Granting object privs

I have an user1 with table test in his schema.
When I log in as system and try to grant user2 select on table test and am getting the following error:
SQL> grant select on user1.test to user2;
grant select on user1.test to user2
Eror at line 1:
ORA-01031: insufficient privileges
System has DBA role and system priv SYSDBA granted by default. I added GRANT ANY ROLE, GRANT ANY PRIVILEGE and am still getting the error. I can grant any privilege on the table when logged in as user1.
Thanks for any help.
Ken

Thanks for your posts. I have already posted this question twice, and had one reply, but still don't understand.
I have training cd which does that very thing in a simulation (grant select on a.table to b) while connected as sysdba.
It would be very tedious to have to log in as the user, grant system all the individual privilegs to all the objects in the other schema, then connect as sysdba and administer them. What happens when a new table in created in that schema? Same thing over again?
I guess MSSQL has made it too easy for me in the past, and I can't believe Oracle could make it this difficult.
Winford
null

Similar Messages

Granting object privileges to remote users.

Hello,
Here's the situation:
I have 2 databases located on 2 different servers both running Win2k3. In the first database the main schema is M1 and it has to read objects on the another schema M2, located on the second database.
I created a database link on the first database, to point to the second database
create database link connect2M2db connect to M2 identified by M2 using 'connect2M2db'Now I would like to grant object privileges(insert,update,delete) to M1 on M2' objects. Can anyone tell me how to do that?
Thanks in advance.

I didn't put the whole thing, (my bad) but your reply was helpful. As I said before, I have 2 dbs, on 2 differents servers. I created the dblink on the first server. I also created synonyms on the first server using the following syntax:
"create or replace synonym syn_name for user2.table" which from the link you provided me, is wrong as I didn't append the dblink name.
After that, I would like to grant object privileges to user1, by executing the command from server2. For doing that, is the following syntax correct: "grant select on table_name to user1". My issue is that user1 does not exist on server2. Should I rather use the following: "grant select on table_name@dblink to user1"?

Ora-00942 when querying object privs

Hi, I have a OEM 9.2 accessing an Oracle 9.2 instance. When querying object privs I get error 942. All else works OK. I have 07_dictionary_accesibility=true and the OEM user has DBA and select any dictionary privs. oms.nohup does not show anything unusual neither dbsnmp.log . Any ideas?

there will still be some sys objects that may throw this

Grant Object Privileges Page

I am running version 3.0.6.6.5 on Solaris 2.6 and using Netscape Navigator 4.51.
On the Grant Object Privileges Page for a database object, the "Add to List" button is in an odd spot (crosses over a border) and does not work unless you click it on the left 1/3 of the button. This is not a problem when using IE 5.
Is this a known bug?
Fran Bailey
EDS - Meredith Account

i logged in as User1 and wrote:
desc dbms_lock
and nothing happened, then i disconnected and connected to db1 as User1 and retry and it was all the same (didn't assign the privilege). then i shut down sql plus and started it again as sys and when ran EXECUTE ON DBMS_LOCK the message is shown:
SP2-0103: Nothing in SQL buffer to run
then i logged in as User1 and repeat the EXECUTE ON DBMS_LOCK command, the same error message is thrown. same happened when tried with desc dbms_lock.
am i doing something wrong or what?

Which view I can query to get the granted objects privilege to a user?

Hi all,
which view I can query to get the granted objects privilege to a user?
for example:
grant execute on accounting.get_name to scott;
Which view has above object granted information?
Thanks

SQL> select * FROM all_tab_privs where grantor = upper('accounting');
no rows selected

Find all system and object privs granted to a user

I need a query to find out all sys and ibject qyery given to a user. This is because a user was able to query all_directories few days ago in production instance, now he is unable to do it.
I found a query to find all roles inside a role. This role "APPS_QUERY_ROLE" has another 25 roles inside it. I want a query which will drill down to each role and "role within a role" to find all privileges associated to a role and hence to the user.

This may be helpful to you :
SYS@orcl> select 'create role ' || role || ';'
2 from dba_roles
3 where role = '&&role';
Enter value for role: APPS_QUERY_ROLE      <------Make sure it should be in CAPS
old   3: where role = '&&role'
new   3: where role = 'APPS_QUERY_ROLE'
no rows selected
SYS@orcl> select 'grant ' || privilege || ' to &&role' ||
2 decode(admin_option,'YES',' with admin option;','NO',';')
3 from role_sys_privs
4 where role = '&&role';
old   1: select 'grant ' || privilege || ' to &&role' ||
new   1: select 'grant ' || privilege || ' to APPS_QUERY_ROLE' ||
old   4: where role = '&&role'
new   4: where role = 'APPS_QUERY_ROLE'
no rows selected
SYS@orcl> select 'grant ' || privilege || ' on ' || owner || '.' || table_name
2 || ' to &&role ' || decode(grantable,'YES','with grant option;','NO',';')
3 from role_tab_privs
4 where role = '&&role';
old   2: || ' to &&role ' || decode(grantable,'YES','with grant option;','NO',';')
new   2: || ' to APPS_QUERY_ROLE ' || decode(grantable,'YES','with grant option;','NO',';')
old   4: where role = '&&role'
new   4: where role = 'APPS_QUERY_ROLE'
no rows selected
SYS@orcl>Source:Re: Help to Generate Role Creation Script
Regards
Girish Sharma

Grants and privs

hi,
i want to grant a user to access all the objects of another user. what privs or roles should i set. and he should not access other schema objects.
for example.
i need to give full access to scott schema to modify,add or drop any objects of hr schema ..
what privs or roles should i give to scott.
he should able to access only hr schema.
regards,
Deepak

no Girish,
i just gota call from one of my dba regarding that he needs to create a user named B and the user B need to access all the objects of USER A(already exists).and he should not access any other users objects. so what privs should be given for user B.?
this this question came from him.. i trhought in many ways,, but not exact..
regards,
Deepak

Grant all privs of one schema

Hi,
how i can grant all previleges for user to another user
say i have 2 user A and B
how we can provide all priveleges to user A on user B
Thnaks

That is not really what you said in your original posting. You really need to be a little clearer on your requirements....
Do you want them to have select, update, delete privileges on all the tables?
Do you want them to be able to do execute on any procedure?
Do you want them to be able to select off of any sequences?
Do you need them to be able to access the tables through synonyms?
No matter what you are doing you can probably create a script through the different objects view that will create its own script to grant whatever you want.
Example:
SQL> connect tsb/password
Connected.
SQL> select 'grant select, update, delete on '||object_name||' to scott;' from user_objects
2 where object_type='TABLE';
'GRANTSELECT,UPDATE,DELETEON'||OBJECT_NAME||'TOSCOTT;'
grant select, update, delete on RATE_FACT_TAB to scott;
grant select, update, delete on DIST_RATE_TAB to scott;
grant select, update, delete on CNFGTR_TDE_DIST_RATE to scott;
grant select, update, delete on TIMSJOBS to scott;
grant select, update, delete on TIMSLOCATIONS to scott;
grant select, update, delete on STAGING_TABLE to scott;
grant select, update, delete on STAGING_TABLE_CBINDS to scott;
grant select, update, delete on STAGING_TABLE_CPLANS to scott;
If you spool this then you can execute these as a script or individually.
You can do similar grants with other object types.
The issue will always be that you could run into problems with things such as nested tables and user defined types.
Regards
Tim

Removing users ability to grant object priviledges

I have a security need where I would like to remove the ability for user A to grant priviledges to user A objects to user B.
We have a complex development shop where developers are creating a nightmare for database security. Is there a means by which all development "grants" must be granted through the DBA ?

If user A owns a particular object, that user by definition has permission to grant privileges on that object. Nothing the DBA can do will prevent this.
Generally, organizations will structure things so that developers are not logging in to the schemas where objects are created, at least not in the production or staging environments. If you have a central schema A that owns objects, and developers have individual schemas B-Z, developers can write code in their own schema and, when it is at an appropriate point, submit the code to the DBA to get added to the central schema A. If you create appropriate synonyms, developers won't need to know (or care) where the actual tables/ packages/ etc are located.
Justin
Distributed Database Consulting, Inc.
http://www.ddbcinc.com/askDDBC

Grant Privileges on schema objects

Hello all,
I need to grant all privs to one user on another user all objects.
I am not findign exact command to do so.
eg: x have y objects.
user z should be able to select,update, delete all x.y objects.
Any help/insight is highly appreciated. !

You have to grant the privileges on an object by object basis.
You can use a bit of dynamic SQL to automate the process (note that I'm only showing the process of granting privileges on tables-- you can write similar bits of code to grant privileges on views and other types of objects as well).
BEGIN
FOR i IN (SELECT * FROM dba_tables where owner = 'X')
LOOP
EXECUTE IMMEDIATE 'grant select, update, delete on x.' || i.table_name || ' to z';
END LOOP;
END;If Z does not need the privileges granted directly, you would probably be better off creating a role, granting the privileges to the role, and then granting the role to Z. That will make it easier in the future if you need to create another user that has the same privileges as Z.
Justin
Edited by: Justin Cave on Oct 15, 2012 11:50 AM

Grant privileges for future object?

Hi all. Need help.
1) Bob grants object priveleges on cars to Anna
2) Anna renames cars to cars_old
3) Anna creates cars .
4) Bob has no privelges to cars:(
How to grant privelges on 'created in future' tables?

Here Demo
test - as Anna
monitor - Bob
Session : As Sys User
SQL>
SQL>
SQL> create user test identified by test default tablespace users quota unlimited on
2 users;
User created.
SQL> create user monitor identified by monitor default tablespace users quota
2 unlimited on users;
User created.
SQL> grant create session, create table, create procedure to test;
Grant succeeded.
SQL> grant create session, create ANY table to monitor;
Grant succeeded.
SQL> create role test_access;
Role created.
SQL>
SQL>
Session : 2
Test User
SQL> create table job_parm_table( job number primary key, tname varchar2(30) )
2 organization index;
Table created.
SQL> create or replace procedure do_grant( p_job in number )
2    as
3            l_rec job_parm_table%rowtype;
4    begin
5            select * into l_rec from job_parm_table where job = p_job;
6            execute immediate 'grant select, insert, update, delete on ' || l_rec.tname || ' to
7 test_access';
8            delete from job_parm_table where job = p_job;
9    end;
10    /
Procedure created.
SQL> grant insert on job_parm_table to sys;
Grant succeeded.
SQL> grant execute on do_grant to sys;
Grant succeeded.
SQL>
Sys User -- SEssion 1
SQL> create table msg ( txt varchar2(255) );
Table created.
SQL> create or replace trigger test_schema_trig
2     before CREATE on database
3     declare
4       l_str varchar2(255);
5       l_job number;
6     begin
7         if ( ora_dict_obj_type = 'TABLE' and ora_dict_obj_owner = 'TEST' )
8           then
9             dbms_job.submit( l_job, 'test.do_grant(JOB);' );
10                     insert into test.job_parm_table( job, tname ) values ( l_job,
11 ora_dict_obj_name );
12         end if;
13     end;
14     /
Trigger created.
SQL>
Test - USer
SQL> create table t1( x int );
Table created.
monitor - User
SQL> create table test.t2(name varchar2(30));
Table created.
Sys User
SQL> select grantee, privilege from dba_tab_privs where owner = 'TEST';
GRANTEE                        PRIVILEGE
SYS                            EXECUTE
SYS                            INSERT
TEST_ACCESS                    DELETE
TEST_ACCESS                    INSERT
TEST_ACCESS                    SELECT
TEST_ACCESS                    UPDATE
TEST_ACCESS                    DELETE
TEST_ACCESS                    INSERT
TEST_ACCESS                    SELECT
TEST_ACCESS                    UPDATE
10 rows selected.
SQL> select * from test.job_parm_table;
no rows selected
{ Code }
- Failed Atlast.. Checking the Code give osm time...
I can access the table's created in "TEST" by monitor got the privlileges.... Successs but one thing is could not able to
find the records in job_parm_table...
Is It Okay with you know...
Problem.. Solved... :-)
- Pavan Kumar N
Edited by: Pavan Kumar on Sep 20, 2008 12:58 AM

Grant Access on .sys owned objects...?

For example purposes, say I need to grant 'Select' to DBA_Users to a role, how is this possible? I'm looking to grant this explicitly and not thru select any dictionary.
Do I need to run the grant statement from the SYS ID? As I have the grant any priv and any obj priv, it seems that will not suffice....
Thanks!

One way to do this is to create a stored procedure owned by a privileged user which has the right to grant the needed privilege. You only need to grant EXECUTE privilege on this procedure to the admin team.
In this example, owner is OPS$ORACLE and admin. user is NEW.
The procedure should make some additional checks according to your security rules.
SQL> show user
USER is "SYS"
SQL> grant select on dba_users to ops$oracle with grant option;
Grant succeeded.
SQL> connect /
Connected.
SQL> show user
USER is "OPS$ORACLE"
SQL> create or replace procedure gs (guser in varchar2)
2 as
3 begin
4 execute immediate 'grant select on sys.dba_users to ' || guser;
5 end;
6 /
Procedure created.
SQL> show errors
No errors.
SQL>
SQL> drop user new;
User dropped.
SQL> drop user old;
User dropped.
SQL> create user old identified by old;
User created.
SQL> grant connect to old;
Grant succeeded.
SQL> create user new identified by new;
User created.
SQL> grant connect to new;
Grant succeeded.
SQL> grant execute on gs to new;
Grant succeeded.
SQL>
SQL> connect new/new
Connected.
SQL> exec ops$oracle.gs('OLD');
PL/SQL procedure successfully completed.
SQL>
SQL> connect old/old
Connected.
SQL> select count(*) from dba_users;
COUNT(*)
33Edited by: P. Forstmann on May 27, 2009 10:21 PM

Question/issue regarding querying for uncommited objects in Toplink...

Hi, was hoping to get some insight into this problem we are encoutering
We have this scenario were we are creating a folder hierarchy (using Toplink)
1. a parent folder is created
2. child elements are created (in the same transaction as step 1),
3. we need to lookup the parent folder and assign it as the parent
of these child elements
4. end the transaction and commit all data
In our system we control access to objects by appending a filter to the selection criteria, so we end up with SQL like this example
(The t2 stuff is the authorization lookup part of the query.) ;
SELECT t0.ID, t0.CLASS_NAME, t0.DESCRIPTION, t0.EDITABLE,
t0.DATE_MODIFIED, t0.DATE_CREATED,
t0.MODIFIED_BY, t0.ACL_ID, t0.NAME, t0.CREATED_BY,
t0.TYPE_ID, t0.WKSP_ID, t1.ID, t1.LINK_SRC_PATH,
t1.ABSOLUTE_PATH, t1.MIME_TYPE, t1.FSIZE,
t1.CONTENT_PATH, t1.PARENT_ID
FROM XDOOBJECT t0, ALL_OBJECT_PRIVILEGES t2,
ARCHIVEOBJECT t1
WHERE ((((t1.ABSOLUTE_PATH = '/favorites/twatson2')
AND ((t1.ID = t2.xdoobject_id)
AND ((t2.user_id = 'twatson2')
AND (bitand(t2.privilege, 2) = 2))))
AND (t1.ID = t0.ID))
AND (t0.CLASS_NAME = 'oracle.xdo.server.repository.model.Archivable'))
When creating new objects we also create the authorization lookup record (which is inserted into a different table.) I can see all the objects are registered in the UOW identity map.
Basically, the issue is that this scenario all occurs in a single transaction and when querying for the newly created parent folder, if the authorization filter is appended to the query, the parent is not found. If I remove the authorization filter then the parent is found correctly. Or if I break this up into separate transactions and commit after each insert, then the parent is found correctly.
I use the conformResultsInUnitOfWork attribute on the queries.
This is related to an earlier thread I have in this discussion forum;
Nested UnitOfWork and reading newly created objects...
Thanks for any help you can provide,
-Tim

Hi Doug, we add the authorization filter directly in the application code as the query is getting set up.
Here are some code examples; 1) the first is the code to create new object in the system, followed by 2) the code to create a new authorization lookup record (which also uses the first code to do the actual Toplink insert), then 3) an example of a read query where the authorization filter is appended to the Expression and after that 4) several helper methods.
I hope this is of some use as it's difficult to show the complete flow in a simple example.
1)
// create new object example
public Object DataAccess.createObject(....
Object result = null;
boolean inTx = true;
UnitOfWork uow = null;
try
SessionContext sc = mScm.getCurrentSessionContext();
uow = TLTransactionManager.getActiveTransaction(sc.getUserId());
if (uow == null)
Session session = TLSessionFactory.getSession();
uow = session.acquireUnitOfWork();
inTx = false;
Object oclone = (Object) uow.registerObject(object);
uow.assignSequenceNumbers();
if (oclone instanceof BaseObject)
BaseObject boclone = (BaseObject)oclone;
Date now = new Date();
boclone.setCreated(now);
boclone.setModified(now);
boclone.setModifiedBy(sc.getUserId());
boclone.setCreatedBy(sc.getUserId());
uow.printRegisteredObjects();
uow.validateObjectSpace();
if (inTx == false) uow.commit();
//just temp, see above
if (true == authorizer.requiresCheck(oclone))
authorizer.grantPrivilege(oclone);
result = oclone;
2)
// Authorizer.grantPrivilege method
public void grantPrivilege(Object object) throws DataAccessException
if (requiresCheck(object) == false)
throw new DataAccessException(
"Object does not implement Securable interface.");
Securable so = (Securable)object;
ModulePrivilege[] privs = so.getDefinedPrivileges();
BigInteger pmask = new BigInteger("0");
for (int i = 0; i < privs.length; i++)
BigInteger pv = PrivilegeManagerFactory.getPrivilegeValue(privs);
pmask = pmask.add(pv);
SessionContext sc = mScm.getCurrentSessionContext();
// the authorization lookup record
ObjectUserPrivilege oup = new ObjectUserPrivilege();
oup.setAclId(so.getAclId());
oup.setPrivileges(pmask);
oup.setUserId(sc.getUserId());
oup.setXdoObjectId(so.getId());
try
// this recurses back to the code snippet from above
mDataAccess.createObject(oup, this);
catch (DataAccessException dae) {
Object[] args = {dae.getClass().toString(), dae.getMessage()};
logger.severe(MessageFormat.format(EXCEPTION_MESSAGE, args));
throw new DataAccessException("Failed to grant object privilege.", dae);
3)
// example Query code
Object object = null;
ExpressionBuilder eb = new ExpressionBuilder();
Expression exp = eb.get(queryKeys[0]).equal(keyValues[0]);
for (int i = 1; i < queryKeys.length; i++)
exp = exp.and(eb.get(queryKeys[i]).equal(keyValues[i]));
// check if need to add authorization filter
if (authorizer.requiresCheck(domainClass) == true)
// this is where the authorization filter is appended to query
exp = exp.and(appendReadFilter());
ReadObjectQuery query = new ReadObjectQuery(domainClass, exp);
SessionContext sc = mScm.getCurrentSessionContext();
if (TLTransactionManager.isInTransaction(sc.getUserId()))
// part of a larger transaction scenario
query.conformResultsInUnitOfWork();
else
// not part of a transaction
query.refreshIdentityMapResult();
query.cascadePrivateParts();
Session session = getSession();
object = session.executeQuery(query);
4)
// builds the authorzation filter
private Expression appendReadFilter()
ExpressionBuilder eb = new ExpressionBuilder();
Expression exp1 = eb.getTable("ALL_OBJECT_PRIVILEGES").getField("xdoobject_id");
Expression exp2 = eb.getTable("ALL_OBJECT_PRIVILEGES").getField("user_id");
Expression exp3 = eb.getTable("ALL_OBJECT_PRIVILEGES").getField("privilege");
Vector args = new Vector();
args.add(READ_PRIVILEGE_VALUE);
Expression exp4 =
exp3.getFunctionWithArguments("bitand",args).equal(READ_PRIVILEGE_VALUE);
SessionContext sc = mScm.getCurrentSessionContext();
return eb.get("ID").equal(exp1).and(exp2.equal(sc.getUserId()).and(exp4));
// helper to get Toplink Session
private Session getSession() throws DataAccessException
SessionContext sc = mScm.getCurrentSessionContext();
Session session = TLTransactionManager.getActiveTransaction(sc.getUserId());
if (session == null)
session = TLSessionFactory.getSession();
return session;
// method of TLTransactionManager, provides easy access to TLSession
// which handles Toplink Sessions and is a singleton
public static UnitOfWork getActiveTransaction(String userId)
throws DataAccessException
TLSession tls = TLSession.getInstance();
return tls.getTransaction(userId);
// the TLSession method, returns the active transaction (UOW)
// or null if none
public UnitOfWork getTransaction(String uid) {
UnitOfWork uow = null;
UowWrapper uw = (UowWrapper)mTransactions.get(uid);
if (uw != null) {
uow = uw.getUow();
return uow;
Thanks!
-Tim

ORA-34492: Analytic workspace object cubename _STORED does not exist.

I am having issues accessing cube data from a user other than where the AW was built.
Following is what I have done in User-1:
1. Create two AW's in User-1 : AW-1 and AW-2.
2. Create all objects in these two AW's
3. AW-2 is dynamically attached on attaching AW-1 by using PERMIT startup programs. Please refer Attaching multiple AW's
4. Refreshed both AW's to load data
5. ALLCOMPILE - no errors.
6. Created some SQL views on User-1 which basically query the underlying cube views. I also have some queries using the olap_table option.
7. All my querries work fine in User-1. I can access data from AW-1 and AW-2.
However, we give access to the above SQL views through an abstract user: User-abs. In 10g, all we did was grant select privs to all the User-1.AW$ tables and also on all the sql views. This would let User-abs get data from the cubes in User-1.
I am not able to get User-abs to do the same in 11g. We encounter an error mentioning that the workspace object <cubename>_STORED does not exist. The cubename it is referring to exists in AW-2.
I granted select privs on all AW$ tables, dimension views, cube views and the abstracted sql views but the error persists.
I tried searching this forum but could not find any helpful leads. Any help will be greatly appreciated.
Thanks!
Database - 11.2.0.1
AWM - 11.2.0.2.0A

I can think of two possible problems. First, you may not be properly qualifying the owner name when you refer to the object. This can be important when refering to objects owned by other schemas. For example instead of 'my_cube_stored' you would say 'user-1.aw-2!my_cube_stored'. You should also be careful about the order in which you attach the AWs. Do you want AW-2 attached first or last? Use the LAST keyword on AW ATTACH to control this.
Another possibility is that you have added additional logic to PERMIT_READ over and above the 'aw attach' comand. I was able to recreate the error with the following code in a new AW called TEST_AW in the GLOBAL schema.
DEFINE PERMIT_READ PROGRAM BOOLEAN
PROGRAM
aw attach global.global
show global.global!units_cube_stored
return true
ENDAttaching TEST_AW in RO mode as any user gives me the following error.
ORA-34492: Analytic workspace object GLOBAL.GLOBAL!UNITS_CUBE_STORED does not
exist.
ORA-06512: at "SYS.DBMS_AW", line 93
ORA-06512: at "SYS.DBMS_AW", line 122
ORA-06512: at line 1Here is the documentation for PERMIT_READ
>
PERMIT_READ
A PERMIT_READ program is a program that you can create and that Oracle OLAP checks for by name when an AW ATTACH read-only command executes. Depending on the value returned by the program, Oracle OLAP executes the code within the program after attaching the analytic workspace. Depending on the statements in the permit_read program the user is granted or denied access to specific objects or sets of object values. Within permit_read program, you can specify PERMIT commands that grant or restrict access to individual workspace objects. All of the objects referred to in a given permit_read must exist in the same analytic workspace.
>
Note, especially, the restriction in the last sentence. This means that a PERMIT_READ program in AW1, for example, cannot refer to objects in AW2. So this is why my PERMIT_READ doesn't work. The AUTOGO does not have these restrictions, but as we know from the forum post you cited, AUTOGO is broken in 11.2.0.1. You can move forward to 11.2.0.2 where AUTOGO is fixed, but there is workaround, which is to add a PERMIT_READ program to the second AW to do the work. For example, if I add this PERMIT_READ to GLOBAL and remove the 'show' command from the PERMIT_READ in TEST_AW, then everything works as expected.
DEFINE PERMIT_READ PROGRAM BOOLEAN
PROGRAM
if aw(attached 'test_aw')
then do
show global.global!units_cube_stored
doend
return true
END

Database Development and Creating Objects in the Enterprise

Hello Everyone,
I have found myself filling the role of DB Developer for a DataMart project in a large enterprise. We are looking at replicating and consolidating multiple schemas in near real-time into an ODS for Reporting and Data Integration purposes. I did a POC locally in DEV to create Materialized Views for this purpose. It seems to work fine, I've got them on Fast Refresh, added a unique identifier etc.
The DBA stated I was granted the Priv to create the MVIEWS bc our vendor requires more PRIVS than is normally allowed for other apps in the Enterprise and it was only done on our server. Now I requested to try the same thing, however on the remote ODS DB over DBLinks. He stated creating objects on the ODS is a 'bad idea' and not allowed without engaging the broader DB group, even for DEv purposes. He also stated that MOST enterprises don't allow creating objects, and only allow DML. Problem is, once we engage that group it could add significant time and money to the project. Which seems silly as I just want to see if it's a feasible option.
Any thoughts on this? Can anyone share experiences regarding what is and is not allowed at the DB level strictly for DEV purposes and not on PROD?
Thanks,
PRAJNA

Thanks for the input jgarry. It does seem they are treating DEV like PROD in this case. Which has the potential to hamper innovation and new ways of doing things, especially in an aging IT environment where we might be stuck in our ways of doing things. It also sounds a bit general and not necessarily the case that 'most companies also don't allow this sort of thing'. I haven't worked in enough shops to say one way or the other however.
Yes, creating a local DBLink would be an option, but I wanted to test this method running across two physical servers ideally. Worth a try though.

Granting object privs

Similar Messages

Maybe you are looking for