lock namespace C',
'LD','Library cache lock instance lock namespace D',
'LE','Library cache lock instance lock namespace E',
'LF','Library cache lock instance lock namespace F',
'LG','Library cache lock instance lock namespace G',
'LH','Library cache lock instance lock namespace H',
'LI','Library cache lock instance lock namespace I',
'LJ','Library cache lock instance lock namespace J',
'LK','Library cache lock instance lock namespace K',
'LL','Library cache lock instance lock namespace L',
'LM','Library cache lock instance lock namespace M',
'LN','Library cache lock instance lock namespace N',
'LO','Library cache lock instance lock namespace O',
'LP','Library cache lock instance lock namespace P',
'MM','Mount definition global enqueue',
'NA','Library cache pin instance A',
'NB','Library cache pin instance B',
'NC','Library cache pin instance C',
'ND','Library cache pin instance D',
'NE','Library cache pin instance E',
'NF','Library cache pin instance F',
'NG','Library cache pin instance G',
'NH','Library cache pin instance H',
'NI','Library cache pin instance I',
'NJ','Library cache pin instance J',
'NK','Library cache pin instance K',
'NL','Library cache pin instance L',
'NM','Library cache pin instance M',
'NN','Library cache pin instance N',
'NO','Library cache pin instance O',
'NP','Library cache pin instance P',
'NQ','Library cache pin instance Q',
'NR','Library cache pin instance R',
'NS','Library cache pin instance S',
'NT','Library cache pin instance T',
'NU','Library cache pin instance U',
'NV','Library cache pin instance V',
'NW','Library cache pin instance W',
'NX','Library cache pin instance X',
'NY','Library cache pin instance Y',
'NZ','Library cache pin instance Z',
'PF','Password File',
'PI',' PS Parallel operation',
'PR','Process startup',
'QA','Row cache instance A',
'QB','Row cache instance B',
'QC','Row cache instance C',
'QD','Row cache instance D',
'QE','Row cache instance E',
'QF','Row cache instance F',
'QG','Row cache instance G',
'QH','Row cache instance H',
'QI','Row cache instance I',
'QJ','Row cache instance J',
'QK','Row cache instance K',
'QL','Row cache instance L',
'QM','Row cache instance M',
'QN','Row cache instance N',
'QO','Row cache instance O',
'QP','Row cache instance P',
'QQ','Row cache instance Q',
'QR','Row cache instance R',
'QS','Row cache instance S',
'QT','Row cache instance T',
'QU','Row cache instance U',
'QV','Row cache instance V',
'QW','Row cache instance W',
'QX','Row cache instance X',
'QY','Row cache instance Y',
'QZ','Row cache instance Z',
'SC','System commit number instance',
'SM','SMON',
'SN','Sequence number instance',
'SS','Sort segment',
'SV','Sequence number value',
'TA','Generic enqueue',
'US','Undo segment DDL',
'WL','Being-written redo log instance',
lk.TYPE) lock_type,
DECODE(lk.lmode,
0, 'None',
1, 'Null',
2, 'Row-S (SS)',
3, 'Row-X (SX)',
4, 'Share',
5, 'S/Row-X (SSX)',
6, 'Exclusive',
TO_CHAR(lk.lmode)) mode_held,
DECODE(request,
0, 'None',
1, 'Null',
2, 'Row-S (SS)',
3, 'Row-X (SX)',
4, 'Share',
5, 'S/Row-X (SSX)',
6, 'Exclusive',
TO_CHAR(lk.request)) mode_requested,
TO_CHAR(lk.id1) lock_id1,
TO_CHAR(lk.id2) lock_id2,
s.USERNAME "DB User", s.sid,
OWNER||'.'||OBJECT_NAME "Object"
FROM v$lock lk, v$session s
, DBA_OBJECTS ao
WHERE
lk.lmode > 1
AND s.username is not null
AND lk.sid = s.sid
AND ao.OBJECT_ID(+) = lk.id1
ORDER BY 1, "Object"
----- Call Stack Trace -----
calling call entry argument values in hex
location type point (? means dubious value)
ksedmp()+184 ? ksedst() 80000001001B14C8 ?
000000000 ? 000000000 ?
000000000 ?
ksfdmp()+32 ? ksedmp() 000007FFE ? 000000000 ?
800000010000BD40 ?
40000000026CE5A7 ?
kgerinv()+152 ? ksfdmp() 800000010000BD40 ?
40000000026CE5A7 ?
8000000100149370 ?
000000000 ?
kgeasnmierr()+88 ? kgerinv() 000000000 ? 000000000 ?
40000000004F57D0 ?
C000000018380C38 ?
qerfxFetch()+2760 ? kgeasnmierr() 800000010012AB70 ?
400000000066848A ?
400000000070A490 ?
A900748690 ?
rwsfcd()+120 ? qerfxFetch() 000000000 ?
C0000000116641B8 ?
00121EDA7 ?
400000000156A43B ?
qeruaFetch()+240 ? rwsfcd() 8000000100149370 ?
000000002 ?
800000010012C370 ?
800003FB800653A8 ?
qervwFetch()+160 ? qeruaFetch() 0000000E0 ?
4000000000D9A748 ?
800003FFFF7F6F98 ?
100000080 ?
rwsfcd()+120 ? qervwFetch() 8000000100149370 ?
C000000011663EC0 ?
800003FFFF7F6F98 ?
800000010000 ?
qeruaFetch()+240 ? rwsfcd() 8000000100149370 ?
8000000100149370 ?
000000000 ? 30001001C42E0 ?
qervwFetch()+160 ? qeruaFetch() 8000000100143BA8 ?
800003FB8007F5B0 ?
8000000100144CF8 ?
055555555 ?
qerjoFetch()+480 ? qervwFetch() 40000000010530DB ?
8000000100000018 ?
4000000001400253 ?
8000000100144CF8 ?
rwsfcd()+120 ? qerjoFetch() 20000010C ? 000000000 ?
000000000 ?
400000000121EF73 ?
qerhjFetch()+1216 ? rwsfcd() C000000010B6B898 ?
400000000140ED7F ?
C00000000028DB33 ?
800003FB800603E0 ?
qersoFetch()+696 ? qerhjFetch() 80000001001C0720 ?
C000000000280A13 ?
80000001001623C0 ?
000000000 ?
opifch2()+3304 ? qersoFetch() 000000000 ?
8000000100149370 ?
40000000010675DF ?
8000000100143898 ?
opiall0()+3584 ? opifch2() 4E1D000023A3 ?
8000000100149370 ?
C000000018311A98 ?
000000000 ?
kpoal8()+3448 ? opiall0() 8000000100149370 ?
000000000 ? 000000000 ?
000000000 ?
opiodr()+2332 ? kpoal8() 000000D00 ?
40000000015460D7 ?
72000696F6E00 ?
1000000000000000 ?
ttcpip()+1880 ? opiodr() 000000000 ?
692E7369642C2073 ?
80000001001B19F0 ?
000000000 ?
opitsk()+1248 ? ttcpip() 00000001E ?
800003FDC0002ED8 ?
00000001E ?
800003FC800142E0 ?
opiino()+1464 ? opitsk() 000000000 ? 000000000 ?
000000000 ? 000000000 ?
opiodr()+2332 ? opiino() 000000000 ? 000000000 ?
000000000 ?
800003FDC0002ED8 ?
opidrv()+752 ? opiodr() 8000000100143A24 ?
000000000 ?
8000000100143A24 ?
80000001001D5AC8 ?
sou2o()+40 ? opidrv() 800003FFBFFFF480 ?
C0000000000218B3 ?
000000000 ?
C00000000030105B ?
main()+228 ? sou2o() 000000000 ?
C00000000030105B ?
000000002 ? 000000230 ?
$START$()+160 ? main() 21408130800 ?
800003FFFF7F04AB ?
800003FFFF7F03F3 ?
800003FFFF7F0017 ?
--------------------- Binary Stack Dump -----------------
========== FRAME [1] (ksedmp()+184 -> ksedst()) ==========
Dump of memory from 0x800003FFFF7F7FC0 to 0x800003FFFF7F8360
800003FFFF7F7FC0 80000001 001449DC 40000000 0041F7F8 [[email protected]..]
800003FFFF7F7FD0 800003FF FF7F7BF0 800003FB 80065338 [......{.......S8]
800003FFFF7F7FE0 40000000 00668488 40000000 00664980 [@[email protected].]
800003FFFF7F7FF0 80000001 0000B870 00000000 00000140 [.......p.......@]
800003FFFF7F8000 80000001 00144D88 00000000 0000000E [......M.........]
800003FFFF7F8010 80000001 00143AE8 80000001 00144DC0 [......:.......M.]
800003FFFF7F8020 00000000 00000001 80000001 001449F0 [..............I.]
800003FFFF7F8030 00000000 00000009 C0000000 1826D1F8 [.............&..]
........................................................Hi,
It's a possible bug id 2306106.8 (affect OEM) which fix in 9.2.0.2.
Nicolas. -
How to grant privileges on all the tables in a schema
Hi All,
Can you tell me how to grant privileges on all the tables of a schema A
to schema B.
For Example:
There are 200 tables in schema A, I wanted to grant select privilege on all the tables of a scheme A to schema B.
Thanks in advance.note that USER is the user that will have the select priviledge
the procedure includes views as well
CREATE OR REPLACE PROCEDURE GRANT_ACCESS_ON_USER IS
CURSOR c1 is select table_name from user_tables;
CURSOR c2 is select view_name from user_views;
tablename user_tables.TABLE_NAME%TYPE;
viewname user_views.VIEW_NAME%TYPE;
BEGIN
tmpVar := 0;
OPEN c1;
loop
fetch c1 into tablename;
EXIT WHEN c1%NOTFOUND;
EXECUTE IMMEDIATE 'GRANT SELECT on '||tablename ||' to USER';
end loop ;
close c1;
OPEN c2;
loop
fetch c2 into viewname;
EXIT WHEN c2%NOTFOUND;
EXECUTE IMMEDIATE 'GRANT SELECT on '||viewname ||' to USER';
end loop ;
close c2;
EXCEPTION
WHEN NO_DATA_FOUND THEN
NULL;
WHEN OTHERS THEN
-- Consider logging the error and then re-raise
RAISE;
END;
/ -
Granting Privileges on Objects and Workspace
Hi folks,
I'm a newbie using Workspace Manager and here is a basic question about granting privileges. I think that it's a little bit confused to me the concept regarding objects privileges versus workspace privileges.
Here is the scenario.
User A enable versioning in table TAB1
User A creates a workspace WKS1
User A grants workspace privileges to User B (ACESS, MERGE,....)
User B connects into the database and goto workspace WKS1
User B tries to select, insert, update data using TAB1 but got error that
table does not exist.
So, Should user A, previously, grant select, insert, update permission on table TAB1 to User B?
I understood that it was not necessary once user B would, in fact, access a view created by workspace manager and the privileges would be set using the GrantWorkspacePrivs function.
Regards,
LuisHi,
The object and workspace privileges are separate. You would need to grant access to user B for both the workspace and the table. The object permissions can be granted prior to executing dbms_wm.enableversioning or during a DDL session.
Regards,
Ben -
Oracle Unix 9 - slow granting Schema object to User
I have a problem. I can't figure out why granting schema object to users take longer time. here is my codes:
DECLARE
alert_button NUMBER;
CURSOR Teller_Cur IS SELECT * FROM TELLER_M;
BEGIN
alert_button := Show_Alert('AlertOK');
IF alert_button = ALERT_BUTTON1 THEN
FOR Teller_Rec IN Teller_Cur LOOP
Message('Setting table access for ' || Teller_Rec.Teller_ID || ' in progress, please wait....', No_acknowledge);
IF :DTABLE IS NOT NULL THEN
-- Granting Schema object to new User
IF SUBSTR(:DTABLE, 1, 4) = 'TEMP' THEN
Forms_DDL('GRANT SELECT, INSERT, UPDATE, DELETE ON ' || :DTABLE || ' TO ' || Teller_Rec.Teller_Id || '');
ELSE
IF Teller_Rec.SELECT_ACCESS = 'Y' THEN
Forms_DDL('GRANT SELECT ON ' || :DTABLE || ' TO ' || Teller_Rec.Teller_Id || '');
END IF;
IF Teller_Rec.INSERT_ACCESS = 'Y' THEN
Forms_DDL('GRANT INSERT ON ' || :DTABLE || ' TO ' || Teller_Rec.Teller_Id || '');
END IF;
IF Teller_Rec.UPDATE_ACCESS = 'Y' THEN
Forms_DDL('GRANT UPDATE ON ' || :DTABLE || ' TO ' || Teller_Rec.Teller_Id || '');
END IF;
IF Teller_Rec.DELETE_ACCESS = 'Y' THEN
Forms_DDL('GRANT DELETE ON ' || :DTABLE || ' TO ' || Teller_Rec.Teller_Id || '');
END IF;
END IF;
-- Creating Synonyms in new User schema
Forms_DDL('CREATE SYNONYM ' || Teller_Rec.Teller_Id||'.'|| :DTABLE || ' FOR ' || :DTABLE ||'');
ELSE
-- for stored procedure:
Forms_DDL('CREATE SYNONYM ' || Teller_Rec.Teller_Id||'.'|| :DSTOREDP || ' FOR ' || :DSTOREDP ||'');
Forms_DDL('GRANT EXECUTE ON ' || :DSTOREDP || ' TO ' || Teller_Rec.Teller_Id || '');
END IF;
END LOOP;
Message('Setting table access completed!!!', No_acknowledge);
END IF;
END;
If i use oracle 8.1.7 locally, it doesn't take than 5 minutes to grant access. But whereas to Oracle 9.0.1 (through network) is taking more than 20 minutes.
If anyone knows, do help me.
Thank you.The problem is not the difference between the database versions I think; it's the location of the Server.
Take a look what one call of forms_ddl causes network traffic. you have this traffic for each call of forms_ddl. On the Local Server this might not be so much of a problem but with the network between it I this is much slower...
Try to bundle up your statements or even better put the whole stuff in a database procedure to do it via one call. I speeded up creating grants and synonyms from 10 minutes via forms_ddl to 3 minutes using database procedure.
The only limitation is that your messages won't display for each user.
regards -
Script to create grants and synonyms for objects in database
Hello,
We are building a patch to be applied to the production environment. I want to create a script/sql query that builds a list of grants and synonyms for all the objects created after august 09.
for ex:
create or replace synonym abc for schema_name.abc;
Grant execute on abc to user_xyz;
How can I use Oracle's data dictionary to do this?
thankzHi,
You'll probably want to use these views:
user_objects - includes created (DATE) column.
user_synonyms
user_tab_privs - not just tables (e.g., includes EXECUTE privileges on functions).
Data dictionary views beginning with 'user_' cover objects owned by the current user only.
Almost all of the data dictionary views (and all of the three mentioned above) also have 'all_' and 'dba_' versions.
For example:
all_objects inculdes everything in user_objects, plus objects in other schemas on which the current user has privileges.
dba_objects include every object in the database. (Not everyone is allowed to see the dba_ views.)
Here's one of many possible ways to use these views:
SELECT 'GRANT '
|| privilege
|| ' ON "'
|| table_name
|| '" TO '
|| grantee
|| CASE
WHEN grantable = 'YES'
THEN ' WITH GRANT OPTION;'
ELSE ';'
END
FROM user_tab_privs
WHERE table_name IN ( -- Only interested in objects created after August 9
SELECT object_name
FROM all_objects
WHERE created >= TO_DATE ( '10-Aug-2009'
, 'DD-Mon-YYYY'
;
Maybe you are looking for
-
Open project was cancelled or application was unable to load database for pathname
My pc is installed with Robohelp 3x. Recently I shifted the pc from one room to anther. Now when I attempt to open my existing workable solution, it give me the following message: "Open project was canceled or application was unable to load database
-
ERROR MESSAGE: Could Not Complete your request ...
I've been looking into all the sites about the problems I have. included here. like a has-been, I get an error on the "Could Not Complete your request Because the file is not compatible with this version of photoshop". because power outages at my hou
-
Windows 7 not loading from external drive
I traded out my optical drive for an ssd with the hopes of installing Windows 7 Home using a legit disk (32-bit). My attempts with using Boot Camp Assistant have led to a black screen with a blinking cursor. Assuming that Windows cannot load from t
-
I have an app that needs to program open/close hours. So far I have a HSlider that starts at 0 and ends at 86400 (seconds in a day). I can easily convert the second value to a standard date time value, so all works great as long as I only want standa
-
Resizing/compresing images within a document
Hi I am trying to compress all images within a document I've just creacted, in order to avoid having a 20Mb size document, but I cannot find the tool anywhere. I am just new to Pages, transfered from Office Word, where this task can easily be done by