Revoke SELECT ANY DICTIONARY from FLOWS schema

Similar Messages

• Unable to revoke "select any table" system priv

  I created a new user and unable to revoke select any table permissions. It appears that any new oracle user i create has the select any table permissions. I want to only alow this new user to select from 5 tables and not others. It seems as though there is a global setting on the database to allow select from any table. I can't change that if thats the case but i would like to create this restricted user.
  How can I modify permissions on my new oracle user to not allow select any table?
  Any help would be appreciated

  My thanks again to all that took the time to post!
  I ran those statements and the select that Aman had posted. The output surprised me and probably will lead to identifying the problem.
  As you can see below the SELECT ANY TABLE privilege is under the sessioni_privs. however im also confused why the "revoke select any table from ITEAMS;" didnt work. here is the output from the suggestions in your posts.
  SQL> connect iteams
  Enter password:
  Connected.
  SQL> show user
  USER is "ITEAMS"
  SQL> select * from dba_sys_privs where grantee = 'ITEAMS';
  GRANTEE PRIVILEGE ADM
  ITEAMS CREATE SESSION NO
  SQL> select * from session_privs;
  PRIVILEGE
  CREATE SESSION
  UNLIMITED TABLESPACE
  SELECT ANY TABLE
  SQL> connect sys as sysdba
  Enter password:
  Connected.
  SQL> show user
  USER is "SYS"
  SQL> revoke select any table from ITEAMS;
  revoke select any table from ITEAMS
  ERROR at line 1:
  ORA-01952: system privileges not granted to 'ITEAMS'
  SQL> select * from user_tab_privs_made where grantee='ITEAMS';
  no rows selected
  So if the SELECT ANY TABLE is within the session_privs as seen above. How can i reovke that priv?

• HR Form do not select any data from specific Period

  Hi All
  I am facing issues on the HR FORMS for Brazil related to the Remunaration Statement
  When I try to select any employee from a specific period (before April 2012), the system does not select any data.
  From April 2012 until the current period and I could select the data and print the Form
  I do not believe that is related to the Master data from the Employee, since it is always related to the same period, I guess it is on the HR Form configuration, retricting the period anywhere, but I could not find it
  do you know any idea on how to fix it ?
  Regards

  Hi Steve,
  In SQL Server Analysis Services, we can hide or disable hierarchy level by using
  AttributeHierarchyEnabled property, however, when this property is set to false, this level will not appear no matter if contain data or not. In your scenario, you want to hide the hierarchy level dynamically, right? As Aleksandr
  said, I am afraid there is no such a method to achieve it.
  If you have any concern about this behavior, you can submit a feedback at
  http://connect.microsoft.com/SQLServer/Feedback and hope it is resolved in the next release of service pack or product. Your feedback enables Microsoft to make software and services the best that they can be, Microsoft might consider to add this feature
  in the following release after official confirmation.
  Regards,
  Charlie Liao
  If you have any feedback on our support, please click
  here.
  Charlie Liao
  TechNet Community Support

• Select any dictionary privelege required to connect as system

  Hi All,
  I am trying to connect to my 10g database with 9i OEM and i am facing strange error that "Select any dictionary privelege required"
  I am able to connect as sys while i given the privilege still same error comes...
  Another strange problem is I am not able to see my tempfiles in OEM while i am connected to 10g database with sys.
  Thanks in Advance..
  Anuj

  Only way i can see it working is grant sysdba to your user and connect it. I have heard abut this before also. There are some compatibility issues with 9i OEM and 10g db.
  Regarding tempfile do have tempfile in place. Chk dba_temp_files.
  Regards,
  http://askyogesh.com

• Mapping the xsd:any tag from one schema to other in BPEL

  I am using soa suite 11g
  I have 2 schemas with <xsd:any> tag
  at run time the xml based on one xsd can have tags as below in place of xsd:any tag
  <*number* xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" attributeId="1001" readOnly="False">P00001</number>
  <*description* xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" attributeId="1002" readOnly="False">Test Part created for Mapping</description>
  <*itemType* xsi:type="common:AgileListEntryType" xmlns:common="http://xmlns.oracle.com/AgileObjects/Core/Common/V1" attributeId="1081" readOnly="False">
  <selection>
  <id>10141</id>
  <apiName>Part</apiName>
  <value>Part</value>
  </selection>
  </itemType>
  <*lifecyclePhase* xsi:type="common:AgileListEntryType" xmlns:common="http://xmlns.oracle.com/AgileObjects/Core/Common/V1" attributeId="1084" readOnly="True">
  <selection>
  <id>976</id>
  <apiName>PRELIMINARY</apiName>
  <value>Preliminary</value>
  </selection>
  </lifecyclePhase>
  and in othe xsd it can be
  <key1001 attributeId="5001">P00002</key1001>
  <key1002 attributeId="5002">Test Part created for Mapping</key1002>
  I can create a DVM to have mapping of attribute id's values 1001 -5001 ,1002-5002 but how to wire/map the any nodes and the attribute id element of one any node to other in XSLT mapper.At design time I am not aware that what all tags can substitute in place of any.
  I need to map these two any tags.How to do this in transform activity xslt mapper in BPEL.It does not allow me to directly wire two any tags
  Request someone to help me on this.stuck on this for long .

  I have figured out that with xpath and copy-of operation I can copy all nodes that come in place of xsd:any from one schema to other .But beofre copying I want to change the attribute values of the node that come in place of xsd:any based on the mapping stored in the DVM.Request some one to please help .

• I made a MS patch-changer selecting ANY patch FROM MY KEYBOARD'S KEYS!

  Love the Nord Electro 3, hate the sequential up-down button for patch changes, especially with up to 20 per song. Almost decided to sell it and go back to the Nord Stage I had before, sacrificing sound quality for rapid and flexible patch changing abilities, but I just made a MainStage-based patch changer for the Nord Electro 3 that can select any Nord patch from the Nord's keyboard. So Cool! Chances are I keep this beloved Nord now!!!
  I've recieved so much help that I'm trying to be a giver here ....though maybe this is rookie stuff to the people here, it was a new level for me, so maybe it'll help someone....
  It took a long time to figure out, but I decided finally not to worry about changing various (not sequential) MainStage patches from keyboard keys because I couldn't find a way, but just to make a way to choose NE patches WITH THE Nord's KEYS SENDING WHATEVER PROGRAM CHANGES needed to select a patch no matter where it is in the Nord -- this way I could choose any patch easily from the Nord keyboard keys instead of sequentially stepping through patches with two mapped up/down MS keys, or with the Mac's arrows, or hunting for a computer keyboard button.
  I learned the bottom 8 keys of the Nord into 8 buttons in MS, then for each button mapped it to Send to All --> Nord Electro (destination) --> Program Change. Then I "mapped parameter" to whatever Program change number would select the patch where it's sitting in the Nord's patch banks. If it was PC 9 then the values would be 9 and 9. Pressing that keyboard key (F#0 in my case) while playing and having MS in Perform Mode would then switch my Nord to patch 5-B in the Electro, which is the Nord's PC9 location. It was a little tricky to figure out that I best go into the parameter graph and change the top and bottom numbers to 9, in this case. For some reason it defaults to 8 bottom and 9 top if choosing PC 9 outside the graph. It took some mousing sometime to get them the same.
  Note: NO patch changer in layout, NO channel strips, JUST the keyboard and the 8 buttons. Also for some odd reason it does NOT work in Edit mode, MS has to be in Perform or Full Screen mode.
  Granted, the number of patches you can choose is limited to the number of keyboard keys you want to reserve for this purpose. If I can give up more keys I might do 8 more to get 16 program-changing keys.
  Anyway it's great to be able to choose whatever sound I want in the Electro 3 instantly without having to madly push an up/down button on the rig -- organ, Shodes, Mellotron, choir sample, no matter where it happens to reside in the Nord's banks. Cool!
  What I couldn't figure out but might do next is to see if there's a way to use this tool, but also choose a MainStage synth patch or three from Program-changing keys without disrupting the works. I tried for a long time but couldn't find a mapping that would send something that would end up giving me a particular PC-mapoped Nord+MainStage layer -- that's probably to much. So I might default to also having a field with a patch changer window, a couple keyboard keys mapped to up/down, and just choosing up or down instead of a particular patch number or name. Dunno.
  I can post or e-mail the concert if it helps anyone.
  Neil

  You may have to call back and tell the answering party you have an
  existing open case involving a repair; tell them the 'case number' or
  'incident number' assigned your initial repair by AppleCare, and say
  if there is a problem, you've already paid; and 'please connect me to
  the supervisor.'
  A logic board issue could certainly be the cause of bizarre keyboard errors.

• Selecting xml-messages from ORABPEL-schema via SQL

  Hi,
  i want to select xml documents via SQL from the ORABPEL schema.
  Can anybody help, how to do this?
  There is the table xml_document, which has the columns:
  DOCKEY
  DOMAIN_REF
  BIN_CSIZE
  BIN_USIZE
  BIN
  MODIFY_DATE
  BIN_FORMAT
  Bin is of type blob....

  "Installation Monkey", did you ever find a solution or sample code to access and decipher the Audit_trail.LOG contents through a query or using SQL lob calls?
  I have looked all over, tried decoding the hex code (into a second layer of gibberish), and found nothing other than pointers to the API bpels.
  Thank you for any information.

• Revoke select on "all_source" view from the public ?

  Fellow DBA's
  There is a security audit going on at my client's site and one of the requirements is to
  revoke select on "*all_source*" view from the public .
  1) Can Someone point out if there are any immediate ramifications of doing this (As in will the application
  get affected in any way.. I don't assume so ) I scoured metalink but couldn't find any docs which cautions agaist it .
  2) Now there are over 150 databases (8i,9i,10g) with several different development teams . How do i go about ensuring that the developers are not affected by this change . DO I need to create a seperate view based on this one for seperate teams .. ?
  I am kinda new to this and any pointers are much appreciated
  Regards,
  SV

  user8636840 wrote:
  Thanks for your instant response guys ...I agree with u all in thats it's not the smartest thing to do .
  I will try and explain it to the them ..but these big firm auditors tend to be rather thickheaded
  In the event that I am still forced to do it ....do u have any pointers on the best way to go about this .
  Any pros and cons from past experiences or link to some useful material would be great.
  There are a number of "security hints" type papers on the intertubes, generally they say things like:
  SQL> REVOKE SELECT ON ALL_SOURCE from PUBLIC;
  SQL> CREATE ROLE VIEW_CODE_ROLE;
  SQL> GRANT SELECT ON ALL_SOURCE to VIEW_CODE_ROLE;
  SQL> GRANT EXECUTE ANY PROCEDURE to VIEW_CODE_ROLE;
  The general idea is to protect against random bad guys figuring out various things from unwrapped code. Doesn't do anything to protect against inside jobs, but there's other things the auditors care about for that. Of course, this particular solution I got from one of those papers on the intertubes gives a major security hole to newbie developers with the execute any procedure, whatcha gonna do? They gotta see their own code, right?

• How to get trigger code from the schema into a file

  Please help me in getting code of any trigger from the schema, without using any data dictionary views.

  In fact you can get the trigger code by using tools like toad,sql developer
  But all are using the data dictonary view to get the code .

• Select on dictionary

  Hi,
  on 11g I have the follwing error . What is wrong with syntaxe :
  SQL> GRANT SELECT ON ANY DICTIONARY TO myuser;
  GRANT SELECT ON ANY  DICTIONARY TO myuser
  GRANT SELECT ON ANY DICTIONARY TO myuser
  ORA-00903:                         *Thanks.

  user522961 wrote:
  Hi,
  how to verify if user is granted :
  select on dictionary
  Do some research by yourself too, it's been a long time you are here!
  SQL> grant select any dictionary to scott;
  Grant succeeded.
  SQL>
  *Session2*
  [oracle@edmtr2p0-orcl SPA]$ sqlplus scott/tiger
  SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 16 19:22:45 2013
  Copyright (c) 1982, 2009, Oracle.  All rights reserved.
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> select  * from session_privs;
  PRIVILEGE
  CREATE SESSION
  CREATE TABLE
  CREATE CLUSTER
  CREATE SEQUENCE
  CREATE PROCEDURE
  CREATE TRIGGER
  CREATE TYPE
  CREATE OPERATOR
  CREATE INDEXTYPE
  SELECT ANY DICTIONARY
  10 rows selected.
  SQL> sho user
  USER is "SCOTT"
  SQL> Aman....

• Grant access to the dictionary of another schema

  Hello,
  I am a bit rusty with my knowledge about privileges, so I am not too sure about the best way to implement the following :
  User B must have access to all dictionary information about the objects of User A. User B does not need to perform SELECTs directly on the objects of User A. Security would be nice, but is not absolutely required, so an overkill could be OK.
  From what I tested, it looked like granting object privileges on dictionary objects and/or granting the SELECT ANY DICTIONARY privilege was never enough to see the lines corresponding to the objects of User A, and that it was required that User B also had SELECT privileges on all objects of User A.
  Is that really so ? And if yes, is there a better way to achieve this than periodically running a PL/SQL procedure ? Of course I would prefer to grant those privileges all in once, so that it would also take future objects into account.
  Any thoughts on this would be appreciated !

  actually, you should be more restrictive and grant only SELECT_CATALOG_ROLE instead of
  SELECT ANY DICTIONARYPersonally, I'm not so sure SELECT_CATALOG_ROLE is more restrictive...
  SQL> SELECT privilege, count(*)
    2  FROM dba_tab_privs
    3  WHERE grantee='SELECT_CATALOG_ROLE'
    4  GROUP BY privilege
    5  /
  PRIVILEGE                                 COUNT(*)
  DELETE                                            2
  EXECUTE                                           1
  INSERT                                            2
  SELECT                                         1144
  UPDATE                                            2
  5 rows selected.
  SQL> It also has the HS_ADMIN_ROLE.
  Probably these are just Oracle oversights/quirks and I guess may vary from version to version. So it's worth understanding what privileges everything has.
  Cheers, APC

• Cant view objects from another schemas

  Hi everybody!
  I have a 10.1.2 Jdeveloper and a 9.2.4 Oracle database.
  I successfully created a database connection.
  With provided login I can access to tables from another schemas in SQL Worksheet, but I cant see any objects from those schemas in the connection tree.
  What's wrong?

  The Schemas are being filtered so that you only automatically see the schema for the connection that you logged on with. To change the schemas that are visible you need to :
  1) Select the connection name in the Navigator (you should see that it has a filter icon overlaid showing that it is being filtered)
  2) Invoke the context menu and select 'Apply filters'
  3) Shuttle over the other Schemas you wish to see and press OK
  Regards,
  Lisa Sherriff
  JDev QA

• SQL Report From Another  Schema

  Is there anyway to select a table from another schema?I have a default schema for my application but i want each user to use their own schema.
  I'm looking for something like #OWNER#.table_name but replacing #OWNER# with the name of another schema in the workspace.
  Kind Regards,
  BgUrsea
  APEX 4.0 10g XE

  Hello BgUrsea,
  you could achieve this by granting the needed privileges (e.g. select, insert, update, delete) on each table in the #OWNER#-schema to your applications parsing schema.
  If you can't use a direct mapping (e.g., you can't assign the schema name of a user as usernames for his application user), you probably need a mapping table in your parsing schema. Define an application item (e.g. "F_OWNER") and create a application computation that executes "On New Instance" and does something like
  SELECT schema
    FROM mapping_table
  WHERE owner=v('APP_USER');If you aren't sure you always have a mapping, you might think about an application process that not only computes the value but also handles the action to be performed in case there is no mapping for a user.
  But I suppose it could be easier to have a copy of you application for each user and assign the appropriate schema to each copy. That way, you don't need the mapping, you don't need to care about always using the #OWNER# when developing your application, and of course, no user can (not even accidently) access another users (or your default) schema.
  -Udo

• Selection from Another schema by default without schema name qualifier.

  Hi
  Oracle10g release 2, LinuxOS
  i want my schema (User_1) to always select,insert, update, delete the objects from another schema (User_2) without passing full schema qualifier every time whenever i don't pass any schema name explicitly.
  i.e. if i pass the following guerry
  select * from table_a;
  the table of user User_2.table_a (User_2.table_a) will be queried by default instead of table (User_1.table_a)
  and the same implementation is also required in Functions , procedures, sequences etc.
  Wishes

  Three relatively easy options
  1) Create private synonyms in User_1's schema for each object in User_2's schema, i.e.
  CREATE SYNONYM table_a
     FOR user_2.table_a2) Create public synonyms for each object in User_2's schema. This will make it possible for all users to query user_2's objects without specifying the schema name
  CREATE PUBLIC SYNONYM table_a
     FOR user_2.table_a3) Change the current schema for the session (potentially in a login trigger)
  ALTER SESSION SET current_schema = USER_2There are other options that are a bit more complicated like using enterprise users with shared schemas. But most people are perfectly happy with one of these three.
  Justin

• Select Into statement in db function - query from granted schema table

  problem with "select into" in db function in 10.2
  There are two schemas. 'mdbdev' is the master database and 'devusr' is granted SELECT table access to execute queries in mdbdev schema.
  with devusr, in SQL, I'm able to execute the following query
  select wm_concat(strConcatedCountryList)
  from (select country_name as strConcatedCountryList from mdbdev.country_master mdbcm
  where mdbcm.country_ship_status = <param?>
  order by country_name)
  but when I use the same query in function/procedure with "select into", the compilation failed with error *"table or view does not exist"*
  FUNCTION GETCOUNTRYLISTTOSHIP (SHIP_STATUS IN NUMBER)
  RETURN VARCHAR2
  IS
  var2CountryList VARCHAR2(1000);
  BEGIN
  select wm_concat(strConcatedCountryList) INTO var2CountryList
  from (select country_name as strConcatedCountryList from mdbdev.country_master mdbcm
  where mdbcm.country_ship_status = <value of SHIP_STATUS>
  order by country_name);
  return var2CountryList;
  END;
  Please advise/help/hint :)

  David, Justine, Thank you. The facts from this forum post helped a lot to get the solution.
  The query helped a lot (select * from all_tab_privs_recd where owner = 'MDBDEV' and table_name = 'COUNTRY_MASTER").
  there was a grant using ???(donno wht DBA said) and no direct SELECT grant on that country_master to "devusr". grant command executed. Now, it works :)