Grant priviliges to directory by a non-dba user
Hi All.
I want to know the command to grant create tables, views, procedures, directory , functions, indexes, sequences to a non dba user.
I have already granted following priviliges:
grant create table to stats;
grant create view to stats;
grant create sequence to stats;
grant create procedure to stats;
But unable to create functions, packages and directories in non-DBA user.
Plz help regarding this.
Thanks
Hassan
So, i think you should go for these roles....... Yogesh, of course that's possible, but is not a good advice. Oracle 10g documentation :
CONNECT, RESOURCE, and DBA
These roles are provided for compatibility with previous versions of Oracle Database. You can determine the privileges encompassed by these roles by querying the DBA_SYS_PRIVS data dictionary view.
Note: Oracle recommends that you design your own roles for database security rather than relying on these roles. These roles may not be created automatically by future versions of Oracle Database.
Moreover, RESOURCE role includes UNLIMITED TABLESPACE privilege, which could be a bit dangerous. To avoid that you can grant connect and resource to a role and grant the role to the user.
Similar Messages
-
Granted roles as a non-dba user
One of the goals we are trying to do here is to let departments manage more of their roles by themselves. For instance, the sales department can manage the sales role, the customer service the customer service role, etc.
However, as these are non-dba users, they do not have access to DBA_ROLE_PRIVS. Is there any way for an administrator of a role to see who has this role?
For instance, as a quick example:
create user sales_admin identified by *****;
create role sales;
grant connect to sales_admin;
grant sales to sales_admin with admin option;
connect sales_admin/*****
grant sales to scott;
Is there any way for sales_admin to see who has the sales role? Or will they need to go to the DBA and ask for a list?Granting "select any dictionary" privilege to sales_admin user is something that cannot be proposed ? Like this :
SYS@db102 SQL> get sales
1 create user sales_admin identified by sales_admin;
2 create role sales;
3 grant connect to sales_admin;
4 grant select any dictionary to sales_admin;
5 grant sales to sales_admin with admin option;
6 connect sales_admin/sales_admin
7 grant sales to scott;
8* select * from dba_role_privs where granted_role='SALES';
SYS@db102 SQL> @sales
User created.
Role created.
Grant succeeded.
Grant succeeded.
Grant succeeded.
Connected.
Grant succeeded.
GRANTEE GRANTED_ROLE ADM DEF
SYS SALES YES YES
SALES_ADMIN SALES YES YES
SCOTT SALES NO YES
SALES_ADMIN@db102 SQL> -
SQL tab not working in V2.1 EA1 for non-DBA users -- how to fix?
In v2.1 EA 1 the tab to show the SQL script (DDL) in the object browser is not working for non-DBA users. In the prior version, these users would see a message about DBMS_METADATA and then the message would indicate that an "internal generator" would be used to generate the DDL script. After that brief message the DDL would show up as expected. This doesn't seem to be the case in the newest version.
I issued the following two grants to a particular user which worked, but I am reluctant to issue the grants to "PUBLIC".
SQL> grant execute on DBMS_METADATA to XXXXX;
SQL> grant select_catalog_role to XXXXX;
So, my questions are:
1) Will the old functionality (that didn't require these privileges) be added to V2 at some point?
2) What security implications are there for issueing the above grants to PUBLIC?
NOTE: After granting execute on the DBMS_METADATA package, it still didn't work. I left that grant in place and granted SELECT_CATAOG_ROLE, so I can't say for sure that the 1st grant was required.
Edited by: user615070 on Nov 19, 2009 9:30 AM
Edited by: user615070 on Nov 19, 2009 10:06 AMAn OEM account is separate from the database account. You need to use OEM UI to create an OEM account, however, for certain tasks to be done in the databases which OEM is monitoring they will also require separate database accounts within those databases. For example, to view the performance tab in OEM UI, a database account is required.
OEM only has two types of users, i.e. Super Administrator and Administrator, but don't go by the names. You can grant an OEM 'Administrator' account access to specific targets and what they can do within OEM, such as only viewing reports, targets, and so on. For access within a database, the user created need not be a DBA either.
I hope you understand. -
Solaris 10,oracle 10g question- can't connect with non-dba user
Hi
I've installed the Oracle10g suite, enterprise edition ( 10.2.0.1). I've created a database called qa10g, which I can connect to as user 'oracle' once I export the ORACLE_SID and the ORACLE_HOME
export ORACLE_HOME=/oracle/10g2
export ORACLE_SID=qa10g
then I type in the following at it puts me into sqlplus:
$ORACLE_HOME/bin/sqlplus system/system
so that works fine..now whan I try to log in as another user that isn't a member of the dba group, and I export the ORACLE_HOME and ORACLE_SID variables, I can't get in to the database using $ORACLE_HOME/bin/sqlplus system/system, I get the following errors:
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
SVR4 Error: 2: No such file or directory
Enter user-name:
BUT, when I put the connector string at the end, I can get in:
$ORACLE_HOME/bin/sqlplus system/system@qa10g
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining Scoring Engin
e options
SQL>
so obviously, it is an enviromnet variable that isn't getting set properly, perhaps even ORACLE_SID=qa10g isn't working properly for the non-dba user ( in this case, the user is called ctronsys)
for the work I need to do on this databse, I need to have the user I select to be able to log into the database with sqlplus commands like the ones listed above, without the connector string added at the end..the SID gets exported first..
any help would be greatly appreciated, I'm a newbie to Oracle!
thanks!
RobThere is a possibility that you could be hitting bug 4516865....
Bug 4516865 "WRONG PERMISSIONS AFTER INSTALLATION IN OH AND SUBSEQUENT DIRECTORIES".
Described in <Note.4516865.8> Bug 4516865 - Wrong permissions after install of 10gR2 (10.2.0.1)
-Ramesh -
2.1.1 and 3.0 EA2: No tables shown for a non-dba user on 11R2
Hi all
I'm experiencing a strange problem with one 11R2 DB standard edition installation on Windows 2008 32-bit.
Versions are:
Windows
Windows 2008 SP2 32 bit (build 6002)
Oracle
Oracle Database 11g Release 11.2.0.1.0 - Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for 32-bit Windows: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
Java
java version "1.6.0_23"
Java(TM) SE Runtime Environment (build 1.6.0_23-b05)
Java HotSpot(TM) Client VM (build 19.0-b09, mixed mode, sharing)
The DB has some users, to whom some tables belong.
If I run SQL Developer (either 2.1.1 or 3.0 EA2) on the server (as windows administrator), and create a connection using one of the non-dba users credentials, clicking on the Tables (filtered view) leaf, does not show any table, even if they are on the DB (e.g. using sqlplus from command line and doing a select table_name from user_tables shows the entire list, and I can select, insert, delete and so on).
If I connect from my pc (I have 10g client installed), it works perfectly, i.e. I see the list of tables, and I can operate on them as expected.
Conversely, on 11R2 another installation (Oracle Enterprise Edition on Windows 2003 Enterprise), both versions of sqldeveloper work fine on the server machine. Here versions are:
Windows
Windows 2003 R2 Enterprise Edition SP2 build 3790
Oracle
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for 32-bit Windows: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
Java
java version "1.6.0_06"
Java(TM) SE Runtime Environment (build 1.6.0_06-b02)
Java HotSpot(TM) Client VM (build 10.0-b22, mixed mode, sharing)
What could be wrong here? Is there any way to debug it?
Thanks in advance
Ciao
AndreaI run sqldeveloper.bat as instructed by you.
These are the results. The error appears only when starting sqldeveloper. When I expand tables I see nothing.
C:\sqldeveloper\sqldeveloper\bin>java -Xmx640M -Xms128M -Xverify:none -Doracle.i
de.util.AddinPolicyUtils.OVERRIDE_FLAG=true -Dsun.java2d.ddoffscreen=false -Dwin
dows.shell.font.languages= -XX:MaxPermSize=128M -Dide.AssertTracingDisabled=true
-Doracle.ide.util.AddinPolicyUtils.OVERRIDE_FLAG=true -Djava.util.logging.confi
g.file=logging.conf -Dsqldev.debug=false -Dide.conf="./sqldeveloper.conf" -Dide.
startingcwd="." -classpath ../../ide/lib/ide-boot.jar oracle.ide.boot.Launcher
Exception initializing 'oracle.dbtools.raptor.plsql.PLSQLAddin' in extension 'Or
acle SQL Developer': java.lang.NoClassDefFoundError: com/sun/jdi/Bootstrap
at oracle.jdevimpl.debugger.jdi.DebugJDIConnector.getVersion(DebugJDICon
nector.java:30)
at oracle.jdevimpl.debugger.support.DebugFactory.<clinit>(DebugFactory.j
ava:81)
at oracle.dbtools.raptor.plsql.PLSQLAddin.initialize(PLSQLAddin.java:87)
at oracle.ideimpl.extension.AddinManagerImpl.initializeAddin(AddinManage
rImpl.java:407)
at oracle.ideimpl.extension.AddinManagerImpl.initializeAddins(AddinManag
erImpl.java:214)
at oracle.ideimpl.extension.AddinManagerImpl.initProductAndUserAddins(Ad
dinManagerImpl.java:128)
at oracle.ide.IdeCore.initProductAndUserAddins(IdeCore.java:1949)
at oracle.ide.IdeCore.startupImpl(IdeCore.java:1573)
at oracle.ide.Ide.startup(Ide.java:703)
at oracle.ideimpl.DefaultIdeStarter.startIde(DefaultIdeStarter.java:35)
at oracle.ideimpl.Main.start(Main.java:184)
at oracle.ideimpl.Main.main(Main.java:146)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at oracle.ide.boot.PCLMain.callMain(PCLMain.java:62)
at oracle.ide.boot.PCLMain.main(PCLMain.java:54)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at oracle.classloader.util.MainClass.invoke(MainClass.java:128)
at oracle.ide.boot.IdeLauncher.bootClassLoadersAndMain(IdeLauncher.java:
189)
at oracle.ide.boot.IdeLauncher.launchImpl(IdeLauncher.java:89)
at oracle.ide.boot.IdeLauncher.launch(IdeLauncher.java:65)
at oracle.ide.boot.IdeLauncher.main(IdeLauncher.java:54)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at oracle.ide.boot.Launcher.invokeMain(Launcher.java:713)
at oracle.ide.boot.Launcher.launchImpl(Launcher.java:115)
at oracle.ide.boot.Launcher.launch(Launcher.java:68)
at oracle.ide.boot.Launcher.main(Launcher.java:57)
Caused by: oracle.classloader.util.AnnotatedClassNotFoundException:
Classe mancante: com.sun.jdi.Bootstrap
Classe dipendente: oracle.jdevimpl.debugger.jdi.DebugJDIConnector
Loader: ide-global:11.1.1.0.0
Origine codice: /C:/sqldeveloper/jdev/extensions/oracle.jdeveloper.r
unner.jar
Configurazione: extension jar in C:\sqldeveloper\jdev\extensions
Questo caricamento Þ stato iniziato alle ide-global:11.1.1.0.0 utilizzando il me
todo loadClass().
La classe mancante non Þ disponibile in nessuna origine codice o loader nel sist
ema.
at oracle.classloader.PolicyClassLoader.handleClassNotFound(PolicyClassL
oader.java:2190)
at oracle.classloader.PolicyClassLoader.internalLoadClass(PolicyClassLoa
der.java:1733)
at oracle.classloader.PolicyClassLoader.access$000(PolicyClassLoader.jav
a:143)
at oracle.classloader.PolicyClassLoader$LoadClassAction.run(PolicyClassL
oader.java:331)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.classloader.PolicyClassLoader.loadClass(PolicyClassLoader.java
:1692)
at oracle.classloader.PolicyClassLoader.loadClass(PolicyClassLoader.java
:1674)
... 35 more
Thanks for your help. -
How can a non dba user manipulate the dump file outside of oracle ?
I have a business request to allow a none DBA database user to dump his tables and he can move his dump file on the Unix box from a file system to another file system. This user has a none oracle unix account. When using traditional exp, this is not a problem. But in expdp, all dump files are owned by oracle. Does anybody know how to change the ownership without a DBA involved?
Unix: Sun Solaris
DB: 10g
Storage: sand diskBetty wrote:
following option 1, problem is now the command in the shell script like chmod 744 doesn't allow this none dba user to change the permission, since he doesn't own the file. you can test yourself:
changepermit.ksh 755
chmod 744 dump.dmpSo have the script owned by oracle:dba change the owner!
$ echo "" > bla
$ ll bla
-rw-rw-rw- 1 jeg users 1 Nov 10 16:53 bla
$ chmod 640 bla
$ ll bla
-rw-r----- 1 jeg users 1 Nov 10 16:53 bla
$ chown smk bla
$ ll bla
-rw-r----- 1 smk users 1 Nov 10 16:53 bla
$ echo "" > bla
/usr/bin/ksh: bla: cannot createNote you'll have to move it unless you let oracle write to it. -
Hi,
I'm trying to audit if an user grants a privilege on their objects to another user. ex:
show user
USER is "TESTUSER1"
grant select on mytable1 to testuser2I'm trying with "AUDIT GRANT ANY OBJECT PRIVILEGE BY ACCESS" but it only audit grants/revokes performed by DBA user.
Also I'm trying whit "AUDIT GRANT TABLE BY ACCESS" but nothing appears in audit trail.
How can I do it?
Oracle version 11.1.0.6
audit parameters:
audit_sys_operations boolean TRUE
audit_trail string DBRegardsOk, I know what was happening.
I was testing it without closing the test-user session. I didn't know that the AUDIT GRANT won't work in the active sessions at activation time.
ex:
TERMINAL 1:
$ sqlplus '/as sysdba'
SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:44:04 2013
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Conectado a:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> show parameter audit_trail;
NAME TYPE VALUE
audit_trail string DB
SQL> audit resource, connect;
Auditoría terminada correctamente.
SQL> create user testuser1 identified by ****;
Usuario creado.
SQL> create user testuser2 identified by ****;
Usuario creado.
SQL> grant resource, connect to testuser1;
Concesión terminada correctamente.TERMINAL 2:
sqlplus
SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:45:19 2013
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Introduzca el nombre de usuario: testuser1
Introduzca la contraseña:
Conectado a:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> create table TEST_TABLE (n number);
Tabla creada.
SQL> grant select on TEST_TABLE to testuser2;
Concesión terminada correctamente.
SQL> revoke select on TEST_TABLE from testuser2;
Revocación terminada correctamente.
SQL> drop table TEST_TABLE;
Tabla borrada."testuser1" session still open in terminal 2.
TERMINAL 1:
SQL> set linesize 190
SQL> col OBJECT format A30
SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, SES_ACTIONS from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
USERNAME TIMESTAMP ACTION_NAME OBJECT SES_ACTIONS
TESTUSER1 26-ABR-2013 11:45:22 LOGON .
TESTUSER1 26-ABR-2013 11:45:35 CREATE TABLE TESTUSER1.TEST_TABLE
TESTUSER1 26-ABR-2013 11:46:00 DROP TABLE TESTUSER1.TEST_TABLE
SQL> AUDIT GRANT TABLE;
Auditoría terminada correctamente.The AUDIT GRANT TABLE is now activated, but it won't work yet...
TERMINAL 2 (testuser1 session was still opened):
SQL> create table TEST_TABLE2 (n number);
Tabla creada.
SQL> grant select on TEST_TABLE2 to testuser2;
Concesión terminada correctamente.
SQL> revoke select on TEST_TABLE2 to testuser2;
revoke select on TEST_TABLE2 to testuser2
ERROR en línea 1:
ORA-00905: falta una palabra clave
SQL> revoke select on TEST_TABLE2 from testuser2;
Revocación terminada correctamente.
SQL> drop table TEST_TABLE2;
Tabla borrada.TERMINAL 1:
SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, SES_ACTIONS from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
USERNAME TIMESTAMP ACTION_NAME OBJECT SES_ACTIONS
TESTUSER1 26-ABR-2013 11:45:22 LOGON .
TESTUSER1 26-ABR-2013 11:45:35 CREATE TABLE TESTUSER1.TEST_TABLE
TESTUSER1 26-ABR-2013 11:46:00 DROP TABLE TESTUSER1.TEST_TABLE
TESTUSER1 26-ABR-2013 11:47:16 CREATE TABLE TESTUSER1.TEST_TABLE2
TESTUSER1 26-ABR-2013 11:47:52 DROP TABLE TESTUSER1.TEST_TABLE2Lets close and reopen "testuser1" session
TERMINAL 2:
SQL> exit
Desconectado de Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
$ sqlplus
SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:48:19 2013
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Introduzca el nombre de usuario: testuser1
Introduzca la contraseña:
Conectado a:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> create table TEST_TABLE3 (n number);
Tabla creada.
SQL> grant select on TEST_TABLE3 to testuser2;
Concesión terminada correctamente.
SQL> revoke select on TEST_TABLE3 from testuser2;
Revocación terminada correctamente.
SQL> drop table TEST_TABLE3;
Tabla borrada.Now the grant/revoke is audited:
TERMINAL 1:
SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, OBJ_PRIVILEGE, GRANTEE from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
USERNAME TIMESTAMP ACTION_NAME OBJECT OBJ_PRIVILEGE GRANTEE
TESTUSER1 26-ABR-2013 11:45:22 LOGOFF .
TESTUSER1 26-ABR-2013 11:45:35 CREATE TABLE TESTUSER1.TEST_TABLE
TESTUSER1 26-ABR-2013 11:46:00 DROP TABLE TESTUSER1.TEST_TABLE
TESTUSER1 26-ABR-2013 11:47:16 CREATE TABLE TESTUSER1.TEST_TABLE2
TESTUSER1 26-ABR-2013 11:47:52 DROP TABLE TESTUSER1.TEST_TABLE2
TESTUSER1 26-ABR-2013 11:48:26 LOGON .
TESTUSER1 26-ABR-2013 11:48:39 CREATE TABLE TESTUSER1.TEST_TABLE3
TESTUSER1 26-ABR-2013 11:48:46 GRANT OBJECT TESTUSER1.TEST_TABLE3 ---------Y------ TESTUSER2
TESTUSER1 26-ABR-2013 11:48:56 REVOKE OBJECT TESTUSER1.TEST_TABLE3 ---------N------ TESTUSER2
TESTUSER1 26-ABR-2013 11:49:02 DROP TABLE TESTUSER1.TEST_TABLE3
10 filas seleccionadas.Anyway, thanks Balazs Papp because i was looking for the AUDIT GRANT ON DEFAULT ;)
Regards -
Grid control interface for non-DBA users...
I was wondering if there is a way to provide non-DBAs an account to log into OEM (OMS Grid Control) for 11g.
We have some SQL Server DBAs and developers/report writers who are quite curious about OEM, especially after I gave them all a presentation on it.
I tried creating an account in one of our repository databases but OEM did not recognize the account (invalid username/password).
Does anyone know if this is possible or how this can be done?
I have OMS 10.2.0.5 set up with a repository database and a crash-and-burn database that our folks can mess with.
Thanks.An OEM account is separate from the database account. You need to use OEM UI to create an OEM account, however, for certain tasks to be done in the databases which OEM is monitoring they will also require separate database accounts within those databases. For example, to view the performance tab in OEM UI, a database account is required.
OEM only has two types of users, i.e. Super Administrator and Administrator, but don't go by the names. You can grant an OEM 'Administrator' account access to specific targets and what they can do within OEM, such as only viewing reports, targets, and so on. For access within a database, the user created need not be a DBA either.
I hope you understand. -
Determining if RAC installed (as non-DBA user)
We would like to be able to detect, when our application is installed, what version of Oracle we are running on. The product_component_version view seems to give us what we need, but not having a RAC environment in-house, I can't verify if that information is available there.
Is it possible to tell if RAC is installed/configured from the product_component_version view, or if not is this information available elsewhere?
TIA
- DAPI don't believe it is possible to determine whether a database is running RAC from the PRODUCT_COMPONENT_VERSION view. At least I'm not seeing anything in the view on a RAC database that indicates it is a RAC database.
You could potentially query DBA_REGISTRY and look for a row where COMP_ID='RAC'. That will tell you whether RAC has been installed. You could also do a
SELECT COUNT(*)
FROM gv$instanceto see how many instances are currently running. Which approach to use depends on whether you care that RAC has been installed (whether or not it is actually being used) or whether you care whether there are really multiple nodes configured and running.
Justin -
Hi all,
11.2.0.1
Aix 6.1
I have issues with IMPDP & EXPDP when using non-dba users.
These are the steps I followed:
1. I have created as root user, the directory /dpdump.
2. The chown 777 /dpdump.
3. As oracle user, I connect sqlplus / as sysdba , create or replace directory DATA_PUMP_DIR as '/dpdump';
4. grant read,write on data_pump_dir to HR.
5. Login: oper01 a non-dba aix user.
6. copy dumpfile emp.dmp to /dpdump
7. run impdp hr/hr dumpfile=emp.dmp sqlfile=emp.sql
Import: Release 11.2.0.3.0 - Production on Thu Aug 22 09:03:09 2013
Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
ORA-39002: invalid operation
ORA-39070: Unable to open the log file.
ORA-29283: invalid file operation
ORA-06512: at "SYS.UTL_FILE", line 536
ORA-29283: invalid file operation
Why is that this non-dba user can not create log file?
Thanks a lot,
zxyyxes2013 wrote:
Hi all,
11.2.0.1
Aix 6.1
I have issues with IMPDP & EXPDP when using non-dba users.
This are the steps I followed:
1. I have created as root user, the directory /dpdump.
2. The chown 777 /dpdump.
3. As oracle user, I connect sqlplus / as sysdba , create or replace directory DATA_PUMP_DIR as '/dpdump';
4. grant read,write on data_pump_dir to HR.
5. Login: oper01 a non-dba aix user.
6. copy dumpfile emp.dmp to /dpdump
7. run impdp hr/hr dumpfile=emp.dmp sqlfile=emp.sql
Import: Release 11.2.0.3.0 - Production on Thu Aug 22 09:03:09 2013
Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
ORA-39002: invalid operation
ORA-39070: Unable to open the log file.
ORA-29283: invalid file operation
ORA-06512: at "SYS.UTL_FILE", line 536
ORA-29283: invalid file operation
Why is that this non-dba user can not create log file?
Thanks a lot,
zxy
how is it that error reports problem involving log file but posted command has NO mention for any log file??????????????????
So once again you lie to us, TROLL! -
Calling ctx_snippet() from non-owner user returns error
Hi,
I created a full text index in owner schema A for documents stored in BFILE datatype, and tested the snippet query, worked like dream.
The query is something like:
SELECT doc_id, ctx_doc.snippet('A.IDX_DUMMY',rowid,'keywords')
FROM A.documents
WHERE contains(document,'keywords')>0
But, when I run the same query from an application user, I got error:
ERROR at line 1:
ORA-20000: Oracle Text error:
DRG-50857: oracle error in drstldef
ORA-22286: insufficient privileges on file or directory to perform FILEEXISTS
operation
ORA-06512: at "CTXSYS.DRUE", line 160
ORA-06512: at "CTXSYS.CTX_DOC", line 1297
ORA-06512: at line 1
If I SQL*Plus using application user account, and run DBMS_LOB programs, the document BFILEs can be accessed without any problem.
I also tried log in as sys, the query return the same error.
I also specifically give directory read privilege to application user, CTX_SYS, all did not work.
Any clue here?
Thx,
-HaijunSolved!!!
The reason is that, initially, the directory read privilege was granted to index owner user as well as the non-owner user by sys as dba, without "with grant option"
Now, I grant directory read privilege to the index owner user "with grant option", then the index owner grant the privilege again to the non-owner user. Now, things work! The privilege flows through.
Thx,
-Haijun -
How a not-dba user can use datapump
Hello,
I've a dumpfile, I now want to import this with the new schema-user in other database. User already exists. Is this possible?
I do:
impdp test/test dumpfile=dumpdir:testdump.dmp logfile=dumpdir:testlog.log
(where dumpdir is the dump directory created by test-user, test-user has also quota unlimited on its tablespaces like it should and testdump.dmp is created by doing this: expdp system/manager dumpfile=testdump.dmp logfile=exporttest.log schemas=test)
I get:
ora-31626 job does not exist
ora-31633 unable to create master table "test.sys_import_full_05"
ora-06512 at "sys.dbms_sys_error", line 95
ora-06512 at sys.kupu$ft", line 863
ora-01950: no privileges on tablespace 'users'.
I don't know anymore what to do, if I just would use imdp system/manager ... that works fine, what do I wrong?
please help ...
thanksalso can't do an expdp with my test-user as follow:
expdp test/test dumpfile=testdump.dmp logfile=testdump.log
get exactly same errors as with import. So you can't use expdp and impdp with non-dba users. I can't find anything about this in the Oracle documentation or on google how to set this up for non-dba users???
greets
Message was edited by:
duvelke
off course when I do: alter user test
quota unlimited on users;
than it works, but that is not possible in my case. Users can only have quota unlimited on their tablespaces and not on Oracle default tablespaces!
Who knows more about this?
thanks -
Grant write on directory, fail!!
Hello,
I am executing the follow statement: "grant write on directory my_directory to public" on Oracle 8i and do not obtain.
When I obtain to grant the privilege READ but tthe no WRITE!!
Why I do not obtain grantee the privilege WRITE to PUBLIC on Oracle 8i???
Eder.You should not be writing to the directory structure where the Oracle binaries are installed via utl_file. Bad practice to say the least.
See the utl_file_dir parameter in your Oracle 8.1.7 Reference manual for how to setup output destinations for utl_file. Do not use "*" as doing so is a security issue.
HTH -- Mark D Powell -- -
Install Directory 5.2P4 as non root user.
I want to install Sun Directory Server 5.2 p4 on solaris 9 as non root user?
Is there a supported way of doing this. I dont want any of the files for directory owned by root.
The reason is that there is a very strict access control method implemented in their environment.
The message i get is
$ ./setup
arning: You are not logged on as root. Unless you are logged on as root,
information required to upgrade or uninstall this product will not be saved in
the system registry. This will adversely affect future upgrades/reinstalls as
well as the ability to perform a successful uninstallation. Manual cleanup
after uninstallation may be required in certain cases.
Press Enter.If you just want as said:
I dont want any of the files for directory owned by root.then its possible with DS5.2 P4 on solaris:
1. become root user and start setup to install the DS5.2P4 software.
2. When the setup application asks for server uid /server group id, give the non-root userid and group.
When the setup is finished ns-slapd process is started automatically. The only problem is that you have to be root user to re-start the ns-slapd daemon from the command shell. But the files are owned by the non-root user always as you required.
However this will not work if you want to restart the DS from the java GUI console. (however there is a workaround to do this).
Regards
Randip -
Can Java be started in a directory that contains non ascii char
I installed a product developed using Java in a folder whose name contains non-ascii chars, such as Japanese chars or german chars.
This will cause error said: unable initialise java virtual machine, error code -1
Some one said Java doesn't like being started in a directory that contains non ascii characters. There appears to be no way of passing it unicode parameters.
Is there anyone once hit the similiar issue or know the root cause of such problem?
ThanksYes you can use your web start application console. To enter data which is required for your application it is better idea to use java application which runs in console mode althou you may try to run console of windows and then read data from its input stream.
Maybe you are looking for
-
How to install addon / plugin for firefox installed in computers on domain?
I've around 150 computer on a windows based domain server. All the computers installed with Firefox latest version. We want to install a certain plugin / add-on ( example : adblock, windows media player plugin ) to all the computers with firefox. Doi
-
Imac stays in blue screen or grey apple screen at launch
This entire week my Imac won't start up normal. When I turn it on eith the power button it won't get past the grey apple screen or when it does it wil stay in the blue screen. When I turn the Mac off with the power button and then turn it on again it
-
I can't get my iTunes together with my Library onto my new user.
I am having a lot of difficulty getting my iTunes together with my Library onto my new user that I just created on my XP. I can get my iTunes and Library folders over there, but once there, I can neither open my Library nor put it onto my iTunes. I a
-
File and directory permissions
We are running OSX 10.7 Lion on a Mac Pro 1,1 IN RAID. We are using this system als fileserver. Since last year it came to our attention that there where problems with the permissions on the files and directories (they seem corrupted). I do not mean
-
NW8000 NC8000 2nd hard disk caddy (multibay)
Hi, I'm unable to run the 2nd hard drive to Ultra DMA5 (like the main unit) The disk is UDMA5 capable but the interface work only au UDMA2. Any idea? Thank, Matteo