Grant Privileges to a new user

Similar Messages

• Grant privileges and permission to user, to create user and database in 10g

  Hi,
  I'm very much new to Oracle 10g database and after all my search, I think this forum will help me to solve my puzzle. Installed Oracle 10g database and during installation created a Global database "TestDB". I created an user "user1" in sqlplusw, by logging in as system.
  Now I need to know, what privileges and permissions should be given to this "user1", so that I can create new users and create database by logging as "user1". I don't want to Inherit all the sytem privileges of SYSTEM or SYSDBA or SYS or SYSOPER.
  Is there a way where I could achieve this by explicitly granting the required privileges and permissions

  You may need to know all the views to get the privilege information.
  SQL> conn /as sysdba
  SQL> select table_name from dict where table_name like '%PRIV%';
  And also, take a look into below Oracle Documentations.
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#SQLRF01603
  Regards,
  Sabdar Syed.

• ORA-01031 SYSMAN Insufficient Privileges Creating a new user

  I have installed Oracle 11g R2 onto Windows 7 64bit
  I then created a new database, at the end it moaned about the service and listener was not running or allocated to each other and also there was no web admin tool available.
  To resolve this I managed to use Net Configuration Assistant to get the listener sorted.
  I then had to run:
  set ORACLE_HOSTNAME=localhost
  set ORACLE_SID=mydb
  set ORACLE_UNQNAME=mydb
  I then ran
  emca -config dbcontrol db -repos recreate
  This gave me the web admin tool to create a new user.
  I logged in as SYSMAN tried to create a new user and got the "ORA-01031 Insufficient Privileges, you do not have enough privileges to perform this operation." error
  Can someone please help.
  Thanks

  It isn't that simple. As SYSMAN used for 11.2.0.3 database control:
  orcl>  select privilege from user_sys_privs;
  PRIVILEGE
  CREATE PUBLIC SYNONYM
  SELECT ANY DICTIONARY
  UNLIMITED TABLESPACE
  ALTER SESSION
  orcl>but as SYSMAN used for 12.1 Cloud Control:SQL> select privilege from user_sys_privs;
  PRIVILEGE
  ALTER USER
  DROP USER
  CREATE SESSION
  CREATE PUBLIC SYNONYM
  CREATE JOB
  CREATE MATERIALIZED VIEW
  SELECT ANY DICTIONARY
  CREATE TABLE
  ALTER SESSION
  CREATE USER
  CREATE SYNONYM
  DROP PUBLIC SYNONYM
  MANAGE SCHEDULER
  CREATE VIEW
  CREATE DATABASE LINK
  15 rows selected.
  SQL>so you have to be a bit careful when you give a yes/no answer.
  Edited by: JohnWatson on Nov 12, 2012 11:38 AM
  Forgot to include a quote: this is replying to the question about whether SYSMAN can create users.

• Can't grant privilege on column to user via role?

  Hi:
  From what I read in the docs I should be able to create a role that has UPDATE privs on a column of a table, and then grant that role to a user, who should be able to update the column of the table. I get "insufficient privileges" when I try that, although it works as advertised if I grant directly to the user. Am I mis-reading the docs?
  Session GAFF:
  CREATE TABLE "GAFF"."FOO2"
     (    "F1" NUMBER,
      "F2" NUMBER,
      "F3" VARCHAR2(50),
      "F4" NUMBER,
       CONSTRAINT "FOO2_PK" PRIMARY KEY ("F1")
  create role foo2_u_f2;
  grant update (f2) on foo2 to foo2_u_f2 ;
  grant select on gaff.foo2 to play ;
  grant foo2_u_f2 to play ;session PLAY:
  update gaff.foo2 set f2 = 1 where f1 = 1ORA-01031: insufficient privileges

  Most likely role foo2_u_f2 is not a default role for user play. Initially, when user is created default role is set to ALL. Later it can be changed to NONE or a set of roles. Login as play and issue:
  select * from session_roles
  /I bet you will not see foo2_u_f2. Then issue:
  select granted_role,default_role from user_role_privs
  /That will give you a list of user play default roles. You can either issue:
  set role foo2_u_f2
  /This will enable foo2_u_f2 role in current session. Or you can login as privileged user and issue ALTER USER DEFUALT ROLE ...,foo2_u_f2.
  SY.

• How to grant create table to new User

  Hi All,
  I have created one new User, and give GRANT CREATE SESSION TO USER. But after that from which grant, i would be able to create table and other object, specially for table.Thanks,
  Brij

  Granting Resource role will work in your case as it consist of below privs
  grant resource to <username>;
  GRANTEE                           PRIV NAME                
  RESOURCE                          | CREATE CLUSTER           
                                     | CREATE INDEXTYPE         
                                     | CREATE OPERATOR          
                                     | CREATE PROCEDURE         
                                     | CREATE SEQUENCE          
                                     | CREATE TABLE             
                                     | CREATE TRIGGER           
                                     | CREATE TYPE         Please close the thread if you feel you have the answer and keep the Oracle forum clean.
  https://forums.oracle.com/forums/ann.jspa?annID=885

• Error while granting privileges to new user

  hi all,
  I created new user and i tried to grant privileges to that new user by using ( SQL> CONNECT / AS sysdba;
  Connected.
  SQL> CREATE USER cdcproj IDENTIFIED BY cdcproj
  2 QUOTA UNLIMITED ON SYSTEM
  3 QUOTA UNLIMITED ON SYSAUX;
  User created.
  SQL> GRANT CREATE SESSION TO cdcproj;
  Grant succeeded.
  SQL> GRANT CREATE TABLE TO cdcproj;
  Grant succeeded.
  SQL> GRANT SELECT_CATALOG_ROLE TO cdcproj;
  Grant succeeded.
  SQL> GRANT EXECUTE_CATALOG_ROLE TO cdcproj;
  Grant succeeded.
  SQL> EXECUTE DBMS_STREAMS_AUTH.GRANT_ADMIN_PRIVILEGE(grantee => 'cdcproj'); PL/SQL procedure successfully completed.
  SQL> GRANT ALL ON PL.PROJ_HISTORY TO cdcproj;
  Grant succeeded. ). All the commands worked except last command. It is giving error i.e (GRANT ALL ON PL.PROJ_HISTORY TO cdcproj; ) error is ( table / view not exists ).
  What i can do. Any help.
  Otherwise is there any other method to grant privileges.
  Thanks in advance.

  What is your Oracle version ?
  Are you sure the object PL.PROJ_HISTORY exists ?
  What is the output of (using the Oracle account that executes the GRANT):
  select * from session_roles;
  select * from session_privs;

• Create new user like another user with select privilege???

  our user requested create another user similar to "apps" , but only "selec t" privilege to "apps" objects and other user's objects which grant to "apps".
  In this case they can use tool login and do some work.
  Does anyone know how to "create a new user like APPS", bur only copy APPS "select" privilege to this new user?
  Thanks.

  This has been discussed many times in the forums. Pl see this thread Re: How to create a read only database or conduct a search for more hits.
  HTH
  Srini

• Problem with granting privileges

  We are creating a separate user for loading data into staging tables on our db and are having problems granting privileges. The original user is securities_developer and the new user is securities_loader. As securities_developer, I execute the following command:
  grant delete,update,insert,select on securities_work to securities_loader;
  The output indicates success, but when I switch to that user and perform 'select * from securities_work', the table isn't found. Using Oracle Enterprise Manager, I look up the table and it indicates that the above privileges have been granted. Am I missing something?
  version info:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  PL/SQL Release 11.2.0.1.0 - Production
  "CORE     11.2.0.1.0     Production"
  TNS for Linux: Version 11.2.0.1.0 - Production
  NLSRTL Version 11.2.0.1.0 - Production

  Hi,
  Do you have a (public) synonym on your table securities_work ?
  Or, try to add the schema owner in your query like: 'select * from securities_developer.securities_work'
  Regards,
  Thierry

• ORACLE - How to GRANT privilegies on ALL the tables belonging to a schema

  Is there a way to grant to a user the same privilegies on ALL the tables belonging to the same schema, so that, in case a new table is created afterwards, the grant is automatically given ?
  Thanks in adance for any reply

  Yes of course ! Just do the same as Oracle Applications: an end user has no Oracle account, the application code connects with the Oracle account that is the schema owner:
  no more grant needed ... That's a joke but it's also true ! In this case, your application must implement its own security (password management, audit, privileges) and you will not be able to use Oracle privileges, auditing and advanced security features ... just like Oracle Applications.
  The above answers are of course correct. You can also create an Oracle role that you can grant to the Oracle users and grant the privileges to this role everytime a new table is created to avoid granting privileges for each new object to each user.

• Granting privilege through role not working for PL/SQL

  Version: 11.2.0.2
  In our shop, we don't grant privileges directly to a user, we grant it to a role and grant that role to the intended grantee.
  Granting privileges through a role seems to be fine with SQL Engine. But it doesn't work from PL/SQL engine.
  In the below example GLS_DEV user is granted SELECT access on SCOTT.pets table through a role called tstrole. GLS_DEV can select this table from SQL. But PL/SQL Engine doesn't seem to know this.
  Reproducing the issue:
  SQL> show user
  USER is "SCOTT"
  SQL> select * from pets;
  NAME
  PLUTO
  SQL> conn / as sysdba
  Connected.
  SQL> create user GLS_DEV identified by test1234 default tablespace TSTDATA;
  User created.
  SQL> alter user GLS_DEV quota 25m on TSTDATA;
  User altered.
  SQL> grant create session, resource to GLS_DEV;
  Grant succeeded.
  --- Granting SELECT privilege on scott.pets to tstrole and then grant this role to GLS_DEV.
  SQL> conn / as sysdba
  Connected.
  SQL>
  SQL> create role tstrole;
  Role created.
  SQL> grant select on scott.pets to tstrole;
  Grant succeeded.
  SQL> grant tstrole to GLS_DEV;
  Grant succeeded.
  SQL> conn GLS_DEV/test1234
  Connected.
  SQL>
  SQL> select * From scott.pets;
  NAME
  PLUTO
  ---- All fine till here. From SQL engine , GLS_DEV user can SELECT scott.pets table.
  --- Now , I am going to create a PL/SQL object in GLS_DEV which tries to refer scott.pets
  SQL> show user
  USER is "GLS_DEV"
  create or replace procedure my_proc
  is
  myvariable varchar2(35);
  begin
       select name into myvariable from scott.pets ;
       dbms_output.put_line(myvariable);
  end my_proc;
  Warning: Procedure created with compilation errors.
  SQL> show errors
  Errors for PROCEDURE MY_PROC:
  LINE/COL ERROR
  6/2      PL/SQL: SQL Statement ignored
  6/41     PL/SQL: ORA-01031: insufficient privileges
  SQL>
  SQL> 6
    6*    select name into myvariable from scott.pets ;
  --- PL/SQL Engine doesn't seem to know that GLS_DEV has select privilege on scott.pets indirectly granted through a role
  --- Fix
  --- Instead of granting privilege through a role, I am granting the SELECT privilege on scott.pets to GLS_DEV directly.
  --- The error goes away, I can compile and execute the procedure !!
  SQL> conn / as sysdba
  Connected.
  SQL>
  SQL> grant select on scott.pets to GLS_DEV;
  Grant succeeded.
  SQL> conn GLS_DEV/test1234
  Connected.
  SQL>
  SQL> create or replace procedure my_proc
  is
  myvariable varchar2(35);
  begin
          select name into myvariable from scott.pets ;
          dbms_output.put_line(myvariable);
  end my_proc;  2    3    4    5    6    7    8    9   10
  11  /
  Procedure created.
  SQL> set serveroutput on
  SQL> exec my_proc;
  PLUTO
  PL/SQL procedure successfully completed.Has anyone encountered the same issue ?

  You really should start your own new thread for this question instead of resurrecting an old one, but to answer your question.
  There are two things going on here. First, there are a number of aler session commands that can be used by any user regardless of what privileges they are granted. Although I do not have the entire list at hand, things like nls_date_format and current_schema are available to all users, sort of like the grants to public in the data dictionary.
  Second, when you use execute immediate, the PL/SQL engine never really sees the statement, as far as the compiler is concerned it is just a string. It is only when the string is passed to the sql engine that permissions are checked, and there roles are not enabled.
  SQL> create role t_role;
  Role created.
  SQL> grant select on ops$oracle.t to t_role;
  Grant succeeded.
  SQL> create user a identified by a default tablespace users;
  User created.
  SQL> grant create session, create procedure to a;
  Grant succeeded.
  SQL> grant t_role to a;
  Grant succeeded.
  SQL> connect a/a
  Connected.
  SQL> select * from ops$oracle.t;
          ID DESCR
           1 One
           1 Un
  SQL> create function f (p_descr in varchar2) return number as
    2     l_num number;
    3  begin
    4     select id into l_num
    5     from ops$oracle.t
    6     where descr = p_descr;
    7     return l_num;
    8  end;
    9  /
  Warning: Function created with compilation errors.
  SQL> show error
  Errors for FUNCTION F:
  LINE/COL ERROR
  4/4      PL/SQL: SQL Statement ignored
  5/20     PL/SQL: ORA-00942: table or view does not exist
  SQL> create or replace function f (p_descr in varchar2) return number as
    2     l_num number;
    3  begin
    4     execute immediate 'select id from ops$oracle.t where descr = :b1'
    5                       into l_num using p_descr;
    6     return l_num;
    7  end;
    8  /
  Function created.
  SQL> select f('One') from dual;
  select f('One') from dual
  ERROR at line 1:
  ORA-00942: table or view does not exist
  ORA-06512: at "A.F", line 4John

• Can't retrieve folder privileges for a specific user

  I am trying to get the granted privilege for a specified user for a certain folder. I am using the wwsec_api.get_granted_user_privilege function. When I run my code, nothing is ever returned. Here is my code:
  l_priv_varchar := wwsec_api.get_granted_user_privilege(
  p_user_id => 0,
  p_object_type_name => 'FOLDER',
  p_name => '2889');
  p_user_id is from wwsec_person.id$
  p_object_type_name is my object type
  p_name is from wwv_corners.id
  I have looked at the properties of this folder and this user, 0, is set up as the owner. So I am expecting to see 'OWN' returned. I have another user set up to only VIEW the folder and when I put that user's id into the p_user_id parameter I still do not get any return. I can run this same code (with different parameter values) and get the privileges for a 'PAGE', but never for a FOLDER.
  Does anyone have this problem or can tell what I am missing?
  Thanks.
  null

  p_name for a folder is "sitename/parentfolder/foldername". You can see that in the syspriv_name field on the WWV_CORNERS table.

• 8i lite - OCA 30021, error in creating new user

  I Have installed 8i lite on my laptop running win 98 SE.
  I created a new user from oracle 8 navigator ( 8.0.5.0.1). Right clicking on user does not give any Privilege tab.
  Now I quit navigator & log on to Sql plus running OCA patch 6.0.5.35.0. The new user connects but you can practically do nothing.
  eg
  SQL> select * from system.emp ;
  select * from system.emp
  ERROR at line 1:
  OCA-30021: error preparing/executing SQL statement
  [POL-5150] access violation
  pl note that I have give "select all table" , "DDL" , "ADMIN" privilege to the new user created , but it always give error OCA-30021.
  Also does public synonym works in 8i lite ? I have create public synonym in SYSTEM, but it is not visible to any other user id.
  Greatly apreciate if you could answer any of my question.
  null

  I have similar problems. Any advice?

• Grant privileges  to new user + few tables

  Hi all. How can I give my new user all privileges for inserting deleting records in some tables...
  CREATE USER user1 IDENTIFIED BY user1

  May be it will be better to make nobody the owner of the tables?It's definitely a good idea to make somebody else the owner of the table rather than SYSTEM... you shouldn't really be putting your own objects in the SYSTEM schema anyway if you can help it.
  Whether NOBODY is the best schema to use depends on what you want the table for. If this is just a test system you are playing about with then it doesn't really matter... but if you are trying to put together a proper development/test system with a plan to move into a production environment then think through what you want (and whether NOBODY is the best name for your application schema).
  Saying that, if this is just a database you are 'playing' with to learn some Oracle then you might want to look at granting system privileges rather than object privileges.
  GRANT SELECT ANY TABLE TO ALEX;
  Will let ALEX select form any table (other than the data dictionary).
  Again, though, a word of caution - if you intend to put this into a 'real' system (rather than just one you are learning on) then think it through and only grant what you need. If you go for the 'easy' system privilege now you'll find you'll always be stuck with it because you'll never be 100% certain that you can revoke it without affecting your application.

• How to grant new user permission when the acct is created from application?

  Our application team will randomly create users in DB. But the new user need to have the permission of "execute on DBMS_SNAPSHOT, DBMS_STAT, DBMS_SYSTEM" being granted from sys. We need to grant it automatically after the user is created. I was thinking about using DDL "create" trigger or just DDL database trigger. Once the trigger is fired off, issue the grant statement. We can capture the create even for the user, but got error when running the grant in the trigger or from the procedure called by trigger. My guess is that the "grant" is a DDL and DDL trigger cannot start another DDL statement. I also think about put the insert trigger on the sys.user$. But oracle would not let trigger being created on the sys tables or views.
  What can we do now? The other option, I am wondering if there is a system package that can call external program (like Unix shell script) from the DDL trigger, to let the shell script do the grant, since this may not be considered as the same execution tree. Do we have such package to call from database to the UNIX shell script? Or for such need, do we have any other option?
  Thanks for help!
  Edited by: user5973955 on Oct 6, 2010 3:51 PM

  The application teams do not have the sys permission. If the application has privileges to CREATE USER, it can then issue GRANT
  Change the privileges.
  But they want this being resolved from DBA.DBA did NOT make this problem.
  The flawed application created the problem.
  Alternatively CREATE PROCEDURE that can issue GRANT & have application call this new procedure.

• Create a new user for oracle 10G ASM instance with sysdba system privilege

  Hi,
  In our Golden Gate Project, we require the SYS user credential to connect to the Oracle 10g  ASM instance to read the database transaction logs.But our client is not providing the SYS user credential to  connnect to ASM instance.
  I'm getting the error message "ORA-01109:  database not open",When I tried to create a new user using the  below the steps in oracle 10g ASM instance
  1. Login using "sqlplus / as sysdba"
  2. Create user <username> identified by <password>;
  But in oracle 11g ASM instance, I'm able to create new  user  by connecting the ASM instance with SYSASM role without issues.
  Is there is any workaround to create a new user with sysdba system privilege in oracle 10g ASM instance?.
  Thanks in advance .

  Hi,
  Recreate the password file for the ASM instance as follows:
  Unix:
  orapwd file=<ORACLE_HOME>/dbs/PWD<SID> password=<sys_password>
  Windows:
  orapwd file=<ORACLE_HOME>/database/PWD<SID>.ora password=<sys_password>
  Now sys password is reset, we are ready to use sys for ASM management. I decided to create another user ASMDBA as I tried above.
  SQL> create user ASMDBA identified by test01;
  User created.
  SQL> grant SYSASM, SYSOPER to ASMDBA;
  Grant succeeded.
  SQL> select * from v$pwfile_users;
  USERNAME SYSDBA SYSOPE SYSASM
  SYS TRUE TRUE TRUE
  ASMDBA FALSE TRUE TRUE
  Please see this link : http://orachat.com/how-to-change-asm-sys-password-creating-sysasm-user-11g/
  Thank you