Granting SELECT on Tables
Friends
What'd be the simplest way to give an user access to SELECT a table but excluding from it one specific column?
Tks!
Hello KeenOnOracle
Yes.
And it is recommended that you do not use the star-operator for creating views.
Because it is possible to create a view with this "CREATE VIEW view_name AS SELECT * FROM table_name;" -> But it is only in special cases recommended... (Architecture-View)
But because you have to exclude a column so in your case it is no problem. You have to list up your columns in the create command so if you change the structure of the table you have to change your view definition too.
Similar Messages
-
IN A SCHEMA TEST1 THERE ARE 200 PLUS TABLES AND VIEWS.NOW I WANT TO GRANT SELECT ON TABLES AND VIEWS TO TEST2 USER.HOW CAN I GRANT SELECT ON THOSE TABLES AND VIEWS IN BULK INSTED OF GRANTING INDIVIDUALLY.
Any idea?
Thankx...
Sorry for suing cap.letters....That works providing the grantee doesn't want to be able to build stored procedures or (more likely) views on the granted tables...
SQL> conn u1/u1
Connected.
SQL> create role select_u1
2 /
Role created.
SQL> grant select on t1 to select_u1
2 /
Grant succeeded.
SQL> grant select_u1 to u3
2 /
Grant succeeded.
SQL> conn u3/u3
Connected.
SQL> select * from u1.t1
2 /
COL1
1
SQL> create view my_view as
2 select * from u1.t1
3 /
select * from u1.t1
ERROR at line 2:
ORA-01031: insufficient privileges
SQL> As it happens, we know from the OP's other thread that they want a read only user, so perhaps the role will suffice. But they still need to grant selects on 200 objects to the role, so the automation will still come in handy :)
Cheers, APC -
Making new user & granting select any table privilages
I want to make a new user account who have only select all tables privilages, i am trying this but it not working, please make correction...
SQL> create user aaa identified aaabbbccc;
SQL> grant connect, select any table to aaa;
But its not working.......Plz forward the right commands...When you create new user, it has PUBLIC role privilegesPeter, what do you mean exactly ? The following is an extract from 10.2 documentation :
When you create a user with the CREATE USER statement, the user's privilege domain is empty. To log on to Oracle Database, a user must have the CREATE SESSION system privilege. Therefore, after creating a user, you should grant the user at least the CREATE SESSION system privilege. -
How to GRANT SELECT on all the tables in 1 go?
Hi
I have many tables (close to 200) in my Schema. I want to grant SELECT ON ALL TABLES to another user. How do I achieve this in one go?
Thanking you in advance,
...Although Justin has given a wonderful answer. You might also review the following threads;
Grant select on a schema
Re: Grant select on a schema
grant select on
grant select on
grant select on tables
Re: grant select on tables
Adith -
GRANT SELECT to TEMP(by procedure)..... ALL tables and views of OWNER....
hi ,
I want to privelege only Grant SELECT ALL tables,views....
I have written A procedure.....given below....
CREATE OR REPLACE PROCEDURE GRANT_SELECT_ALL_PROC
IS
l_obj VARCHAR2(60);
l_obj_type VARCHAR2(60);
CURSOR Cur_Obj IS
SELECT OBJECT_NAME,OBJECT_TYPE
FROM USER_OBJECTS
WHERE USER ='OWNER';
BEGIN
For i in Cur_Obj Loop
l_obj := i.OBJECT_NAME;
l_obj_type := i.OBJECT_TYPE;
IF l_obj_type IN ('TABLE','VIEW')
THEN
EXECUTE IMMEDIATE 'GRANT SELECT ON' || l_obj ||'TO TEMP’;
ELSIF l_obj_type IN('FUNCTION','PROCEDURE','PACKAGE') THEN
EXECUTE IMMEDIATE 'GRANT EXECUTE ON'|| l_obj ||'TO TEMP’;
END IF;
END LOOP;
END GRANT_SELECT_ALL_PROC;
procedure is working fine.....
OWNER there are some table and views......
But After creation of User name TEMp....
When I m giving GRANT SELECT to TEMP(by procedure)..... ALL tables and views of OWNER....
when I coonecte to TEMP...
Not getting table,view List...
not even data of table or Views.....
can anybdy help me.......advance thanx ...
sanjayhi ,
I want to privelege only Grant SELECT ALL
tables,views....
have written A procedure.....given below....
CREATE OR REPLACE PROCEDURE GRANT_SELECT_ALL_PROC
IS
l_obj VARCHAR2(60);
l_obj_type VARCHAR2(60);
CURSOR Cur_Obj IS
SELECT OBJECT_NAME,OBJECT_TYPE
FROM USER_OBJECTS
WHERE USER ='OWNER';
BEGIN
For i in Cur_Obj Loop
l_obj := i.OBJECT_NAME;
l_obj_type := i.OBJECT_TYPE;
IF l_obj_type IN ('TABLE','VIEW')
THEN
EXECUTE IMMEDIATE 'GRANT SELECT ON' || l_obj ||'TO
TEMP’;
ELSIF l_obj_type IN('FUNCTION','PROCEDURE','PACKAGE')
THEN
EXECUTE IMMEDIATE 'GRANT EXECUTE ON'|| l_obj ||'TO
TEMP’;
END IF;
END LOOP;
END GRANT_SELECT_ALL_PROC;
procedure is working fine.....
OWNER there are some table and views......
But After creation of User name TEMp....
When I m giving GRANT SELECT to TEMP(by
procedure)..... ALL tables and views of OWNER....
when I coonecte to TEMP...
Not getting table,view List...
not even data of table or Views.....
can anybdy help me.......advance thanx ...
sanjayQuery SELECT * FROM USER_TAB_PRIVS_MADE from the user from which you are executing the procedure
and Query SELECT * FROM USER_TAB_PRIVS_RECD from the TEMP user. -
Is there a direct SQL to grant select on all tables in the schema for a user? Or do we need to write a PLSQL for this?
Also, if a new table T1 is created or existing table T2 is dropped and recreated after granting the select all privilege, will the user have access to T1 and T2?
thanksIs there a direct SQL to grant select on all tables
in the schema for a user? Or do we need to write a
PLSQL for this?There is no privilege that would give user A access to all the tables in schema B. You would need to grant access to each object, which can certainly be done via dynamic SQL in PL/SQL.
There is a privilege SELECT ANY TABLE which allows the user to query any table in the system, but this is generally very dangerous and probably not something you would want to give a normal user.
Also, if a new table T1 is created or existing table
T2 is dropped and recreated after granting the select
all privilege, will the user have access to T1 and
T2?Unless you grant SELECT ANY TABLE, you would need to explicitly grant A access to any new tables created in schema B (or to tables after they are dropped and re-created). Potentially, you could create a DDL trigger that submitted a job that would, in turn, make the grant whenever a new table was created in schema B.
Justin -
ORA-01720 while trying to grant select on a view
Hi Friends,
Iam getting the following error while trying to grant select privilege for the view to SchemaB, i have the view in schemaA.
I have used the tables from both the schema for creating the view and iam getting the error on showing a particular table
ORA-01720: grant option does not exist for 'schemaB.Product'.
I have looked into so many forums but i couldn't find the answer for my question.
I must have to create the view in the Schema A only(strictly), as i seen in some forums stated that while creating the view in the other schema and granting the select privilege will solve the problem.But it was an exception to me ...
Tell me something how can i proceed in this .....grant select on t1 to seconduser with admin optionNo. WITH ADMIN OPTION applies to system privileges only. Object privileges need the WITH GRANT OPTION ...
SQL> grant select on joe_soap.some_table to apc with admin option
2 /
grant select on joe_soap.some_table to apc with admin option
ERROR at line 1:
ORA-00993: missing GRANT keyword
SQL> grant select any table to apc with admin option
2 /
Grant succeeded.
SQL> grant select on joe_soap.some_table to apc with grant option
2 /
Grant succeeded.
SQL> Cheers, APC -
Set Grant Permission to table in Access Database
Hello All,
How to set grant permission in Access 2003 Database. I am using Microsoft ACE OLEDB 12.0 Connection String, Using System.Data.OleDb Component and want to set Grant DELETE, INSERT, PROCEDURE, SELECT, UPDATE ON MSysObjects TO Admin
Best Regard
Xan ToHello Kevin And Paul
I have tried what you all say, but I get an error like this
this my code:
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Dim Builder As New OleDb.OleDbConnectionStringBuilder
Try
With Builder
.Provider = "Microsoft.ACE.OLEDB.12.0"
.DataSource = "C:\Users\Xan To\Desktop\Test.mdb"
End With
'Using cn As New OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Xan To\Desktop\Test.mdb; Jet OLEDB:System Database=system.mdw;")
Using cn As New OleDb.OleDbConnection
With cn
.ConnectionString = Builder.ConnectionString
End With
Using cmd As New OleDb.OleDbCommand
With cmd
.Connection = cn
.CommandText = "GRANT SELECT ON TABLE MSysObjects TO Admin"
End With
cn.Open()
cmd.ExecuteNonQuery()
End Using
End Using
Catch ex As Exception
MessageBox.Show(ex.ToString)
End Try
End Sub -
I want to grant select privileges on all tables and views belonging to database xyz to the user abc.
What's the best way to do that?
Message was edited by: Diarmuid - 11/07/07
user580522I beg to differ. Of course OP can try to 'GRANT SELECT ANY TABLE'. It's just a matter of his own privileges if he succeeds or not.
To OP: Reading about GRANT might help:
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#i2077938
Note this part from the docs:
To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege. -
Grant SELECT on all APPS objects to Custom schema
Hi All,
My requirement is to GRANT SELECT privileges on all Objects from APPS schema to a custom schema say XXTEST.
I am OK, if there are multiple privileges to be granted (i.e. separate ones for TABLES,SYNONYMS,PACKAGES).
I basically want to refer all APPS objects from XXTEST, without any schema prefix.
I read about GRANT SELECT ANY TABLE, and it looks like I can access any schema objects from it.
But I would like to know if I can grant from a particular schema alone.
Thanks.Kavipriya wrote:
I came across a privilege like 'SELECT ANY DICTIONARY', from which I can access all dictionary related tables without schema prefix. So am looking for something similar for APPS objects.Problem is, something similar for APPS objects does not exist. It's simply not there. You need to grant 'ANY' privileges, which means you'll be allowing the user to all the tables in the database, which is almost certainly not what you want, or you need to do individual grants.
As I mentioned before, you can write SQL that will generate the GRANT statements for you, so you don't need to do it yourself.
For example:
select 'grant select on '||owner.table_name||'to some_user;' from dba_tables where owner='APPS';And then execute the output of that query, which will be a bunch of GRANT statements.
Hope that helps,
-Mark -
Grant Select, need help fast!!!!
heres my question, i created several tables and i want to be able to give someone else access to them. i only want them to be able to run queries, table descriptions, table data, views. i dont want them to be able to modify any of the tables. heres what i think i should type at sql prompt:
sql> GRANT SELECT ON <table name> TO <user name>;
is that correct?
thanks in advance.
dannyHi,
You have created a table 'TEST'.
If you want to give access to ALL the users and if you have DBA privilege you can create a public synonym. It can be created in the same name i.e 'TEST'
CREATE PUBLIC SYNONYM TEST FOR TEST
GRANT SELECT ON TEST TO PUBLIC
If you want to give access only to ONE user and if you don't have DBA privilege then you can create private synonym. The synonym name should be different from table name . ie 'TEST1'
CREATE SYNONYM TEST1 FOR TEST
GRANT SELECT ON TEST1 TO <Any other User>
Hope this will solve your problem.
Rgds,
Venky. -
Insufficient privileges/can not grant to create tables
I have just created database..
Connected as SYS I tried to Create user/schema as following:
CREATE USER "xsales" PROFILE "DEFAULT" IDENTIFIED BY "*******" ACCOUNT UNLOCK
GRANT "CONNECT" TO "ABDO"
Trying to create tables I recieved:
Failed to commit: ORA-01950: no privileges on tablespace 'USERS'
Then I tried to grant CREATE ANY TABLES to the user xsales to enable it to
run the script of create tables,but I recieved
ORA-01917: user or role 'abdo' does not exist
although I connected with xsales succefully
Can anyone help?the user name is correct .....
I ran the following script succefully:
CREATE USER xsales PROFILE "DEFAULT" IDENTIFIED BY "********" ACCOUNT UNLOCK;
GRANT "CONNECT" TO xsales;
GRANT ALTER ANY CLUSTER TO XSALES;
GRANT ALTER ANY DIMENSION TO XSALES;
GRANT ALTER ANY INDEX TO XSALES;
GRANT ALTER ANY INDEXTYPE TO XSALES;
GRANT ALTER ANY MATERIALIZED VIEW TO XSALES;
GRANT ALTER ANY PROCEDURE TO XSALES;
GRANT ALTER ANY TABLE TO XSALES;
GRANT ALTER TABLESPACE TO XSALES;
GRANT ALTER USER TO XSALES;
GRANT ANALYZE ANY DICTIONARY TO XSALES;
GRANT CREATE ANY CLUSTER TO XSALES;
GRANT CREATE ANY DIMENSION TO XSALES;
GRANT CREATE ANY INDEX TO XSALES;
GRANT CREATE ANY INDEXTYPE TO XSALES;
GRANT CREATE ANY MATERIALIZED VIEW TO XSALES;
GRANT CREATE ANY PROCEDURE TO XSALES;
GRANT CREATE ANY TABLE TO XSALES;
GRANT CREATE ANY VIEW TO XSALES;
GRANT CREATE CLUSTER TO XSALES;
GRANT CREATE DATABASE LINK TO XSALES;
GRANT CREATE DIMENSION TO XSALES;
GRANT CREATE INDEXTYPE TO XSALES;
GRANT CREATE MATERIALIZED VIEW TO XSALES;
GRANT CREATE PROCEDURE TO XSALES;
GRANT CREATE PUBLIC DATABASE LINK TO XSALES;
GRANT CREATE TABLE TO XSALES;
GRANT CREATE TABLESPACE TO XSALES;
GRANT CREATE USER TO XSALES;
GRANT CREATE VIEW TO XSALES;
GRANT DELETE ANY TABLE TO XSALES;
GRANT DROP ANY CLUSTER TO XSALES;
GRANT DROP ANY DIMENSION TO XSALES;
GRANT DROP ANY INDEX TO XSALES;
GRANT DROP ANY INDEXTYPE TO XSALES;
GRANT DROP ANY MATERIALIZED VIEW TO XSALES;
GRANT DROP ANY PROCEDURE TO XSALES;
GRANT DROP ANY TABLE TO XSALES;
GRANT DROP ANY VIEW TO XSALES;
GRANT DROP PUBLIC DATABASE LINK TO XSALES;
GRANT DROP TABLESPACE TO XSALES;
GRANT DROP USER TO XSALES;
GRANT EXECUTE ANY INDEXTYPE TO XSALES;
GRANT EXECUTE ANY PROCEDURE TO XSALES;
GRANT EXPORT FULL DATABASE TO XSALES;
GRANT GLOBAL QUERY REWRITE TO XSALES;
GRANT GRANT ANY OBJECT PRIVILEGE TO XSALES;
GRANT GRANT ANY PRIVILEGE TO XSALES;
GRANT IMPORT FULL DATABASE TO XSALES;
GRANT INSERT ANY TABLE TO XSALES;
GRANT LOCK ANY TABLE TO XSALES;
GRANT MANAGE SCHEDULER TO XSALES;
GRANT MANAGE TABLESPACE TO XSALES;
GRANT QUERY REWRITE TO XSALES;
GRANT SELECT ANY DICTIONARY TO XSALES;
GRANT SELECT ANY TABLE TO XSALES;
GRANT SELECT ANY TRANSACTION TO XSALES;
GRANT SYSDBA TO XSALES;
GRANT CREATE SESSION TO XSALES;
GRANT UPDATE ANY TABLE TO XSALES;
Then I logged as XSALES to try to CREATE TABLES, still I got:
SQL> CONN XSALES/**********@ORACLE
Connected.
SQL> CREATE TABLE PROD(ID number(6));
CREATE TABLE PROD(ID number(6))
ERROR at line 1:
ORA-01950: no privileges on tablespace 'USERS'
How I can solve that? -
Grant select privilege to specific columns on a table to user in Oracle 9i
Can anyone tell me how to grant select privilege to a user for specific columns in a table?
I have tried the following statement
GRANT SELECT (EMP_ID) ON EMP TO USER1
But it's not working and I am getting this error "Missing ON Keyword".
Please anyone tell me how to grant select privilege for specific columns.
Edited by: 899045 on Nov 24, 2011 7:03 AM899045 wrote:
Can anyone tell me how to grant select privilege to a user for specific columns in a table?
I have tried the following statement
GRANT SELECT (EMP_ID) ON EMP TO USER1
But it's not working and I am getting this error "Missing ON Keyword".
Please anyone tell me how to grant select privilege for specific columns.
Edited by: 899045 on Nov 24, 2011 7:03 AMFrom the 9.2 SQL Reference manual, found at tahiti.oracle.com (http://docs.oracle.com/cd/B10501_01/server.920/a96540/statements_912a.htm#2062456)
*"You can specify columns only when granting the INSERT, REFERENCES, or UPDATE privilege. "* -
Select Grant on local Table to the Remote Oracle User
How Can we Give a SELECT Grant on a Specific Table to the Remote Oracle User.
IIRC, the remote user accesses local objects via a schema on the local database. That suggests you need to grant SELECT on the local table to the local schema that the remote user connects by.
-
How to avoid a table to be selected by a user with 'select any table' grant
Hello,
I want a table to be non selectable for a particular user even if that user has a 'select any table' grant.
either the query can return no rows or an error message, it doesn't matter.
how can I achieve this with a standard database configuration? I mean I am not allowed to use any tool of Oracle like vault etc..
thanks in advance...Fine-grained access control (aka VPD, more or less) is part of Enterprise Edition. It is not a separate tool. See Oracle Database Editions
You can read about it here Using Oracle Virtual Private Database to&nbsp;Control&nbsp;Data Access
The main thing to understand is the predicte-generating function, and all the opportunities there. This example is from a presentation I once gave to a local Oracle users group.
The policy (not shown) specifies FGAC_PKG.FGAC_PREDICATE_FNC as the predicate-generating function. If the user has role FGAC_DEMO_ALL_COMPANIES_ROLE then his view is not restricted; if his username does not appear in the COMPANY_AUTHORIZATION table he will get an error when querying the protected table; otherwise he will be restricted to see only the companies he is authorized for. So this has some elements that may be useful to you.
CREATE OR REPLACE PACKAGE BODY FGAC_DEMO_SCHEMA.FGAC_PKG AS
FUNCTION FORCE_FGAC_ERROR_FNC (in_object VARCHAR2) RETURN NUMBER IS
e_not_authorized exception;
PRAGMA exception_init(e_not_authorized, -20667);
BEGIN
RAISE e_not_authorized;
RETURN (-1); -- will NEVER get here (have already raised an error)
EXCEPTION
WHEN e_not_authorized then
RAISE_APPLICATION_ERROR (sqlcode,
sqlerrm||'Access to '|| in_object ||
' requires access to at least one company, but none have been authorized.' );
END FORCE_FGAC_ERROR_FNC;
FUNCTION FGAC_PREDICATE_FNC (in_schema VARCHAR2, in_object VARCHAR2)
RETURN VARCHAR2
IS
out_predicate VARCHAR2 (400);
c_filter_predicate constant varchar2(400) :=
'COMPANY_ID IN (SELECT COMPANY_ID FROM COMPANY_AUTHORIZATION '||
'WHERE USER_NAME = USER)';
c_bypass_filtering_role VARCHAR2(30) := 'FGAC_DEMO_ALL_COMPANIES_ROLE';
v_authorization_count NUMBER;
c_error_predicate constant varchar2(400) :=
'FGAC_DEMO_SCHEMA.FGAC_PKG.FORCE_FGAC_ERROR_FNC('''||
in_schema||'.'||in_object||''') = 0';
BEGIN
IF DBMS_SESSION.is_role_enabled (c_bypass_filtering_role) THEN
out_predicate := NULL;
ELSE
SELECT COUNT(*) INTO v_authorization_count
FROM COMPANY_AUTHORIZATION
WHERE USER_NAME = USER;
IF v_authorization_count = 0 then
out_predicate := c_error_predicate;
ELSE
out_predicate := c_filter_predicate;
END IF;
END IF;
RETURN out_predicate;
END FGAC_PREDICATE_FNC;
END FGAC_PKG;
Maybe you are looking for
-
I purchased tv shows for my son over 4th of July weekend from iTunes on my iPad...he has been watching with no problem...yesterday I backed up my iPad and the videos were taken off while I was syncing it. Error coming up states " warning some of the
-
In a particular case the PHP session_start doesn't work
If I type an URL e.g. www.vdh-lelystad.nl the PHP session_start() does work very well. All the SESSION variables are available trhoughout the website visit.<br /> If I type URL vdh-lelystad.nl (without www.) no PHP session_start() will be there. No S
-
Hi, I have a requirement of an extranet solution (ASP model) where many customer will be connected to a central site. The spoke sites do not talk to each other, not even through the central site. One option is to use 1 VRF at the central site and imp
-
Does Adobe sell a web embedded flash player
I need to embed a flash player into a website. As the flash player will enable my client to play nearly all formats. The problem is that Adobe do not sell a player. Why not? Geoff
-
Can not delete outbox item on PC
there are several items in the folder: Nokia phone Browser-〉Nokia N70-〉Messages-〉Outbox, and they can not be deleted on my pc, however, my N70 phone has no these items! I can use other functions normally,such as send sms on PC via usb connection, can