Grant privileges to user
hi all,
How to create and grant privileges to user using sql command.
Thanks
Hi,
Example :-
log on as sysdba
grant connect, resource to test identified by test;
test is the user.
Go through this links
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_8003.htm#SQLRF01503
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#SQLRF01603
Thanks
Pavan Kumar N
Similar Messages
-
OID-DAS Granting privileges to User
Hi All,
I am using OID to store user information from different organizations. I am using OIDDAS ( Delegated Administrative Services) to enter user information. To incorporate the delegation model I am able to create a user and give him privilege to add other users. I can also give him privilege to grant privilege to other users. However, for security purposes I do not want them to be able to grant or use the 'Allow Oracle Delegated Administration Services configuration' privilege, that appears by default in the window. Is there I can alter this.
Any help on this will be much appreciated.
ThanksIt can be done but is not as trivial as GRANT priv TO user. The disco privs are stored in the EULx_ACCESS_PRIVS table. Theoretically, you would just have to add records there to implement the privileges.
You'll need to look in the EULx_EUL_USERS to get the user IDs, and youd need to find out the application privilege IDs. They are stored in the EULx_ACCESS_PRIVS table, and there are no descriptions. What you would need to do is create a test user, add one privilege, and see what got added to the EULx_ACCESS_PRIVS table. You could then repeat this process for each priv you would want to grant through a script. -
To grant privileges to user or/and group
Hi,
I need information about to grant privileges on content area and folders.
For example, if I grant privilege to view content on Content area and I grant privilege of Manage Items on folder. Can the users or group add items to folder? Or can they view the content?
Thank you for information,
NoelI changed the file (sudo vi $ORACLE_HOME/rdbms/admin/externaljob.ora) to read run_user = oracle and run_group = dba. The error remains the same - also after restart of dbconsole. Anyway, the file has note: The user and group specified here should be a lowly privileged user and group for your platform. For Linux this is nobody and nobody. Which it was, and I changed it back to that.
Btw:
SQL> SELECT owner, credential_name, username FROM dba_scheduler_credentials;
no rows selected
SQL> execute DBMS_SCHEDULER.CREATE_CREDENTIAL('oracle','oracle','password');
After the above I was able to select "sys.oracle" as the credential name pull-down menu of the scheduler job edit mode.
And the job succeeded: EXTERNAL_LOG_ID="job_73826_863", USERNAME="oracle"
How does one set credentials if not in the "preferred credential setup" in dbconsole EM?
Edited by: Dude on Jan 14, 2011 2:11 PM -
Hi,
Is it possible to grant privileges (like "Manage Scheduled Workbooks
") to the users through backend instead of through OD Administrator? Who can do it and how?
thanksIt can be done but is not as trivial as GRANT priv TO user. The disco privs are stored in the EULx_ACCESS_PRIVS table. Theoretically, you would just have to add records there to implement the privileges.
You'll need to look in the EULx_EUL_USERS to get the user IDs, and youd need to find out the application privilege IDs. They are stored in the EULx_ACCESS_PRIVS table, and there are no descriptions. What you would need to do is create a test user, add one privilege, and see what got added to the EULx_ACCESS_PRIVS table. You could then repeat this process for each priv you would want to grant through a script. -
Can use RBAC for grant privilege to user on specific directory or not?
If I want user "aaa:group1" to have write privilege on specific directory of user "bbb:group2" (such as /export/home/bbb).
Can I use RBAC Feature for this case? How to?
Because basic permission of Unix very large scope (user, group, other).
If I specific folder "/export/home/bbb" to rwxrwxr-x, then change group of user "aaa" to group2. Other user in group2 will have write privilege too.
Thank you.If you want fine grain control over directory permissions than the feature you want are access control lists (acl's).
Try man setfacl, though I warn you that the documentation for acl's are pretty confusing... -
Problem giving privileges to user
i am having problems granting privileges to user. Every time that i try to alter the user, I get
ORA-03113: end-of-file on communication channel
anyone know why?when u want to change a oracle user u should log in as system or sys users. because these are users having dba priveleges.
Alter user <username> identified by <password -
Error while granting privileges to new user
hi all,
I created new user and i tried to grant privileges to that new user by using ( SQL> CONNECT / AS sysdba;
Connected.
SQL> CREATE USER cdcproj IDENTIFIED BY cdcproj
2 QUOTA UNLIMITED ON SYSTEM
3 QUOTA UNLIMITED ON SYSAUX;
User created.
SQL> GRANT CREATE SESSION TO cdcproj;
Grant succeeded.
SQL> GRANT CREATE TABLE TO cdcproj;
Grant succeeded.
SQL> GRANT SELECT_CATALOG_ROLE TO cdcproj;
Grant succeeded.
SQL> GRANT EXECUTE_CATALOG_ROLE TO cdcproj;
Grant succeeded.
SQL> EXECUTE DBMS_STREAMS_AUTH.GRANT_ADMIN_PRIVILEGE(grantee => 'cdcproj'); PL/SQL procedure successfully completed.
SQL> GRANT ALL ON PL.PROJ_HISTORY TO cdcproj;
Grant succeeded. ). All the commands worked except last command. It is giving error i.e (GRANT ALL ON PL.PROJ_HISTORY TO cdcproj; ) error is ( table / view not exists ).
What i can do. Any help.
Otherwise is there any other method to grant privileges.
Thanks in advance.What is your Oracle version ?
Are you sure the object PL.PROJ_HISTORY exists ?
What is the output of (using the Oracle account that executes the GRANT):
select * from session_roles;
select * from session_privs; -
Grant Privileges to another user
Hi,
I am new to plsql. In course of my learning. I created two tables BOOKS and AUTHORS in orcl database(10g) through SYSDBA.
Again i logged in to SCOTT user account and am unable to see the BOOKS and AUTHORS tables.
Please let me know how do i grant administrative privileges(to edit,delete,insert,update) to SCOTT user for these tables.
Thanks & Regards,
Amrutha.808099 wrote:
1. Got now that SYSDBA is a role and SYS is user.
2. I was able to login to sqlplus through giving "/ as SYSDBA" as the username. Hence i thought it as user."/ as sysdba" connects to the database as the SYS user using operating system authentication with the SYSDBA role enabled.
3. Secondly, I dont know which schema does my BOOKS table belong to. Because i just ran a create table script in scott/tiger@orcl. PLease suggest how i can know which schema it belongs to.If you connected to the database as the SCOTT user and ran the script to create the table, the table would almost certainly be owned by SCOTT. If you connected to the database as the SYS user and ran the script to create the table, the table would most likely be owned by SYS. If the script specified the schema owner, i.e.
CREATE TABLE library.book ...the table would be created in the specified schema. But you need to have very powerful privileges in order to create objects in other user's schemas and SCOTT does not have those privileges unless you've specifically granted them.
4. Thirdly, I will delete the BOOKS and AUTHORS from SYS and create them in SCOTT user. But thought if GRANT privileges can be an alternative.Not really. It's much better to have the tables owned by the correct schema in the first place. You use grants to allow other users to access (or modify) tables but other users are not going to have the same level of privileges (for example, they're not going to be able to run DDL against the table).
Justin -
Grant privileges to the user to edit only his own information
Hi all,
my Portal version is 9.0.4.0.99
I would like to grant to all users the privilege to change/edit only his own information.
When I go to the Administer Tab, enter the username in the portlet User, and then I check the checkbox: "Allow User editing", then this User can edit all users.
How can I grant the privilege to edit only his own information?
Regards
Leonid PavlovThe Portal does not expose the DAS Edit My Profile link until version 10.1.4. Prior to this version, if the associated DAS actually supports this, you can just add the link on your portal page as a URL item:
http://host.domain.com:7777/oiddas/ui/oracle/ldap/das/mypage/AppEditMyPage?homeURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal &doneURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal&cancelURL=http%3A%2F%2Fhost.domain.com%3A7778%2Fpls%2Fportal
I.e., it takes the url:
<infra-host>/oiddas/ui/oracle/ldap/das/mypage/AppEditMyPage
with 3 url-encoded parameters:
homeURL - link rendered with Home icon in DAS
doneURL - target for [ OK ] in DAS
cancelURL - target for [ Cancel ] in DAS -
How to restrict a schema owner from granting privileges to other users.
How can we restrict a schema owner from granting privileges to other users on his objects (e.g. tables). Lets say we have user called XYZ and he has tables in his schema TAB1, TAB2 an TAB3. How can we restrict user XYZ from granting privileges on TAB1, TAB2 and TAB3 to other users in the database. Is it possible in Oracle 10g R2? Any indirect or direct way to achieve this? Please help on this.
Thanks,
ManoharWhenever someone is trying to prevent an object owner from doing something, that's generally a sign of a deeper problem. In a production database, the object owner shouldn't generally have CREATE SESSION privileges, so the user shouldn't be able to log in, which would prevent the user from issuing any grants.
As a general rule, you cannot stop an object owner from granting privileges on the objects it owns. You can work around this by creating a database-level DDL trigger that throws an exception if the user issuing the statement is XYZ and the DDL is a GRANT. But long term, you probably want to get to the root of the problem.
Justin
Edited by: Justin Cave on Nov 6, 2008 9:52 PM
Enrique beat me to it. -
Grant privileges to a user for user_lock
user_lock.sleep (3000);
i am using it in my procedure.
is it require to grant privileges to a user for user_lock.There is no built-in package namely user_lock. Actually it is dbms_lock.
http://download-east.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_lock.htm#sthref3898
I was using dbms_lock few days ago. Yes dba has to give the privilege to use this package.
SQL> grant execute on dbms_lock to scott;
Grant succeeded.
[My experiment]
http://mamohiuddin.blogspot.com/2007/02/plsql-block-abnormal-termination-ed.html -
How can i view all privileges granted to an user?
How can i view all privileges granted to an user? I have access to dba_ views.
You should look at:
http://download.oracle.com/docs/cd/B10501_01/nav/catalog_views.htm?remark=homepage#index-DBA
Look at the views that have the letters "PRIVS" in their names:
DBA_COL_PRIVS
DBA_ROLE_PRIVS
DBA_RSRC_CONSUMER_GROUP_PRIVS
DBA_RSRC_MANAGER_SYSTEM_PRIVS
DBA_SYS_PRIVS
DBA_TAB_PRIVS
ROLE_ROLE_PRIVS
ROLE_SYS_PRIVS
ROLE_TAB_PRIVS
ROLE_WM_PRIVS
SESSION_PRIVS
Depending on what privileges you want that is where to look.
Regards
Tim
You can get help from teachers, but you are going to have to learn a lot by yourself, sitting alone in a room.[]....Dr. Seus -
Oracle 10.2.05
Linux environment
I just granted a role to a user, but the user does not have privileges base on the role.
Here is what I did:
First create a user (db_user) using system id
Second, create role schema_admin_role
Then run the script to grant privileges to the role
(SELECT 'grant select, insert, update, delete on ' ||owner|| '.'||table_name || ' to schema_admin_role;' from dba_tables WHERE OWNER = 'another_schema';
Then run
grant schema_admin_role to db_user;
The problem:
When db_user tries to update table X own by another_schema, he gets not sufficent privileges
But when I run (select owner, table_name,privilege from dba_tab_privs where grantee = 'SCHEMA_ADMIN_ROLE'; ), I see all the privileges owned by this role.
Any solution from your end will be appreciated.sb92075 wrote:
did db_user start a new session after GRANT was issued?Yes he did - also when I try to list all privileges granted to db_user, I get no row seleted. On the other hand, when I query privileges granted to role schema_admin_role, I see all privileges granted earlier
example
select owner, table_name,privilege from dba_tab_privs where grantee = 'SCHEMA_ADMIN_ROLE'; ---Here we get all privileges
select owner, table_name,privilege from dba_tab_privs where grantee = 'DB_USER'; --No row seleted -
How to grant privileges on all the tables in a schema
Hi All,
Can you tell me how to grant privileges on all the tables of a schema A
to schema B.
For Example:
There are 200 tables in schema A, I wanted to grant select privilege on all the tables of a scheme A to schema B.
Thanks in advance.note that USER is the user that will have the select priviledge
the procedure includes views as well
CREATE OR REPLACE PROCEDURE GRANT_ACCESS_ON_USER IS
CURSOR c1 is select table_name from user_tables;
CURSOR c2 is select view_name from user_views;
tablename user_tables.TABLE_NAME%TYPE;
viewname user_views.VIEW_NAME%TYPE;
BEGIN
tmpVar := 0;
OPEN c1;
loop
fetch c1 into tablename;
EXIT WHEN c1%NOTFOUND;
EXECUTE IMMEDIATE 'GRANT SELECT on '||tablename ||' to USER';
end loop ;
close c1;
OPEN c2;
loop
fetch c2 into viewname;
EXIT WHEN c2%NOTFOUND;
EXECUTE IMMEDIATE 'GRANT SELECT on '||viewname ||' to USER';
end loop ;
close c2;
EXCEPTION
WHEN NO_DATA_FOUND THEN
NULL;
WHEN OTHERS THEN
-- Consider logging the error and then re-raise
RAISE;
END;
/ -
Grant Privilege to Role instead of Direct grant doesn't work
Hi all
My scenario is sas follow:
create user a identified by a;
create user b identified by b;
grant connect,resource to a ;
grant connect,resource to b ;
conn a/a
create table tbl( c1 number(10));
conn system/sys
create role roll;
grant roll to b;
conn a/a
grant select on tbl to roll;
conn b/b
set role roll;
create or replace procedure b.pr
as
v number(10);
begin
select a into v
from a.tbl
where a=0;
end;
show error
Errors for PROCEDURE B.P:
LINE/COL ERROR
6/1 PL/SQL: SQL Statement ignored
7/6 PL/SQL: ORA-00942: table or view does not exist
This happen because i granted the SELECT privilege to user b through the role ROLL but if i granted the user b the SELECT privilege directly it work properly
Why???
And how could I grant the privilege from within a role, Because i don't want to grant it directly
Thank in advance
BassilThere is no other way. The owner of stored code must have been directly granted all necessary (used in code) select, insert, update, or delete privileges. The code owner cannot just have the referenced privileges granted to them via a role. There is no workaround, nor should there be as this is a security feature. Just because you have been granted insert or delete to another user's tables does not mean you should be able to grant that access to some other user. This is exactly what you do when you grant execute to stored code that referenced another user's objects.
The referenced article is by Tom Kyte and there are few people who understand how to use Oracle to better effect than Tom. The same information can be found in the official documentation and is referenced by the article.
You can write packages that use the privileges of the executing person. Perhaps for the specific problem you are writing the code to handle this is the route you want to take. See the manuals for the details.
Note - If user A grants insert to user B on table_a then user B can write a procedure, proc_b, and grant execute to a role and anyone with the role can perform inserts into table_a via proc_b, without having any grants on table_a. You do not need to grant privileges on the objects referenced in stored code that runs as the code owner if this is what you are worried about. The users just need execute on the package, procedure, or function that performs the DML operations in this case and they can get that from a role.
If you still do not understand you need to state exactly what it is you either do not understand or want to know how to do.
HTH -- Mark D Powell --
Maybe you are looking for
-
Dear All, My client has a requirement that he needs two different Order types for both semi finished and Finished product..But we can assign only one order type in plant parameters for MRP...How this can be possible... Please Suggest... Regards, Pawa
-
Hi I am using the above card for acquiring data simultaneously on 4 channels. I have written both labview as well as Visual basic codes for this. I see that the maximum sampling rate given for the card (100 kS/s) is shared between the channels - I ge
-
As stated above, firefox loses my profile every time I restart the computor. I have created new profiles and changed the location and changed it back again to no avail. I now want to just restart firefox in default mode but the default button does no
-
RGraph (html 5 library) displayed fine in 16.0.2, but doesn't display colors or lines in 17.0
This is a page that we write from a php library (not that it should make any difference). Here is screen of the 16.0.2 version: https://dl.dropbox.com/u/56739431/ReportExampleFF16_02.pdf and here is a screen shot of the 17.0: https://dl.dropbox.com/u
-
I recently updated two apps that I had developed both Windows and Windows phone apps for. They were not originally linked as they were developed before there was a linking process. I updated both the phone apps to have the same in app purchases as