Need grant execute on dbms_rls for VPD
Hi,
I need grant execute on dbms_rls to setup "Virtual Private Database".
How do I go about getting it?
Thank you, Bill
[email protected]
Hi Scott and All,
I got the DBA to grant execute to the workspace userid BHRS and run the 2 policies I have for the VPD as BHRS.
begin
dbms_rls.add_policy (
object_schema => 'BHRS',
object_name => 'MR_REQUEST',
policy_name => 'USER_SU_POLICY',
function_schema => 'BHRS',
policy_function => 'GET_SU_USER_ID',
statement_types => 'SELECT, UPDATE',
update_check => TRUE
end;
But, when I went to select * from MR_REQUEST
I got ORA-28112: failed to execute policy function
So I reduced my function down to returning null
create or replace function GET_SU_USER_ID
return varchar2
as
l_retstr varchar2(2000);
l_count integer:=0;
begin
l_retstr := null;
return l_retstr;
end;
Researched a bit and found could look in the USER_DUMP file but the DBA here says the DB doesn't have one because we use the XDB ???
How can I check the policy errors or debug this problem?
Thanks Bill
Similar Messages
-
Need to execute Dynamic query for the report
I was wondering if we can have the option of choosing at runtime from the report builder parameter so that if the end-user selects 'Yes' then the report will run one specific query and if he chooses 'No' then another particular query is invoked. What I mean to say that by choosing between Yes and No at runtime one should have the option of returning query results based on the same table but having different columns selected via the SELECT statement
means we have two querires on our report & upon the chosen parameter we should execute only one of them ... wht should i do to apply tht ???As the previous post noted lexicals are a terrific way to accomplish dynamic queries in Oracle reports.
Another way you could accomplish this would be to use a UNION, whereas the first select in the UNION represents one user option, then second query represents the second option.
For example:
SELECT customer_name name, customer_address address
FROM customer_table
WHERE :p_choice = 'Customer Info'
UNION
SELECT employee_name name, employee_address address
FROM employee_table
WHERE :p_choice = 'Employee Info'If when running the report, the user chooses 'Customer Info' the first query would return results, if the user chose 'Employee Info' then just information from the second query would return information.
So there are different ways to accomplish what you are looking for, you just need to find which is going to work best for you.
Hope this helps! -
How to execute Result analysis for a Single order?
HI,
I need to execute Result analysis for a single process order. But i found cumulative RA. Can any one provide the Individual Result analysis execution T.code?
Thanks
KBHi,
Use "KKAX"-->individual WIP calculation
"KKAO"-->Collect WIP calculation
Thanks,
Rau -
Grant execute permission to stord proc for user setup on inital DB server creation
When I setup my SQL Azure DB it asked for me to create a login, which I did. Now I need to give that users execute permission on some stored proc but when I run
GRANT EXECUTE ON ELMAH_GetErrorsXml TO MyUser;
I get the error
Cannot find the user 'MyUser', because it does not exist or you do not have permission.
If I look under Security -> Users I do not see my user listed I only see dbo, quest, INFORMATION_SCHEMA, and sys.Hi,
Please refer these links for more details.
http://azure.microsoft.com/en-us/documentation/articles/sql-database-get-started/
http://msdn.microsoft.com/en-us/library/ms187965.aspx
http://msdn.microsoft.com/en-us/library/ms173463%28v=SQL.100%29.aspx
Girish Prajwal -
Unable to Grant execute permissoin for all Stored Procedures.
Hi,
We have a DB called ABC, which has two schema of it ABC_DEV and ABCR1.
there are 2 login users (userdev for ABC_DEV) and (userR1 for ABCR1).
I careated a package and some stored procedure with userR1 for schema ABCR1.
Now I want these package and stored procedures to be available for execution for userdev.
How to do this usegin Oracle SQL Developer.
Thanks in AdvanceConnect as ABCR1, or any other user that has GRANT EXECUTE privilege with the ADMIN option on the objects in the schema and select the object in the connections tab and right-click on it, select grant and then select the appropriate user and privilege.
Chris -
i am using the following description to create a web service reference:
web reference :REST
Name :Yahoo Map
URL :http://local.yahooapis.com/MapsService/V1/mapImage
HTTP Method: GET
Basic Authentication: No
Add Parameter:
Name Type
appid String
location String
Output Format: XML
XPath to Output Parameters : /Result
Output Parameter:
Name Path Type
Url /text() String
Then i tried to create form and report on webservice:
Web Service Reference Type: Yahoo Map
Operation: doREST
All the fields i keep as default
I tick the checkbox (url)in report Parameter
After clicking next whereever required i click create button
I get the following error
ORA-20001: Unable to create form on table. ORA-02263: need to specify the datatype for this column.
Please someone help to solve this as i need to fix it urgently.i exported the application from apex.oracle.com and imported it to our environment
import went fine, but when I ran the IR page I got
ORA-20001: get_dbms_sql_cursor error ORA-00904: : invalid identifier
evidently the problem is a lack of public execute on DBMS_LOB, which is used in the generated IR source.
while waiting for the DBA to grant privs on DBMS_LOB, changing the dbms_lob.getlength call to length() fixes the IR.
however, i am not getting the download link on the associated form page... changed templates, that's not the issue -- we'll see if that's a dbms_lob issue as well -
Grant execute on DBMS_CRYPTO package (11R1)
I figured out I needed to grant my user access to this SYS package using:
SQL> grant execute on DBMS_CRYPTO to lob_demo;
Grant succeeded.
yet after doing this, I still get this error:
SQL> select DBMS_CRYPTO.HASH(bytes, DBMS_CRYPTO.HASH_SH1) from blobslicer where id=1;
select DBMS_CRYPTO.HASH(bytes, DBMS_CRYPTO.HASH_SH1) from blobslicer where id=1
ERROR at line 1:
ORA-06553: PLS-221: 'HASH_SH1' is not a procedure or is undefined
Yet if I use the numeric constant for DBMS_CRYPTO.HASH_SH1 (3), it works:
SQL> select DBMS_CRYPTO.HASH(bytes, 3) from blobslicer where id=1;
F5A7338EFFEB15A49AFC9545393EF685BB51F931
So what am I missing that prevents me from having access to a constant in the package when I can successfully use one of the function of that same package?
Thanks, --DDMaybe, that makes a little bit clearer the difference
between usage of package constants in sql and pl sql...That's what I suspected, thank you for hammering the point home Maxim.
The taken away for me is that package constants are not available to SQL code, only to PL/SQL code. (irrelevant of their type most likely).
I actually tried to grant my user SELECT privileges on the package, because accessing a constant from a package is more akin to SELECT than EXECUTE, but of course one cannot do that.
Thank you both again for the help. --DD -
Error granting EXECUTE on DBMS_JAVA:-4042:ORA-04042: procedure, function,
Hi .
I 'm experiencingn the following problem when granting acess to the sys user can any one help please in this issue.I 'm using an oracle 10 g on a solaris system.
Granting EXECUTE on DBMS_JAVA to SYSTEM WITH GRANT OPTION
Error granting EXECUTE on DBMS_JAVA:-4042:ORA-04042: procedure, function,
Thanks.You need to execute this with user "sys"
see my test please:
oracle@myserver:~> sqlplus "/ as sysdba"
SQL*Plus: Release 11.2.0.1.0 Production on Tue Aug 17 13:24:28 2010
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
sys@MYSID> grant EXECUTE on DBMS_JAVA to SYSTEM WITH GRANT OPTION;
Grant succeeded.
sys@MYSID>as I check ORA-04042: procedure, function, package, or package body does not exist
I can see that you issue is that you don't have Oracle JVM option installed in your database.
start database configuration assistant (dbca) choose configure database options operations select your DB SID and install Oracle JVM for your database (find it under Standard database components button)
HTH, Regards -
Grant execute on stored procedure
I'm trying to allow the "help desk" people to connect via a special database account and execute a procedure to reset or unlock a users's password or account. I've created two stored procedures as user1 and have granted EXECUTE on user1.unlockaccount. Within the procedure I have an IF statement that basically says if the username is IN the following ('SYS','SYSTEM', ect.) then dbms_output.put_line ('not_allowed'). The ELSE is 'execute immediate 'alter user '||pUserName||' identified by '||pPassWord||' account unlock';
Then an exception when others statement to output the 'error: '||sqlerrm
The procedure compiles fine and I can execute it without error as 'user1' but when I GRANT EXECUTE ON USER1.UNLOCKACCOUNT TO USER2 and try to 'execute user1.unlockaccout ('username'); I get insufficient privileges.
I've also switched to SYS and "GRANT EXECUTE ON USER1.UNLOCKACCOUNT TO USER2;" but I still get the same insufficient privs error. If I don't 'set serveroutput on;' I don't see the error message, but it still fails.
Actually, one correction. I'm getting insufficient privs as user1 as well. user1 can unlock a user's account and reset a password outside of the procedure but I'm getting insufficient privs when executing the procedure.
Edited by: wolfeet on Jun 8, 2011 8:49 PMHi,
wolfeet wrote:
Granting ALTER USER directly to the user defeats the whole purpose. I want to allow this user to reset user passwords and unlock user passwords but I don't want the user to be able to reset passwords for dba accounts, sys, system, yada yada. I was hoping I could do this via GRANT EXECUTE on a stored procedure.Solomon said to grant ALTER USER directly to user1, the owner of the procedure, who already has this privilege via a role.
User2, who will run the procedure, needs only EXECUTE privileges on the procedures. User2 will not need the ALTER USER privilege. -
Grant Execute on package Specification
How to give grant to package specification to another user?
The package has only specification and no package body
in package specification i have defined some constants variables which i need to access from another user?
Current if i give grant execute from the other user it is shwoing up only blank body......Works for me...
As test_user...
SQL> create or replace package test_vars is
2 g_number number := 100;
3 end;
4 /
Package created.
SQL> grant execute on test_vars to scott;
Grant succeeded.As scott...
SQL> create synonym test_vars for test_user.test_vars;
Synonym created.
SQL> set serverout on
SQL> begin
2 dbms_output.put_line(test_vars.g_number);
3 end;
4 /
100
PL/SQL procedure successfully completed.
SQL> -
Grant execute to all procedure to a user / public
hey!
simple question:
how can i gran execute on all the procedures belong to a given user - for another user (or to public)?
should i use a roll or can i do it without it?
thanks
yairI'm thinking that I read in 11G there was a new utility that allows you to grant all from one schema to another, but why in the world would anyone want to do that? (okay... no answer required on that one)
Sounds like you might have to write some dynamic SQL.
For tables and views, you will need to grant all on the object to the other schema.
For packages and procedures, you can grant execute to them.
Or, another option would be (arg... I hate to suggest this), grant a select any table, delete any table, insert any table, execute any procedure, etc... to the user.
This is really bad, and I don't recommend this, only noting that it is an option. If this is just for some kind of temporary purpose (e.g., testing), then this might be acceptable, however, revoke these privileges immediately.
The better option is to write dynamic SQL and grant directly to the other schema owner. You may run into problems with views and procedures if you use a role which is why I would recommend granting directly to the user. I've also run into problems with GLOBAL_LEXARs and things related to Oracle text when granting via roles.
But now, I have to still wonder why you would not just grant the necessary privileges that the other schema needs rather than granting everything?
Ji Li -
Need Oracle 12c whitepaper recommendation for upgrade assessment
Hi: Good morning!
This is not an urgent request, but appreciate your recommendation! I need documents about Oracle 12c (our os is IBM AIX power system, 6.1, 64 bit), because we are planning upgrade current oracle database 11.2.0.4 to 12c, we need a thorough assessment to 12c since 12c introduced many innovative, new features, major component changes, as well as impact to java application. The document I have so far is-
1. database upgrade guide
http://docs.oracle.com/database/121/UPGRD/preup.htm#UPGRD002
2. Deprecated API (oracle database JDBC Java API Reference)
https://docs.oracle.com/database/121/JAJDB/deprecated-list.html
3. Tom Kytes Top 12 new features for Oracle 12c (from web).
There are many things to look for. I want to know the major things I should focus in new features & impact to java application.
what document can provide me the info!
thank you very much in advance!Hi all:
Can anyone gives me advice after upgrade from 11.2.0.4 database to 12c database, which 'core-DB new features' impact to Java application more, and that we should focus on assessment?
There are too many new & innovative features introduced in 12c. Should I convert our single instance database (on non-cluster server) to 'CDB/PDB' during upgrade? Is it a 'Must-to-do' or not? We have a physical standby DB, how to do with the standby?
Oracle Documents I reviewed are: 'Oracle 12c database document', 'Oracle 12c Java Developer's Guide'. I recommend this to our developers based on 'Oracle 12c Java Developer's Guide':
Oracle JVM ( JDK6, JDK7 support in 12)
[note:need to check jvm components for application: library manager, compiler, interpreter, class loader, server-side JDBC internal driver, server-side SQLJ, translator, system classes; Java stored procedure, SQLJ, JDBC, etc]
2. Oracle Memory Space management ( garbage collection)
3. Multithreading
4. Footprinting
5. Dynamic class loading
6. JNDI class support
7. Auditing for Java ( alert/execute/audit/grant is enabled in auditing)
8. Support for logging
9. Support for customizing default java.security resource
10. Improved for debugging
However, I may lost myself in core-DB new features for:
1. advanced analytics features
2. OLAP features
3. Partitioning enhance
4. Performance for zero effort
5. Compression and Archiving features (depends on application tables design)
6. Database Overall
- Integrate With Operating System Processor Groups
- Oracle Data Pump Support
- Multitenant Architecture (Not sure)
- PDBs Backup and Recovery (Not sure)
- PDBs Point-in-Time Recovery (Not sure)
- PDBs Resource Plans (Not sure)
- Utilities
7. High Availability
- Application Continuity
- Transaction Guard
- Logical Replication
- Global Data Services
- Online Operations
- Oracle Data Guard Enhancements (Depends on our standby design)
8. Manageability
- PGA Size Limit
- Resource Manager Runaway Query Management
- Spot ADDM
9. General
- DBMS_QOPATCH
10. Performance
11. Security enhance
12. Improve Security Manageability, Administration and Integration
- Database vault
Is my above suggestion (text in red-color) correct?
Thank you very much! -
Execute any procedure for developers
Hello,
our developers want the privilege "execute any procedure" because the self-programmed application needs execute on unknown procedures. (Oracle 10.2) It's the application-administrator-user on which the development has full access.
On AskTom I read, that "execute any procedure" is extremely powerful an should not be granted to normal users.
I would like to know, if this is only not recommended for O7_DICTIONARY_ACCESSIBILITY=true or under any circumstances.
Any ideas how we can find out, which procedures are used by this user? Or on the other hand, which are the risky elements from "execute any procedure"?
Any arguments against giving this privilege are welcome, I have to give a statement on this.
Thanks,
M.HannibalOk. I just browsed through Asktom for this issue and it is true that there are NO risks highlighted over there after granting "EXECUTE ANY PROCEDURE" to a user.
Though, I would like to put forth following points.
1. Some of procedures/functions in SYS as not supposed to be used by the normal database users (results can be unpredictable)
2. Upon grant of this privilege, the user can execute procedure of any schema in the database. This can be problematic if an user of PAYROLL schema starts executing procedures of FINANCE schema and change all accounts (kind of) related information.
In your situation, you can handle this by creating a DDL trigger in the schema where the procedure will be created. Via trigger, grant execute on this procedure to the user under which the application is going to run.
Thus you will have control over the procedure execution and you can easily track down the problem if somehting goes wrong (as will then you know who all can execute a particular procedure). -
I'm running into a problem when granting calc access to users via maxl. I am specifying a calc script the user should be able to run but when I look at their user settings after I run my script, they have access to all calc, not just the one I specified in the script. I tried inserting a line to take away all their access first, but that did not resolve the issue. My script looks like this: grant no_access on database FORM_MS.Msalar to G_MS_DEV;grant execute FORM_MS.Msalar.'XLNORBUD' to G_MS_DEV;Thanks for your comments
I had this same problem and it drove me nuts. I actually found the solution posted in this forum (I want to give credit where it is due). The solution was posted by poguer on 8/13/03 under a posting titled "Problems with MaxL "Grant Execute" Code.In his post he explains that the solution does not have to do with 'grant no_access' (a solution I attempted as well). What you need to do is first grant the user access to the default calculation, and then grant them access to the specific calculation.For Example:grant execute default on database Sample.Basic to testman;grant execute Sample.Basic.rollup to testman;(rollup = your calc script, testman = your user)I know this might seem dumb, but it works!By granting rights to the default calc first, it appears that is the only way to remove access to 'calc all'. Your follow up command then takes away the access to the default calc and grants them access to the specific calc you want, in this case 'rollup'.Thanks to poguer for figuring this one out.....
-
Grant execute via role has odd limitations
Hi,
I have execute grants (with admin option) on a pl/sql package via a role. When I try to compile a pl/sql procedure that uses functions/procedures from that package, I get error
PLS-00201: identifier '<packagename>' must be declared
So the only workaround I see is to grant the execute rights (with grant option) straight to my userid, instead of via a role. That seems very odd.
Can someone tell me the subtle thoughts behind this??
Regards, Paul.- Definer's rights stored procedures (the default) cannot see privileges granted to a role. Invoker's rights stored procedures, however, can access privileges granted to roles. I don't expect this to help you much in general-- using all invoker's rights stored procedures probably increases your grant management issues-- but it may be an option for some.
- Among the problems with allowing a definer's rights stored procedure to access privileges granted through a role is that roles can be enabled and disabled at runtime for a particular session and can be password protected. If your session enables a password protected role that has access to procedure A in one session, and you create a procedure B that calls A, Oracle would have no way of knowing whether some other session created with the same user account some time later still remembered the password. You'd have similar problems with non-default roles (or roles that were made non-default) for the owner of a procedure.
Since there are relatively few schemas in a system that will own procedures and relatively many user accounts that need to execute those procedures, it also makes sense to require DBAs to grant privileges to application user accounts directly since that has the side effect of preventing normal users that can execute a stored procedure from creating (and relying) on stored procedures or views inadvertently. If you've ever come across a system where some random user accidentally had a view promoted in their schema rather than in a shared schema that some critical report relies on (ideally if you see this the day after that random user resigns and the security folks drop his schema) you'd appreciate the rule that normal user grants should be via roles while application user grants should be direct.
Justin
Maybe you are looking for
-
LINKS WONT REFRESH AUTOMATICALLY
I have Microsoft Office 2010 Home and Student. I have cells from one page linked to another page within the same workbook. When the data changes from the source cell it does not reflect a change in the destination cell unless I double click the desti
-
Adobe Photoshop Elements 9.0.3 Update
Since purchasing the suite, I have never been able to download the updates successfully. I receive the notifications and it goes through the process of installing, then I get the error message that the patch failed to install and to contact support.
-
Chkdsk run every time I startup Windows Vista under Bootcamp in 10.6
I have Windows Vista 32 bits installed on bootcamp partition and it work fine in 10.5. Now I have upgrade my MBP (early 2008) to Snow Leopard, and upgrade WIndows Bootcamp drivers to version 3.0 from Snow Leopard DVD. Both installation were completed
-
Where ID = ?... how can i get the ID?!
i have this method used to update my contacts: public void updateContact(ContactPanel updatePanel){ try{ preparedStatement = connection.prepareStatement("update " + updatePanel.getName().toUpperCase().charAt(0) + " set NAME = ?, N
-
I mean its rediculous that it will delete my apps etc but is it TRULY going to delete my contacts and email accounts? Do i have to start from scratch?