GRANT syntax : Grant SELECT privileges on tables to a User on a Remote DB
Hi
I am having two databases: DEV1 and DEV2. DEV1 is my source database and DEV2 is target database. There is a table in Schema A on Dev1. I have created a PUBLIC DBLINK "TESTDBLINK" in Schema B on DEV2 that connects to Schema A on DEV1.
Database Schema Table Machine
DEV1 A EMP 192.168.210.10
Database Schema Database Lik Machine
DEV2 B TESTDBLINK 192.168.210.11
How to grant SELECT privileges on Schema A Table EMP ( DEV1 ) to Schema B on DEV2 ? What is the syntax ?
e.g. Log in as Schema A on DEV 1
SQL> GRANT SELECT ON EMP TO *???????*
Thanks for your inputs
Harry
You don't have to grant that table in schema A to schema B.
Inside schema B, you can just issue a select statement like this:
select *
from table@db-link-to-AOracle will connect to the remote instance, using the credentials of schema A, and since A owns that table, Oracle can already access the table.
Similar Messages
-
Is a PRIVILEGE always forwardeable to other users?
Assume user123 has (got) a privilege XXXX.
Can he always GRANT/pass/forward this privilege to other users?
Or is there in Oracle a difference between possessing a privilege and have the privilege to GRANT a privielege to others?
PeterHello Peter,
Suppose
1. WITH ADMIN OPTION , user123 got create table privilege using this option (normally system privileges (e.g create table) and roles.)
user 123 can grant this privilege to other users like test1 & test2, in future when this create table privilege revoked from user123 , this privilege is not revoked from test & test2.
2. WITH GRANT OPTION. ( table specific privileges) User123 got select privilege on table dept with this option
user 123 can grant this privilege to other users like test1 & test2, in future when this select privilege revoked from user123 , this privilege is also revoked from test & test2.
Regards,
Vineeth -
Grant select privilege to specific columns on a table to user in Oracle 9i
Can anyone tell me how to grant select privilege to a user for specific columns in a table?
I have tried the following statement
GRANT SELECT (EMP_ID) ON EMP TO USER1
But it's not working and I am getting this error "Missing ON Keyword".
Please anyone tell me how to grant select privilege for specific columns.
Edited by: 899045 on Nov 24, 2011 7:03 AM899045 wrote:
Can anyone tell me how to grant select privilege to a user for specific columns in a table?
I have tried the following statement
GRANT SELECT (EMP_ID) ON EMP TO USER1
But it's not working and I am getting this error "Missing ON Keyword".
Please anyone tell me how to grant select privilege for specific columns.
Edited by: 899045 on Nov 24, 2011 7:03 AMFrom the 9.2 SQL Reference manual, found at tahiti.oracle.com (http://docs.oracle.com/cd/B10501_01/server.920/a96540/statements_912a.htm#2062456)
*"You can specify columns only when granting the INSERT, REFERENCES, or UPDATE privilege. "* -
How to grant select permission to all the tables in the user
Hi All,
I have 5 tables in one user, now i want to give only select privilege to another user on those tables. Please help me to solve this issue.
Thanks in Advance.
Thanks and Regards,
chiranthSee following discussion: Re: Select Grant on another schema
-
I want to grant select privileges on all tables and views belonging to database xyz to the user abc.
What's the best way to do that?
Message was edited by: Diarmuid - 11/07/07
user580522I beg to differ. Of course OP can try to 'GRANT SELECT ANY TABLE'. It's just a matter of his own privileges if he succeeds or not.
To OP: Reading about GRANT might help:
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#i2077938
Note this part from the docs:
To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege. -
Is there a direct SQL to grant select on all tables in the schema for a user? Or do we need to write a PLSQL for this?
Also, if a new table T1 is created or existing table T2 is dropped and recreated after granting the select all privilege, will the user have access to T1 and T2?
thanksIs there a direct SQL to grant select on all tables
in the schema for a user? Or do we need to write a
PLSQL for this?There is no privilege that would give user A access to all the tables in schema B. You would need to grant access to each object, which can certainly be done via dynamic SQL in PL/SQL.
There is a privilege SELECT ANY TABLE which allows the user to query any table in the system, but this is generally very dangerous and probably not something you would want to give a normal user.
Also, if a new table T1 is created or existing table
T2 is dropped and recreated after granting the select
all privilege, will the user have access to T1 and
T2?Unless you grant SELECT ANY TABLE, you would need to explicitly grant A access to any new tables created in schema B (or to tables after they are dropped and re-created). Potentially, you could create a DDL trigger that submitted a job that would, in turn, make the grant whenever a new table was created in schema B.
Justin -
Grant select on all tables of a schema
I need to grant select on all tables (over 200 tables) of a schema to other users. Are there any SQL syntax to do this?
Thanks!Execute the following script, modify it for your environment:
Script
Accept from_owner char prompt 'Grant from user:'
Accept to_user char prompt 'grant to user:'
set head off;
set lines 300;
set pages 0;
set termout off;
set feedback off;
set head off;
set verify off;
spool d:\temp\grant.sql
select 'grant select on &from_owner..'||
table_name||
' to &to_user;'
from dba_tables
where owner=upper('&&from_owner');
spool off;
set head on;
set pages 24;
set termout on;
set feedback on;
set head on;
@d:\temp\grant.sqlExecution example:
system@DBA> @d:\temp\grants.sql
Grant from user:scott
grant to user:ejemplo
Grant succeeded.
Grant succeeded.
Grant succeeded.
Grant succeeded.
Grant succeeded.
Grant succeeded.
Grant succeeded. -
Lock the table by user with grant only for select
Hallo.
It is possible that the user has rights only for SELECT, do not lock the table? Now, where do "SELECT * FROM table FOR UPDATE", does not make the change, but it locks the entire table, and another user to get into it.
ThanksAnd here is the "evidence" ;)
SQL> select * from v$version ;
BANNER
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi
PL/SQL Release 10.2.0.4.0 - Production
CORE 10.2.0.4.0 Production
TNS for Solaris: Version 10.2.0.4.0 - Production
NLSRTL Version 10.2.0.4.0 - Production
SQL> create user u1 identified by u1 ;
User created.
SQL> grant connect to u1 ;
Grant succeeded.
SQL> connect hr/hr
Connected.
SQL> create or replace view v_t1 as select username, user_id, created from t1 group by username, use
r_id, created with read only ;
View created.
SQL> grant select on v_t1 to u1 ;
Grant succeeded.
SQL> connect u1/u1
Connected.
SQL> select * from hr.v_t1 where rownum = 1 for update ;
select * from hr.v_t1 where rownum = 1 for update
ERROR at line 1:
ORA-02014: cannot select FOR UPDATE from view with DISTINCT, GROUP BY, etc.
SQL> select * from hr.v_t1 where rownum = 1
2 ;
USERNAME USER_ID CREATED
AK 36 08-MAY-00 -
Grant select on all table of a schema to role
Hi , is it possible to grant select on all table on a schema to a role?
To grant SELECT on all tables of the current schema to particular role or user:
SELECT 'GRANT SELECT ON '||TABLE_NAME||' TO READ_ONLY_ROLE;' COMMAND
FROM (
SELECT TABLE_NAME
FROM ALL_TABLES
WHERE OWNER = (SELECT USER FROM DUAL)
Then copy and execute the result commands, eg:
GRANT SELECT ON DEPT TO READ_ONLY_ROLE;
GRANT SELECT ON EMP TO READ_ONLY_ROLE;
GRANT SELECT ON DEMO_USERS TO READ_ONLY_ROLE;
GRANT SELECT ON DEMO_CUSTOMERS TO READ_ONLY_ROLE;
GRANT SELECT ON DEMO_ORDERS TO READ_ONLY_ROLE; -
Grant read authorisation on all of its tables to another user
Hi,
we would like to read the tables of SAP directly from MaxDB. The user sap<sid> is not a good candidate. So, we create another user dbreader.
Could somebody help me, how to grant read authorisation on all SAP tables to user dbreader?
Thanks a lot in advance.
Best Regards,
RongfengHello Rongfeng,
do you notice to what a dilemma you bring us with your request?
On the one hand, we're participating in this SDN community to help people, so that they can successfully use the software and enjoy it.
On the other hand you ask for the how-to for something that is a really bad idea and that will bring you into trouble.
By allowing a read-only access to SAP tables you bypass all permission management of SAP. As soon as any auditor sees that, the compliance certificate of your company is gone.
You can even access all clients - how do you prevent from working with the wrong set of data?
Also it does not seem as if you know what you're about to do there. In fact, you don't even know what data you want to see.
It's just the "gimme-all" request, something that might be OK at the kepab booth, but surely not with data access permissions.
Apart from the security aspect: SAP tables don't make sense on database level.
All references and dependencies between them are only kept within the application layer.
All the semantics of the data fields (and with them all consistency check) are only present at the application layer.
Even the state of records is not consistent on the database, as SAP uses it's own updater concept in - you guess it - the application layer.
So, for me the question is:
If I tell you how to do what you asked for, does it do more harm than it's useful?
The regular readers of this forum already know my reply to this kind of request...
DON'T DO IT!
Instead define and specify a API to the data you need to see.
Better use the tools you already paid for ... ABAP, BAPI, RFC, WebServices... there are tons of options to get data out of SAP systems properly. And all of them are safe, secure, well documented and reliable.
Best regards,
Lars -
Grant specific column level privilege
without vpd how i will grant specific column level privilege to a particular user.
grant update(id) on a to scott;
it is working fine.
anybody can gv othr suggestn -
Syntax Error, while Creating External Table
Hi,
Can anyone tell this Syntax is correct or not. And how it look like:
CREATE TABLE emp_load (T_DATE DATE NOT NULL,
T_NO DOUBLE PRECISION,
T_TYPE CHAR(1),
T_CO VARCHAR(30),
T_CONTRACT DOUBLE PRECISION,
T_PARTY VARCHAR(15),
T_BILL_NO DOUBLE PRECISION,
T_BILL_DATE DATE,
T_QTY DOUBLE PRECISION,
T_RATE DOUBLE PRECISION,
T_BKG DOUBLE PRECISION NOT NULL,
T_TAX DOUBLE PRECISION,
T_OTHER DOUBLE PRECISION,
T_DIV DOUBLE PRECISION,
T_STAMPS DOUBLE PRECISION,
T_DC_NO DOUBLE PRECISION,
T_SPOT CHAR(2),
T_CITY VARCHAR(3),
T_ORDER DOUBLE PRECISION,
T_TRADE DOUBLE PRECISION,
T_TIME DATE,
T_FORM CHAR(1),
HEADER VARCHAR(2),
T_DC_DATE DATE,
T_POD VARCHAR(30),
T_POD_DATE DATE,
T_SET INTEGER,
T_MARGIN DOUBLE PRECISION NOT NULL WITH DEFAULT,
T_MKT_TYPE VARCHAR(3) NOT NULL,
T_MEMBER_CODE VARCHAR(15),
T_EXIM SMALLINT,
T_P VARCHAR(15),
T_C VARCHAR(30),
T_TERM VARCHAR(8),
T_CUST VARCHAR(12),
T_SUBBKG DOUBLE PRECISION,
T_BILL_TYPE VARCHAR(1),
T_OPN_CLS DOUBLE PRECISION,
T_AUCTION DOUBLE PRECISION,
T_BRANCH VARCHAR(8),
T_UNQID VARCHAR(20),
T_SQ SMALLINT,
T_CBKG DOUBLE PRECISION,
T_COTHER DOUBLE PRECISION,
T_MOD DATE,
T_ORIG_CUST VARCHAR(20),
T_TOT DOUBLE PRECISION,
T_FIRM SMALLINT,
T_ORDER_TIME DATE,
T_NON_MT SMALLINT)
ORGANIZATION EXTERNAL (TYPE ORACLE_LOADER DEFAULT DIRECTORY ext_tab_dir
ACCESS PARAMETERS (RECORDS FIXED 62 FIELDS (T_DATE DATE NOT NULL,
T_NO DOUBLE PRECISION,
T_TYPE CHAR(1),
T_CO VARCHAR(30),
T_CONTRACT DOUBLE PRECISION,
T_PARTY VARCHAR(15),
T_BILL_NO DOUBLE PRECISION,
T_BILL_DATE DATE,
T_QTY DOUBLE PRECISION,
T_RATE DOUBLE PRECISION,
T_BKG DOUBLE PRECISION NOT NULL,
T_TAX DOUBLE PRECISION,
T_OTHER DOUBLE PRECISION,
T_DIV DOUBLE PRECISION,
T_STAMPS DOUBLE PRECISION,
T_DC_NO DOUBLE PRECISION,
T_SPOT CHAR(2),
T_CITY VARCHAR(3),
T_ORDER DOUBLE PRECISION,
T_TRADE DOUBLE PRECISION,
T_TIME DATE,
T_FORM CHAR(1),
HEADER VARCHAR(2),
T_DC_DATE DATE,
T_POD VARCHAR(30),
T_POD_DATE DATE,
T_SET INTEGER,
T_MARGIN DOUBLE PRECISION NOT NULL WITH DEFAULT,
T_MKT_TYPE VARCHAR(3) NOT NULL,
T_MEMBER_CODE VARCHAR(15),
T_EXIM SMALLINT,
T_P VARCHAR(15),
T_C VARCHAR(30),
T_TERM VARCHAR(8),
T_CUST VARCHAR(12),
T_SUBBKG DOUBLE PRECISION,
T_BILL_TYPE VARCHAR(1),
T_OPN_CLS DOUBLE PRECISION,
T_AUCTION DOUBLE PRECISION,
T_BRANCH VARCHAR(8),
T_UNQID VARCHAR(20),
T_SQ SMALLINT,
T_CBKG DOUBLE PRECISION,
T_COTHER DOUBLE PRECISION,
T_MOD DATE,
T_ORIG_CUST VARCHAR(20),
T_TOT DOUBLE PRECISION,
T_FIRM SMALLINT,
T_ORDER_TIME DATE,
T_NON_MT SMALLINT))
LOCATION ('BR271107.DAT'))
Error at Command Line:28 Column:40
Error report:
SQL Error: ORA-00905: missing keyword
00905. 00000 - "missing keyword"
Thank u..!
RaviWhere can we find that directory in the server. You have to provide for it's existence.
So you must create C:/Oracle on the server or have your ext_tab_dir point to some existing directory on the server (better if dedicated to external tables for not creating confusion)
You must also see to have read and write OS rights and have granted read (and write) privileges on directory ext_tab_dir to your_user_name
Regards
Etbin
If you can use utl_file try to use utl_file_dir as your ext_tab_dir to perform the test => copy your file to the directory your utl_file_dir is pointing to and do select * from test
Message was edited by: Etbin
user596003 -
Query to get objects list for which the current user has 'SELECT' privilege
Hi,
I want to get tables and views list for which the current user has 'SELECT' privilege excluding sytem tables and views. The privilege information for the current user is scattered in more than one system views. I have following system views
USER_TAB_PRIVS_RECD - Object grants for which the current user is the grantee
ROLE_TAB_PRIVS - describes table privileges granted to roles. Information is provided only about roles to which the user has access.
If the object privilege is granted explicitly like "GRANT ALL ON TABLE_NAME TO "USERNAME" then this privilege entry goes to USER_TAB_PRIVIS_RECD
If the object privilege is granted by ROLE. Role is created with certain object privileges. this role is assigned to user "GRANT ROLE_NAME TO "USERNAME"", then this entry goes to ROLE_TAB_PRIVS
From these findings, I have composed below query
(SELECT DISTINCT TABLE_NAME FROM USER_TAB_PRIVS_RECD) UNION (SELECT DISTINCT TABLE_NAME FROM ROLE_TAB_PRIVS WHERE PRIVILEGE = 'SELECT')
Have I got user's all prvilege details? should I look some other system views?
How to exclude system table privileges details?
(SELECT DISTINCT TABLE_NAME FROM USER_TAB_PRIVS_RECD) UNION (SELECT DISTINCT TABLE_NAME FROM ROLE_TAB_PRIVS WHERE PRIVILEGE = 'SELECT' AND OWNER NOT IN ('SYS','SYSTEM') Is this right?
What about Public role in Oracle? Should I consider public role here?
Oracel Version :11g
I want make this query to work on Oracle 8i or above version
Thanks>
I want to get tables and views list for which the current user has 'SELECT' privilege excluding sytem tables and views.
>
You will need a hierarchical query to do that.
Try this script for Listing privileges recursively for Oracle users
http://www.adp-gmbh.ch/ora/misc/recursively_list_privilege.html -
SELECT PRIVILEGES required on Materialized View Logs
Hi,
I have a scenario where in Base table exists in one database and Materialized View on other.
The Materialized View is created with FAST REFRESH option.
I have created Materialized View Log in database where master table exists.
Also I have given Select priv on master table to the user(where MV is created).
I want to know how will i Grant SELECT PRIV on Materialized View Log so that FAST refresh happens.
Both databases are Oracle 10g R2.
I have read following on oracle site:
The owner of the materialized view must have the CREATE TABLE system privilege. The owner must also have access to any master tables of the materialized view that the schema owner does not own (for example, if the master tables are on a remote database) and to any materialized view logs defined on those master tables, either through a SELECT object privilege on each of the tables or through the SELECT ANY TABLE system privilege.
Please tell me the command to GRANT SELECT to the user who has created MV.
Thank You,
Niranjan.Hi,
The privileges required to create a materialized view should be granted directly rather than through a role
To create a materialized view in your own schema:
1- Grant CREATE MATERIALIZED VIEW system privilege and either the CREATE TABLE or CREATE ANY TABLE system privilege.
2-You must also have access to any master tables of the materialized view that you do not own, either through a SELECT object privilege on each of the tables or through the SELECT ANY
TABLE system privilege.
To create a materialized view in another user's schema:
1-You must have the CREATE ANY MATERIALIZED VIEW system privilege.
2-The owner of the materialized view must have the CREATE TABLE system privilege. The owner must also have access to any master tables of the materialized view that the schema owner does not own (for example, if the master tables are on a remote database) and to any materialized view logs defined on those master tables, either through a SELECT object privilege on each of the tables or through the SELECT ANY TABLE system privilege.
To create a refresh-on-commit materialized view (ON COMMIT REFRESH clause), in addition to the preceding privileges, you must have the ON COMMIT REFRESH object privilege on any master tables that you do not own or you must have the ON COMMIT REFRESH system privilege.
see this link
http://download.oracle.com/docs/cd/B12037_01/server.101/b10759/statements_6002.htm -
Create user with select privilege only one schema
can someone tell me how i can create user with select priviliges only one schema.
i don't want the user to have any select privileges with other schema.
can someone advise me.
ThanskIn general, you would do something like
CREATE ROLE abc_read_only;
FOR x IN (SELECT * FROM dba_tables WHERE owner='ABC')
LOOP
EXECUTE IMMEDIATE 'GRANT SELECT ON abc.' || x.table_name || ' TO abc_read_only';
END LOOP;
CREATE USER your_user ...;
GRANT abc_read_only TO your_userYou create a role, grant the role SELECT access to all the tables in the ABC schema (you can extend this to grant access to views, functions, etc depending on the requirements), and then grant that role to your user.
Justin
Maybe you are looking for
-
I can't access the "notes" on my Ipod Touch
I can't access my "notes" on my ipod, which is a fourth generation. What happened, while deleting some notes, one came back up but as a blank note. when opening, it was still blank so I tries deleting it, but to no avail. So, I tried to delete it aga
-
IMac (15in flat panel) won't stay on
Hi, I have an 15in flat panel iMac that will shut off almost immediately after you turn it on. The computer and the screen both turn on for a few seconds and shut down. It seems as if the computer just loses power after you turn it on. I have replace
-
Logical system name vs. destination name - CUA -
Hey experts, at the moment I´m thinking about using the CUA in our SAP environment for role distribution. In this scenario I need destinations to the child systems (of course!). In all manuals I found it say, that i HAVE to create destinations which
-
My apple apps ( contacts and message) are gone from my screen yet I know they're still n the system. How do restore these apps on my screen without resetting whole system?
-
MBP Built-in iSight and External FW iSight over iChat
I was wondering if anyone has heard of a third party program that will take video feeds from both the built in iSight in the MacBook Pro and a FireWire externam iSight. Would be nice since it is easier to maneuver the external one. Plus, two sources