Revoke unnecessary privileges from public = enterpise manager problems

Similar Messages

• Impact of revoking APEX_040000 view and privileges from public ?

  Forum...
  We are in an integration scenario where we do not want to have a user connecting through SQL see the apex product database objects to which apex has granted public access show up. ( As per the "Granted Priviliges" of the Apex documentation - specifically the views and tables for which public synonyms are created)
  Does anyone have an idea of what the impact of revoking these public privileges would be on apex users and applications ?
  Thanks
  Pierre

  Hi Pierre,
  I'm just curious - can you give a couple examples of objects for which you wish to revoke privileges from PUBLIC?
  Joel

• Revoking sys.utl_smpt  from PUBLIC

  Oracle 10.2. We have ASP application on the top.
  I granted sys.utl_smpt to ST schema/user
  Then I revoke sys.utl_smpt FROM PUBLIC. This caused 5 invalid objects: sys.utl_smtp, sys.utl_mail, sys.dbms_aqelm, st.mail_files, st.mail_pkg. After re-compiled, two ST objects are still not valid: mail_files, mail_pkg. The error message is UTL_SMTP must be declared.
  The line is Mail_files procedure causing this problem: conn utl_smpt.connection
  I granted sys.utl_smpt specificly to this user and this user's procedure is still having problem. What am I doing wrong?
  Thanks
  S.

  After re-compiled, two ST objects are still not valid: mail_files, mail_pkg. The error message is UTL_SMTP must be declared.
  I granted sys.utl_smpt specificly to this user and this user's procedure is still having problemWhat Grant did you execute ?
  What is the "problem" that you are still having ?
  Hemant K Chitale

• Is there a way to revoke DDL privileges from a user

  I would like to revoke DDL privileges from a user.
  My requirement goes like this
  1.Create a user with DDL privileges
  2. Create the required tables in that user. Fill the data.
  3. Revoke DDL privileges from that user (CREATE,ALTER,DROP).
  I was able to achieve this by creating two users where in the 1st user contains all the physical objects and data, where in the 2nd user contains only synonyms with select/execute privileges.
  Is there any other way to achieve this.
  Bcoz in SQL SERVER 2005 we have
  REVOKE ALTER TABLE FROM USER; and likewise.
  Kindly help me out!
  Thnx in advance

  You can easily satisfy all your requirements using facilities provided by the database. Here is a sample:
  SQL> create user test identified by test;
  User created.
  SQL> grant create session to test;
  Grant succeeded.
  SQL> connect test/test
  SQL> CREATE TABLE ddl_in_my_schema(x number);
  CREATE TABLE ddl_in_my_schema(x number)
  ERROR at line 1:
  ORA-01031: insufficient privileges
  -- Connect as administrator
  SQL> GRANT CREATE TABLE TO test;
  Grant succeeded.
  SQL> ALTER USER test QUOTA 10M ON USERS;
  User altered.
  SQL> connect test/test
  Connected.
  Session altered.
  SQL> CREATE TABLE ddl_table(x number);
  Table created.
  SQL> INSERT INTO ddl_table SELECT OBJECT_ID FROM ALL_OBJECTS;
  4468 rows created.
  -- Connect as administrator again
  SQL> REVOKE CREATE TABLE FROM test;
  Revoke succeeded.
  SQL> connect test/test
  Connected.
  SQL> CREATE TABLE ddl_table2(x number);
  CREATE TABLE ddl_table2(x number)
  ERROR at line 1:
  ORA-01031: insufficient privileges

• 10G OEM - Revoke privileges from PUBLIC

  How do I revoke execute on a procedure from PUBLIC using 10G OEM?
  I have spent quite a bit time wandering around the tool and can not figure out how to do it using the tool.
  Thanks in advance.
  Janet

  Hi
  Is he viewing the table all_objects/all_tables etc. If he views user_tables/user_objects he will see only the objects created by him.
  I doubt whether this will solve your problem.
  Thanks
  Malar

• REVOKE EXECUTE ON UTL_HTTP FROM public in apps database

  Hello,
  could any one share your knowledge to me for database security on oracle apps.
  my client's aduit have some issue on public acceess.
  select table_name from dba_tab_privs
  where grantee='PUBLIC'
  and privilege ='EXECUTE'
  and table_name in
  ('UTL_SMTP', 'UTL_TCP', 'UTL_HTTP', 'UTL_FILE',
  'DBMS_RANDOM','DBMS_LOB', 'DBMS_SQL','DBMS_JOB',
  'DBMS_BACKUP_RESTORE','DBMS_OBFUSCATION_TOOLKIT');
  I know we could not revoke any privileges from public.
  IS there any document says that don't revoke public access for E-bus database?
  I could not find out any document in metalink. if have any one document could you please share with me.
  Thanks
  Prince

  Hi Prince,
  Oracle does not say "do not revoke privileges from PUBLIC." Oracle suggests caution when revoking privileges from PUBLIC. :-) Have a look at the following Metalink Note: [Be Cautious When Revoking Privileges Granted to PUBLIC|https://metalink2.oracle.com/metalink/plsql/showdoc?db=NOT&id=247093.1|Metalink Note 247093.1].
  To satisfy your auditors, you could identify which database users actually need to use UTL_HTTP, and assign that privilege directly to the individual users. Then you should be able to revoke those privileges from PUBLIC.
  For more information about securing E-Business Suite itself, review [Best Practices for Securing the E-Business Suite|https://metalink2.oracle.com/metalink/plsql/showdoc?db=NOT&id=189367.1|Metalink Note 189367.1], or for Release 12, [Best Practices For Securing Oracle E-Business Suite Release 12|https://metalink2.oracle.com/metalink/plsql/showdoc?db=NOT&id=403537.1|Metalink Note 403537.1].
  Regards,
  John P.
  http://only4left.jpiwowar.com

• Oracle recommends that you revoke EXECUTE privileges on powerful packages f

  Oracle recommends that you revoke EXECUTE privileges on powerful packages from PUBLIC
  Got on error on the home page of Enterprise Manager and read that I should run the code below to correct the problem, but when I click on the link at the bottom of EM to go to iSQL*Plus and choose to connect as sysdba I get a popup asking for me to input a password for my computer so I tried my local computer username and password, my network username and password and even my database username and password and neither lets me in. I can login under Normal but then I do not have rights to execute the command.
  revoke execute on utl_file from public;
  I know I have my computer username and password correct because I had to enter it to shutdown the database yesterday.
  And I had a problem with my listener not knowing the SID, but the error has since went away, but I do have an error on my listener saying
  Disk Utilization for 0 C: is 151.45%
  Edited by: jamesH2 on Aug 29, 2008 9:20 AM

  Hi James,
  Where you saw that Oracle recommend that? If you are refering to the Db console recomendations please take a look on this note also: Note:343620.1
  If you revoke any privilege from PUBLIC it becomes your own responsibility
  to ascertain that all your applications will keep working. The same goal can often be accomplished
  by replacing the privileges formerly granted to PUBLIC to some individual users or
  roles.
  Please take a look on this Metalink Note: 247093.1 Be Cautious When Revoking Privileges Granted to PUBLIC
  Regards,
  Francisco Munoz Alvarez
  www.oraclenz.com
  Edited by: F. Munoz Alvarez on Aug 30, 2008 1:31 AM

• After revoked UTL_FILE from PUBLIC, found problem...

  Hi All
  I created new role that is "UTL_PUBLIC" and granted below package to new role and grant new role to all users in database after that revoke below roles from PUBLIC.
  UTL_FILE
  UTL_TCP
  UTL_SMTP
  UTL_HTTP
  DBMS_LOB
  DBMS_SQL
  DBMS_JOB
  DBMS_SCHEDULER
  DBMS_XMLGEN
  But I got the problem when export data that show about package error. So I granted above package back to PUBLIC and export again that was work.
  My question is Can I grant above package to new role and grant to db user instead of PUBLIC role? If yes, How will I do ? If no, please explain the reason.
  Thank you,
  Hiko

  Oracle support confirmed about this already.
  I cannot grant privilege execute on those packages via roles that will have troubles with procedures and packages.
  Only one solution, I must grant to users directly.
  Thank you
  Hiko

• How to revoke all privileges?

  hi all. How to revoke all privileges from user? B-)

  For object privileges run :
  SELECT 'revoke ' || PRIVILEGE || ' on ' || table_name || ' from ' || grantee
  || ';\'
  FROM dba_tab_privs
  WHERE grantee = 'USERNAME'
  For system privileges run:
  SELECT 'revoke ' || PRIVILEGE || ' from ' || grantee || ';\'
  FROM dba_sys_privs
  WHERE grantee = 'USERNAME'
  Then run both results in Sql*Plus

• Problems with audio books from public library downloading to wrong place.

  Since updating software to ios5, my books from public library no longer get downloaded to "audiobooks". Now they get downloaded to "playlists". When i am in the middle of listening to a book, and switch to listening music, it will lose my place in the book. Before the software update, this was not a problem. Is there anything I can do to get my books to download into the "audiobooks" again?

  You need to wait until Overdrive get updated.  That is a know problem.

• Problem in Sending email from Reports Queue Manager

  Hi
  I am getting problem in sending email from reports queue manager.
  It says that error in logging to mail server.
  If any body knows the sol then pl help me out.
  thanks

  Hi
  I am getting problem in sending email from reports queue manager.
  It says that error in logging to mail server.
  If any body knows the sol then pl help me out.
  thanks

• How to access Oracle Enterpise Manager from outside my VM

  Hi,
  I've Oracle VM VirtualBox version 4.1.2 installed on the host Windows XP and pre-built Database App Development VM (Updated Nov. 2011) worked on it.
  Everything is OK, I have NAT network and can run Enterprise manager inside my VM on URL https://127.0.0.1:1158/em
  Pleas, describe shortly:
  1.How I can access enterpise manager from outside VM ?
  2.What I have to write (HOST, PORT etc) in my tnsnames.ora file on the host system for the VM Oracle server to connect it from the host system ?
  Sincerely,
  Alex
  Edited by: AlexR on Dec 31, 2011 5:24 PM

  Hi Alex,
  the host and port depends on your network setup of your VM.
  Do an ifconfig -a and see what IP adress your guest has.
  With this IP address you should be able to access EM from outside your VM (but on the VM host, not from outside the network) with the same port.
  Regards
  Sebastian

• Revoking User tables privileges from one user to other user thru DBA.

  Hi,
  I want to revoke the select privilege from user granted tables to other user from Sys/Dba roled user.
  Detail
  ---------------I have 3 users namely
  1.User1 (Role: Normal User)
  2.User2 (Role: Normal User)
  3.SYS (Role: DBA privileged user)
  User1 has created a table called Table1 and grant the select privilege to User2.
  Is it possible that sys (DBA privileged user) user can revoke the select privilege of table1 from user2??.
  Thanks,
  Natarajan.U

  You can not revoke the privileges that were not granted by you or you will hit the error ORA-01927: cannot REVOKE privileges you did not grant.
  Even SYS/user with SYSDBA role can not revoke others grants.

• Revoke execute on packages from Public

  Dear all.
  I've got a doubt. I did the Oracle recommendations and on my Primary Database I revoke execute priviledge on the packges UTL_FILE, UTL_TCP, UTL_SMTP and UTL_HTTP using the command revoke execute on <package> from public.
  I tryed to do the same on my Physical Standby Database but it wasn't possible. I got a message saying that the database isn't open. My question is: When I do the faiolver, will the physical standby database apply thoe changes I had made on the Primary?
  Thanks a lot.

  It will be applied to the standby by archive log recovery.
  When I ran these "recommended" revokes I ended up with a broken database due to invalid objects, so make sure you compile invalid objects before and after the revoke, and compare counts to see if they have increased.

• How to revoked 'ANY' privileges being granted to user or role

  Hi all,
  I need to be revoked all 'ANY' privileges that have been granted to all non-DBA user or Role in the database.
  To achieve this what i assume is
  1> i need to find out Role as well all user who are non-DBA
  2> For all non-DBA user i need to find out and revoked 'ANY' privileges if they would have.
  Here i need some information about all tables related to privilieges and non-DBA users
  The below are some example as a reference.
  USER Privileges
  CTXADMIN SELECT ANY TABLE
  PUBLIC MERGE ANY VIEW
  LAXORA ANALYZE ANY
  EXECUTE ANY PROCEDURE
  GRANT ANY ROLE
  INSERT ANY TABLE
  SELECT ANY TABLE
  LAX_NEW ANALYZE ANY
  CREATE ANY TABLE
  DELETE ANY TABLE
  DROP ANY TABLE
  INSERT ANY TABLE
  SELECT ANY TABLE
  USER_NEW SELECT ANY TABLE
  Thank n reagrds
  Laxman

  Hi,
  LAX_ORA wrote:
  Hi all,
  I need to be revoked all 'ANY' privileges that have been granted to all non-DBA user or Role in the database.
  To achieve this what i assume is
  1> i need to find out Role as well all user who are non-DBA
  2> For all non-DBA user i need to find out and revoked 'ANY' privileges if they would have.
  Here i need some information about all tables related to privilieges and non-DBA users
  The below are some example as a reference.
  USER Privileges
  CTXADMIN SELECT ANY TABLE
  PUBLIC MERGE ANY VIEW
  LAXORA ANALYZE ANY
  EXECUTE ANY PROCEDURE
  GRANT ANY ROLE
  INSERT ANY TABLE
  SELECT ANY TABLE
  LAX_NEW ANALYZE ANY
  CREATE ANY TABLE
  DELETE ANY TABLE
  DROP ANY TABLE
  INSERT ANY TABLE
  SELECT ANY TABLE
  USER_NEW SELECT ANY TABLE
  Thank n reagrds
  LaxmanYou can fiind out all the users and roles who have been granted system privileges by querying dba_sys_privs.
  For example:
  SELECT     grantee
  ,     privilege
  FROM     dba_sys_privs
  WHERE     privilege     LIKE '% ANY %'
  ;The grantee column includes users and roles together.
  If you want to find which users have the dba role, then query dba_role_privs.