Object Privilege
Dear All,
I'm having one problem in my database. I'm having two database one is testdb1 and another is proddb1 running in two different server. I've done the followings-
1. I've created a dblink from testdb1 to proddb1 database using two different schema (test1 to prod1).
2. Now through dblink test1 schema of testdb database can access all objects available in prod1 schema of proddb1 database.
Now I want to give object privileges on some selected objects of prod1 schema to test1 schema. How to do it?
Can any Guru provide me this solution?
Hi,
Come you said that you have created a DataBase link...asking to provide commands... !!
Any How..
Follow the Steps:-
1 > Create a Required User in Prod (assign the default tablespaces etc.,).
2 > Grant the Necessary Privilges
3 > Grant the Object Privilges as per your Requirements, as you said that you want to Restrict to some Objects only.
4 > Test it with that Create User Whether you can Access the Objects with Respective Privi's are working fine or not
5 > Then Create a DataBase Link From Test DB to Prod with that Created User.
Bingo.. !!
Now, Test the User Over DB Link... Any thing else Requried..
Now, I don't have DB on My System to show the Demo... :-(
Reference for Creating User and DB Links .. !!
http://www.dba-oracle.com/concepts/create_users.htm
http://download.oracle.com/docs/cd/B19306_01/server.102/b14231/ds_admin.htm#sthref4108
- Pavan Kumar N
Similar Messages
-
System and Object privileges question
hello everyone.
I was really making it a priority to really understand both system and object privileges for users. I have setup a couple of 'sandboxes' at home and have done lots of testing. So far, it has gone very well in helping me understand all the security involved with Oralce (which, IMHO, is flat out awesome!).
Anyway, a couple of quick questions.
As a normal user, what view can I use to see what permissions I have in general? what about permissions on other schemas?
I know I can do a:
select * from session_privs
which lists my session privileges.
What other views (are they views/data dictionary?) that I can use to see what I have? Since this is a normal user, they don't have access to any of the DBA_ views.
I'll start here for now, but being able to see everything this user has, would be fantastic.
Cheers,
TCGSorry. should have elaborated more.
In SQLPLUS, (logged in while logged into my Linux OS), I am working to try and get sqlplus to display the results of my query so it is easy to read. Right now, it just displays using the first 1/4 or 1/3 of the monitor screen to the left. Make sense? So it does not stretch the results out to utilize the full screen. it is hard to break down and read the results because they are "stacked" on top of each other.
Would be nice if I could adjust sqlplus so the results are easier to read.
HTH.
Jason -
Granting object privileges to remote users.
Hello,
Here's the situation:
I have 2 databases located on 2 different servers both running Win2k3. In the first database the main schema is M1 and it has to read objects on the another schema M2, located on the second database.
I created a database link on the first database, to point to the second database
create database link connect2M2db connect to M2 identified by M2 using 'connect2M2db'Now I would like to grant object privileges(insert,update,delete) to M1 on M2' objects. Can anyone tell me how to do that?
Thanks in advance.I didn't put the whole thing, (my bad) but your reply was helpful. As I said before, I have 2 dbs, on 2 differents servers. I created the dblink on the first server. I also created synonyms on the first server using the following syntax:
"create or replace synonym syn_name for user2.table" which from the link you provided me, is wrong as I didn't append the dblink name.
After that, I would like to grant object privileges to user1, by executing the command from server2. For doing that, is the following syntax correct: "grant select on table_name to user1". My issue is that user1 does not exist on server2. Should I rather use the following: "grant select on table_name@dblink to user1"? -
How to view object privileges of a user in Oracle10g?
I try to view the object privileges of a user through the table user_object_privs but it didn't work. I didn't get the correct name of the table or there were some problem with my Oracle. Please help me. Thanks a lot.
Thanks, that link helped me out. I was looking for this:
SELECT OWNER, TABLE_NAME, GRANTEE, PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='<put name here>'; -
Roles/System privileges/Object privileges
Oracle 10g. we created a role and assigned this role to the user. We also assigned some system privileges and Object privileges directly to the same user. Now the company's new policy is that the user's permissions have to be assigned only via role. system privileges and Object privileges cannot be assigned directly to the user. So I have to alter the role. The steps are:
1. grant system privileges and Object privileges to role. (this will be executed as a script)
These privileges were directly assigned to the user.
2. revoke all privileges which were directly assigned to the user.
Do I miss anything?
Please advise.
Thanks
S.Object privileges cannot be assigned directly to the user.Privileges acquired via ROLE do not apply within PL/SQL procedures.
You may face some coding challenges in the future due to this policy. -
Alter Object Privilege onm Oracle 9i
Is there a command that I can run that will update all Object Privilege's to SELECT for a role
At the moment this role has
GRANT EXECUTE ON .ACTIVE_SALES_PART_API TO SALES_ENQ
GRANT EXECUTE ON .BASE_PART_CHARACTERISTIC_API TO SALES_ENQ
GRANT EXECUTE ON .CHARACTERISTIC_API TO SALES_ENQ
GRANT EXECUTE ON .CHARACTERISTIC_TEMPLATE_API TO SALES_ENQ
GRANT EXECUTE ON .COMPANY_FINANCE_API TO SALES_ENQ
GRANT EXECUTE ON .CONFIG_CHARACTERISTIC_API TO SALES_ENQ
GRANT EXECUTE ON .CONFIG_OPTION_VALUE_API TO SALES_ENQ
GRANT EXECUTE ON .CONFIG_PART_SPEC_REV_API TO SALES_ENQ
GRANT EXECUTE ON .CUSTOMER_AGREEMENT_API TO SALES_ENQ
GRANT EXECUTE ON .CUSTOMER_INFO_ADDRESS_API TO SALES_ENQ
GRANT EXECUTE ON .CUSTOMER_INFO_API TO SALES_ENQ
GRANT EXECUTE ON .CUSTOMER_INFO_MSG_SETUP_API TO SALES_ENQ
GRANT EXECUTE ON .CUSTOMER_ORDER_PRICING_API TO SALES_ENQ
GRANT EXECUTE ON .CUST_ORD_CUSTOMER_API TO SALES_ENQ
GRANT EXECUTE ON .CUST_ORD_PRINT_CONTROL_API TO SALES_ENQ
GRANT EXECUTE ON .DOCUMENT_TEXT_API TO SALES_ENQ
GRANT EXECUTE ON .INVENTORY_PART_API TO SALES_ENQ
GRANT EXECUTE ON .INVENTORY_PART_PLANNING_API TO SALES_ENQ
GRANT EXECUTE ON .INVOICE_PROPERTY_CODE_API TO SALES_ENQ
GRANT EXECUTE ON .ISO_COUNTRY_API TO SALES_ENQ
GRANT EXECUTE ON .ISO_CURRENCY_API TO SALES_ENQ
Message was edited by:
HoLy_PiLgRiMI like the use of dynamic sql in sqlplus for example
select 'grant select on'||TABLE_NAME||' to SALES_ENQ;' from user_tables;
This type of thing generates output that can then be run or spooled and run.
If you spool you need to set head off set feedback off set echo of set linesize (longer than select output....) set pagesize 0.....
Hope this helps. -
Catalog object privilege validation failed for user.
Hi,
I'm getting following error after adding the HTML tags in dashboard 11g.
How to set the privileges?..Kindly let me know.Thank you.
Error Massage:
Catalog object privilege validation failed for user to path /users/User1/_portal/page 1.
You do not currently have sufficient privileges to save a report or dashboard page that contains HTML markup. Dashboard contains custom HTML tags as part of static text.Hi User,
Go to Settings -> Administrators -> Manage Privileges -> 'Answers'
Here you can view - "Save Content with HTML Markup" next to it you will see 'Presentation Server Administrators'
Click it and Change for 'Everyone'
And, Save changes. Restart BI Services now you can add the contents and it will not popup any error messages.
Thank you.
Award Points and Close the Post as Answered to help others with same issue :) -
Export object privileges to another user
dear,
i want to export thr object privilege to another user on oracle 10g. how can do it? i try to export the user/scheam than immport to another user but still no work..
RegardsI guess he want user B to have same object privileges as user A
If this is the case, it depends on what object privileges user A has.
You can find that out from user_tab_privs after logon as user A.
If the GRANTABLE = 'NO' you have to logon as each schema holder to grant the privs. -
I have this question about schema based export/import. 10.2.0.4 db.
With old export/import utility if I
-- export user A
-- export user B
-- import user A in another db. Since user B does not exist I correctly get some errors for object privileges user B has on objects owned by user A
-- import user B. Those privileges are now imported. Old import utility imports object privs that user B owns on user A's objects
With expdp/impdp utility if I
-- export user A
-- export user B
-- import user A in another db. Since user B does not exist I correctly get some errors for object privileges user B has on objects owned by user A
-- import user B. Those object privileges are NOT imported. Impdp does not import object privs that user B owns on user A's objects.
Is there anything I am missing???
Thanks in advanceHi Alle,
if i have understood your question correctly then you want to import the grants of user A to user B.
it is possible only if you have the EXP_FULL_DATABASE or IMP_FULL_DATABASE role is attached to your profile.
If you have no EXP_FULL_DATABASE role, you can only export your own schema. If you have EXP_FULL_DATABASE role, you can export several schemas in one go. Optionally, you can include the system privilege grants as well.
Thanks. -
I am running version 3.0.6.6.5 on Solaris 2.6 and using Netscape Navigator 4.51.
On the Grant Object Privileges Page for a database object, the "Add to List" button is in an odd spot (crosses over a border) and does not work unless you click it on the left 1/3 of the button. This is not a problem when using IE 5.
Is this a known bug?
Fran Bailey
EDS - Meredith Accounti logged in as User1 and wrote:
desc dbms_lock
and nothing happened, then i disconnected and connected to db1 as User1 and retry and it was all the same (didn't assign the privilege). then i shut down sql plus and started it again as sys and when ran EXECUTE ON DBMS_LOCK the message is shown:
SP2-0103: Nothing in SQL buffer to run
then i logged in as User1 and repeat the EXECUTE ON DBMS_LOCK command, the same error message is thrown. same happened when tried with desc dbms_lock.
am i doing something wrong or what? -
Data Modeler - Importing Object Privileges
Is there a way to import object privileges to DM (from database or Oracle Designer) or do I just have to add them manually to the model?
It should be possible to import them from database but I see it doesn't work - I created bug for that. You can define them in physical model - be aware that these privileges are generated after create statement for object.
No problems with import of system privileges.
Philip -
Comparing the object privileges
hi,
i have used export and import across different databases using fromuser and touser clause. i can see 50 object privileges are missing after import. could not find the correct using the log file.
by firing the below query i am getting lot of results like more then 500 rows..
select grantee,privilege,owner,table_name from dba_tab_privs where grantee ='SCHEMANAME';
is there any way i can find the missing object privileges?user13051945 wrote:
i can see 50 object privileges are missing after import
is there any way i can find the missing object privileges?
Aren't you contradicting yourself here?
Why, if you can see 50 are missing, can you not find them?
How do you see it? -
Hi, the oracle documentation says:
A user automatically has all object privileges for schema objects contained in his or her schema. A user can grant any object privilege on any schema object he or she owns to any other user or role. A user with the GRANT ANY OBJECT PRIVILEGE can grant or revoke any specified object privilege to another user with or without the GRANT OPTION of the GRANT statement. Otherwise, the grantee can use the privilege, but cannot grant it to other users.
For example, assume user SCOTT has a table named t2:
SQL>GRANT grant any object privilege TO U1;
SQL> connect u1/u1
Connected.
SQL> GRANT select on scott.t2 \TO U2;
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
WHERE TABLE_NAME = 'employees';
GRANTEE OWNER GRANTOR PRIVILEGE GRA
U2 SCOTT SCOTT SELECT NONow this confuses me. Surely it is U1 who is the grantor, and not Scott, no??Oracleguy,
I do got your point but I guess the right reason for this would be this only that even though the user U1 didn't have the privilege and could grant it only because of Grant Any Object priv, he is not shown as the grantor but Scott does!
[oracle@edhdr1p0-prod sqlplus]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Thu Feb 18 09:19:39 2010
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> create user u1 identified by u1;
User created.
SQL> grant create session, create table to u1;
Grant succeeded.
SQL> conn u1/u1
Connected.
SQL> select * from tab;
no rows selected
SQL> conn scott/tiger
Connected.
SQL> create table t2( a number);
Table created.
SQL> conn / as sysdba
Connected.
SQL> grant grant any object privilege to u1;
Grant succeeded.
SQL> conn u1/u1
Connected.
SQL> select * from scott.t2
2 ;
select * from scott.t2
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> grant select on scott.t2 to system;
Grant succeeded.
SQL> conn / as sysdba
Connected.
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
WHERE TABLE_NAME = 'T2';
WHERE TABLE_N 'T2'
ERROR at line 2:
ORA-00920: invalid relational operator
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
2 where table_name='T2';
GRANTEE OWNER
GRANTOR PRIVILEGE GRA
SYSTEM SCOTT
SCOTT SELECT NO
SQL>
Now, when I explicitly give the priv to U1 and than he grants it, he is shown as the Grantee
Sorry, I didn't realize that its still Scott only which is shown at both the places.
USER is "SYS"
SQL> grant select on scott.t2 to U1;
Grant succeeded.
SQL> conn u1/u1
Connected.
SQL> grant select on scott.t2 to system;
Grant succeeded.
SQL> conn / as sysdba
Connected.
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
WHERE TABLE_NAME = 'T2'; 2
GRANTEE OWNER
GRANTOR PRIVILEGE GRA
SYSTEM SCOTT
SCOTT SELECT NO
U1 SCOTT
SCOTT SELECT NO
SQL> Update:
Oracleguy,
This is what I found about this priv from docs,
http://download.oracle.com/docs/cd/E11882_01/server.112/e10592/statements_9013.htm#i2077938
GRANT ANY OBJECT PRIVILEGE
Grant any object privilege that the object owner is permitted to grant.So I guess this should explain what is being shown in the view. Since the owner is Scott who is permitted to grant the privilege , its his name which is shown here since its his privilege which is passed to the second user. Does that sounds like a reasonable explanation?
HTH
Aman....
Edited by: Aman.... on Feb 18, 2010 9:36 AM
Edited by: Aman.... on Feb 18, 2010 11:55 AM added update -
Which view I can query to get the granted objects privilege to a user?
Hi all,
which view I can query to get the granted objects privilege to a user?
for example:
grant execute on accounting.get_name to scott;
Which view has above object granted information?
ThanksSQL> select * FROM all_tab_privs where grantor = upper('accounting');
no rows selected -
System Privileges, Object Privileges and Roles in Oracle 10g r2
Hello,
I am looking for a comprehensive details about each and every role, privileges(both object and system) that are available in standard Oracle EE 10g r2.
I have visited administrator reference manual and other documents from docs.oracle.com but could not fine this information.
Can anyone redirect me to an appropriate URL or documentation that details whats and hows of each and every roles and privileges?
Thanks,
RRich V wrote:
Hello,
I am looking for a comprehensive details about each and every role, privileges(both object and system) that are available in standard Oracle EE 10g r2.
I have visited administrator reference manual and other documents from docs.oracle.com but could not fine this information.
Can anyone redirect me to an appropriate URL or documentation that details whats and hows of each and every roles and privileges?
Thanks,
RHi, you can use dba_role_privs,role_sys_privs views,for more information see
http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/admusers.htm
http://www.cuddletech.com/articles/oracle/node36.html
Maybe you are looking for
-
Error While Importing Profit Center in DTW
Hello Expert. I am trying to Import Profit Center In SAP B1 8.8.1 PL04, but i got the Following Error In EffectiveFrom Column. Error is - > CServiceData::Set Property value DateString failed ; Invalid Date Format in property "EffectiveFrom" of profit
-
Adding and configuring a second hard drive in a Power Mac G4
I am using a Power Mac G4 with the original 20GB hard drive and running OS 9.2.2. I would like to upgrade to 10.4 (Tiger) installing it on a 80 GB Seagate Ultra/ATA 100 which I need to install as a second hard drive. This is where my problem arises.
-
I am having trouble connecting the playbook to a TV using HDMI. Any help to resolve this issue will be greatly appreciated. Solved! Go to Solution.
-
Safari "Top Sites" and Belkin wireless router
Have been experiencing a problem with Safari / Belkin router for the past 3 days. I have noticed it occurs most often when using the "top sites" function of Safari. It seems that whenever I use top sites it causes a disconnect between my macbook and
-
Hello! I want to start implementing this in my projects. If anyone here has some starting tips/articles/tutorials/advice, it would really help. Thank you!