How to check granted privileges on role.

Similar Messages

• How to check the privileges assigned to a role

  Hi All,
  Can you please let me know how to check the privileges assigned to a role in Oracle?
  When I query the dba_tab_privs it says no rows returned.
  Please help..
  Regards,
  Dan

  user9212851 wrote:
  Can you please let me know how to check the privileges assigned to a role in Oracle?
  When I query the dba_tab_privs it says no rows returned.
  When you've checked the manuals and identified the views suggested by other posters you will find that it's still not a trivial problem since a role may be granted to another role - which means you need to do some recursion to uncover all the privileges available to a role.
  Pete Finnigan - who specialises in Oracle security - published some appropriate scipts a few years ago; they are probably still relevant. Here's a starting link: http://www.petefinnigan.com/weblog/archives/00001243.htm
  Regards
  Jonathan Lewis

• How do I grant Configure Target Role

  I am trying to preform an operation from within the OEM 12c console and it fails telling me I need the Configure Target role. I can't for the life of me figure out how to grant that role. Can someone help please.
  Thanks.
  Bill Wagman

  (Updated Response )
  Hi Bill,
  To create a Role with the 'Configure Target Privilege' and assign it to a Target, please follow these steps....
  1. In the Enterprise Manager Console, from the 'Setup' drop down menu, select 'Security' then 'Roles'
  2. Select the 'Create' button.
  3. Enter an appropriate role name, for this example we shall call it CONFTARGET-ROLE, hit the 'Next' button
  4. Click through the next window, by hitting 'Next' on the 'Create Role CONFTARGET-ROLE:Roles page
  5. Scroll down to the bottom of the page to the Target Privileges section, Select the ‘Add’ button, From the “Target Type” drop down menu, select the appropriate type, “Agent” in this instance. Check the box of the Agent Target you would like to grant this new role too. Click 'Select'.
  6. Scroll to the bottom of the page, to Target Privileges, you will see the Agents listed that you selected. In the ‘Manage Target Privilege Grants’ column, Click on the pencil icon.
  7. Here you will select the “Configure Target” privilege, for the required Agent Target. Click ‘Continue’.
  8. When you scroll back down to the Target Privilege section of the page you will see the agent listed in the table and in the ‘Manage Target Privilege Grants’ column, you will see the ‘Configure Target’ privilege listed.
  6. On the Resource Privilege page, click 'Next'
  7. Decide and select which users you want to grant this next role, CONFTARGET-ROLE too, click 'Next'.
  8. Review your new role then click 'Finish'.
  More information about roles and privileges can be found in the Security Guide document, section 2.2 Configuring Privileges and Role Authorization, Security Features.
  Please let me know if you have any other questions,
  regards,
  Maureen

• Grant Privilege to Role instead of Direct grant doesn't work

  Hi all
  My scenario is sas follow:
  create user a identified by a;
  create user b identified by b;
  grant connect,resource to a ;
  grant connect,resource to b ;
  conn a/a
  create table tbl( c1 number(10));
  conn system/sys
  create role roll;
  grant roll to b;
  conn a/a
  grant select on tbl to roll;
  conn b/b
  set role roll;
  create or replace procedure b.pr
  as
  v number(10);
  begin
  select a into v
  from a.tbl
  where a=0;
  end;
  show error
  Errors for PROCEDURE B.P:
  LINE/COL ERROR
  6/1 PL/SQL: SQL Statement ignored
  7/6 PL/SQL: ORA-00942: table or view does not exist
  This happen because i granted the SELECT privilege to user b through the role ROLL but if i granted the user b the SELECT privilege directly it work properly
  Why???
  And how could I grant the privilege from within a role, Because i don't want to grant it directly
  Thank in advance
  Bassil

  There is no other way. The owner of stored code must have been directly granted all necessary (used in code) select, insert, update, or delete privileges. The code owner cannot just have the referenced privileges granted to them via a role. There is no workaround, nor should there be as this is a security feature. Just because you have been granted insert or delete to another user's tables does not mean you should be able to grant that access to some other user. This is exactly what you do when you grant execute to stored code that referenced another user's objects.
  The referenced article is by Tom Kyte and there are few people who understand how to use Oracle to better effect than Tom. The same information can be found in the official documentation and is referenced by the article.
  You can write packages that use the privileges of the executing person. Perhaps for the specific problem you are writing the code to handle this is the route you want to take. See the manuals for the details.
  Note - If user A grants insert to user B on table_a then user B can write a procedure, proc_b, and grant execute to a role and anyone with the role can perform inserts into table_a via proc_b, without having any grants on table_a. You do not need to grant privileges on the objects referenced in stored code that runs as the code owner if this is what you are worried about. The users just need execute on the package, procedure, or function that performs the DML operations in this case and they can get that from a role.
  If you still do not understand you need to state exactly what it is you either do not understand or want to know how to do.
  HTH -- Mark D Powell --

• Granting privilege through role not working for PL/SQL

  Version: 11.2.0.2
  In our shop, we don't grant privileges directly to a user, we grant it to a role and grant that role to the intended grantee.
  Granting privileges through a role seems to be fine with SQL Engine. But it doesn't work from PL/SQL engine.
  In the below example GLS_DEV user is granted SELECT access on SCOTT.pets table through a role called tstrole. GLS_DEV can select this table from SQL. But PL/SQL Engine doesn't seem to know this.
  Reproducing the issue:
  SQL> show user
  USER is "SCOTT"
  SQL> select * from pets;
  NAME
  PLUTO
  SQL> conn / as sysdba
  Connected.
  SQL> create user GLS_DEV identified by test1234 default tablespace TSTDATA;
  User created.
  SQL> alter user GLS_DEV quota 25m on TSTDATA;
  User altered.
  SQL> grant create session, resource to GLS_DEV;
  Grant succeeded.
  --- Granting SELECT privilege on scott.pets to tstrole and then grant this role to GLS_DEV.
  SQL> conn / as sysdba
  Connected.
  SQL>
  SQL> create role tstrole;
  Role created.
  SQL> grant select on scott.pets to tstrole;
  Grant succeeded.
  SQL> grant tstrole to GLS_DEV;
  Grant succeeded.
  SQL> conn GLS_DEV/test1234
  Connected.
  SQL>
  SQL> select * From scott.pets;
  NAME
  PLUTO
  ---- All fine till here. From SQL engine , GLS_DEV user can SELECT scott.pets table.
  --- Now , I am going to create a PL/SQL object in GLS_DEV which tries to refer scott.pets
  SQL> show user
  USER is "GLS_DEV"
  create or replace procedure my_proc
  is
  myvariable varchar2(35);
  begin
       select name into myvariable from scott.pets ;
       dbms_output.put_line(myvariable);
  end my_proc;
  Warning: Procedure created with compilation errors.
  SQL> show errors
  Errors for PROCEDURE MY_PROC:
  LINE/COL ERROR
  6/2      PL/SQL: SQL Statement ignored
  6/41     PL/SQL: ORA-01031: insufficient privileges
  SQL>
  SQL> 6
    6*    select name into myvariable from scott.pets ;
  --- PL/SQL Engine doesn't seem to know that GLS_DEV has select privilege on scott.pets indirectly granted through a role
  --- Fix
  --- Instead of granting privilege through a role, I am granting the SELECT privilege on scott.pets to GLS_DEV directly.
  --- The error goes away, I can compile and execute the procedure !!
  SQL> conn / as sysdba
  Connected.
  SQL>
  SQL> grant select on scott.pets to GLS_DEV;
  Grant succeeded.
  SQL> conn GLS_DEV/test1234
  Connected.
  SQL>
  SQL> create or replace procedure my_proc
  is
  myvariable varchar2(35);
  begin
          select name into myvariable from scott.pets ;
          dbms_output.put_line(myvariable);
  end my_proc;  2    3    4    5    6    7    8    9   10
  11  /
  Procedure created.
  SQL> set serveroutput on
  SQL> exec my_proc;
  PLUTO
  PL/SQL procedure successfully completed.Has anyone encountered the same issue ?

  You really should start your own new thread for this question instead of resurrecting an old one, but to answer your question.
  There are two things going on here. First, there are a number of aler session commands that can be used by any user regardless of what privileges they are granted. Although I do not have the entire list at hand, things like nls_date_format and current_schema are available to all users, sort of like the grants to public in the data dictionary.
  Second, when you use execute immediate, the PL/SQL engine never really sees the statement, as far as the compiler is concerned it is just a string. It is only when the string is passed to the sql engine that permissions are checked, and there roles are not enabled.
  SQL> create role t_role;
  Role created.
  SQL> grant select on ops$oracle.t to t_role;
  Grant succeeded.
  SQL> create user a identified by a default tablespace users;
  User created.
  SQL> grant create session, create procedure to a;
  Grant succeeded.
  SQL> grant t_role to a;
  Grant succeeded.
  SQL> connect a/a
  Connected.
  SQL> select * from ops$oracle.t;
          ID DESCR
           1 One
           1 Un
  SQL> create function f (p_descr in varchar2) return number as
    2     l_num number;
    3  begin
    4     select id into l_num
    5     from ops$oracle.t
    6     where descr = p_descr;
    7     return l_num;
    8  end;
    9  /
  Warning: Function created with compilation errors.
  SQL> show error
  Errors for FUNCTION F:
  LINE/COL ERROR
  4/4      PL/SQL: SQL Statement ignored
  5/20     PL/SQL: ORA-00942: table or view does not exist
  SQL> create or replace function f (p_descr in varchar2) return number as
    2     l_num number;
    3  begin
    4     execute immediate 'select id from ops$oracle.t where descr = :b1'
    5                       into l_num using p_descr;
    6     return l_num;
    7  end;
    8  /
  Function created.
  SQL> select f('One') from dual;
  select f('One') from dual
  ERROR at line 1:
  ORA-00942: table or view does not exist
  ORA-06512: at "A.F", line 4John

• How to check which privileges user is using

  Hello All,
  I have a user assigned DBA role in mistake many years back.
  During our security overview I is flagged and now I need to revoke the DBA role from that user.At the moment it look like as follows and I am on 10204 database
  Privilege
  Category Granted Privilege
  Role Privs CONNECT
  DBA
  OEM_MONITOR
  RESOURCE
  Sys Privs ALTER ANY MATERIALIZED VIEW
  ANALYZE ANY
  CREATE ANY MATERIALIZED VIEW
  CREATE PROCEDURE
  CREATE ROLE
       CREATE SEQUENCE
  CREATE SESSION
  CREATE TABLE
  CREATE VIEW
  DROP ANY MATERIALIZED VIEW
  GLOBAL QUERY REWRITE
  UNLIMITED TABLESPACE
  Now I need to find what all privileges out of approx 158 in the DBA role this user is using so that I can revoke the DBA role and assign that sys privielege exclusively and later on trim down a bit on those as well if possible?
  Can someone help me in finding or is there a way possible to find out which privileges are actually being used by the user assigned to him via DBA role?
  I can find something on net on those lines, any help or useful pointers would be highly appreciated.
  Many Thanks,
  Rishi

  Hello All,
  Right I think auditing the DBA role could save my day.I have enable the auditing on the DB for dba role as shown below:
  audit_file_dest string /oraadmin/tgtx/10/adump
  audit_sys_operations boolean FALSE
  audit_syslog_level string
  audit_trail string DB, EXTENDED
  Exact version of the database is:
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod
  PL/SQL Release 10.2.0.4.0 - Production
  CORE 10.2.0.4.0 Production
  TNS for Linux: Version 10.2.0.4.0 - Production
  NLSRTL Version 10.2.0.4.0 - Production
  I have enable the audit dba role for user exeter as shown:
  SYS@TGTX> AUDIT DBA by exeter WHENEVER SUCCESSFUL;
  Audit succeeded.
  Now I expect to audit all the sys privs assigned to dba role but alas its not working as expected if anyone can shed any light ON it, what I am trying to do is as follows:
  I am trying to use the sys priv that is create any table as user exeter who is assigned dba role as follows:
  SYS@TGTX> select * from dba_role_privs where grantee='EXETER';
  GRANTEE GRANTED_ROLE ADM DEF
  EXETER DBA NO YES
  EXETER CONNECT NO YES
  EXETER RESOURCE NO YES
  EXETER OEM_MONITOR NO YES
  EXETER@TGTX> create table dbaschema.test2 (srno number(10));
  Table created.
  Now I expect to see some records in dba_audit_trail as a result of above commands but there is none, am I doing anything wrong here?
  SELECT * FROM dba_audit_trail
  WHERE USERNAME = 'EXETER'
  ORDER BY timestamp;
  No rows returned but I shall have expected atleast one row to be returned here after enabling the audit on DBA role by exeter.
  Any Ideas?
  Thanks
  Rish

• Check Granted privileges

  The DBA have created a User1 schema. If i log in to the database using this schema how can i know what all privileges are granted to me for this schema.
  As i am not a DBA user the following query will fail as the table does not exist for this user
  select * from dba_sys_privs ;

  Please check this link
  http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/admusers.htm#i1008437
  Cheers :)
  Renjith Madhavan

• How to check object privilege for procedure, packages?

  Dear Legends,
  what is the query to find the Grant Permissions provided to a User on particular object such as Procedure, Package and Function?
  DBA_TAB_PRIVS is not giving me the answer.
  Can any one help me on this?
  Thanks,
  Karthik

  Maybe something like this?
  SQL> create procedure p as
    2  begin
    3  null;
    4  end;
    5  /
  Procedure created.
  SQL> grant execute on p to scott;
  Grant succeeded.
  SELECT p.grantor, p.grantee, o.object_name, o.object_type, p.privilege
  FROM   all_tab_privs p
  JOIN   all_objects   o ON (p.table_name = o.object_name and p.table_schema = o.owner)
  WHERE  o.object_name = 'P'
  AND    p.grantor = 'SELSE';
  GRANTOR     GRANTEE    OBJECT_NAME   OBJECT_TYPE   PRIVILEGE
  SELSE       SCOTT      P             PROCEDURE     EXECUTE

• How to check roles ?

  Hi
  I need to know how to check what are the roles assigned to a particular user ? I want to know the user has SAP_XI_RWB_SERV_USER and SAP_XI_RWB_SERV_USER_MAIN roles. How do I find this out ?
  Midhun

  Midhun,
  Note that you can assign roles to both Java and ABAP stacks
  SU01 is correct for ABAP.
  This is an example from PI 7.1 but a similar concept applies foe XI 3.0 etc
  For J2EE administration go to the url  http://hostname:50000/nwa
  Users and Access
  Identity Management
  Search Criteria - Select as required then enter a username
  ABAP
  UME Database for J2EE functions
  etc
  Then select the user to view details
  Hope this completes the picture.
  Regards,
  Mike

• User can not inherited privilege from Role

  DD1 is a new user, CT_GROUP_USER is a role with all tables access right.
  1)First, check the privilege of role CT_GROUP_USER
  select table_name,privilege from dba_tab_privs where grantee='CT_GROUP_USER'
  we can see CT_GROUP_USER have ALL tables' privilege.
  2)Second, grant CT_GROUP_USER role to user DD1
  GRANT ct_group_ADMINISTRATOR to DD1 with admin option
  GRANT ct_group_USER to DD1 with admin option
  select * from dba_role_privs where grantee='DD1'
  we can see CT_GROUP_USER role here
  3)
  USE DD1 to access table ct_user, it looks DD1 did not have privilege inherited from  CT_GROUP_USER
  4) Do additional operation, grant a table privilege to DD1
  grant select,insert,update,delete on CT_ACLENTRY     to DD1 WITH GRANT OPTION
  select table_name,privilege from dba_tab_privs where grantee='DD1'
  DD1 ONLY have CT_ACLENTRY  privilege.
  USE DD1 to access ct_aclentry, it is succeed.
  5) RUN below script on Oracle 10g and Oracle 11g, User DD3 can access tables on 10g but failed on 11g.
  CREATE USER DD3 IDENTIFIED BY DD3
  GRANT CREATE SESSION TO DD3
  GRANT CT_GROUP_ADMINISTRATOR TO DD3
  GRANT CT_GROUP_USER TO DD3
  Question: Is there any setting for GRANT on Oracle 11g?
  Additional: ALTER USER DD3 DEFAULT ROLE CT_GROUP_USER
  Above command can not let DD3 access tables, DD1 neither

  1)
  we can see CT_GROUP_USER have ALL tables' privilege.
  Can we? You don't post results of this statement, you I can only assume you can see it, but I can't
  And granting ALL privileges is a bad idea anyway.
  2) Why 'with admin'?
  3)
  USE DD1 to access table ct_user, it looks DD1 did not have privilege inherited from  CT_GROUP_USER.
  For you maybe, but as you don't post any failing SQLs and any error messages, who can tell?
  5) 'but failed' on 11g.
  Please keep in mind this is a discussion room, not a chat room, and we can't see what you are doing.
  You need all these lines to ask 'My car is broke, please fix my car'. I can't see any car from here.
  Sybrand Bakker
  Senior Oracle DBA

• How to check whether system privilege are granted

  How to check whether system privileges like 'create session' and other ones are granted for user.
  Is there any sys table where this information is available?
  Regards - Neuron

  Keep in mind select * from dba_sys_privs where grantee = 'some-user' will give you a list of privileges granted to some-user directly. To get complete list of system privs granted to a user both directly an via roles use:
  ACCEPT USER PROMPT 'Please enter user name: '
  COLUMN PATH FORMAT A90
  SET LINESIZE 132
  SELECT  PATH,
          PRIVILEGE
    FROM  DBA_SYS_PRIVS,
            SELECT  'DIRECT GRANT' PATH,
                    '&USER' GRANTED_ROLE
              FROM  DUAL
           UNION ALL
            SELECT  LTRIM(SYS_CONNECT_BY_PATH(GRANTED_ROLE,'->'),'->') PATH,
                    GRANTED_ROLE
              FROM  DBA_ROLE_PRIVS
              START WITH GRANTEE = UPPER('&USER')
              CONNECT BY PRIOR GRANTED_ROLE = GRANTEE
    WHERE GRANTEE = GRANTED_ROLE
  /Now on top of privileges granted to a user, user also has privileges granted to PUBLIC. To get privileges user receives via PUBLIC run the above script specifying PUBLIC at the prompt.
  SY.

• Grant privileges to subprogram via role: should not work?

  I bought Selftestsoftware for 1z0-147 for 9i and 10g. Selftestsoftware is endorsed by Oracle, should be high quality.
  But its below sample question and answer seem to be wrong: It says that privilege for subprogram can be granted via role. But from Urman 9i book, all roles are disabled inside stored procedures.
  Did Selftestsoftware made a mistake? Or the question did not mention or assume that the subprogram is based on invoker rights not definer right?
  Question:
  All users in the HR_EMP role have UPDATE privileges on the EMPLOYEE table. You create the UPDATE_EMPLOYEE procedure. HR_EMP users should only be able to update the EMPLOYEE table using this procedure.
  Which two statements should you execute? (Choose two.)
  GRANT UPDATE ON employee TO hr_emp;
  GRANT SELECT ON employee to hr_emp;
  REVOKE UPDATE ON employee FROM hr_emp;
  REVOKE UPDATE ON employee FROM public;
  GRANT EXECUTE ON update_employee TO hr_emp;
  Explanation:
  The two statements you should execute are:
  REVOKE UPDATE ON employee FROM hr_emp;
  GRANT EXECUTE ON update_employee TO hr_emp;
  Unless you are the owner of the PL/SQL construct, you must be granted the EXECUTE object privilege to run it or have the EXECUTE ANY PROCEDURE system privilege. By default, a PL/SQL procedure executes under the security domain of its owner. This means that a user can invoke the procedure without privileges on the procedures underlying objects. To allow HR_EMP users to execute the procedure, you must issue the GRANT EXECUTE ON update_employee TO hr_emp; statement. To prevent HR_EMP users from updating the EMPLOYEE table unless they are using the UPDATE_EMPLOYEE procedure, you must issue the REVOKE UPDATE ON employee FROM hr_emp;
  All of the other options are incorrect because they will not meet the specified requirements.
  Edited by: user13270686 on Jun 7, 2010 9:22 PM

  The answer is correct, and the explanation complete.
  Inside stored procedures roles are disabled. This is because privileges are checked at compile time and roles can change between compile time and execute time.
  However, privilege to execute the procedure can be granted to a role. During execution of the procedure the privileges of the procedure's owner apply.
  This is because you want to have encapsulation: when tables and procedures are in the same schema, you won't have any privilege problem, as the owner of a set of tables will always have privilege (you can not revoke them).
  Sybrand Bakker
  Senior Oracle DBA

• Isn't there DBA_ view to see the privileges granted to a role ?

  DB version :11.2
  I couldn't find a DBA_ view which would list all the privileges granted to a role. Finally I had to grant the role to a user and then connect as that granted user and then query ROLE_TAB_PRIVS view. As a DBA , I can't login into business schemas to check this.
  The scenario
  ==============
  SCOTT schema has two tables : HRTB_EMP_MASTER and HELLOWORLD
  I want to grant SELECT privileges on these two tables to another user called TESTUSER but not directly ; through roles
  SQL> conn / as sysdba
  Connected.
  SQL> grant create role to testuser;
  Grant succeeded.
  SQL> conn testuser/test123
  Connected.
  SQL>
  SQL> create role testuser_ro; 
  Role created.
  SQL> conn / as sysdba
  Connected.
  SQL> grant select on scott.hrtb_emp_master to testuser_ro;         --- > Granting the SELECT priv to the role first
  Grant succeeded.
  SQL> grant select on scott.helloworld to testuser_ro;               
  Grant succeeded.
  SQL> SELECT ROLE, OWNER, TABLE_NAME, PRIVILEGE FROM ROLE_TAB_PRIVS where owner = 'SCOTT';  ----> This won't work because I am connected as SYS
                                                            ----> ROLE_TAB_PRIVS is user specific view
  no rows selectedSince I couldn't find a DBA view which will the privileges granted to a role , I granted the role to the user I had to login to the user (against our security policy) and query
  ROLE_TAB_PRIVS.
  SQL> grant testuser_ro to testuser;
  Grant succeeded.
  SQL> SELECT ROLE, OWNER, TABLE_NAME, PRIVILEGE FROM ROLE_TAB_PRIVS where owner = 'SCOTT';
  no rows selected
  SQL> conn testuser/test123
  Connected.
  SQL> SELECT ROLE, OWNER, TABLE_NAME, PRIVILEGE FROM ROLE_TAB_PRIVS where owner = 'SCOTT';
  ROLE            OWNER           TABLE_NAME           PRIVILEGE
  TESTUSER_RO     SCOTT           HELLOWORLD           SELECT
  TESTUSER_RO     SCOTT           HRTB_EMP_MASTER      SELECT

  you should search for grantee, not owner
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> create role r1;
  Role created.
  SQL> grant select on sys.v$database to r1;
  grant select on sys.v$database to r1
  ERROR at line 1:
  ORA-02030: can only select from fixed tables/views
  SQL> grant select on sys.v_$database to r1;
  Grant succeeded.
  SQL> select grantee, privilege, owner, table_name from dba_tab_privs where grantee='R1';
  GRANTEE         PRIVILEGE                                OWNER           TABLE_NAME
  R1              SELECT                                   SYS             V_$DATABASE

• How to grant privileges on all the tables in a schema

  Hi All,
  Can you tell me how to grant privileges on all the tables of a schema A
  to schema B.
  For Example:
  There are 200 tables in schema A, I wanted to grant select privilege on all the tables of a scheme A to schema B.
  Thanks in advance.

  note that USER is the user that will have the select priviledge
  the procedure includes views as well
  CREATE OR REPLACE PROCEDURE GRANT_ACCESS_ON_USER IS
  CURSOR c1 is select table_name from user_tables;
  CURSOR c2 is select view_name from user_views;
  tablename user_tables.TABLE_NAME%TYPE;
  viewname user_views.VIEW_NAME%TYPE;
  BEGIN
  tmpVar := 0;
  OPEN c1;
  loop
       fetch c1 into tablename;
       EXIT WHEN c1%NOTFOUND;
       EXECUTE IMMEDIATE 'GRANT SELECT on '||tablename ||' to USER';
  end loop ;
  close c1;
  OPEN c2;
  loop
       fetch c2 into viewname;
       EXIT WHEN c2%NOTFOUND;
       EXECUTE IMMEDIATE 'GRANT SELECT on '||viewname ||' to USER';
  end loop ;
  close c2;
  EXCEPTION
  WHEN NO_DATA_FOUND THEN
  NULL;
  WHEN OTHERS THEN
  -- Consider logging the error and then re-raise
  RAISE;
  END;
  /

• ORACLE - How to GRANT privilegies on ALL the tables belonging to a schema

  Is there a way to grant to a user the same privilegies on ALL the tables belonging to the same schema, so that, in case a new table is created afterwards, the grant is automatically given ?
  Thanks in adance for any reply

  Yes of course ! Just do the same as Oracle Applications: an end user has no Oracle account, the application code connects with the Oracle account that is the schema owner:
  no more grant needed ... That's a joke but it's also true ! In this case, your application must implement its own security (password management, audit, privileges) and you will not be able to use Oracle privileges, auditing and advanced security features ... just like Oracle Applications.
  The above answers are of course correct. You can also create an Oracle role that you can grant to the Oracle users and grant the privileges to this role everytime a new table is created to avoid granting privileges for each new object to each user.