Revoking privileges
HI,
I need to revoke compiling of procedures to users. How can I do that?
Thanks
hi,
grant execute on function/revoke to user;
would grants execuet privileges to user to execute/compile functions/procedures to user.
so
revoke execute on functions/procedures from user would revoke compiling privileges from user.
Regards
Jafar
Similar Messages
-
Oracle users and revoking privileges
Hello,
To test out some error conditions in an application, I'd like to temporarily revoke a privilege on a table from a database user.
I am trying to do that, logged into SQL*Plus as "sys" or "system", and running the command:
REVOKE UPDATE ON USERX.TABLE_A FROM USERX;
However, this is failing with the following message:
ORA-01927: cannot REVOKE privileges you did not grant
I've also tried logging into my server as oracle, typing "sqlplus /nolog" at the command line, then "connect internal as sysdba;" from the SQL*Plus prompt, and then running the REVOKE command, but that results in the same error message.
So basically my question is: if neither the "sys" nor the "system" user is able to revoke the privilege from the "userx" user (because they did not specifically grant it), how would I determine which oracle user would be able to do this? Or how else would I go about revoking the privilege?
I'm running Oracle8i Enterprise Edition Release 8.1.6.1.0 on Linux.
Thanks for your help with this. I am not very familiar with Oracle DBA concepts.Hello,
I am fully agree with Eric....Yes! a User created a table means...the User is OWNER of the table....and that means......the User is by default having the privilege of DML operations...i belive...OK
And the privilege which you have not granted...then how could you revoke them...Whether it may b e SYS or SYSTEM or for that matter any User a/c.
If you really want to restrict the restrict option on table owned by your User, then i can suggest to put a Schema Level Trigger on DML action. This will be fired when update in invoked on table by the user and there you can have your STOP mechanism.....BUT..this is not really suggested.
Regards,
Kamesh Rastogi
Oracle - DBA -
Bug: Grant/Revoke Privileges (11.1.0.5.10 Beta)
Started getting this when attempting to change Privileges on a proc:
"Could not launch the Grant/Revoke Privileges dialog:
Value was either too large or too small for an Int32."
This is happening consistently on one database but not on another.
JohnI am also seeing this bug. When I right click on anything in the Server Explorer under my ODP based connection, I get this same message. It happens when I right click on any table icon and select "Privileges..."
-Valkyrie-MT -
How to "revoke" privilege with dbms_xdb.changeprivileges
Dear All!
How to "revoke" privilege granted with the following code
DECLARE
r pls_integer;
priv xmltype;
priv_data varchar2(2000);
BEGIN
priv_data :=
'<ace
xmlns="http://xmlns.oracle.com/xdb/acl.xsd"
xmlns:dav="DAV:"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/xdb/acl.xsd
http://xmlns.oracle.com/xdb/acl.xsd
DAV:http://xmlns.oracle.com/xdb/dav.xsd">
<principal>DVLP</principal> <grant>true</grant>
<privilege><all/></privilege>
</ace>';
priv := xmltype.createxml(priv_data);
r := dbms_xdb.changeprivileges('/xdbconfig.xml', priv);
END;
This code is generated by Enterprise Manager
I guessed that it is necessary to replace grant with deny
But there is not schema defenition for deny is parent 'ace'
Thank you in advance for help
Regards
ArtemDear Mark!
Thank you for you reply
I'll try and let you know about results
Note that This code was generated by Enterprise Manager
and it seems that it generates the same code when you try
to grant and revoke privilege!
Regards
Artem -
Clarification regarding the revoke privilege
The customer revoked "select any table" privilege from a user.
(If SELECT ANY TABLE is revoked from a user, then all procedures contained in that users schema relying on this privilege will fail until the privilege is reauthorized)
In the below user's procedure,there isn't any select statement.But,the procedure still becomes invalid after revoke.why ?
And after the customer had run the procedure again,it becomes valid again .(The customer hasn't recompiled the procedure explicitly).
SQL>create or replace procedure calling
is
i number;
begin
--pining;
dbms_lock.sleep(60);
end;
/To answer the question as to why the procedure worked when invoked: Oracle automatically attempts to recompile any invalid stored procedure, function, or package when an attempt to execute the objects occurs. If all necessary privileges are in place the recompile works and the execution proceeds. If the recompile is not successful then an error is returned to the caller.
As to why the procedure went invalid when the "select any" privilege was revoked I am not sure though I suspect it has to do with the way the privilege is tracked and maintained internally.
The full Oracle version should have been included in your post. You never know when it is important to some specifics of the question. Such as with 11g Oracle has improved dependency tracking so that many table alterations should no longer result in stored code going invalid in cases where the change does not affect the actual code logic.
HTH -- Mark D Powell -- -
10G OEM - Revoke privileges from PUBLIC
How do I revoke execute on a procedure from PUBLIC using 10G OEM?
I have spent quite a bit time wandering around the tool and can not figure out how to do it using the tool.
Thanks in advance.
JanetHi
Is he viewing the table all_objects/all_tables etc. If he views user_tables/user_objects he will see only the objects created by him.
I doubt whether this will solve your problem.
Thanks
Malar -
Oracle recommends that you revoke EXECUTE privileges on powerful packages f
Oracle recommends that you revoke EXECUTE privileges on powerful packages from PUBLIC
Got on error on the home page of Enterprise Manager and read that I should run the code below to correct the problem, but when I click on the link at the bottom of EM to go to iSQL*Plus and choose to connect as sysdba I get a popup asking for me to input a password for my computer so I tried my local computer username and password, my network username and password and even my database username and password and neither lets me in. I can login under Normal but then I do not have rights to execute the command.
revoke execute on utl_file from public;
I know I have my computer username and password correct because I had to enter it to shutdown the database yesterday.
And I had a problem with my listener not knowing the SID, but the error has since went away, but I do have an error on my listener saying
Disk Utilization for 0 C: is 151.45%
Edited by: jamesH2 on Aug 29, 2008 9:20 AMHi James,
Where you saw that Oracle recommend that? If you are refering to the Db console recomendations please take a look on this note also: Note:343620.1
If you revoke any privilege from PUBLIC it becomes your own responsibility
to ascertain that all your applications will keep working. The same goal can often be accomplished
by replacing the privileges formerly granted to PUBLIC to some individual users or
roles.
Please take a look on this Metalink Note: 247093.1 Be Cautious When Revoking Privileges Granted to PUBLIC
Regards,
Francisco Munoz Alvarez
www.oraclenz.com
Edited by: F. Munoz Alvarez on Aug 30, 2008 1:31 AM -
Revoking User tables privileges from one user to other user thru DBA.
Hi,
I want to revoke the select privilege from user granted tables to other user from Sys/Dba roled user.
Detail
---------------I have 3 users namely
1.User1 (Role: Normal User)
2.User2 (Role: Normal User)
3.SYS (Role: DBA privileged user)
User1 has created a table called Table1 and grant the select privilege to User2.
Is it possible that sys (DBA privileged user) user can revoke the select privilege of table1 from user2??.
Thanks,
Natarajan.UYou can not revoke the privileges that were not granted by you or you will hit the error ORA-01927: cannot REVOKE privileges you did not grant.
Even SYS/user with SYSDBA role can not revoke others grants. -
Impact of revoking APEX_040000 view and privileges from public ?
Forum...
We are in an integration scenario where we do not want to have a user connecting through SQL see the apex product database objects to which apex has granted public access show up. ( As per the "Granted Priviliges" of the Apex documentation - specifically the views and tables for which public synonyms are created)
Does anyone have an idea of what the impact of revoking these public privileges would be on apex users and applications ?
Thanks
PierreHi Pierre,
I'm just curious - can you give a couple examples of objects for which you wish to revoke privileges from PUBLIC?
Joel -
hi all. How to revoke all privileges from user? B-)
For object privileges run :
SELECT 'revoke ' || PRIVILEGE || ' on ' || table_name || ' from ' || grantee
|| ';\'
FROM dba_tab_privs
WHERE grantee = 'USERNAME'
For system privileges run:
SELECT 'revoke ' || PRIVILEGE || ' from ' || grantee || ';\'
FROM dba_sys_privs
WHERE grantee = 'USERNAME'
Then run both results in Sql*Plus -
How does one get "full" privilege to allow management?
Configuration:
Database(s)
8.0.5 on Sun Solaris 5.5
8.1.7.4 on Sun Solaris 5.8
9.0.1.3 on Sun Solaris 5.8 (where my OEM repository resides)
Oracle Enterprise manager
9.0.1.0.0 (Client on Windows 2000)
When I connect to a database as SYS AS SYSDBA and try to manage things like users, I often get a message like:
ORA-01927 cannot REVOKE privileges you did not grant
or creating a user like gives
ORA-01031: insufficient privileges
You do not have enough privileges to perform this
operation. You must have the appropriate system and
object privileges to create, edit, or drop database objects
or objects outside of your schema
Although this is probably not an OEM issue, Im hoping you can point me in the right direction. How can I manage when Im logged in as SYS SYSDBA if that does not provide enough privilege?I misunderstood. You were actually trying to connect as sys as sysdba.
You are quite right as sys there should be nothing stopping you.
Since you were not able to create a user and as sys you should have been able to do it,
this begs the question: how are you connecting?
If you are on the oracle server, try this:
Login as oracle (or su - oracle)
sqlplus /nolog
connect internal as sysdba; (internal is an alias for sys)
create user XXXXXX default tablespace users temporary tablespace temp identified by XXXXXX;
That should work, then you should be also able to connect directly as sys:
connect sys/******[@service] as sysdba;
create user XXXXXX default tablespace users temporary tablespace temp identified by XXXXXX;
Hopefully, that is a bit more helpful.
William
I did not clearly state what I am doing. I am performing (attempting to) all operations in the OEM GUI. I am connected as "SYS as SYSDBA".
The "Create Like" operation is performed by right mouse clicking (Windows OEM) on an existing user that have some grants already applied to them.
The Revoke operation is performed by selecting (double clicking) a user in the "Security/Users" folder, going to the "Object Privileges" tab "removing" a grant and then trying to "Apply" that removal. I could perform multiple operation (Add or Remove) to a user and then do a single "Apply"
William, thanks for the information that you have provided. It appears that the "as sys there should be nothing stopping you" feature (which is what I want) actually exists in these cases. -
XML syntax to revoke all the AccessControlEntry
Hi all!!!
I would like to know if there is an XML syntax to revoke all the AccessControlEntry of an ACL
ThanksFran wrote:
do you know the different between PRIVATE and PUBLIC Synonym?
Public synonyms are accessible to all users.
Private is accessible only within its schema.
if you don't want that this user, uses this synonym drop it and create a private synonym in the others schemas where the users need it.That doesn't fix the privilege issue though. The user can still access the table by prefixing the table with the schema name.
You need to find out who granted the privileges on that table to the user (ie which schema) and then revoke all the privileges that were granted to that user.
Log in as the user and execute :
select * from user_tab_privs
where table_name = 'YOURTABLENAME'or
select * from dba_tab_privs
where grantee = 'YOUR USER THAT YOU WANT TO REVOKE PRIVILEGES FROM'
and table_name = 'TABLE_NAME that you want to revoke privileges from'Edited by: Keith Jamieson on Dec 21, 2012 2:16 PM -
Whats the available privileges on a table column
Dear all,
i want to know whats the available privileges that i can assign on a table coulmn.
and the revoke privileges
Best Regards,
ShoooshIf I have well understands, the principals are
The following are the object privileges that can be granted to users of the
database:
SELECT Grants read (query) access to the data in a table, view, sequence,
or materialized view.
UPDATE Grants update (modify) access to the data in a table, column,
view, or materialized view.
DELETE Grants delete (remove) access to the data in a table, view, or
materialized view.
INSERT Grants insert (add) access to a table, column, view, or
materialized view.
EXECUTE Grants execute (run) privilege on a PL/SQL stored object, such
as a procedure, package, or function.
GRANT SELECT, UPDATE ON CUSTOMER TO JAMES;
You can revoke a user’s object privileges and system privileges by using the
REVOKE statement.
but I believe that you am more profit reading manual: dba administrator or sql reference -
Integrating all individual privileges to a db role....
Hi,
Assume that some individual privileges on db objects have been declared... sucha as:
grant insert on dept to user_a;
grant insert on emp to user_a;
grant select on emp to user_a ;
grant select on emp to user_b;
grant select on dept to user_b;
Is it possible to 'insert' these privileges in some newly created db role , by using objects of data dictionary.....???? For example , i want to create two roles user_a_role , user_b_role .. where:
user_a_role will contain all individual db privileges on db objects granted to user_a...e.t.c. How is the fastest way to do that...?????
After that , should i revoke these individual-atomic privileges defined ... as these written above...???
NOTE: I use Oracle 10g v.2
many thanks,
SimonSQL> create role role_A;
Role created.
select 'grant '||privilege|| ' on ' || table_name || ' to role_A;' from dba_tab_privs where grantee='USER_A'
See the output
grant INSERT on DEPT to role_A;
grant SELECT on EMP to role_A;
grant INSERT on EMP to role_A;
do the same for user_b also
run the below command to revoke everything from user a and b;
for e.g...
select 'revoke ' || privilege || ' on ' || table_name || ' from ' || grantee ||';' from dba_tab_privs where grantee in ('USER_A', 'USER_B');
now once you revoke evrything, u can just simply assign a role to ur users. -
REVOKE EXECUTE ON UTL_HTTP FROM public in apps database
Hello,
could any one share your knowledge to me for database security on oracle apps.
my client's aduit have some issue on public acceess.
select table_name from dba_tab_privs
where grantee='PUBLIC'
and privilege ='EXECUTE'
and table_name in
('UTL_SMTP', 'UTL_TCP', 'UTL_HTTP', 'UTL_FILE',
'DBMS_RANDOM','DBMS_LOB', 'DBMS_SQL','DBMS_JOB',
'DBMS_BACKUP_RESTORE','DBMS_OBFUSCATION_TOOLKIT');
I know we could not revoke any privileges from public.
IS there any document says that don't revoke public access for E-bus database?
I could not find out any document in metalink. if have any one document could you please share with me.
Thanks
PrinceHi Prince,
Oracle does not say "do not revoke privileges from PUBLIC." Oracle suggests caution when revoking privileges from PUBLIC. :-) Have a look at the following Metalink Note: [Be Cautious When Revoking Privileges Granted to PUBLIC|https://metalink2.oracle.com/metalink/plsql/showdoc?db=NOT&id=247093.1|Metalink Note 247093.1].
To satisfy your auditors, you could identify which database users actually need to use UTL_HTTP, and assign that privilege directly to the individual users. Then you should be able to revoke those privileges from PUBLIC.
For more information about securing E-Business Suite itself, review [Best Practices for Securing the E-Business Suite|https://metalink2.oracle.com/metalink/plsql/showdoc?db=NOT&id=189367.1|Metalink Note 189367.1], or for Release 12, [Best Practices For Securing Oracle E-Business Suite Release 12|https://metalink2.oracle.com/metalink/plsql/showdoc?db=NOT&id=403537.1|Metalink Note 403537.1].
Regards,
John P.
http://only4left.jpiwowar.com
Maybe you are looking for
-
HT4890 My iCloud isn't showing any of my pictures. How can I add them?
My iCloud account does not copy any of my pictures. When I log into in on the computer there is not a folder for pictures. How can I add it?
-
I have an original iPhone 2G. My friend is giving me an unwrapped, fresh iPhone 4. I am in the middle of my current contract with the 2G. Can i just plug in the new iPhone into Itunes and sign up for another contract?
-
When I open photoshop or attempt to sync my iphone, I get the message, that my start disk is full. I can move music, but I can't upload my pictures. I considered using Mackeeper but I see here that it might not be a good idea. Any suggestions?
-
Getting static constants of a class
hi I have this class: package cl.mejorencasa.pedido.modelos public class Pedido implements IPedido public static const ENESPERA:String = "En Espera"; public static const ATENDIENDO:String = "Atendiendo"; publi
-
Query Account Balance Last Month
Dear All, I need your help...I want to make query that show account balance AR at level 4 at end of month of last month. For example this month is March, so I want to show account balance AR at level 4 at end of month Feb. Thanks for your help Edited