GRANT syntax : Grant SELECT privileges on tables to a User on a Remote DB

Similar Messages

• Is a PRIVILEGE always forwardeable to other users?

  Assume user123 has (got) a privilege XXXX.
  Can he always GRANT/pass/forward this privilege to other users?
  Or is there in Oracle a difference between possessing a privilege and have the privilege to GRANT a privielege to others?
  Peter

  Hello Peter,
  Suppose
  1. WITH ADMIN OPTION , user123 got create table privilege using this option (normally system privileges (e.g create table) and roles.)
  user 123 can grant this privilege to other users like test1 & test2, in future when this create table privilege revoked from user123 , this privilege is not revoked from test & test2.
  2. WITH GRANT OPTION. ( table specific privileges) User123 got select privilege on table dept with this option
  user 123 can grant this privilege to other users like test1 & test2, in future when this select privilege revoked from user123 , this privilege is also revoked from test & test2.
  Regards,
  Vineeth

• Grant select privilege to specific columns on a table to user in Oracle 9i

  Can anyone tell me how to grant select privilege to a user for specific columns in a table?
  I have tried the following statement
  GRANT SELECT (EMP_ID) ON EMP TO USER1
  But it's not working and I am getting this error "Missing ON Keyword".
  Please anyone tell me how to grant select privilege for specific columns.
  Edited by: 899045 on Nov 24, 2011 7:03 AM

  899045 wrote:
  Can anyone tell me how to grant select privilege to a user for specific columns in a table?
  I have tried the following statement
  GRANT SELECT (EMP_ID) ON EMP TO USER1
  But it's not working and I am getting this error "Missing ON Keyword".
  Please anyone tell me how to grant select privilege for specific columns.
  Edited by: 899045 on Nov 24, 2011 7:03 AMFrom the 9.2 SQL Reference manual, found at tahiti.oracle.com (http://docs.oracle.com/cd/B10501_01/server.920/a96540/statements_912a.htm#2062456)
  *"You can specify columns only when granting the INSERT, REFERENCES, or UPDATE privilege. "*

• How to grant select permission to all the tables in the user

  Hi All,
  I have 5 tables in one user, now i want to give only select privilege to another user on those tables. Please help me to solve this issue.
  Thanks in Advance.
  Thanks and Regards,
  chiranth

  See following discussion: Re: Select Grant on another schema

• Granting select privileges

  I want to grant select privileges on all tables and views belonging to database xyz to the user abc.
  What's the best way to do that?
  Message was edited by: Diarmuid - 11/07/07
  user580522

  I beg to differ. Of course OP can try to 'GRANT SELECT ANY TABLE'. It's just a matter of his own privileges if he succeeds or not.
  To OP: Reading about GRANT might help:
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#i2077938
  Note this part from the docs:
  To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege.

• GRANT SELECT ON ALL TABLES

  Is there a direct SQL to grant select on all tables in the schema for a user? Or do we need to write a PLSQL for this?
  Also, if a new table T1 is created or existing table T2 is dropped and recreated after granting the select all privilege, will the user have access to T1 and T2?
  thanks

  Is there a direct SQL to grant select on all tables
  in the schema for a user? Or do we need to write a
  PLSQL for this?There is no privilege that would give user A access to all the tables in schema B. You would need to grant access to each object, which can certainly be done via dynamic SQL in PL/SQL.
  There is a privilege SELECT ANY TABLE which allows the user to query any table in the system, but this is generally very dangerous and probably not something you would want to give a normal user.
  Also, if a new table T1 is created or existing table
  T2 is dropped and recreated after granting the select
  all privilege, will the user have access to T1 and
  T2?Unless you grant SELECT ANY TABLE, you would need to explicitly grant A access to any new tables created in schema B (or to tables after they are dropped and re-created). Potentially, you could create a DDL trigger that submitted a job that would, in turn, make the grant whenever a new table was created in schema B.
  Justin

• Grant select on all tables of a schema

  I need to grant select on all tables (over 200 tables) of a schema to other users. Are there any SQL syntax to do this?
  Thanks!

  Execute the following script, modify it for your environment:
  Script
  Accept from_owner char prompt 'Grant from user:'
  Accept to_user char prompt 'grant to user:'
  set head off;
  set lines 300;
  set pages 0;
  set termout off;
  set feedback off;
  set head off;
  set verify off;
  spool d:\temp\grant.sql
  select 'grant select on &from_owner..'||
    table_name||
    ' to &to_user;'
    from dba_tables
    where owner=upper('&&from_owner');
  spool off;
  set head on;
  set pages 24;
  set termout on;
  set feedback on;
  set head on;
  @d:\temp\grant.sqlExecution example:
  system@DBA> @d:\temp\grants.sql
  Grant from user:scott
  grant to user:ejemplo
  Grant succeeded.
  Grant succeeded.
  Grant succeeded.
  Grant succeeded.
  Grant succeeded.
  Grant succeeded.
  Grant succeeded.

• Lock the table by user with grant only for select

  Hallo.
  It is possible that the user has rights only for SELECT, do not lock the table? Now, where do "SELECT * FROM table FOR UPDATE", does not make the change, but it locks the entire table, and another user to get into it.
  Thanks

  And here is the "evidence" ;)
  SQL> select * from v$version ;
  BANNER
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi
  PL/SQL Release 10.2.0.4.0 - Production
  CORE    10.2.0.4.0      Production
  TNS for Solaris: Version 10.2.0.4.0 - Production
  NLSRTL Version 10.2.0.4.0 - Production
  SQL> create user u1 identified by u1 ;
  User created.
  SQL> grant connect to u1 ;
  Grant succeeded.
  SQL> connect hr/hr
  Connected.
  SQL> create or replace view v_t1 as select username, user_id, created from t1 group by username, use
  r_id, created with read only ;
  View created.
  SQL> grant select on v_t1 to u1 ;
  Grant succeeded.
  SQL> connect u1/u1
  Connected.
  SQL> select * from hr.v_t1 where rownum = 1 for update ;
  select * from hr.v_t1 where rownum = 1 for update
  ERROR at line 1:
  ORA-02014: cannot select FOR UPDATE from view with DISTINCT, GROUP BY, etc.
  SQL> select * from hr.v_t1 where rownum = 1
    2  ;
  USERNAME                          USER_ID CREATED
  AK                                     36 08-MAY-00

• Grant select on all table of a schema to role

  Hi , is it possible to grant select on all table on a schema to a role?

  To grant SELECT on all tables of the current schema to particular role or user:
  SELECT 'GRANT SELECT ON '||TABLE_NAME||' TO READ_ONLY_ROLE;' COMMAND
  FROM (
  SELECT TABLE_NAME
  FROM ALL_TABLES
  WHERE OWNER = (SELECT USER FROM DUAL)
  Then copy and execute the result commands, eg:
  GRANT SELECT ON DEPT TO READ_ONLY_ROLE;
  GRANT SELECT ON EMP TO READ_ONLY_ROLE;
  GRANT SELECT ON DEMO_USERS TO READ_ONLY_ROLE;
  GRANT SELECT ON DEMO_CUSTOMERS TO READ_ONLY_ROLE;
  GRANT SELECT ON DEMO_ORDERS TO READ_ONLY_ROLE;

• Grant read authorisation on all of its tables to another user

  Hi,
  we would like to read the tables of SAP directly from MaxDB. The user sap<sid> is not a good candidate. So, we create another user dbreader.
  Could somebody help me, how to grant read authorisation on all SAP tables to user dbreader?
  Thanks a lot in advance.
  Best Regards,
  Rongfeng

  Hello Rongfeng,
  do you notice to what a dilemma you bring us with your request?
  On the one hand, we're participating in this SDN community to help people, so that they can successfully use the software and enjoy it.
  On the other hand you ask for the how-to for something that is a really bad idea and that will bring you into trouble.
  By allowing a read-only access to SAP tables you bypass all permission management of SAP. As soon as any auditor sees that, the compliance certificate of your company is gone.
  You can even access all clients - how do you prevent from working with the wrong set of data?
  Also it does not seem as if you know what you're about to do there. In fact, you don't even know what data you want to see.
  It's just the "gimme-all" request, something that might be OK at the kepab booth, but surely not with data access permissions.
  Apart from the security aspect: SAP tables don't make sense on database level.
  All references and dependencies between them are only kept within the application layer.
  All the semantics of the data fields (and with them all consistency check) are only present at the application layer.
  Even the state of records is not consistent on the database, as SAP uses it's own updater concept in - you guess it - the application layer.
  So, for me the question is:
  If I tell you how to do what you asked for, does it do more harm than it's useful?
  The regular readers of this forum already know my reply to this kind of request...
  DON'T DO IT!
  Instead define and specify a API to the data you need to see.
  Better use the tools you already paid for ... ABAP, BAPI, RFC, WebServices... there are tons of options to get data out of SAP systems properly. And all of them are safe, secure, well documented and reliable.
  Best regards,
  Lars

• Grant specific column level privilege

  without vpd how i will grant specific column level privilege to a particular user.

  grant update(id) on a to scott;
  it is working fine.
  anybody can gv othr suggestn

• Syntax Error, while Creating External Table

  Hi,
  Can anyone tell this Syntax is correct or not. And how it look like:
  CREATE TABLE emp_load (T_DATE DATE NOT NULL,
  T_NO DOUBLE PRECISION,
  T_TYPE CHAR(1),
  T_CO VARCHAR(30),
  T_CONTRACT DOUBLE PRECISION,
  T_PARTY VARCHAR(15),
  T_BILL_NO DOUBLE PRECISION,
  T_BILL_DATE DATE,
  T_QTY DOUBLE PRECISION,
  T_RATE DOUBLE PRECISION,
  T_BKG DOUBLE PRECISION NOT NULL,
  T_TAX DOUBLE PRECISION,
  T_OTHER DOUBLE PRECISION,
  T_DIV DOUBLE PRECISION,
  T_STAMPS DOUBLE PRECISION,
  T_DC_NO DOUBLE PRECISION,
  T_SPOT CHAR(2),
  T_CITY VARCHAR(3),
  T_ORDER DOUBLE PRECISION,
  T_TRADE DOUBLE PRECISION,
  T_TIME DATE,
  T_FORM CHAR(1),
  HEADER VARCHAR(2),
  T_DC_DATE DATE,
  T_POD VARCHAR(30),
  T_POD_DATE DATE,
  T_SET INTEGER,
  T_MARGIN DOUBLE PRECISION NOT NULL WITH DEFAULT,
  T_MKT_TYPE VARCHAR(3) NOT NULL,
  T_MEMBER_CODE VARCHAR(15),
  T_EXIM SMALLINT,
  T_P VARCHAR(15),
  T_C VARCHAR(30),
  T_TERM VARCHAR(8),
  T_CUST VARCHAR(12),
  T_SUBBKG DOUBLE PRECISION,
  T_BILL_TYPE VARCHAR(1),
  T_OPN_CLS DOUBLE PRECISION,
  T_AUCTION DOUBLE PRECISION,
  T_BRANCH VARCHAR(8),
  T_UNQID VARCHAR(20),
  T_SQ SMALLINT,
  T_CBKG DOUBLE PRECISION,
  T_COTHER DOUBLE PRECISION,
  T_MOD DATE,
  T_ORIG_CUST VARCHAR(20),
  T_TOT DOUBLE PRECISION,
  T_FIRM SMALLINT,
  T_ORDER_TIME DATE,
  T_NON_MT SMALLINT)
  ORGANIZATION EXTERNAL (TYPE ORACLE_LOADER DEFAULT DIRECTORY ext_tab_dir
  ACCESS PARAMETERS (RECORDS FIXED 62 FIELDS (T_DATE DATE NOT NULL,
  T_NO DOUBLE PRECISION,
  T_TYPE CHAR(1),
  T_CO VARCHAR(30),
  T_CONTRACT DOUBLE PRECISION,
  T_PARTY VARCHAR(15),
  T_BILL_NO DOUBLE PRECISION,
  T_BILL_DATE DATE,
  T_QTY DOUBLE PRECISION,
  T_RATE DOUBLE PRECISION,
  T_BKG DOUBLE PRECISION NOT NULL,
  T_TAX DOUBLE PRECISION,
  T_OTHER DOUBLE PRECISION,
  T_DIV DOUBLE PRECISION,
  T_STAMPS DOUBLE PRECISION,
  T_DC_NO DOUBLE PRECISION,
  T_SPOT CHAR(2),
  T_CITY VARCHAR(3),
  T_ORDER DOUBLE PRECISION,
  T_TRADE DOUBLE PRECISION,
  T_TIME DATE,
  T_FORM CHAR(1),
  HEADER VARCHAR(2),
  T_DC_DATE DATE,
  T_POD VARCHAR(30),
  T_POD_DATE DATE,
  T_SET INTEGER,
  T_MARGIN DOUBLE PRECISION NOT NULL WITH DEFAULT,
  T_MKT_TYPE VARCHAR(3) NOT NULL,
  T_MEMBER_CODE VARCHAR(15),
  T_EXIM SMALLINT,
  T_P VARCHAR(15),
  T_C VARCHAR(30),
  T_TERM VARCHAR(8),
  T_CUST VARCHAR(12),
  T_SUBBKG DOUBLE PRECISION,
  T_BILL_TYPE VARCHAR(1),
  T_OPN_CLS DOUBLE PRECISION,
  T_AUCTION DOUBLE PRECISION,
  T_BRANCH VARCHAR(8),
  T_UNQID VARCHAR(20),
  T_SQ SMALLINT,
  T_CBKG DOUBLE PRECISION,
  T_COTHER DOUBLE PRECISION,
  T_MOD DATE,
  T_ORIG_CUST VARCHAR(20),
  T_TOT DOUBLE PRECISION,
  T_FIRM SMALLINT,
  T_ORDER_TIME DATE,
  T_NON_MT SMALLINT))
  LOCATION ('BR271107.DAT'))
  Error at Command Line:28 Column:40
  Error report:
  SQL Error: ORA-00905: missing keyword
  00905. 00000 - "missing keyword"
  Thank u..!
  Ravi

  Where can we find that directory in the server. You have to provide for it's existence.
  So you must create C:/Oracle on the server or have your ext_tab_dir point to some existing directory on the server (better if dedicated to external tables for not creating confusion)
  You must also see to have read and write OS rights and have granted read (and write) privileges on directory ext_tab_dir to your_user_name
  Regards
  Etbin
  If you can use utl_file try to use utl_file_dir as your ext_tab_dir to perform the test => copy your file to the directory your utl_file_dir is pointing to and do select * from test
  Message was edited by: Etbin
  user596003

• Query to get objects list for which the current user has 'SELECT' privilege

  Hi,
  I want to get tables and views list for which the current user has 'SELECT' privilege excluding sytem tables and views. The privilege information for the current user is scattered in more than one system views. I have following system views
  USER_TAB_PRIVS_RECD - Object grants for which the current user is the grantee
  ROLE_TAB_PRIVS - describes table privileges granted to roles. Information is provided only about roles to which the user has access.
  If the object privilege is granted explicitly like "GRANT ALL ON TABLE_NAME TO "USERNAME" then this privilege entry goes to USER_TAB_PRIVIS_RECD
  If the object privilege is granted by ROLE. Role is created with certain object privileges. this role is assigned to user "GRANT ROLE_NAME TO "USERNAME"", then this entry goes to ROLE_TAB_PRIVS
  From these findings, I have composed below query
  (SELECT DISTINCT TABLE_NAME FROM USER_TAB_PRIVS_RECD) UNION (SELECT DISTINCT TABLE_NAME FROM ROLE_TAB_PRIVS WHERE PRIVILEGE = 'SELECT')
  Have I got user's all prvilege details? should I look some other system views?
  How to exclude system table privileges details?
  (SELECT DISTINCT TABLE_NAME FROM USER_TAB_PRIVS_RECD) UNION (SELECT DISTINCT TABLE_NAME FROM ROLE_TAB_PRIVS WHERE PRIVILEGE = 'SELECT' AND OWNER NOT IN ('SYS','SYSTEM') Is this right?
  What about Public role in Oracle? Should I consider public role here?
  Oracel Version :11g
  I want make this query to work on Oracle 8i or above version
  Thanks

  >
  I want to get tables and views list for which the current user has 'SELECT' privilege excluding sytem tables and views.
  >
  You will need a hierarchical query to do that.
  Try this script for Listing privileges recursively for Oracle users
  http://www.adp-gmbh.ch/ora/misc/recursively_list_privilege.html

• SELECT PRIVILEGES required on Materialized View Logs

  Hi,
  I have a scenario where in Base table exists in one database and Materialized View on other.
  The Materialized View is created with FAST REFRESH option.
  I have created Materialized View Log in database where master table exists.
  Also I have given Select priv on master table to the user(where MV is created).
  I want to know how will i Grant SELECT PRIV on Materialized View Log so that FAST refresh happens.
  Both databases are Oracle 10g R2.
  I have read following on oracle site:
  The owner of the materialized view must have the CREATE TABLE system privilege. The owner must also have access to any master tables of the materialized view that the schema owner does not own (for example, if the master tables are on a remote database) and to any materialized view logs defined on those master tables, either through a SELECT object privilege on each of the tables or through the SELECT ANY TABLE system privilege.
  Please tell me the command to GRANT SELECT to the user who has created MV.
  Thank You,
  Niranjan.

  Hi,
  The privileges required to create a materialized view should be granted directly rather than through a role
  To create a materialized view in your own schema:
  1- Grant CREATE MATERIALIZED VIEW system privilege and either the CREATE TABLE or CREATE ANY TABLE system privilege.
  2-You must also have access to any master tables of the materialized view that you do not own, either through a SELECT object privilege on each of the tables or through the SELECT ANY
  TABLE system privilege.
  To create a materialized view in another user's schema:
  1-You must have the CREATE ANY MATERIALIZED VIEW system privilege.
  2-The owner of the materialized view must have the CREATE TABLE system privilege. The owner must also have access to any master tables of the materialized view that the schema owner does not own (for example, if the master tables are on a remote database) and to any materialized view logs defined on those master tables, either through a SELECT object privilege on each of the tables or through the SELECT ANY TABLE system privilege.
  To create a refresh-on-commit materialized view (ON COMMIT REFRESH clause), in addition to the preceding privileges, you must have the ON COMMIT REFRESH object privilege on any master tables that you do not own or you must have the ON COMMIT REFRESH system privilege.
  see this link
  http://download.oracle.com/docs/cd/B12037_01/server.101/b10759/statements_6002.htm

• Create user with select privilege only one schema

  can someone tell me how i can create user with select priviliges only one schema.
  i don't want the user to have any select privileges with other schema.
  can someone advise me.
  Thansk

  In general, you would do something like
  CREATE ROLE abc_read_only;
  FOR x IN (SELECT * FROM dba_tables WHERE owner='ABC')
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON abc.' || x.table_name || ' TO abc_read_only';
  END LOOP;
  CREATE USER your_user ...;
  GRANT abc_read_only TO your_userYou create a role, grant the role SELECT access to all the tables in the ABC schema (you can extend this to grant access to views, functions, etc depending on the requirements), and then grant that role to your user.
  Justin