Revoke unnecessary privileges from public = enterpise manager problems
Hi,
After revoking the execute privilege on the following packages from public I have problems with enterprise manager (DB version 10.1.0.3.0) :
UTL_SMTP
UTL_TCP
UTL_HTTP
UTL_FILE
DBMS_OBFUSCATION_TOOLKIT
I have revoked the privileges via sqlplus:
revoke execute on utl_smtp from public;
If I login now on enterprise manager (user sys)
the home tab on enterprise manager says "Status pending", the performance/administration and maintenance tabs work.
Does anyone knows how to solve this?
Thank You.
I have had pretty good luck with the following - YMMV
revoke execute on sys.utl_http from public;
revoke execute on sys.utl_smtp from public;
revoke execute on sys.utl_tcp from public;
revoke execute on sys.dbms_random from public;
revoke execute on sys.utl_file from public;
revoke execute on sys.dbms_lob from public;
revoke execute on dbms_job from public;
grant execute on sys.utl_http to ORDPLUGINS;
grant execute on sys.utl_file to xdb;
Similar Messages
-
Impact of revoking APEX_040000 view and privileges from public ?
Forum...
We are in an integration scenario where we do not want to have a user connecting through SQL see the apex product database objects to which apex has granted public access show up. ( As per the "Granted Priviliges" of the Apex documentation - specifically the views and tables for which public synonyms are created)
Does anyone have an idea of what the impact of revoking these public privileges would be on apex users and applications ?
Thanks
PierreHi Pierre,
I'm just curious - can you give a couple examples of objects for which you wish to revoke privileges from PUBLIC?
Joel -
Revoking sys.utl_smpt from PUBLIC
Oracle 10.2. We have ASP application on the top.
I granted sys.utl_smpt to ST schema/user
Then I revoke sys.utl_smpt FROM PUBLIC. This caused 5 invalid objects: sys.utl_smtp, sys.utl_mail, sys.dbms_aqelm, st.mail_files, st.mail_pkg. After re-compiled, two ST objects are still not valid: mail_files, mail_pkg. The error message is UTL_SMTP must be declared.
The line is Mail_files procedure causing this problem: conn utl_smpt.connection
I granted sys.utl_smpt specificly to this user and this user's procedure is still having problem. What am I doing wrong?
Thanks
S.After re-compiled, two ST objects are still not valid: mail_files, mail_pkg. The error message is UTL_SMTP must be declared.
I granted sys.utl_smpt specificly to this user and this user's procedure is still having problemWhat Grant did you execute ?
What is the "problem" that you are still having ?
Hemant K Chitale -
Is there a way to revoke DDL privileges from a user
I would like to revoke DDL privileges from a user.
My requirement goes like this
1.Create a user with DDL privileges
2. Create the required tables in that user. Fill the data.
3. Revoke DDL privileges from that user (CREATE,ALTER,DROP).
I was able to achieve this by creating two users where in the 1st user contains all the physical objects and data, where in the 2nd user contains only synonyms with select/execute privileges.
Is there any other way to achieve this.
Bcoz in SQL SERVER 2005 we have
REVOKE ALTER TABLE FROM USER; and likewise.
Kindly help me out!
Thnx in advanceYou can easily satisfy all your requirements using facilities provided by the database. Here is a sample:
SQL> create user test identified by test;
User created.
SQL> grant create session to test;
Grant succeeded.
SQL> connect test/test
SQL> CREATE TABLE ddl_in_my_schema(x number);
CREATE TABLE ddl_in_my_schema(x number)
ERROR at line 1:
ORA-01031: insufficient privileges
-- Connect as administrator
SQL> GRANT CREATE TABLE TO test;
Grant succeeded.
SQL> ALTER USER test QUOTA 10M ON USERS;
User altered.
SQL> connect test/test
Connected.
Session altered.
SQL> CREATE TABLE ddl_table(x number);
Table created.
SQL> INSERT INTO ddl_table SELECT OBJECT_ID FROM ALL_OBJECTS;
4468 rows created.
-- Connect as administrator again
SQL> REVOKE CREATE TABLE FROM test;
Revoke succeeded.
SQL> connect test/test
Connected.
SQL> CREATE TABLE ddl_table2(x number);
CREATE TABLE ddl_table2(x number)
ERROR at line 1:
ORA-01031: insufficient privileges -
10G OEM - Revoke privileges from PUBLIC
How do I revoke execute on a procedure from PUBLIC using 10G OEM?
I have spent quite a bit time wandering around the tool and can not figure out how to do it using the tool.
Thanks in advance.
JanetHi
Is he viewing the table all_objects/all_tables etc. If he views user_tables/user_objects he will see only the objects created by him.
I doubt whether this will solve your problem.
Thanks
Malar -
REVOKE EXECUTE ON UTL_HTTP FROM public in apps database
Hello,
could any one share your knowledge to me for database security on oracle apps.
my client's aduit have some issue on public acceess.
select table_name from dba_tab_privs
where grantee='PUBLIC'
and privilege ='EXECUTE'
and table_name in
('UTL_SMTP', 'UTL_TCP', 'UTL_HTTP', 'UTL_FILE',
'DBMS_RANDOM','DBMS_LOB', 'DBMS_SQL','DBMS_JOB',
'DBMS_BACKUP_RESTORE','DBMS_OBFUSCATION_TOOLKIT');
I know we could not revoke any privileges from public.
IS there any document says that don't revoke public access for E-bus database?
I could not find out any document in metalink. if have any one document could you please share with me.
Thanks
PrinceHi Prince,
Oracle does not say "do not revoke privileges from PUBLIC." Oracle suggests caution when revoking privileges from PUBLIC. :-) Have a look at the following Metalink Note: [Be Cautious When Revoking Privileges Granted to PUBLIC|https://metalink2.oracle.com/metalink/plsql/showdoc?db=NOT&id=247093.1|Metalink Note 247093.1].
To satisfy your auditors, you could identify which database users actually need to use UTL_HTTP, and assign that privilege directly to the individual users. Then you should be able to revoke those privileges from PUBLIC.
For more information about securing E-Business Suite itself, review [Best Practices for Securing the E-Business Suite|https://metalink2.oracle.com/metalink/plsql/showdoc?db=NOT&id=189367.1|Metalink Note 189367.1], or for Release 12, [Best Practices For Securing Oracle E-Business Suite Release 12|https://metalink2.oracle.com/metalink/plsql/showdoc?db=NOT&id=403537.1|Metalink Note 403537.1].
Regards,
John P.
http://only4left.jpiwowar.com -
Oracle recommends that you revoke EXECUTE privileges on powerful packages f
Oracle recommends that you revoke EXECUTE privileges on powerful packages from PUBLIC
Got on error on the home page of Enterprise Manager and read that I should run the code below to correct the problem, but when I click on the link at the bottom of EM to go to iSQL*Plus and choose to connect as sysdba I get a popup asking for me to input a password for my computer so I tried my local computer username and password, my network username and password and even my database username and password and neither lets me in. I can login under Normal but then I do not have rights to execute the command.
revoke execute on utl_file from public;
I know I have my computer username and password correct because I had to enter it to shutdown the database yesterday.
And I had a problem with my listener not knowing the SID, but the error has since went away, but I do have an error on my listener saying
Disk Utilization for 0 C: is 151.45%
Edited by: jamesH2 on Aug 29, 2008 9:20 AMHi James,
Where you saw that Oracle recommend that? If you are refering to the Db console recomendations please take a look on this note also: Note:343620.1
If you revoke any privilege from PUBLIC it becomes your own responsibility
to ascertain that all your applications will keep working. The same goal can often be accomplished
by replacing the privileges formerly granted to PUBLIC to some individual users or
roles.
Please take a look on this Metalink Note: 247093.1 Be Cautious When Revoking Privileges Granted to PUBLIC
Regards,
Francisco Munoz Alvarez
www.oraclenz.com
Edited by: F. Munoz Alvarez on Aug 30, 2008 1:31 AM -
After revoked UTL_FILE from PUBLIC, found problem...
Hi All
I created new role that is "UTL_PUBLIC" and granted below package to new role and grant new role to all users in database after that revoke below roles from PUBLIC.
UTL_FILE
UTL_TCP
UTL_SMTP
UTL_HTTP
DBMS_LOB
DBMS_SQL
DBMS_JOB
DBMS_SCHEDULER
DBMS_XMLGEN
But I got the problem when export data that show about package error. So I granted above package back to PUBLIC and export again that was work.
My question is Can I grant above package to new role and grant to db user instead of PUBLIC role? If yes, How will I do ? If no, please explain the reason.
Thank you,
HikoOracle support confirmed about this already.
I cannot grant privilege execute on those packages via roles that will have troubles with procedures and packages.
Only one solution, I must grant to users directly.
Thank you
Hiko -
How to revoke all privileges?
hi all. How to revoke all privileges from user? B-)
For object privileges run :
SELECT 'revoke ' || PRIVILEGE || ' on ' || table_name || ' from ' || grantee
|| ';\'
FROM dba_tab_privs
WHERE grantee = 'USERNAME'
For system privileges run:
SELECT 'revoke ' || PRIVILEGE || ' from ' || grantee || ';\'
FROM dba_sys_privs
WHERE grantee = 'USERNAME'
Then run both results in Sql*Plus -
Problems with audio books from public library downloading to wrong place.
Since updating software to ios5, my books from public library no longer get downloaded to "audiobooks". Now they get downloaded to "playlists". When i am in the middle of listening to a book, and switch to listening music, it will lose my place in the book. Before the software update, this was not a problem. Is there anything I can do to get my books to download into the "audiobooks" again?
You need to wait until Overdrive get updated. That is a know problem.
-
Problem in Sending email from Reports Queue Manager
Hi
I am getting problem in sending email from reports queue manager.
It says that error in logging to mail server.
If any body knows the sol then pl help me out.
thanksHi
I am getting problem in sending email from reports queue manager.
It says that error in logging to mail server.
If any body knows the sol then pl help me out.
thanks -
How to access Oracle Enterpise Manager from outside my VM
Hi,
I've Oracle VM VirtualBox version 4.1.2 installed on the host Windows XP and pre-built Database App Development VM (Updated Nov. 2011) worked on it.
Everything is OK, I have NAT network and can run Enterprise manager inside my VM on URL https://127.0.0.1:1158/em
Pleas, describe shortly:
1.How I can access enterpise manager from outside VM ?
2.What I have to write (HOST, PORT etc) in my tnsnames.ora file on the host system for the VM Oracle server to connect it from the host system ?
Sincerely,
Alex
Edited by: AlexR on Dec 31, 2011 5:24 PMHi Alex,
the host and port depends on your network setup of your VM.
Do an ifconfig -a and see what IP adress your guest has.
With this IP address you should be able to access EM from outside your VM (but on the VM host, not from outside the network) with the same port.
Regards
Sebastian -
Revoking User tables privileges from one user to other user thru DBA.
Hi,
I want to revoke the select privilege from user granted tables to other user from Sys/Dba roled user.
Detail
---------------I have 3 users namely
1.User1 (Role: Normal User)
2.User2 (Role: Normal User)
3.SYS (Role: DBA privileged user)
User1 has created a table called Table1 and grant the select privilege to User2.
Is it possible that sys (DBA privileged user) user can revoke the select privilege of table1 from user2??.
Thanks,
Natarajan.UYou can not revoke the privileges that were not granted by you or you will hit the error ORA-01927: cannot REVOKE privileges you did not grant.
Even SYS/user with SYSDBA role can not revoke others grants. -
Revoke execute on packages from Public
Dear all.
I've got a doubt. I did the Oracle recommendations and on my Primary Database I revoke execute priviledge on the packges UTL_FILE, UTL_TCP, UTL_SMTP and UTL_HTTP using the command revoke execute on <package> from public.
I tryed to do the same on my Physical Standby Database but it wasn't possible. I got a message saying that the database isn't open. My question is: When I do the faiolver, will the physical standby database apply thoe changes I had made on the Primary?
Thanks a lot.It will be applied to the standby by archive log recovery.
When I ran these "recommended" revokes I ended up with a broken database due to invalid objects, so make sure you compile invalid objects before and after the revoke, and compare counts to see if they have increased. -
How to revoked 'ANY' privileges being granted to user or role
Hi all,
I need to be revoked all 'ANY' privileges that have been granted to all non-DBA user or Role in the database.
To achieve this what i assume is
1> i need to find out Role as well all user who are non-DBA
2> For all non-DBA user i need to find out and revoked 'ANY' privileges if they would have.
Here i need some information about all tables related to privilieges and non-DBA users
The below are some example as a reference.
USER Privileges
CTXADMIN SELECT ANY TABLE
PUBLIC MERGE ANY VIEW
LAXORA ANALYZE ANY
EXECUTE ANY PROCEDURE
GRANT ANY ROLE
INSERT ANY TABLE
SELECT ANY TABLE
LAX_NEW ANALYZE ANY
CREATE ANY TABLE
DELETE ANY TABLE
DROP ANY TABLE
INSERT ANY TABLE
SELECT ANY TABLE
USER_NEW SELECT ANY TABLE
Thank n reagrds
LaxmanHi,
LAX_ORA wrote:
Hi all,
I need to be revoked all 'ANY' privileges that have been granted to all non-DBA user or Role in the database.
To achieve this what i assume is
1> i need to find out Role as well all user who are non-DBA
2> For all non-DBA user i need to find out and revoked 'ANY' privileges if they would have.
Here i need some information about all tables related to privilieges and non-DBA users
The below are some example as a reference.
USER Privileges
CTXADMIN SELECT ANY TABLE
PUBLIC MERGE ANY VIEW
LAXORA ANALYZE ANY
EXECUTE ANY PROCEDURE
GRANT ANY ROLE
INSERT ANY TABLE
SELECT ANY TABLE
LAX_NEW ANALYZE ANY
CREATE ANY TABLE
DELETE ANY TABLE
DROP ANY TABLE
INSERT ANY TABLE
SELECT ANY TABLE
USER_NEW SELECT ANY TABLE
Thank n reagrds
LaxmanYou can fiind out all the users and roles who have been granted system privileges by querying dba_sys_privs.
For example:
SELECT grantee
, privilege
FROM dba_sys_privs
WHERE privilege LIKE '% ANY %'
;The grantee column includes users and roles together.
If you want to find which users have the dba role, then query dba_role_privs.
Maybe you are looking for
-
Trouble syncing....
Every time I try to sync my iphone with my computer, my computer shuts down. I have windows Vista. I can sync my ipod without any trouble, but my iphone cannot sync because my computer shuts down as soon as I plug it in. I have uninstalled itunes and
-
Free of Cost sales error during billing
Dear all, i am facing the problem while doing Free of Cost sales , i have created a seperate document order type for FOC with the sd document category as "C" and and doc prcing porcedure as "C" . and in billing document i have also inclu
-
I dont necessarily have an issue with AT&T moving the due date up, however it would have been nice of them to give me a litthe heads up about it. I only found out after receiving my bill. It's a good thing i reviewed my bill otherwise I would have as
-
ICloud implementation in Ipad Application
Hi everyone, We need to implement the icloud in my current Project developed for IPAD developed in flash builder 4.6. I have no idea about how to implment this is flex as its is urgent because I am new in flex,actul
-
How can I download Camera RAW on my PC without downloading DNG converter
I use a Nikon D7000 and a Nikon D3s and have CS5. I had camera raw working correctly before but had to clear my computer and start again.