Grant "select only" on database

Hi,
10.2.0.2 on Sun.
I want to grant a user with "Select any object in the database"
Thank
KSG

KSG wrote:
Aman,
I mean select on procedureinfo$.
The user should simply have select any object on the database.
I think of giving like
GRANT SELECT ON SYS.dba_tables TO user
GRANT SELECT ON SYS.dba_roles TO user
GRANT SELECT ON SYS.dba_jobs TO user
GRANT SELECT ON sys.DBA_CONSTRAINTS TO user
GRANT SELECT ON sys.DBA_SEQUENCES TO user
GRANT SELECT ON sys.DBA_DB_LINKS TO user
GRANT SELECT ON sys.DBA_ALL_TABLES TO user
GRANT SELECT ON sys.DBA_SYNONYMS TO user
ThanksI would ask you that why you want to do it? What's the need of accessing the Sys's objects because I can't think of any!
Aman....

Similar Messages

  • Grant select only to all tables in certain schemas

    need to create an oracle database user with 'select only' right to all tables in schema OM + OE ( Order Management), Inventory(INV) and AR ( Account Receivables)

    apart from above suggestion dont forget to use to accomodate other schemas OM + OE ( Order Management), Inventory(INV) and AR ( Account Receivables);
    where a.owner in ('OM','OE','AR','INV');
    -- Raman.

  • Can a dblink be created with select only privilege

    I have created dblink from one instance to another instance.With dblink we can perform dml operations on a table.But i want to restrict insert,update,delete rights and grant only select.Is this possible

    my problem is there is a user named ABC in mango instance with >insert,update,delete privs.
    there is another user CDE in apple instance with insert,update,delete privs.
    Now i have created a dblink on user ABC to CDE as a fixed user.So now user >ABC can do all insert,update,delete operations on user CDE tables.This I want to >restrict.I want user ABC to just view CDE tables instead of update,insert and >delete operations. Create a new user CDE1 and grant select only privilege on all tables of CDE.
    create a dblink using CDE1 this will solve the issue?
    Justin explains the same in his previous reply.
    HTH

  • Why grant select is needed on a table when you are only inserting records

    Please can you tell me why a grant select is needed when inserting records which are being inserted across a link?
    We have a table in database1 which we are trying to insert records from database2. database2 has a db_link to database1.
    The table residing in database1 has grant insert to the named user in the db_link. But unless there is also a grant select to that user we cannot insert records. We do not actually need to be able to select the records across the db_link, but nevertheless we get the following error on trying to insert records without the grant select being in place:
    ORA-01031: insufficient privileges
    Cause: An attempt was made to change the current username or password without the appropriate privilege. This error also occurs if attempting to install a database without the necessary operating system privileges. When Trusted Oracle is configure in DBMS MAC, this error may occur if the user was granted the necessary privilege at a higher label than the current login.
    Action: Ask the database administrator to perform the operation or grant the required privileges. For Trusted Oracle users getting this error although granted the the appropriate privilege at a higher label, ask the database administrator to regrant the privilege at the appropriate label.
    Your thoughts would be appreciated.

    Since there is no remote describe function, a select must be done to get the table structure. This is talked about in Note: 1004923.6.

  • Granting Read Only Access to user in another schema

    Oracle Database 10g
    Red Hat Enterprise Linux Server release 5.3
    We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
    I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
    And some views are in INVALID status.
    I tried to compile them using alter view owner.viewname compile;
    But got this ---- Warning: View altered with compilation errors.
    Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
    Then I used the following
    SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
    select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
    It turns out some reference types are non existent.
    Does that mean DBAs cannot do anything about this ?

    Nilton wrote:
    We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
    I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
    TABLES -> YES grant SELECT
    VIEWS -> YES grant SELECT
    SEQUENCE -> YES grant SELECT
    INDEXES -> There is no read access for indexes...indexes are put on tables and a user who has read access on tables can read the index as well.
    FUNCTIONS / PROCEDURES / PACKAGES -> I am not sure what you mean by read access on procedures, functions and packages. You may grant EXECUTE privilege on these.
    TRIGGERS -> there is no read access on triggers required. They are implemented on tables for a DML event. If the user has DML access he has the execute access on the trigger as well.
    JOBS -> I am not sure what to read from Jobs.
    And some views are in INVALID status.
    I tried to compile them using alter view owner.viewname compile;
    But got this ---- Warning: View altered with compilation errors.
    Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
    Then I used the following
    SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
    select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
    It turns out some reference types are non existent.
    Does that mean DBAs cannot do anything about this ?There are compilation errors in the Views. e.g. the view may be referring to a table which doesn't exist etc.
    Unless you fix the error in the view you can't compile it and male it valid. Fix the view errors. If objects are non existing create them or refer to view to some where else.
    If the nonexistent objects were mistakenly dropped, or the data file which contained those objects was dropped, no matter what was the reason for that object to be gone a DBA can bring it back if he is a well prepared DBA and has setup his database for such kind of disasters.
    Now tell us why those objects are non-existent ? were they meant to be gone ? or they were dropped mistakenly?
    Now here are my guesses:
    If they were meant to be gone then probably the views definitions need to be adjusted not to refer them anymore.
    If they were mistakenly dropped then:
    Do you have them in recyclebin? (only tables) if YES just FLASHBACK TABLE <<tablename>> AS BEFORE DROP.
    Is your database has Flashback database ON? if YES FLASHBACK DATABASE until 'time/scn just before the object was dropped'
    Do you have backups and your database is running in ARCHIVE LOG mode? if YES perform an incomplete recovery using RMAN.

  • Grant read only permission on my stored procedure.

    I have a requirement like give reaonly access on my stored procedure to another user , not even execute permission on that steored procedure.
    Could you please let us know the command ?

    Marwim wrote:
    You can read the source of any PL/SQL code in dba_sourceBut that requires a priv such as select any dictionary to be granted. Why would you want to give a schema access to reading any and all source code in the database?
    This is why I think it is important that the OP provides the reasons behind the question of granting read-only source code access.
    Security is a critical component of software engineering. The basic security principle is to grant the absolute minimum privileges required to s/w and users to get the job done. Granting access to a schema read access to a dictionary view like DBA_SOURCE violates it.
    If userB wants to see userA's source code - then why not have userA simply mail it to userB, or check the code into a common source code repository?

  • Grant select to a user

    Hi,
    I am working on oracle10g and HP-UX .
    I need to create on read only user , how can select data from other users tabels .
    One way to do this - is create a srript with gant statement ...
    Like
    Grant select on UserA.Tb1 to UserB ;
    Grant select on UserA.Tb2 to UserB ;
    Grant select on UserA.Tb3 to UserB ;
    and so on .....
    there are 4000 tables in UserA schema ...and we need to write one sql script and execute it on database ...
    Question -
    Is there any way to gant select to UserB on all obj. of UserA in one sql statement ... ?

    No. There is no single GRANT command. You can, however, write a small PL/SQL script, i.e.
    FOR x IN (SELECT * FROM dba_tables WHERE owner = 'UserA')
    LOOP
      EXECUTE IMMEDIATE 'GRANT SELECT ON UserA.' || x.table_name || ' to UserB';
    END LOOP;Of course, you would generally want to create a new role, grant that role to UserB, and grant the privileges to that role, i.e.
    CREATE ROLE UserA_Select;
    GRANT UserA_Select TO UserB;
    BEGIN
      FOR x IN (SELECT * FROM dba_tables WHERE owner = 'UserA')
      LOOP
        EXECUTE IMMEDIATE 'GRANT SELECT ON UserA.' || x.table_name || ' to UserA_Select';
      END LOOP;
    END;That way, when you need to create the next read-only user, you just need to grant that user the UserA_Select role.
    Justin

  • ORA-01720 while trying to grant select on a view

    Hi Friends,
    Iam getting the following error while trying to grant select privilege for the view to SchemaB, i have the view in schemaA.
    I have used the tables from both the schema for creating the view and iam getting the error on showing a particular table
    ORA-01720: grant option does not exist for 'schemaB.Product'.
    I have looked into so many forums but i couldn't find the answer for my question.
    I must have to create the view in the Schema A only(strictly), as i seen in some forums stated that while creating the view in the other schema and granting the select privilege will solve the problem.But it was an exception to me ...
    Tell me something how can i proceed in this .....

    grant select on t1 to seconduser with admin optionNo. WITH ADMIN OPTION applies to system privileges only. Object privileges need the WITH GRANT OPTION ...
    SQL> grant select on joe_soap.some_table to apc with admin option
      2  /
    grant select on joe_soap.some_table to apc with admin option
    ERROR at line 1:
    ORA-00993: missing GRANT keyword
    SQL> grant select any table  to apc with admin option
      2  /
    Grant succeeded.
    SQL> grant select on joe_soap.some_table to apc with grant option
      2  /
    Grant succeeded.
    SQL> Cheers, APC

  • Grant select privilege to specific columns on a table to user in Oracle 9i

    Can anyone tell me how to grant select privilege to a user for specific columns in a table?
    I have tried the following statement
    GRANT SELECT (EMP_ID) ON EMP TO USER1
    But it's not working and I am getting this error "Missing ON Keyword".
    Please anyone tell me how to grant select privilege for specific columns.
    Edited by: 899045 on Nov 24, 2011 7:03 AM

    899045 wrote:
    Can anyone tell me how to grant select privilege to a user for specific columns in a table?
    I have tried the following statement
    GRANT SELECT (EMP_ID) ON EMP TO USER1
    But it's not working and I am getting this error "Missing ON Keyword".
    Please anyone tell me how to grant select privilege for specific columns.
    Edited by: 899045 on Nov 24, 2011 7:03 AMFrom the 9.2 SQL Reference manual, found at tahiti.oracle.com (http://docs.oracle.com/cd/B10501_01/server.920/a96540/statements_912a.htm#2062456)
    *"You can specify columns only when granting the INSERT, REFERENCES, or UPDATE privilege. "*

  • Granting SELECT on dictionary views ... (?)

    Hi there,
    please try to find out, what I am doing wrong below:
    1. I connect as sys:
    connect sys as sysdba
    2. Create a role. Just to point out the problem, it will have just CREATE SESSION, CREATE PROCEDURE
    create role tr not identified;
    grant create session to tr;
    grant create procedure to tr;
    3. Now the problem: I want the role (users with that role) to have SELECT privilege, just on one dict-view, that is v$session:
    My first attempt is denied:
    grant select on v$session to tr;
    grant select on v$session to tr
    FEHLER in Zeile 1:
    ORA-02030: can only select from fixed tables/views
    Now this in itself is wierd. I read v$-objects are synonyms to v_$-objects. Is that right? What is the problem here? See, what happens next...
    4. grant select on v_$session to tr;
    That works!
    5. create user tu identified by tu;
    grant tr to tu;
    That works!
    6. Now connect as tu/tu
    sql*plus Test: select count(*) from v$session;
    COUNT(*)
    46
    works!
    7. Now: create a simple stored function to perform the same as my query:
    create or replace function testf
    return number
    is
    res number;
    begin
    select count(*) into res from v$session;
    return res;
    end;
    This is refused with ORA-00942: Table or view does not exist !!!
    Simple query on v$session works, but its usage inside a stored function is not allowed??? Please explain!!!
    Pointing out to the explanation in the documentation (just one link) would suffice. I just have not found an explanation for this behaviour!
    Many thanks in advance!
    Xenofon

    Ok, It seems this GRANT, even though it is an object privilege it is handled like of those privileges, which can be granted only directly to a user and not to a role;
    But on the other hand, the reaction is not the system:
    When you try to grant UNLIMITED tablespace to a role you get a definitive error message: ORA-01931.
    You don't get this error when granting SELECT on V_$SESSION to a role...
    It's getting more and more wierd...
    (Does anyone know a complete list of privs which can only be granted directly to a user? I thought it's only UNLIMITED TABLESPACE)

  • To list only user databases with the size for a instance in sql server 2005

    Hi,
    I looking for T-SQl to  list only user databases with their size for a instance in sql server 2005

    Try this:
    use [databasename]
    go
    if convert(varchar(20),SERVERPROPERTY('productversion')) like '8%'
    SELECT [name], fileid, filename, [size]/128.0 AS 'Total Size in MB',
    [size]/128.0 - CAST(FILEPROPERTY(name, 'SpaceUsed') AS int)/128.0 AS 'Available Space In MB',
    CAST(FILEPROPERTY(name, 'SpaceUsed') AS int)/128.0 AS 'Used Space In MB',
    (100-((([size]/128.0 - CAST(FILEPROPERTY(name, 'SpaceUsed') AS int)/128.0)/([size]/128.0))*100)) AS 'percentage Used'
    ,((CAST(FILEPROPERTY(name, 'SpaceUsed') AS int)/128.0)/([size]/128.0))*100 as 'percentage used'
    FROM sysfiles
    else
    SELECT [name], file_id, physical_name, [size]/128.0 AS 'Total Size in MB',
    [size]/128.0 - CAST(FILEPROPERTY(name, 'SpaceUsed') AS int)/128.0 AS 'Available Space In MB',
    CAST(FILEPROPERTY(name, 'SpaceUsed') AS int)/128.0 AS 'Used Space In MB',
    (100-((([size]/128.0 - CAST(FILEPROPERTY(name, 'SpaceUsed') AS int)/128.0)/([size]/128.0))*100)) AS 'percentage Used'
    --,((CAST(FILEPROPERTY(name, 'SpaceUsed') AS int)/128.0)/([size]/128.0))*100 as 'percentage used'
    FROM sys.database_files
    go
    Or can refer below link:
    http://gallery.technet.microsoft.com/scriptcenter/All-Databases-Data-log-a36da95d
    Please click the Mark as answer button and vote as helpful if this reply solves your problem

  • Record Selection happening on Database or Crystal Server?

    I am learning about the benefits of SQL commands, in terms of efficiency.
    My database is a SQL databse.  Crystal 10 runs off of a connected server.   My reports connect to the database using Microsoft OLE DB Provider for SQL Server.
    I do not use explicitly defined SQL commands in my report.  Rather, I have specificed my record selection criteria in the record selection formula.  However, The Complete Reference to Crystal Reports XI indicates that if your record selection formula is coded within the underlying SQL Query in the WHERE statement, that record selection occurs on the database server (as opposed to the Crystal server). 
    When I go to Database | Show SQL Query, I DO have a WHERE statement that corresponds to my Record Selection formula.  Does this mean that my record selection is occuring on the database server?  If so, why is this the case?  Would I get the same level of performance by putting this code into a SQL Command explicitly?

    I'm pretty sure that Crystal can not always push the record selection to the database.  I think you really have to check each report query.  (I know it can't if the report is based off of a stored procedure, for example...)  If record selection is done by Crystal (and not the DBMS), you could be pumping huge volumes of data over the network.
    Also, another huge performance gainer with SQL Commands is if you can do aggregation (sum, max, etc.) in them and only return summary data.  I'm not sure how good Crystal is at pushing this kind of logic to the DBMS (if it can do it at all).
    Personally, I'm a big fan of basing reports off of SQL Commands due to the efficiencies that can be gained.
    HTH,
    Carl

  • Grant select on table to user

    IN A SCHEMA TEST1 THERE ARE 200 PLUS TABLES AND VIEWS.NOW I WANT TO GRANT SELECT ON TABLES AND VIEWS TO TEST2 USER.HOW CAN I GRANT SELECT ON THOSE TABLES AND VIEWS IN BULK INSTED OF GRANTING INDIVIDUALLY.
    Any idea?
    Thankx...
    Sorry for suing cap.letters....

    That works providing the grantee doesn't want to be able to build stored procedures or (more likely) views on the granted tables...
    SQL> conn u1/u1
    Connected.
    SQL> create role select_u1
      2  /
    Role created.
    SQL> grant select on t1 to select_u1
      2  /
    Grant succeeded.
    SQL> grant select_u1 to u3
      2  /
    Grant succeeded.
    SQL> conn u3/u3
    Connected.
    SQL> select * from u1.t1
      2  /
          COL1
             1
    SQL> create view my_view as
      2  select * from u1.t1
      3  /
    select * from u1.t1
    ERROR at line 2:
    ORA-01031: insufficient privileges
    SQL> As it happens, we know from the OP's other thread that they want a read only user, so perhaps the role will suffice. But they still need to grant selects on 200 objects to the role, so the automation will still come in handy :)
    Cheers, APC

  • Grant Permission In Access Database

    Hello All
    How to set Grant Permission in Access Database, I get an error here
    what's wrong in my SQL syntax?
    Best Regard
    Xan To

    Hello Matthias Kläy
    I Have try your code and I get an error
    this my code
    Imports System.Data.OleDb
    Imports System.Data
    Imports ADOX.ObjectTypeEnum
    Imports ADOX.ActionEnum
    Imports ADOX.RightsEnum
    Public Class Form1
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    Dim cat As ADOX.Catalog
    Dim grp As New ADOX.Group
    Dim Builder As New OleDb.OleDbConnectionStringBuilder
    Try
    With Builder
    .Provider = "Microsoft.ACE.OLEDB.12.0"
    .DataSource = "C:\Users\Xan To\Desktop\Test.mdb"
    End With
    'Using cn As New OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Xan To\Desktop\Test.mdb; Jet OLEDB:System Database=system.mdw;")
    Using cn As New OleDb.OleDbConnection
    With cn
    .ConnectionString = Builder.ConnectionString
    End With
    Using cmd As New OleDb.OleDbCommand
    With cmd
    .Connection = cn
    .CommandText = "GRANT SELECT ON TABLE MSysObjects TO PUBLIC"
    End With
    cn.Open()
    'cmd.ExecuteNonQuery()
    cat = New ADOX.Catalog
    cat.ActiveConnection = cn
    grp.Name = "Public"
    cat.Groups.Append(grp)
    grp.SetPermissions("MSysObjects", adPermObjTable, adAccessGrant, adRightRead)
    End Using
    End Using
    Catch ex As Exception
    MessageBox.Show(ex.ToString)
    End Try
    End Sub
    End Class

  • GRANT SELECT to TEMP(by procedure)..... ALL tables and views of OWNER....

    hi ,
    I want to privelege only Grant SELECT ALL tables,views....
    I have written A procedure.....given below....
    CREATE OR REPLACE PROCEDURE GRANT_SELECT_ALL_PROC
    IS
    l_obj VARCHAR2(60);
    l_obj_type VARCHAR2(60);
    CURSOR Cur_Obj IS
    SELECT OBJECT_NAME,OBJECT_TYPE
    FROM USER_OBJECTS
    WHERE USER ='OWNER';
    BEGIN
    For i in Cur_Obj Loop
    l_obj := i.OBJECT_NAME;
    l_obj_type := i.OBJECT_TYPE;
    IF l_obj_type IN ('TABLE','VIEW')
    THEN
    EXECUTE IMMEDIATE 'GRANT SELECT ON' || l_obj ||'TO TEMP’;
    ELSIF l_obj_type IN('FUNCTION','PROCEDURE','PACKAGE') THEN
    EXECUTE IMMEDIATE 'GRANT EXECUTE ON'|| l_obj ||'TO TEMP’;
    END IF;
    END LOOP;
    END GRANT_SELECT_ALL_PROC;
    procedure is working fine.....
    OWNER there are some table and views......
    But After creation of User name TEMp....
    When I m giving GRANT SELECT to TEMP(by procedure)..... ALL tables and views of OWNER....
    when I coonecte to TEMP...
    Not getting table,view List...
    not even data of table or Views.....
    can anybdy help me.......advance thanx ...
    sanjay

    hi ,
    I want to privelege only Grant SELECT ALL
    tables,views....
    have written A procedure.....given below....
    CREATE OR REPLACE PROCEDURE GRANT_SELECT_ALL_PROC
    IS
    l_obj VARCHAR2(60);
    l_obj_type VARCHAR2(60);
    CURSOR Cur_Obj IS
    SELECT OBJECT_NAME,OBJECT_TYPE
    FROM USER_OBJECTS
    WHERE USER ='OWNER';
    BEGIN
    For i in Cur_Obj Loop
    l_obj := i.OBJECT_NAME;
    l_obj_type := i.OBJECT_TYPE;
    IF l_obj_type IN ('TABLE','VIEW')
    THEN
    EXECUTE IMMEDIATE 'GRANT SELECT ON' || l_obj ||'TO
    TEMP’;
    ELSIF l_obj_type IN('FUNCTION','PROCEDURE','PACKAGE')
    THEN
    EXECUTE IMMEDIATE 'GRANT EXECUTE ON'|| l_obj ||'TO
    TEMP’;
    END IF;
    END LOOP;
    END GRANT_SELECT_ALL_PROC;
    procedure is working fine.....
    OWNER there are some table and views......
    But After creation of User name TEMp....
    When I m giving GRANT SELECT to TEMP(by
    procedure)..... ALL tables and views of OWNER....
    when I coonecte to TEMP...
    Not getting table,view List...
    not even data of table or Views.....
    can anybdy help me.......advance thanx ...
    sanjayQuery SELECT * FROM USER_TAB_PRIVS_MADE from the user from which you are executing the procedure
    and Query SELECT * FROM USER_TAB_PRIVS_RECD from the TEMP user.

Maybe you are looking for

  • Subtitle missing in iMovie export

    I imported an m4v file into iMovie in order to normalize the volume as well as add chapters, and export it as a file. My source file has subtitles, but my destination (exported file) doesn't. After trying back and forth, I figured out that it all has

  • Document style Web Service the standard?

    Hi, A colleague of mine just told me that we should not be building RPC style web services since document style are the standard now. Is this true? I couldn't find any such phrase in WS-I BP 1.0. If this is not true then is it even a possiblity that

  • How to know which table in the database a form is accessing

    Actually Im new to oracle applications, Im getting an error when i open a form from system administrator responsibility saying that table doesnot exist. My basic doubt is, how to know which table in the database a form is accessing. Any response is h

  • Best way to set up 'sample songs' using iWeb?

    Just upgraded to '09. I remember having to write extra code to get iWeb to open separate music files. How's iWeb '09? What would be the easiest\most efficient way to set up a sample song list - click on title to have the sample clip open and play? Do

  • Variant tcode ZME22N

    A transaction code ZME22n has been created in the R/3 system as a variant to ME22N. Now, when the transaction is being run, it calls for ME22N internally and is thus causing authorization issues to the users since this transaction has not been grante