Grant Privileges to another user

Similar Messages

• Export object privileges to another user

  dear,
  i want to export thr object privilege to another user on oracle 10g. how can do it? i try to export the user/scheam than immport to another user but still no work..
  Regards

  I guess he want user B to have same object privileges as user A
  If this is the case, it depends on what object privileges user A has.
  You can find that out from user_tab_privs after logon as user A.
  If the GRANTABLE = 'NO' you have to logon as each schema holder to grant the privs.

• How to restrict a schema owner from granting privileges to other users.

  How can we restrict a schema owner from granting privileges to other users on his objects (e.g. tables). Lets say we have user called XYZ and he has tables in his schema TAB1, TAB2 an TAB3. How can we restrict user XYZ from granting privileges on TAB1, TAB2 and TAB3 to other users in the database. Is it possible in Oracle 10g R2? Any indirect or direct way to achieve this? Please help on this.
  Thanks,
  Manohar

  Whenever someone is trying to prevent an object owner from doing something, that's generally a sign of a deeper problem. In a production database, the object owner shouldn't generally have CREATE SESSION privileges, so the user shouldn't be able to log in, which would prevent the user from issuing any grants.
  As a general rule, you cannot stop an object owner from granting privileges on the objects it owns. You can work around this by creating a database-level DDL trigger that throws an exception if the user issuing the statement is XYZ and the DDL is a GRANT. But long term, you probably want to get to the root of the problem.
  Justin
  Edited by: Justin Cave on Nov 6, 2008 9:52 PM
  Enrique beat me to it.

• Grant privileges to a user for user_lock

  user_lock.sleep (3000);
  i am using it in my procedure.
  is it require to grant privileges to a user for user_lock.

  There is no built-in package namely user_lock. Actually it is dbms_lock.
  http://download-east.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_lock.htm#sthref3898
  I was using dbms_lock few days ago. Yes dba has to give the privilege to use this package.
  SQL> grant execute on dbms_lock to scott;
  Grant succeeded.
  [My experiment]
  http://mamohiuddin.blogspot.com/2007/02/plsql-block-abnormal-termination-ed.html

• Granting table privileges on another users tables

  Can anyone tell me what privilege needs to be granted to a user to be able to grant insert/update/select/delete/execute on another users tables/packages?
  I had thought that 'grant any privilege' was the one to have... and - the user I am trying to use to grant the privileges on the other users schema has this however - I'm still getting : ORA-01031: insufficient privileges when trying to run the grants.
  Any ideas what I'm doing wrong here?

  Ok... well...
  The 'with grant' option doesn't appear to be the issue.
  The user attempting to perform the grants:
  i.e. GRANT SELECT ON user_2.table_1 TO view_role
  has the 'grant any object privilege' and - that seems to be enough. When I run the statement above as a simply as typed - it works fine.
  However - what I'm actually doing is concatenating that together in a string and running (from a package created by/as user_1) and doing an execute immediate...
  i.e.
  l_sql := 'GRANT ' || l_rec.privilege || ' ON ' || l_rec.owner || '.' || l_rec.table_name || ' TO ' || p_role;
  EXECUTE IMMEDIATE l_sql;
  And - it's this that's giving me the insufficient privileges...
  I do not have invokers rights set on the package - so that shouldn't be an issue. And - I can't find any documented restriction on doing this (and - in fact - it works fine if I create the package as user_2 and run it as user_2 - the owner of the objects).
  I'm at a loss.

• Error while granting privileges to new user

  hi all,
  I created new user and i tried to grant privileges to that new user by using ( SQL> CONNECT / AS sysdba;
  Connected.
  SQL> CREATE USER cdcproj IDENTIFIED BY cdcproj
  2 QUOTA UNLIMITED ON SYSTEM
  3 QUOTA UNLIMITED ON SYSAUX;
  User created.
  SQL> GRANT CREATE SESSION TO cdcproj;
  Grant succeeded.
  SQL> GRANT CREATE TABLE TO cdcproj;
  Grant succeeded.
  SQL> GRANT SELECT_CATALOG_ROLE TO cdcproj;
  Grant succeeded.
  SQL> GRANT EXECUTE_CATALOG_ROLE TO cdcproj;
  Grant succeeded.
  SQL> EXECUTE DBMS_STREAMS_AUTH.GRANT_ADMIN_PRIVILEGE(grantee => 'cdcproj'); PL/SQL procedure successfully completed.
  SQL> GRANT ALL ON PL.PROJ_HISTORY TO cdcproj;
  Grant succeeded. ). All the commands worked except last command. It is giving error i.e (GRANT ALL ON PL.PROJ_HISTORY TO cdcproj; ) error is ( table / view not exists ).
  What i can do. Any help.
  Otherwise is there any other method to grant privileges.
  Thanks in advance.

  What is your Oracle version ?
  Are you sure the object PL.PROJ_HISTORY exists ?
  What is the output of (using the Oracle account that executes the GRANT):
  select * from session_roles;
  select * from session_privs;

• How do I share iTunes access privileges with another user on my mac?

  My wife and I use the same Mac. I recently created a separate user account for her after upgrading to Mountain Lion (so that we can get full functionality out of the new features). I gave her user account full administrator access as well as read & write sharing ability in certain folders... So why can she not purchase content on iTunes? What is the best way to extend the same iTunes account across different users on the same Mac?

  I found the answer on the Quicken Support site. Unbelievable!!!!
  Article ID: GEN82981      Updated: 8/11/2011 |
  Unable to Share a Data File Between Multiple Users on the Same System
  Cause The Quicken Essentials data is a data package that contains multiple files.  Each item in the package has permission set based on the current users profile.  When the Package is moved to a shared folder, the permission in the data package are not changed, therefore cannot be accessed by another user.
  You can change the permissions for each individual file within the data package to be accessed by other users.  However, the first user who opens the file after the permissions have been changed, will take ownership of the data package, and it will no longer be accessible by the other party again.
  SolutionThis issue is currently a product limitation and is expected to be resolved in a future version of Quicken Essentials for Mac.

• Grant privileges to the user to edit only his own information

  Hi all,
  my Portal version is 9.0.4.0.99
  I would like to grant to all users the privilege to change/edit only his own information.
  When I go to the Administer Tab, enter the username in the portlet User, and then I check the checkbox: "Allow User editing", then this User can edit all users.
  How can I grant the privilege to edit only his own information?
  Regards
  Leonid Pavlov

  The Portal does not expose the DAS Edit My Profile link until version 10.1.4. Prior to this version, if the associated DAS actually supports this, you can just add the link on your portal page as a URL item:
  http://host.domain.com:7777/oiddas/ui/oracle/ldap/das/mypage/AppEditMyPage?homeURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal &doneURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal&cancelURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal
  I.e., it takes the url:
  <infra-host>/oiddas/ui/oracle/ldap/das/mypage/AppEditMyPage
  with 3 url-encoded parameters:
  homeURL - link rendered with Home icon in DAS
  doneURL - target for [ OK ] in DAS
  cancelURL - target for [ Cancel ] in DAS

• Grant privileges  to new user + few tables

  Hi all. How can I give my new user all privileges for inserting deleting records in some tables...
  CREATE USER user1 IDENTIFIED BY user1

  May be it will be better to make nobody the owner of the tables?It's definitely a good idea to make somebody else the owner of the table rather than SYSTEM... you shouldn't really be putting your own objects in the SYSTEM schema anyway if you can help it.
  Whether NOBODY is the best schema to use depends on what you want the table for. If this is just a test system you are playing about with then it doesn't really matter... but if you are trying to put together a proper development/test system with a plan to move into a production environment then think through what you want (and whether NOBODY is the best name for your application schema).
  Saying that, if this is just a database you are 'playing' with to learn some Oracle then you might want to look at granting system privileges rather than object privileges.
  GRANT SELECT ANY TABLE TO ALEX;
  Will let ALEX select form any table (other than the data dictionary).
  Again, though, a word of caution - if you intend to put this into a 'real' system (rather than just one you are learning on) then think it through and only grant what you need. If you go for the 'easy' system privilege now you'll find you'll always be stuck with it because you'll never be 100% certain that you can revoke it without affecting your application.

• Granting Privileges question

  This is not a duplicate post. User Wilhem posted it in the wrong forum.
  In the below mentioned link, user CD has provided a quick way to grant privileges to another user. But it didn't work for me. Is there something wrong with with the DECODE expressions?
  Re: Granting Privileges question

  Instead of granting privileges to a user, i wanted to grant these privileges to a role. So i created a role
  CREATE ROLE jenrole;
  And then i tried the below mentioned script. But i am getting error
  DECLARE
  v_sql VARCHAR2(4000);
  BEGIN
  FOR obj IN (SELECT object_name
  , object_type
  , DECODE (OBJECT_TYPE,
  'PROCEDURE','EXECUTE',
  'FUNCTION' ,'EXECUTE',
  'PACKAGE' ,'EXECUTE',
  'SYNONYM' ,'SELECT' ,
  'SELECT, INSERT, UPDATE, DELETE') rights
  FROM user_objects)
  LOOP
  v_sql := 'GRANT '|| obj.rights ||' ON '|| obj.object_name ||' TO JENROLE' ;
  dbms_output.put_line(v_sql);
  EXECUTE IMMEDIATE v_sql; END LOOP;
  END;
  ERROR at line 1:
  ORA-00911: invalid character
  ORA-06512: at line 16
  Why am i getting error? The error line is boldened

• OID-DAS Granting privileges to User

  Hi All,
  I am using OID to store user information from different organizations. I am using OIDDAS ( Delegated Administrative Services) to enter user information. To incorporate the delegation model I am able to create a user and give him privilege to add other users. I can also give him privilege to grant privilege to other users. However, for security purposes I do not want them to be able to grant or use the 'Allow Oracle Delegated Administration Services configuration' privilege, that appears by default in the window. Is there I can alter this.
  Any help on this will be much appreciated.
  Thanks

  It can be done but is not as trivial as GRANT priv TO user. The disco privs are stored in the EULx_ACCESS_PRIVS table. Theoretically, you would just have to add records there to implement the privileges.
  You'll need to look in the EULx_EUL_USERS to get the user IDs, and youd need to find out the application privilege IDs. They are stored in the EULx_ACCESS_PRIVS table, and there are no descriptions. What you would need to do is create a test user, add one privilege, and see what got added to the EULx_ACCESS_PRIVS table. You could then repeat this process for each priv you would want to grant through a script.

• Privilege to allow a user to create a view in another user's schema

  Hello,
  I need to allow a user to create a view in another user's schema.
  Say, to connect as USER_A and run statement: 'create view USER_B_SCHEMA.myview as select...'
  Is there any way to accomplish that without granting USER_A privilege to CREATE ANY VIEW? I want to keep USER_A at the lowest profile possible.
  Thanks!

  You have the option to create an stored procedure, here a test case (no optimized, no bug free):
  SYS@orcl > create user sp_owner identified by sp_owner;
  SYS@orcl > grant create any view to sp_owner;
  SYS@orcl> create procedure sp_owner.create_view (
    2  view_name varchar2, view_sql varchar2 ) is
    3  begin
    4    execute immediate 'create view '||view_name||' as '||view_sql;
    5  end;
    6  /
  Procedure created.
  SYS@orcl > create user test identified by test;
  SYS@orcl > grant create session to test;
  SYS@orcl > grant execute on sp_owner.create_view to test;
  TEST@orcl> execute sp_owner.create_view('scott.emp_vw','select * from scott.emp')
  PL/SQL procedure successfully completed.HTH
  Enrique
  PS. If your problem was solved, consider marking the question as answered.

• Create new user like another user with select privilege???

  our user requested create another user similar to "apps" , but only "selec t" privilege to "apps" objects and other user's objects which grant to "apps".
  In this case they can use tool login and do some work.
  Does anyone know how to "create a new user like APPS", bur only copy APPS "select" privilege to this new user?
  Thanks.

  This has been discussed many times in the forums. Pl see this thread Re: How to create a read only database or conduct a search for more hits.
  HTH
  Srini

• Grants given to a user give to another as well...

  How is it possible the grants given to a user , given also to another....
  For example :
  connect scott/tiger;
  grant select on dept to x;
  grant insert on dept to x;
  Many thanks,
  Simon

  As yingkuan points out, the table you're looking for is, presumably DBA_TAB_PRIVS.
  I would point out, though, that 9 times out of 10, writing a script to duplicate the grants for a user from DBA_TAB_PRIVS is a bad idea. The proper approach is almost always to create a role, have the table owner (SCOTT in your last post, USER_A in the original post) grant privileges on the tables to the role, and grant the role to the end users. That is far, far easier than trying to keep grants in sync among multiple users.
  Also, be aware that DBA_TAB_PRIVS only accounts for object-level privileges, not system-level privileges and that it only accounts for privileges granted directly to a user, not those granted to a role (DBA_SYS_PRIVS, ROLE_SYS_PRIVS, ROLE_TAB_PRIVS, ROLE_ROLE_PRIVS, and DBA_ROLE_PRIVS would all come into play for those).
  Justin
  Justin

• Grant to let user just see a procedure from another user!

  Hi,
  Is there a GRANT to let a user see a procedure from another user but not compile it?
  Tks,
  Paulo.

  The problem is that is not just one procedure, but more then 30 and a lot of developments want this privilege.
  Tks,
  Paulo
  ps: can you help me on my other post "ALTER TABLESPACE tbs READ ONLY" --hang