Identifying Read-Only Schemas
HI,
Can any body tell how to identify Read-Only Schemas in a database, In a single query/
Thanks,
Sunil.
Your question is not very clear. you want to find out all privs of a user or all users can read certain object?
If you need to find out all privs of a user you can join some tables like
select grantee, 'ROLE' privtype, granted_role privname, null owner,
null table_name, admin_option grantable
from dba_role_privs
where grantee like upper('&WhichUser')
union
select grantee, 'SYSPRIV' privtype, privilege privname, null owner,
null table_name, admin_option grantable
from dba_sys_privs
where grantee like upper('&WhichUser')
union
select grantee, 'TABPRIV' privtype, privilege privname, owner,
table_name, grantable
from dba_tab_privs
where grantee like upper('&WhichUser')
order by 1, 2, 3, 4, 5;
Similar Messages
-
Read Only Schema in Oracle APPS EBS R12 database
I want create a read only schema say apps_read in EBS database which have select access on all objects like apps. Kindly let us know how can I accomplish it or What is the best practice of doing it.
Hussein - I have gone through all the threads but No one solves my problem. Actually there is a table in applsys schema i.e table_name ecx_outqueue.
ECX_OUTQUEUE is having columns of type "User Defined Type Objects". I have highlighted these columns in Italics. Kindly help me How I can give select access on these user defined objects.on
SQL> desc applsys.ecx_outqueue
Name Null? Type
Q_NAME VARCHAR2(30)
MSGID NOT NULL RAW(16)
CORRID VARCHAR2(128)
PRIORITY NUMBER
STATE NUMBER
DELAY TIMESTAMP(6)
EXPIRATION NUMBER
TIME_MANAGER_INFO TIMESTAMP(6)
LOCAL_ORDER_NO NUMBER
CHAIN_NO NUMBER
CSCN NUMBER
DSCN NUMBER
ENQ_TIME TIMESTAMP(6)
ENQ_UID NUMBER
ENQ_TID VARCHAR2(30)
DEQ_TIME TIMESTAMP(6)
DEQ_UID NUMBER
DEQ_TID VARCHAR2(30)
RETRY_COUNT NUMBER
EXCEPTION_QSCHEMA VARCHAR2(30)
EXCEPTION_QUEUE VARCHAR2(30)
STEP_NO NUMBER
RECIPIENT_KEY NUMBER
DEQUEUE_MSGID RAW(16)
SENDER_NAME VARCHAR2(30)
SENDER_ADDRESS VARCHAR2(1024)
SENDER_PROTOCOL NUMBER
USER_DATA SYSTEM.ECXMSG
USER_PROP SYS.ANYDATA
SQL> -
Steps to create a read only schema
Plataform 11.5.10.2
Hi Guys,
Can someone provide me with the steps to create a read only schema in Apps please.
Thanks in advanceCheck the following thread:
READ-ONLY APPS Schema in EBS
READ-ONLY APPS Schema in EBS. -
Hello everyone
I have created a read only schema on oracle Apps and have granted select privileges to all synonyms and views and execute privileges to packages.
The read only schema is unable to access some synonyms and views below is the example:
conn to read only schema
select * from HR_ALL_ORGANIZATION_UNITS
'no rows returned'
Note: - The above is a view, and the view's script contains 2 tables hr_all_organization_units and hr_all_organization_units_tl.
Please help me on this
Thanks and Regards
Shahrukh YasinHi
There is one function "show record" which is giving FALSE when i run the below query on read only schema
select hr_security.show_record('HR_ALL_ORGANIZATION_UNITS',171) from dual
and when i run it from APPS Schema it gived TRUE.
I have already given execute privileges on ALL the database PACKAGE, PACKAGE BODY, FUNCTION, PROCEDURE to read only schema, but the problem is same
Thanks and Regards
shahrukh Yasin -
Give the read only access to user on Apps Schemas!
Hi,
How we can create the database user and give the access on APPS schemas(INV, PO etc).
Please assist me.
Thanks,
FaziarainDear Hussein,
I followed anil passi forum for creating apps read only schema , but only issue is we have multiorg enabled .
what is the modification dowe need in this step.
Step 4
Write a after logon trigger on apps_query schema. The main purpose of this trigger is to alter the session to apps schema, such that the CurrentSchema will be set to apps for the session(whilst retaining apps_query restrictions).In doing so your logon will retain the permissions of apps_query schema(read_only). Howerver it will be able to reference the apps objects with exactly the same name as does a direct connection to apps schema.
conn apps/&1 ;
PROMPT CREATE OR REPLACE TRIGGER xx_apps_query_logon_trg
CREATE OR REPLACE TRIGGER xx_apps_query_logon_trg
--16Jun2006 By Anil Passi
--Trigger to toggle schema to apps, but yet retaining apps_query resitrictions
--Also sets the org_id
AFTER logon ON apps_query.SCHEMA
DECLARE
BEGIN
EXECUTE IMMEDIATE
'declare begin ' ||
'dbms_application_info.set_client_info ( 101 ); end;';
EXECUTE IMMEDIATE 'ALTER SESSION SET CURRENT_SCHEMA =APPS';
END;
Thanks and Regards -
Hi All
Kindly help me out to create Read only apps schema in EBS.
Please tell me metalink id to create Read only schema
Regards
ShaikPlease see old threads for similar discussion -- http://forums.oracle.com/forums/search.jspa?threadID=&q=READ+ONLY+APPS&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
And, please always search the forum before posting similar questions.
Thanks,
Hussein -
Read Only access for a Maintenance view
Hi All,
I have a requirement like this.
There is a Z Maintenance View (namely ZVHR_GRD_TARGET), for this i have to maintain the status as Read Only, and have to create a transaction code for this view with only SE16 access.
I am doing like this.
In the Z view, in the tab "Maint. Status", i have selected the radio button "Read Only" and saved it.
I have created a transaction code for this view with SE16 access with the inputs
Transaction SE16
Selected the check box "Skip Intial Screen"
Selected the check box for GUI status
Name of the Screenfield DATABROWSE-TABLENAME
value ZVHR_GRD_TARGET (i.e, view name)
But the transaction code is not executing.
So can any help me out in the requirement
Regards
Srinivas KodukulaAnchorage,
Please refer to the following link:
Read Only Schema in Oracle APPS 11i
http://oracle.anilpassi.com/read-only-schema-in-oracle-apps-11i.html
You may also search this forum as the same topic was discussed here many times before. -
Read only access for a Database!
Hi All,
I need to create a user for my database who can have readonly access to the database and can work as *"Read Only Apps".*
Senario:-* I want to give access to development team through TOAD/ SQL* but that user can not delete/update any thing from apps schema.
Thanks,
AnchorageAnchorage,
Please refer to the following link:
Read Only Schema in Oracle APPS 11i
http://oracle.anilpassi.com/read-only-schema-in-oracle-apps-11i.html
You may also search this forum as the same topic was discussed here many times before. -
Hi
I would like to create Read Only responsibility for administration purpose. As i have seen in this forum that, there are some read only resposibilities for AR, HR, AP etc. Like wise responsibility for administration purpose. I do not want to create new with new menu etc.
RegardsYou can set "HR: Query Only" Profile option to Yes at responsibility level for HRMS.
Another way is you can create a responsibility with a data group that is attached to a read only database user. You might find the folliowing link helpful in creating the readonly apps database user and responsiility
[http://oracle.anilpassi.com/read-only-schema-in-oracle-apps-11i-2.html] -
Why, when using Desktop Manager for Mac, are certain Apps deemed to be read-only after a back-up? And why is there no warning about the possibility of this before backing up?
I backed up to try to revert to an old system to find lost wordpad notes from when they were inexplicably wiped out when I updated to 5.0. When I came up empty handed and reverted to the current OS and restored, all my programs and notes etc. were gone.
Hard not to be cynical about the inefficiencies of backing up here.
Any suggestions on how to recover any shred of what I keep losing to the blackhole of blackberry updates and back-ups?Did you try this: http://oracle.anilpassi.com/read-only-schema-in-oracle-apps-11i-2.html
-
Read only access of a full schema ?
Hi all,
Can i create a role having read only access of a full schema ?
Thanks in advance.Can i create a role having read only access of a
full schema ?The point here is that there is not a single command to perform this task, so you will have to do it on a per object basis. If you want to give access to the complete schema then it is advisable to create a script to grant on each table and on each view from the source schema. By providing read only to the full schema, I understand you are referring not also to the tables but also to the views, sequences, and may be stored program units, so you will have to properly define the scope of this 'full schema'.
Once you have properly defined the scope and have granted, as suggested by means of a role, then you may want to create synonyms for each granted object, so you don't have to qualify it with the schema name prefix when the object is being accessed.
~ Madrid -
How to make schema read only ?
Hi,
database=10.2.0.3
o/s=windows
i want to make a schema read only when users connect to database they can view it update and insert must be restricted to all users how it can be done
example
There is XYZ schema in that I have around 200 roles assigned
anyone have idea pleas do updateclcarter wrote:
Or if the schema is all contained in one tablespace ...
alter tablespace <tblspc> read only;could do the trick ... ;)Of course, then NO user could do any updates . . .
Don't really know if that's what the OP wanted ... -
"Read Only" open other schema's package body even have write permission
Oracle SQL Developer 2.1 (2.1.0.63)
I can view and modify package under my schema, but when I open other schema's package body, it show "Read Only" in status bar and can't type in code editor.
I'm sure my connected user have write permission and it works fine in old sql developer version.
Is there some toggle for "read only" view or some issue for new release?Not very helpful for you at the moment, but according to EA 2.1. Can't edit another users store procedures. this has been bugged and will hopefully get fixed soon.
theFurryOne -
Granting Read Only Access to user in another schema
Oracle Database 10g
Red Hat Enterprise Linux Server release 5.3
We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
And some views are in INVALID status.
I tried to compile them using alter view owner.viewname compile;
But got this ---- Warning: View altered with compilation errors.
Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
Then I used the following
SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
It turns out some reference types are non existent.
Does that mean DBAs cannot do anything about this ?Nilton wrote:
We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
TABLES -> YES grant SELECT
VIEWS -> YES grant SELECT
SEQUENCE -> YES grant SELECT
INDEXES -> There is no read access for indexes...indexes are put on tables and a user who has read access on tables can read the index as well.
FUNCTIONS / PROCEDURES / PACKAGES -> I am not sure what you mean by read access on procedures, functions and packages. You may grant EXECUTE privilege on these.
TRIGGERS -> there is no read access on triggers required. They are implemented on tables for a DML event. If the user has DML access he has the execute access on the trigger as well.
JOBS -> I am not sure what to read from Jobs.
And some views are in INVALID status.
I tried to compile them using alter view owner.viewname compile;
But got this ---- Warning: View altered with compilation errors.
Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
Then I used the following
SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
It turns out some reference types are non existent.
Does that mean DBAs cannot do anything about this ?There are compilation errors in the Views. e.g. the view may be referring to a table which doesn't exist etc.
Unless you fix the error in the view you can't compile it and male it valid. Fix the view errors. If objects are non existing create them or refer to view to some where else.
If the nonexistent objects were mistakenly dropped, or the data file which contained those objects was dropped, no matter what was the reason for that object to be gone a DBA can bring it back if he is a well prepared DBA and has setup his database for such kind of disasters.
Now tell us why those objects are non-existent ? were they meant to be gone ? or they were dropped mistakenly?
Now here are my guesses:
If they were meant to be gone then probably the views definitions need to be adjusted not to refer them anymore.
If they were mistakenly dropped then:
Do you have them in recyclebin? (only tables) if YES just FLASHBACK TABLE <<tablename>> AS BEFORE DROP.
Is your database has Flashback database ON? if YES FLASHBACK DATABASE until 'time/scn just before the object was dropped'
Do you have backups and your database is running in ARCHIVE LOG mode? if YES perform an incomplete recovery using RMAN. -
Authorization scheme for display/read only conditions on item level
Hi All,
I have question. I want to use an authorization scheme to manage if users with a certain role have the permission to either update an item or have the persmission to only see the item or that they don't have permission to see it at all.
So, the input for the scheme would be: 1. user role 2. the current page 3. the current item.
The output would be: 0 (update) 1 (read only) 2 (not displayed).
I think I can manage that.
And I can attach this schema to the items.
So far so good.
But how can I make it so that the 0,1 and the 2 will actually do what they need to do?
I have been thinking about making a function like GET_AUTHORISATON(ROLE,PAGE,ITEM) output: 0,1,2 but I still can't figure out how to connect this with the functionality I want to achieve.
Can somebody give me a hint?
AndreThanks Hari,
Thanks, it works, almost, but what if items are mandatory on a page, but not always mandatory?
If a user has a certain role, some fields are manadatory, otherwise not.
Again, a function would do the trick as far as the input and output information
something like IS_MANDATORY(USER_ROLE, CURRENT_PAGE, CURRENT_ITEM) but how can I make it work?
I guess a PL/SQL validation like:
IF IS_MANDATORY(USER_ROLE, CURRENT_PAGE, CURRENT_ITEM) THEN ITEM IS NOT NULL
END IF;
Andre
PS: personally I think item level security is not something you wish to implement in your system. I prefer different screens for different roles.
Far more straightforeward. Easy for maintenance. When something disfunctions, it's far more easy to pinpoint the location of the cause.
Maybe you are looking for
-
Can someone fix this query for me? I have been at it for an hour and can't locate the rogue error ISNULL(CAST(CONVERT(DECIMAL(18,4)(COUNT(CASE WHEN soldStatus IN ('Yes', 'Pending') THEN saleTotal ELSE NULL END))) AS FLOAT)/NULLIF(CAST(CONVERT(DECIMA
-
Change Texts with EDIT_TEXT function module
Hi, somebody knows how to change an additional text in a sales order using the EDIT_TEXT function module ? Thxs Antonio. THANKS!!**** Hi guys, very thanks for your help!! They have been very useful and have solved my problem. thxs again, Antonio. Mes
-
NWDS DATA DICTIONARY TABLE ISSUE
Hi, I created a table in Data Dictionary. I created a new archive and deployed the SDA files successfully, but could cannot see the table in the Oracle Database. It says "Table or view does not exists". What could be the error? How can i see the tab
-
JSF + CeWolf + Java Studio Creator 2 (How to integrate)
New to JSF, JSP and Studio Creator Problem is how to do graphics in JSF using Studio Creator. The best solution I can find is to incorporate CeWolf or it's base, JFreeChart into JSF. I've seen some posts on this, but none under the context of Studio
-
Error 1402.Could not open key: UNKNOWN\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\3EDFA09D76E3A704CA8A0FABDA10F280. Verify that you have sufficient access to that key, or contact your support personnel. Action ended 16:43:44: InstallFinalize. Retu