Grants to a role name

Hi,
We are in the process of creating a new db. After completing schema level import, I have to create roles & grants same as the primary db.
I used,
SQL>select dbms_metadata.get_ddl('ROLE',role) from dba_roles;
to find the roles.
How can I provide the grants on those rolenames?
Is this right approach?
Suggestions appreciated.
Thanks!

jdba wrote:
Hi,
We are in the process of creating a new db. After completing schema level import, I have to create roles & grants same as the primary db.
I used,
SQL>select dbms_metadata.get_ddl('ROLE',role) from dba_roles;
to find the roles.
How can I provide the grants on those rolenames?
Is this right approach?
Suggestions appreciated.
Thanks!You can bulk in google, also check this
-- Create the roles
SELECT DBMS_METADATA.GET_DDL('ROLE', role)||';'
FROM dba_roles
-- Roles which are granted to roles
SELECT DBMS_METADATA.GET_GRANTED_DDL('ROLE_GRANT', role)
FROM role_role_privs
-- System privileges granted to roles
SELECT DBMS_METADATA.GET_GRANTED_DDL('SYSTEM_GRANT', role)
FROM ROLE_SYS_PRIVS
-- Table privileges granted to roles
SELECT DBMS_METADATA.GET_GRANTED_DDL('OBJECT_GRANT', role)
FROM ROLE_TAB_PRIVS
/

Similar Messages

Granting privilege through role not working for PL/SQL

Version: 11.2.0.2
In our shop, we don't grant privileges directly to a user, we grant it to a role and grant that role to the intended grantee.
Granting privileges through a role seems to be fine with SQL Engine. But it doesn't work from PL/SQL engine.
In the below example GLS_DEV user is granted SELECT access on SCOTT.pets table through a role called tstrole. GLS_DEV can select this table from SQL. But PL/SQL Engine doesn't seem to know this.
Reproducing the issue:
SQL> show user
USER is "SCOTT"
SQL> select * from pets;
NAME
PLUTO
SQL> conn / as sysdba
Connected.
SQL> create user GLS_DEV identified by test1234 default tablespace TSTDATA;
User created.
SQL> alter user GLS_DEV quota 25m on TSTDATA;
User altered.
SQL> grant create session, resource to GLS_DEV;
Grant succeeded.
--- Granting SELECT privilege on scott.pets to tstrole and then grant this role to GLS_DEV.
SQL> conn / as sysdba
Connected.
SQL>
SQL> create role tstrole;
Role created.
SQL> grant select on scott.pets to tstrole;
Grant succeeded.
SQL> grant tstrole to GLS_DEV;
Grant succeeded.
SQL> conn GLS_DEV/test1234
Connected.
SQL>
SQL> select * From scott.pets;
NAME
PLUTO
---- All fine till here. From SQL engine , GLS_DEV user can SELECT scott.pets table.
--- Now , I am going to create a PL/SQL object in GLS_DEV which tries to refer scott.pets
SQL> show user
USER is "GLS_DEV"
create or replace procedure my_proc
is
myvariable varchar2(35);
begin
     select name into myvariable from scott.pets ;
     dbms_output.put_line(myvariable);
end my_proc;
Warning: Procedure created with compilation errors.
SQL> show errors
Errors for PROCEDURE MY_PROC:
LINE/COL ERROR
6/2      PL/SQL: SQL Statement ignored
6/41     PL/SQL: ORA-01031: insufficient privileges
SQL>
SQL> 6
6*    select name into myvariable from scott.pets ;
--- PL/SQL Engine doesn't seem to know that GLS_DEV has select privilege on scott.pets indirectly granted through a role
--- Fix
--- Instead of granting privilege through a role, I am granting the SELECT privilege on scott.pets to GLS_DEV directly.
--- The error goes away, I can compile and execute the procedure !!
SQL> conn / as sysdba
Connected.
SQL>
SQL> grant select on scott.pets to GLS_DEV;
Grant succeeded.
SQL> conn GLS_DEV/test1234
Connected.
SQL>
SQL> create or replace procedure my_proc
is
myvariable varchar2(35);
begin
        select name into myvariable from scott.pets ;
        dbms_output.put_line(myvariable);
end my_proc; 2    3    4    5    6    7    8    9   10
11 /
Procedure created.
SQL> set serveroutput on
SQL> exec my_proc;
PLUTO
PL/SQL procedure successfully completed.Has anyone encountered the same issue ?

You really should start your own new thread for this question instead of resurrecting an old one, but to answer your question.
There are two things going on here. First, there are a number of aler session commands that can be used by any user regardless of what privileges they are granted. Although I do not have the entire list at hand, things like nls_date_format and current_schema are available to all users, sort of like the grants to public in the data dictionary.
Second, when you use execute immediate, the PL/SQL engine never really sees the statement, as far as the compiler is concerned it is just a string. It is only when the string is passed to the sql engine that permissions are checked, and there roles are not enabled.
SQL> create role t_role;
Role created.
SQL> grant select on ops$oracle.t to t_role;
Grant succeeded.
SQL> create user a identified by a default tablespace users;
User created.
SQL> grant create session, create procedure to a;
Grant succeeded.
SQL> grant t_role to a;
Grant succeeded.
SQL> connect a/a
Connected.
SQL> select * from ops$oracle.t;
        ID DESCR
         1 One
         1 Un
SQL> create function f (p_descr in varchar2) return number as
2     l_num number;
3 begin
4     select id into l_num
5     from ops$oracle.t
6     where descr = p_descr;
7     return l_num;
8 end;
9 /
Warning: Function created with compilation errors.
SQL> show error
Errors for FUNCTION F:
LINE/COL ERROR
4/4      PL/SQL: SQL Statement ignored
5/20     PL/SQL: ORA-00942: table or view does not exist
SQL> create or replace function f (p_descr in varchar2) return number as
2     l_num number;
3 begin
4     execute immediate 'select id from ops$oracle.t where descr = :b1'
5                       into l_num using p_descr;
6     return l_num;
7 end;
8 /
Function created.
SQL> select f('One') from dual;
select f('One') from dual
ERROR at line 1:
ORA-00942: table or view does not exist
ORA-06512: at "A.F", line 4John

How do I grant Configure Target Role

I am trying to preform an operation from within the OEM 12c console and it fails telling me I need the Configure Target role. I can't for the life of me figure out how to grant that role. Can someone help please.
Thanks.
Bill Wagman

(Updated Response )
Hi Bill,
To create a Role with the 'Configure Target Privilege' and assign it to a Target, please follow these steps....
1. In the Enterprise Manager Console, from the 'Setup' drop down menu, select 'Security' then 'Roles'
2. Select the 'Create' button.
3. Enter an appropriate role name, for this example we shall call it CONFTARGET-ROLE, hit the 'Next' button
4. Click through the next window, by hitting 'Next' on the 'Create Role CONFTARGET-ROLE:Roles page
5. Scroll down to the bottom of the page to the Target Privileges section, Select the ‘Add’ button, From the “Target Type” drop down menu, select the appropriate type, “Agent” in this instance. Check the box of the Agent Target you would like to grant this new role too. Click 'Select'.
6. Scroll to the bottom of the page, to Target Privileges, you will see the Agents listed that you selected. In the ‘Manage Target Privilege Grants’ column, Click on the pencil icon.
7. Here you will select the “Configure Target” privilege, for the required Agent Target. Click ‘Continue’.
8. When you scroll back down to the Target Privilege section of the page you will see the agent listed in the table and in the ‘Manage Target Privilege Grants’ column, you will see the ‘Configure Target’ privilege listed.
6. On the Resource Privilege page, click 'Next'
7. Decide and select which users you want to grant this next role, CONFTARGET-ROLE too, click 'Next'.
8. Review your new role then click 'Finish'.
More information about roles and privileges can be found in the Security Guide document, section 2.2 Configuring Privileges and Role Authorization, Security Features.
Please let me know if you have any other questions,
regards,
Maureen

Invalid Security role-name error in Web Project

Hi All,
I have imported a J2EE application project built in JBOSS into NWDS 7.1.
While building the project i get the following error
CHKJ3020E:Invalid Security role-name error: PEHNTAHO_ADMIN
This error directs me to the following code in web.xml
<security-constraint>
 <display-name>Default JSP Security Constraints</display-name>
 <web-resource-collection>
 <web-resource-name>Portlet Directory</web-resource-name>
 <url-pattern>/jsp/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>PEHNTAHO_ADMIN</role-name>
 </auth-constraint>
 <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
 </security-constraint>
I have tried out the following things to resolve this issue :
1) Remove the role manually(as suggested by various people in other J2EE forums), but then some other error came in to picture
2)Then I added the following code in web.xml
<security-role>
 <role-name>PEHNTAHO_ADMIN</role-name>
 </security-role>
Then the above mentioned build error gets resolved, but then I get the following error while deploying the application.
Dec 3, 2007 12:59:21 AM /userOut/daView_category (eclipse.UserOutLocation) [Thread[Deploy Thread,5,main]] ERROR: Deploy Exception.An error occurred while deploying the deployment item 'sap.com_AnalyticsApp2EAR'.; nested exception is:
 java.rmi.RemoteException: class com.sap.engine.services.dc.gd.DeliveryException: An error occurred during deployment of sdu id: sap.com_AnalyticsApp2EAR
sdu file path: D:\usr\sap\CE1\J01\j2ee\cluster\server0\temp\tcbldeploy_controller\archives\191\AnalyticsApp2EAR.ear
version status: HIGHER
deployment status: Admitted
description:
 1. Error:
Cannot update application sap.com/AnalyticsApp2EAR. Reason: The application sap.com/AnalyticsApp2EAR will not be update, because its validation failed. Reason:
ERRORS:
Web Model Builder: com.sap.engine.frame.core.configuration.NameNotFoundException: The parameter/s in String "<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
 
</web-app>
" is/are not defined and could not be substituted., file: AnalyticsApp2.war#WEB-INF/web.xml, column 0, line 0, severity: error
WARNINGS:
Web Model Builder: Following tests could not be executed because of failed precondition test "Web Model Builder" : Implicit Constraints Test, JSF Application Test, Mapping Test, Web File Existence Test, Web Class Existence Test, Security Role Test, file: AnalyticsApp2.war, column -1, line -1, severity: warning
3) I had also added the following code in web-j2ee-engine.xml
<security-role-map>
 <role-name>PEHNTAHO_ADMIN</role-name>
 <server-role-name>all</server-role-name>
 </security-role-map>
but still i get the same deployment error.
Please help me in resolving this problem.
Can anybody tell me the use of role "PEHNTAHO_ADMIN"?
Thanks and Regards,
Sruti

Hi Malathy,
Once the users are created in Authentication Provider, and once the roles are created in Weblogic Server, You just have to map users to roles in Jazn-data.xml.
Could you please let us know you created a roles named users in WLS ?
Thanks & Regards,
Murali.
============

Cannot edit any roles in CUP5.2 due to "Enter a valid Role Name" error

We are running CUP 5.2.
I am having a problem with our Roles after they were uploaded into CUP; I cannot make any changes to the Role Details because CUP returns an error stating that our Role Names are invalid.
First I uploaded the roles (I continued to receive errors when trying to use the template, so I did them by uploading with the "Selected Roles" option).
Once they were uploaded, from the menu, I select: Roles --> Search Role and then I choose a role from the resulting list. When the next screen appears (the "Role Details" screen), I added all of the respective details (Business Process, Sub-Process, Detailed Description, Role Approver, Functional Area, etc.). When I pressed the SAVE button, I received the following error:
Please correct the following errors:
Please enter a valid "Role Name". Only Alpha-numeric, Space or Underscore characters are allowed
So I realize what the problem is - the "Role Name" field is automatically populated with our security role name as it exists in our SAP system ... and because our security roles all begin with Z:, it does not follow the CUP naming convention.
I'd like to just update the "Role Name" field but when you are in the "Role Details" screen, the "Role Name" field cannot be edited.
I saw the "Export" button and used that, in an attempt to edit the file to replace each occurence of Z: with Z_, and then upload it again.
So I updated the file accordingly, and then did an upload, selecting the "Overwrite Existing Roles" box.
It returned a successful message:
Import Status: 133 successfully imported out of 133 records found
Yet, when I go back to the list of roles, the roles still exist as Z: instead of Z_ so I still cannot edit any of the roles to add the required details ... has anyone had a similar issue and know how to work around this?
Thanks!

Hello Alpesh,
Thank you for replying!
I had already tried to export the roles and replaced the Z: with Z_ before creating this message, but the upload attempts failed due to the explanation above. But this time, I followed your (good) advice to delete the original Z: roles first, before uploading the corrected file.
Sadly, even after I deleted the original Z: roles prior to uploading the corrected file, I am still having no luck ... when I uploaded the file, again it (falsely) reports that the import was successful:
Import Status: 133 successfully imported out of 133 records found
After seeing that message, I quickly checked the roles, and none of the roles had uploaded. So now I have ZERO roles.
Any further ideas? I am thinking it may be something very small that is being overlooked ... perhaps certain buttons must be selected/not selected on the import screen? Or could it be an issue with the file itself?
When I do the import, I only select the button for "From File ..." and retrieve the file from my desktop via the Browse button. I do not select any other button, nor do I make a selection from the System or Role Source boxes. I have just selected that one button only ... I've tried it with and without checking the "Overwrite Existing Roles" box, but neither one works.
The part that bugs me the most is that I receive what I perceive to be an inaccurate/bogus "successful" status each time I attempt the upload of the file. At least if I had an error message, I might have something to work with to troubleshoot this.

How to obtain Role name in OIM 11g using API's

Hello,
I have a scenario in which I create Role/Group in OIM 11g & it gets provisioned in AD [=works fine] & other part is when i delete role in OIM 11g then it should
get deleted from AD.I have written postprocess event handler to achieve this.
In role creation part i get all parameters using "orchestration.getParameters();" , but when i delete role then "orchestration.getParameters();" is empty,so i am
not able to get role name.
Is there a way to get role name while deleting roles using API ?
Thanks,
Rahul Shah

Hi Raghav,
Following is my code :
tcRODetails = orgOpInterface.getObjects(organizationKey);
for(int i = 0;i < tcRODetails.getRowCount();i++){
tcRODetails.goToRow(i);
// resourceName=AD Group
if(resourceName.equalsIgnoreCase(tcRODetails.getStringValue("Objects.Name"))&&
tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Provisioned")||
tcRODetails.getStringValue("Objects.Object Status.Status").equalsIgnoreCase("Enabled")) {
System.out.println("<<<FOUND>>>");
processKey = tcRODetails.getLongValue("Process Instance.Key");
provisionObjectKey = tcRODetails.getLongValue("Objects.Key");
tcProcessSet = oimFormUtility.getProcessFormData(processKey);
for(int j=0;j<tcProcessSet.getRowCount();j++){
tcProcessSet.goToRow(j);
if(grpName.equalsIgnoreCase(tcProcessSet.getStringValue("UD_ADGRP_NAME"))){
System.out.println("MATCH FOUND!!!!!");
orgOpInterface.removeObjectAllowed(organizationKey,provisionObjectKey);
break;
& i get following error :
<Mar 22, 2012 1:54:43 PM IST> <Error> <XELLERATE.APIS> <BEA-000000> <Class/Method: tcOrganizationOperationsBean/removeObjectAllowed encounter some problems: Object with key=7 is not already set as an allowed object for Organization with key=1>
Thanks
Rahul Shah

Display Icon/Image instead of Role name in top level navigation

Hi,
I want to display a image / icon instead of role name for a particular role. Can you please tell me how to achieve this ?
Thanks,
VP

Hi,
the thread is just for the background image (for all elements).
if you want to display icons instead of role names, you have to create your custom top level navigation using the
navigation taglib from SAP. There are lots of examples. make a blog search for Mr "Kannengiesser" from SAP.
In case you are using already an EHPx in your EP 7.0 the AJAX framework might have this feature.
Regards,
Kai

How to get the role name in which query is published ?

Hi Experts,
Is there any table where i can get the name of the role in which a particular query is published. I know that if i have a role , i can check in pfcg giving that role name and in menu tab i can see all the queries published under that role. But if i know query but not role how to get the role name . Is there any table or functon modules or programs to get the information.
Thanks & Regards
Vamsi Kiran

Check this table
AGR_HIER

Tables for Role Name created through Tcode pfcg

User would Input Role Name and to that what users are attach and what value they are authorized to u2026?? Is there function module to this..

Hi,
Use this table AGR_USERS Assignment of roles to users
or try this FMs
CNV_GET_USER_ROLE
ROLE_ANALYSE_FOR_USER
Regards,
Jyothi CH.

Search Users by Group(Role) Name

In OIM 9g, I can search users by group name like below:
searchFor.put("Groups.Group Name", "my group");
tcResultSet users = userOp.findUsers(searchFor);
But it does not work in 11g, change "Groups.Group Name" to ""Groups.Role Name", don't work neither.
Does anyone know how to search users by Role name in 11g?

Use RoleManager Class and the following API
criteria = new SearchCriteria(RoleManagerConstants.ROLE_NAME, "*", SearchCriteria.Operator.EQUAL);
roles = roleManager.search(criteria, attrNames, mapParams);http://download.oracle.com/docs/cd/E14571_01/apirefs.1111/e17334/oracle/iam/identity/rolemgmt/api/RoleManager.html#getRoleMembers_java_lang_String__boolean_
HTH,
BB

Cluster resource ' Disk Name' of type 'Physical Disk' in clustered role 'Role Name' failed.

We have been observing issues with our file Cluster (Windows Server 2012 R2 Std Clustered with 2 Nodes) where File Server gets
unresponsive for SMB access request event id 30809 in Microsoft-Windows-SMBClient/Connectivity is observed
and when we try to failover the role clustered disks fail to get offline with an error in event id 1069 Cluster resource ' Disk Name' of type 'Physical Disk' in clustered role 'Role Name' failed, we have to force fully reboot the node which faces this
issue. It works properly for a week and again we get the same issue, this happens with all the disks in different file server roles.
Regards Ajinkya Ghare MCITP-Server Administrator | MCTS

we didn't found any thing in the cluster logs, in the WitnessClientAdmin logs we found errors related to failed registration
Witness Client failed registration request for \\fileserver\sharename with error (The request is not supported.)
Regards Ajinkya Ghare MCITP-Server Administrator | MCTS

Role Name Server defined in SLD but no CimomURL maintained

Hello gurus!
We have a problem with our NWDI setup.
What I want to do is to update an existing track DFODEV02 with the software package EP-RUNTIME.
I synchronize with the SLD. However when I try to save, I get the following error:
"SLD (URL http://<NWDI_server>:<port>)
server exception: Invalid Name Server null - Check SLD configuration -> Role
Name Server defined in SLD but no CimomURL maintained."
I am not familiar with the customizing for this but I have looked into a couple of customizing steps related to Data Supplier:
1) Under administration on SLD I see the following:
Update Namespaces is marked as sld/active; but
Update Other SLDs is an empty list.
2) From the configuration on NWA:
Target URL: <RuntimeSLD_server>/sld/ds
Both 'Automatic send' and 'success' are both "true".
Hope that you can guide us on the right “track”
In advance, thank you very much!
Best regards,
Elias

Hi Elias,
1) Under administration on SLD I see the following:
Update Namespaces is marked as sld/active; but
Update Other SLDs is an empty list.
This is something else, your error message is not about this one.
What you need to make sure is that you have a name server defined.
You can check it in various ways:
A). go to CMS -- Track Data -- select the track in question -- tab Build Variants -- Display/Download the Development Configuration --> This will be an XML file. If you see a tag "sld-nameserver" then you are ok, however I assume this tag is missing or points to a wrong SLD in your case.
B)
Go to the initial page of the SLD.
2. Choose Landscapes.
3. Choose New Landscape…
4. In the page that appears, select the landscape type NWDI System.
5. Specify NWDI as the name of the landscape. Choose Create.
The new landscape is displayed.
6. Select the new landscape.
You see the details about the landscape.
7. Choose Systems and then choose Add System to Landscape.
8. Choose the hosted system type System Landscape Directory. Choose OK.
You see the installed SLD.
9. Select the SLD.
The details view appears.
10. Select the roles Landscape Server and Name Server and save your changes.
The name server is now known to the NWDI and can be used there. Only now can you create valid development configurations.
Could you please confirm this way whether you have a name server specified and that points to the correct SLD ?
I hope this guides you to the right "track"
Regards,
Ervin

Role names with spaces (6.1 to 8.1)

Hi All
I'm working in an organization that has group and role names within their LDAP
repository such that the group and role names contain spaces. Hence, for example,
within a web.xml file lines like the following exist:
<role-name>Some Role Name</role-name>
This has worked without problem in Weblogic 6.1 but given some prelimanary work
within 8.1 we are noticing that Weblogic 8.1 does not appear to like spaces within
the <role-name> element.
Is this just the way it is with Weblogic 8.1? Or is there a way to continue to
use role names with embedded spaces within Weblogic 8.1?
Thanks,
Rob

"Peter" <PeterB> wrote:
>
"Rob" <[email protected]> wrote in message
news:3f57d329$[email protected]..
Hi All
I'm working in an organization that has group and role names withintheir
LDAP
repository such that the group and role names contain spaces. Hence,for
example,
within a web.xml file lines like the following exist:
<role-name>Some Role Name</role-name>
This has worked without problem in Weblogic 6.1 but given some prelimanarywork
within 8.1 we are noticing that Weblogic 8.1 does not appear to likespaces within
the <role-name> element.
Sounds like a bug. File a support case.
Hi,
A workaround exists :
1 - in web.xml, update your role-name element by replacing spaces with "_"
2 - in weblogic.xml, add :
<security-role-assignment>
 <role-name>Some_Role_Name</role-name>
 <principal-name>Some Role Name</principal-name>
 </security-role-assignment>
Regards
Christophe

ORA-01935: missing user or role name

Hello. I'm trying to change a users password, logged in as SYS. I'm using the script:
ALTER USER dross IDENTIFIED BY 1111;
Also tried:
ALTER USER "dross" IDENTIFIED BY "1111";
ALTER USER 'dross' IDENTIFIED BY '1111';
ALTER USER 'dross' IDENTIFIED BY 1111;
ALTER USER "dross" IDENTIFIED BY 1111;
Any suggestions on what I could do?

sb92075 wrote:
is username 'DROSS' or 'dross'?Makes no difference. If user doesn't exist ALTER USER spits out
ORA-01918: user 'XXX' does not existnot
ORA-01935: missing user or role name To get the above error username must be omitted:
SQL> ALTER USER IDENTIFIED BY XYZ
2 /
ALTER USER IDENTIFIED BY XYZ
ERROR at line 1:
ORA-01935: missing user or role nameSo ALTER USER statements OP posted doesn't add up with error that is raised. Have a feeling ALTER USER is generated dynamically and somehow username is NULL.
SY.

Isn't there DBA_ view to see the privileges granted to a role ?

DB version :11.2
I couldn't find a DBA_ view which would list all the privileges granted to a role. Finally I had to grant the role to a user and then connect as that granted user and then query ROLE_TAB_PRIVS view. As a DBA , I can't login into business schemas to check this.
The scenario
==============
SCOTT schema has two tables : HRTB_EMP_MASTER and HELLOWORLD
I want to grant SELECT privileges on these two tables to another user called TESTUSER but not directly ; through roles
SQL> conn / as sysdba
Connected.
SQL> grant create role to testuser;
Grant succeeded.
SQL> conn testuser/test123
Connected.
SQL>
SQL> create role testuser_ro;
Role created.
SQL> conn / as sysdba
Connected.
SQL> grant select on scott.hrtb_emp_master to testuser_ro;         --- > Granting the SELECT priv to the role first
Grant succeeded.
SQL> grant select on scott.helloworld to testuser_ro;
Grant succeeded.
SQL> SELECT ROLE, OWNER, TABLE_NAME, PRIVILEGE FROM ROLE_TAB_PRIVS where owner = 'SCOTT'; ----> This won't work because I am connected as SYS
                                                          ----> ROLE_TAB_PRIVS is user specific view
no rows selectedSince I couldn't find a DBA view which will the privileges granted to a role , I granted the role to the user I had to login to the user (against our security policy) and query
ROLE_TAB_PRIVS.
SQL> grant testuser_ro to testuser;
Grant succeeded.
SQL> SELECT ROLE, OWNER, TABLE_NAME, PRIVILEGE FROM ROLE_TAB_PRIVS where owner = 'SCOTT';
no rows selected
SQL> conn testuser/test123
Connected.
SQL> SELECT ROLE, OWNER, TABLE_NAME, PRIVILEGE FROM ROLE_TAB_PRIVS where owner = 'SCOTT';
ROLE            OWNER           TABLE_NAME           PRIVILEGE
TESTUSER_RO     SCOTT           HELLOWORLD           SELECT
TESTUSER_RO     SCOTT           HRTB_EMP_MASTER      SELECT

you should search for grantee, not owner
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> create role r1;
Role created.
SQL> grant select on sys.v$database to r1;
grant select on sys.v$database to r1
ERROR at line 1:
ORA-02030: can only select from fixed tables/views
SQL> grant select on sys.v_$database to r1;
Grant succeeded.
SQL> select grantee, privilege, owner, table_name from dba_tab_privs where grantee='R1';
GRANTEE         PRIVILEGE                                OWNER           TABLE_NAME
R1              SELECT                                   SYS             V_$DATABASE

Grants to a role name

Similar Messages

Maybe you are looking for