Grants issue !!

Similar Messages

• Object granting issues 11g

  We are in the process of migrating to 11.2.0.2 RAC/ASM on new hardware from 10.2.0.4 RAC/OCFS2 ... as such I am migrating my entire database using Data Pump Export/Import. Everything seems to have come over fine and the only errors I see in my import logs are related to objects already existing in the SYS schema. Now to my issue ...
  I have an object GN.UNPOST_JOURNAL_ENTRY ... execute rights on this object have been given to the role GL_ADMIN. This role has been then granted to my non admin SCARLSON user account. In our 10.2.0.4 system this works just fine ... but in our 11g system I am unable to execute this procedure. In fact the only way I am able to see the procedure is to grant my SCARLSON account execute rights directly or grant my SCARLSON account the system privelege of "EXECUTE ANY PROCEDURE" ...
  I have already completely deleted DB instance, recreated my instance, ran my export/import, removed the object, roles, groups, and grants no less than 20 times at this point with the same results ... has anyone ran into this issue before or does anyone have an idea of what to start looking into first?

  Is the role password protected ? You can check with :
  select * from dba_roles where role = 'GL_ADMIN';Password protected roles are no more enabled by default since 10.2.0.5: see Oracle Patchset 10.2.0.5.0 impact on password enabled roles

• Grant issue for oracle package LT_EXPORT_PKG

  Hi,
  I am having oracle 10g with version 10.2.0.4
  While giving execute grant on "LT_EXPORT_PKG" to one of my schema it gives error :
  USING SYS USER:
  GRANT EXECUTE ON LT_EXPORT_PKG TO <SCHEMA-NAME>;
  ERROR at line 1:
  ORA-04042: procedure, function, package, or package body does not exist
  i checked package "LT_EXPORT_PKG " in "sys" user it gives below result:
  SQL> select owner,object_name,status from dba_objects where OWNER = 'SYS' and OBJECT_NAME = 'LT_EXPORT_PK
  G';
  no rows selected
  SQL>
  the same script executes successfully on oracle 10g with version 10.2.0.1.
  How to rectify this issue now.

  mohsin javed wrote:
  Hi,
  I am having oracle 10g with version 10.2.0.4
  While giving execute grant on "LT_EXPORT_PKG" to one of my schema it gives error :
  USING SYS USER:
  GRANT EXECUTE ON LT_EXPORT_PKG TO <SCHEMA-NAME>;
  ERROR at line 1:
  ORA-04042: procedure, function, package, or package body does not exist
  i checked package "LT_EXPORT_PKG " in "sys" user it gives below result:
  SQL> select owner,object_name,status from dba_objects where OWNER = 'SYS' and OBJECT_NAME = 'LT_EXPORT_PK
  G';
  no rows selected
  SQL>
  the same script executes successfully on oracle 10g with version 10.2.0.1.
  How to rectify this issue now.
  Hi,
  That is because the package does not exist, you have select from dba_objects and nothing returned so the object does not exist
  If the package exist in 10.2.0.1 then simply copy and create it in 10.2.0.4
  Cheers

• Role granting issue

  Hi,
  I have created one role with some system privileges like create any table,dubug any procedure etc and with some object prvileges like select grant on DBA_TABLES, DBA_JOBS etc. Now I have granted the role to a different user where I have written a package which consist of few procedures, one of the procedures in package spec like below :
  PROCEDURE REGISTER (
  p_Owner IN ORBIT_DELTA_CNTL.OWNER%TYPE,
  p_Object IN ORBIT_DELTA_CNTL.NAME%TYPE,
  p_Type IN ORBIT_DELTA_CNTL.OBJECT_TYPE%TYPE,
  p_RefreshInterval IN DBA_JOBS.INTERVAL%TYPE,
  p_PurgeInterval IN DBA_JOBS.INTERVAL%TYPE,
  p_Tablespace IN DBA_TABLES.TABLESPACE_NAME%TYPE DEFAULT NULL
  which throws a error during compilation "PLS-00201: identifier 'DBA_JOBS' must be declared". Can any one please explain why this error is coming though I have granted the role to that user.
  Regards,
  Koushik

  Koushik,
  The reason is probably dependencies related. When an object gets invalid, all dependent objects get invalid et cetera. When objects could be valid because of a grant via a role, this means that an object could get invalid by revoking a grant from a role. Because granting user access via a role should not make big parts of the database invalid, it is only allowed via direct grants.
  Regards,
  Rob.

• Grant issue  .DBMS_SESSION

  Hi
  I create a procedure but get this error.
  i have given my user
  SQL> grant ALTER SESSION to UMESH;
  Grant succeeded.
  SQL> GRANT CREATE ANY CONTEXT TO UMESH;
  Grant succeeded.
  SQL> grant create session to umesh;
  Grant succeeded.
  SQL> grant create any context to umesh;
  Grant succeeded.
  SQL> grant create table to umesh;
  Grant succeeded.
  SQL>
  SQL>
  SQL> grant execute on dbms_rls to umesh;
  Grant succeeded.
  SQL> grant execute on dbms_session to umesh;
  Grant succeeded.
  CREATE OR REPLACE package body SearcProduct_Pkg  is
  procedure SearchProVar(PCode in varchar2, Storeid in number,Usertype in varchar2) is
  begin
  dbms_session.set_context(
  namespace => 'paramsNew1', attribute => 'PCode', value => PCode);
  dbms_session.set_context(
  namespace => 'paramsNew1', attribute => 'Storeid', value => Storeid);
  dbms_session.set_context(
  namespace => 'paramsNew1', attribute => 'Usertype', value => Usertype);
  dbms_output.put_line('pcode is'||PCode);
  end SearchProVar;
  end SearcProduct_Pkg;
  when i execute it
  like
  SQL>  DECLARE
    2     PCODE VARCHAR2(200);
    3     STOREID NUMBER;
    4     USERTYPE VARCHAR2(200);
    5
    6   BEGIN
    7     PCODE := '655454';
    8     STOREID := 5030;
    9     USERTYPE := NULL;
  10
  11     UMESH.SEARCPRODUCT_PKG.SEARCHPROVAR ( PCODE, STOREID, USERTYPE );
  12   END;
  13   /
  DECLARE
  ERROR at line 1:
  ORA-01031: insufficient privileges
  ORA-06512: at "SYS.DBMS_SESSION", line 82
  ORA-06512: at "UMESH.SEARCPRODUCT_PKG", line 4
  ORA-06512: at line 11
  thanks.

  Sir
  i made this package and this pages is used in a view which is
  CREATE OR REPLACE VIEW SEARCHPRODUCT_VIEW ( ITEM_ID,
  PRODUCT_ID, PRODUCT_NAME, OPT1, OPT1VALUE,
  OPT2, OPT2VALUE, PRICE, ASL
  ) AS Select b.Item_id,b.Product_id,a.Product_name,
  (select attribute_name from attribute_master where attribute_id=(select attribute_id from attribute_property where property_id=b.Color) and rownum=1) as opt1,
  (select attribute_property from attribute_property where property_id=b.Color) as opt1value,
  (select attribute_name from attribute_master where attribute_id=(select attribute_id from attribute_property where property_id=b.size1)and rownum=1) as opt2,
  (select attribute_property from attribute_property where property_id=b.Size1) AS opt2value,
  ((case when upper(sys_context('paramsNew1', 'Usertype'))='W' then b.WHOLE_SELL_PRICE
  when upper(sys_context('paramsNew1', 'Usertype'))='R' then b.RETAILER_PRICE
  end )+b.extra_price)  as Price
  ,b.Actual_stock_level as ASL from product_master a,product_detail b where a.p_id=b.p_id and Upper(a.product_id) like  Upper('%'||sys_context('paramsNew1', 'PCode') || '%' ) and a.Storeid=to_number(sys_context('paramsNew1', 'Storeid'))i think i need to give some permission on this view
  but don't know what to give
  thanks

• Grants issue while PO creation in SRM for accepted bid in PPS process

  Hi All,
  We have PPS process, while creating of PO for the accepted BID, PO is saved with following error,
  Line 1: Grant 5612100020 does not exist
  when i go through the threads in SDN, it is mentioned we need to activate Grants in R3 system.
  1, Is it necessary to activate the Grants in R3?,
  2,  is there any other alternate solution for this?
  3, or If we activate Grants in R3, what will be the impact?
  Best Regards,
  Raju

  Hi Muthu/Virendra and other xperts,
  Any suggestions?

• Grant issue with Monitoring Sessions

  I've searched high and low for the answer to this. I get an error when trying to Monitor Sessions (table/view don't exist) and that I need select grants on these objects:
  V$SESSION to beadiadbo, V$PROCESS, V$SESS_IO, V$SESSION_WAIT, V$SESSION_EVENT, V$ACCESS, V$SESSSTAT, V$STATNAME, V$OPEN_CURSOR, V$SQL, V$LOCK, V$SESSION_LONGOPS, SYS.V_$TRANSACTION, SYS.V_$ROLLNAME, V$SQLTEST_WITH_NEWLINES
  I've given SELECT grant to the user, but still get the error. Am I missing any other privileges?
  Much appreciated,
  Adam

  Hi Adam,
  According to the following forum search hit (monitor AND sessions), try GRANT SELECT ANY DICTIONARY:
  Monitor Sessions
  MONITOR SESSIONS on a user with just CONNECT, RESOURCE role grants will fail. Adding SELECT ANY DICTIONARY fixes it.
  Getting any finer grained than that gets hairy, e.g., doing a sql trace on your session to see which dictionary views get referenced.
  Regards,
  Gary Graham
  SQL Developer Team

• Procedure grant issue

  I have 2 schema (schema1 and schema2) in same databaase.if I create following procedure in schema1 for selecting a tale in schema2.
  CREATE OR REPLACE PROCEDURE schema1.select_test
  AUTHID CURRENT_USER as
  v_test number;
  BEGIN
  select count(*)
  into v_test
  from schema2.table1;
  end;
  I created a role called SCH1_ROLE for schema1 and granted access of table1 to this role from schema2 but still if I compile the procedure it is saying table does not exist.Please help.

  This question is asked many times per week, though there is a plethora of resources available answering it.
  Roles are disabled during compilation of stored procedures, as roles are volatile.
  There are three solutions to this in order of preference.
  1 Make sure the owner of the procedure equals the owner of the table, grant execute privilege on the procedure.
  This is called encapsulation
  2 Create the procedure with the authid current_user pragma. However this will result in a parse the procedure is invoked for the first time
  3 NOT preferred: grant SELECT privilege on the procedure directly, not using roles. This will result in a myriad of grants.
  Solution 1 is the best solution.
  Sybrand Bakker
  Senior Oracle DBA

• Procedure Issue (Table/View Doesn't Exist)

  Hi,
  I am running procedure its giving error (table/view doesn't exist) but if i run plsql block then noo error. Please note there is no grants issue.
  please see.
  1) Successfull case:
  BEGIN
  EXECUTE IMMEDIATE 'TRUNCATE TABLE BILLPRO.LRDA1';
  EXECUTE IMMEDIATE 'TRUNCATE TABLE BILLPRO.LRDA2';
  EXECUTE IMMEDIATE 'TRUNCATE TABLE BILLPRO.LINERENTDISCOUNTB';
  END;
  2)Un-Successfull case: Table / View doesnt exist.
  CREATE OR REPLACE PROCEDURE mobi_test AS
  BEGIN
  EXECUTE IMMEDIATE 'TRUNCATE TABLE BILLPRO.LRDA1';
  EXECUTE IMMEDIATE 'TRUNCATE TABLE BILLPRO.LRDA2';
  EXECUTE IMMEDIATE 'TRUNCATE TABLE BILLPRO.LINERENTDISCOUNTB';
  END;
  BEGIN
  mobi_test;
  END;
  Any help.
  Regards,
  Irfan Ahmad

  The problem is that your grants for your user to be able to truncate those tables is given through a role. An anonymous block will use role based permissions so you're ok that way. But when it's a stored procedure, role based permissions don't apply.
  To solve it, grant delete/truncate permissions to that user directly.

• GRANT question

  I have some questions regarding GRANT.
  Is GRANT issued on the table or the synonym for other users to be able to access the table.?
  Should the table name and synonym name always be the same?
  I have 2 schemas - S1 and S2. S1 and S2 should alternatively access the tables from S3 schema (one month S1 should access all S3 tables and next month S2 should access all S3 tables and so on). What is the best way to do this? Should I revoke access to S1, Grant access to S2, and so on every time?
  thanks

  GRANT gives permission to use a resource in a specific way.
  You may grant me access to a table in read-only mode, or in read-write mode. You may grant me permission to execute a stored procedure.
  A synonym is an alternate name for a resource. It is NOT the resource itself. You can use this alternate name as the method of 'getting to' the resource.
  For example: let's say your name is Robert. My nickname for you might be 'Bob'. When I search for you in my personal contact manager, I may do so using either Robert or Bob. Either way, it gets to Robert - the 'legal name'.
  Also confusing (and irritating) is that the synonym is owned either by the user creating the synonym or by public. That is to say - the synonym 'Bob' belongs to me ... it is MY synonym for you 'Robert'. So if I loan $20 to Bob, the loan points to the person whom I have nicknamed Bob. You could also have a nickname 'Bob' pointing to someone completely different.
  In answer to your questions:
  1) if I use the synonym to perform a GRANT, the synonym is resolved first and replaced by the table/view/stored-procedure and then the GRANT is issued against the referenced resource.
  2) as an alias, nickname, alternate name, a synonym should be chosen to minimize confusion and enhance maintenance. That may mean using the same name as the resource. Or it may mean deciphering the resource to make it easier to remember. Whatever the plan, document it and use it consistently.
  You may want to review the CREATE SYNONYM and GRANT sections of the Oracle SQL Reference manual at http://download-east.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#i2155015

• Discoverer Plus 10gR2 not show data when the script of view have package

  Hi my friends.
  I have a problem with discoverer plus, I don't know is a problem or I'm doing something wrong.
  I have a four views, the views containg in the SELECT stament and WHERE clause packages, example:
  SELECT d.price,
  d.total,
  d.min,
  d.mx,
  TO_CHAR (SYSDATE, 'q') quarter,
  d.fid,
  k_xdcd_qry.f_xdc_obt_price (d.prod, d.id) --> package
  k_xpxpd_qry.f_xpeds_salary_ca_u (
  d.prod,
  d.id) xp --> package
  FROM px_prices_proc c,
  xp_sla_max d,
  xmp_sla_puc b
  WHERE a.prod = b.prod
  AND a.id = b.id
  AND a.prod = k_xps_tools.f_obt_prod --> package
  When I used the views on discoverer plus for construct the report, when execute the query not show data.
  Appreciate it if you could help or tell me I'm doing wrong or does not support Discoverer Plus package execution.

  Hi Tux,
  This appears to be a grant issue. Apparently, you have granted execute with respect to this package to the EUL owner or the view would not have compiled. If you have not given EUL owner the grant option, I would recommend doing this as well.
  This appears to be an Oracle APPS EUL (tell me if I am wrong). If this is the case, it goes without saying that APPS will need to be granted the execute privilege.
  Also, by default, a stored package executes with the privileges of its owner. If your custom package was designed this way, are the objects which it references received the appropriate grant? I assume you tested this, but I am concerned that the line, a.prod = k_xps_tools.f_obt_prod, in the where clause could be resulting in the Null set being returned.
  Patrick

• Unable to edit some functions in APEX Sql Workshop

  Hi
  Users are able to edit some procedures/functions in APEX SQL Work shop. ( Object Browser - functions - EDIT)
  When we press edit we get cursor in the code area and can edit some procedures, But for some procedures when we click edit we don't get cursor in the code area and we are not able to edit the functions/procedures.
  I am using fairfox browser.This is happening with only some. Is there any security.grants issue???
  Thanks
  Sree

  Hi
  This is happening with some procedures, For others this works fine.In IE I get red block in code area.
  EDIT is working for some procedures so I think may not be the browser issue.
  Thanks
  Sree

• Rolling back from OIM version 11g to 9.1.0.2

  Experts,
  OIM version upgrade from 9.1.0.2 to 11g(11.1.1.5) need to be rolled back due to some error.
  Just wanted to know views of experts.
  Following steps have been completed so far of the upgrade guide [http://docs.oracle.com/cd/E21764_01/upgrade.1111/e10129/upgrade_oim.htm].
  •Task 1: Identify and Prepare Oracle Database for Oracle Identity Manager 11g (Optional)
  •Task 2: Use the Repository Creation Utility to Create the Schema in the Database
  •Task 3: Install Oracle Fusion Middleware
  •Task 4: Use Upgrade Assistant to Upgrade the Oracle Identity Manager Schema
  •Task 5: Create a WebLogic Domain for Oracle Identity Manager
  •Task 6: Start the WebLogic Administration Server
  •Task 7: Configure Oracle Identity Manager Server 11g
  •Task 8: Configure Node Manager to Start Managed Servers
  •Task 9: Start the SOA Managed Server
  •Task 10: Start the Oracle Identity Manager Managed Server
  •Task 11: Stop the Oracle Identity Manager Managed Server
  Rollback strategy:-
  1. Delete extra schemas(SOA MDC etc) created during Task2
  2. Restoring the OIM DB schema (of version 9.1.0.2) from backup.
  3. Updating back path and variables environment with old values
  4. Starting the weblogic and OIM application from old Middleware_home and OIM_HOME.
  Experts,
  Above rollback strategy would be enough or should i take some other point in consideration.
  If you can think of any other thing please share..
  Thanks,
  Manohar

  Yes your strategies seems fine. for dropping schema you can RCU as well.
  for restore, Drop all the entities manually from oim db schema So you don't have any grant issue while importing old 10g dump
  --nayan                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Error faced while creating Oracle Job

  Hi,
  I have the following script to create a job.
  It executed successfully on my database. When we tried to execute the same at our clients place we got some error,
  ===========================================
  SQL> DECLARE
  2 job NUMBER;
  3 m_sleeptimegap NUMBER;
  4 job_interval VARCHAR2(100);
  5
  6
  7 BEGIN
  8 SELECT to_number(tdvalue)
  9 INTO m_sleeptimegap
  10 FROM tabledetails
  11 WHERE tdidcode = 'LICENSE_PULSE'
  12 AND tdkey = 'STATUS_DELAY';
  13
  14 job_interval := 'SYSDATE +'|| m_sleeptimegap / 86400;
  15
  16 DBMS_JOB.SUBMIT(job, 'License_Pulse_Check;', SYSDATE, job_interval, 'FALSE');
  17 UPDATE tabledetails
  18 SET tdvalue = LTRIM( RTRIM( TO_CHAR(job) ) )
  19 WHERE tdidcode = 'LICENSE_PULSE'
  20 AND tdkey = 'ORACLE-JOB-ID';
  21 COMMIT;
  22 END;
  23 /
  DECLARE
  ERROR at line 1:
  ORA-23319: parameter value "SYSDATE
  +,000347222222222222222222222222222222222222" is not appropriate
  ORA-06512: at "SYS.DBMS_JOB", line 60
  ORA-06512: at "SYS.DBMS_JOB", line 138
  ORA-06512: at line 16
  ===========================================
  'm_sleeptimegap' is = 30 , which we have configured in a table called "tabledetails".
  This is present at the client's place.
  What could be the reason of this script failure ?
  Could it be grants issue or something else ?
  Thanks.

  Hi,
  But that parameter in the dbms_job.submit procedure is of VARCHAR2 type,
  dbms_job.submit(
  JOB OUT BINARY_INTEGER,
  WHAT IN VARCHAR2,
  NEXT_DATE IN DATE DEFAULT SYSDATE,
  INTERVAL IN VARCHAR2 DEFAULT 'NULL',
  NO_PARSE IN BOOLEAN DEFAULT FALSE,
  INSTANCE IN BINARY_INTEGER DEFAULT 0,
  FORCE IN BOOLEAN DEFAULT FALSE);
  [http://www.psoug.org/reference/dbms_job.html?PHPSESSID=5a94d055d8b65bd4b4661d1d24dedbf8]
  Thanks.

• MRP_ATP_PUB.Call_ATP api not retrieving requested_date_quantity value when executed in custom schema but when executed in apps its working fine, can anyone help on this..

  The MRP_ATP_PUB.Call_ATP api not retrieving requested_date_quantity value when executed in custom schema but when executed in apps its working fine, can anyone help on this..
  We are passing the required values to the ATP API.
  1) The x_return_status is showing as 'S' i.e. success but x_atp_rec.Requested_Date_Quantity is not returning any value.
  2) If there is a grant issue how to identify it.
  Regards,
      Vinod Annukaran

  Pl do not post duplicates -0 MRP_ATP_PUB.Call_ATP api not retrieving requested_date_quantity value when executed in custom schema but when executed in apps its working fine, can anyone help on this..