Select privilege on APEX metadata tables
APEX version 2.2.1
SELECT * FROM dba_tab_privs
WHERE owner='FLOWS_020200'
AND privilege='SELECT'
AND grantee='PUBLIC'
AND table_name LIKE 'WWV_FLOW%'
AND (owner,table_name) IN (SELECT owner,TABLE_name FROM dba_tables)Why are these tables visible to everyone?! Some of them even have public synonyms to make accessing them that much easier.
Most of the publicly visible/executable APEX objects like views and APIs have security group id restrictions built into them so that's fine, but having wide-open access like this is a little unusual.
Thoughts?
Well, all the public synonyms for tables/views where attempting to query that table/view would result in a ORA-00980: synonym translation is no longer valid because access to the underlying table/view is not available.
Giving views the benefit of doubt and since I don't have DBA access to apex.oracle.com, the best list I can come up with is
SELECT * FROM all_synonyms
WHERE owner='PUBLIC'
AND table_owner='FLOWS_030000'
AND table_name LIKE 'WWV_FLOW%'
and (table_owner,table_name) not in (select owner,table_name from all_tables where owner='FLOWS_030000')
and (table_owner,table_name) not in (select owner,object_name from all_objects where owner='FLOWS_030000' and object_type='PACKAGE')
and (table_owner,table_name) not in (select owner,view_name from all_views where owner='FLOWS_030000')which gives
WWV_FLOW_CUSTOM_AUTH_SSO
WWV_FLOW_INIT_HTP_BUFFER
WWV_FLOW_SESSION_SEQ
WWV_FLOW_HOT_HTTP_LINKS
Similar Messages
-
How to give select privilege on a single table
Hi,
I need to create a user who can access only one table of a particular schema. Now, while I'm creating one user with "create session" privilege only, that user can select any table in that database.
create user ANJAN_USR identified by ANJAN default tablespace USERS temporary tablespace TEMP;
grant create session to ANJAN_USR;
grant SELECT ON SCOTT.EMP to ANJAN_USR;
Now connecting to ANJAN_USR, I can select SCOTT.EMP and all other tables as well.
How can I prevent the user from select data of other tables?
I'm using Oracle 10.2.0.1.0.
Thanks,
AnjanI couldn't reproduce. Though I am not using 10g but I believe this shouldn't be an issue in that also.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> create user testuser identified by test;
User created.
SQL> grant create session to testuser;
Grant succeeded.
SQL> conn testuser/test
Connected.
SQL> select * from scott.emp;
select * from scott.emp
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> conn / as sysdba
Connected.
SQL> grant select on scott.emp to testuser;
Grant succeeded.
SQL> conn testuser/test
Connected.
SQL> select * from scott.emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7369 SMITH CLERK 7902 17-DEC-80 800
20
7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300
30
7521 WARD SALESMAN 7698 22-FEB-81 1250 500
30
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7566 JONES MANAGER 7839 02-APR-81 2975
20
7654 MARTIN SALESMAN 7698 28-SEP-81 1250 1400
30
7698 BLAKE MANAGER 7839 01-MAY-81 2850
30
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7782 CLARK MANAGER 7839 09-JUN-81 2450
10
7788 SCOTT ANALYST 7566 19-APR-87 3000
20
7839 KING PRESIDENT 17-NOV-81 5000
10
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7844 TURNER SALESMAN 7698 08-SEP-81 1500 0
30
7876 ADAMS CLERK 7788 23-MAY-87 1100
20
7900 JAMES CLERK 7698 03-DEC-81 950
30
EMPNO ENAME JOB MGR HIREDATE SAL COMM
DEPTNO
7902 FORD ANALYST 7566 03-DEC-81 3000
20
7934 MILLER CLERK 7782 23-JAN-82 1300
10
14 rows selected.
SQL> c/emp/dept
1* select * from scott.dept
SQL> /
select * from scott.dept
ERROR at line 1:
ORA-00942: table or view does not exist
SQL>Please show us the cut/paste from the command prompt as it was done .
HTH
Aman.... -
GRANT syntax : Grant SELECT privileges on tables to a User on a Remote DB
Hi
I am having two databases: DEV1 and DEV2. DEV1 is my source database and DEV2 is target database. There is a table in Schema A on Dev1. I have created a PUBLIC DBLINK "TESTDBLINK" in Schema B on DEV2 that connects to Schema A on DEV1.
Database Schema Table Machine
DEV1 A EMP 192.168.210.10
Database Schema Database Lik Machine
DEV2 B TESTDBLINK 192.168.210.11
How to grant SELECT privileges on Schema A Table EMP ( DEV1 ) to Schema B on DEV2 ? What is the syntax ?
e.g. Log in as Schema A on DEV 1
SQL> GRANT SELECT ON EMP TO *???????*
Thanks for your inputs
HarryYou don't have to grant that table in schema A to schema B.
Inside schema B, you can just issue a select statement like this:
select *
from table@db-link-to-AOracle will connect to the remote instance, using the credentials of schema A, and since A owns that table, Oracle can already access the table. -
How to grant privileges on all the tables in a schema
Hi All,
Can you tell me how to grant privileges on all the tables of a schema A
to schema B.
For Example:
There are 200 tables in schema A, I wanted to grant select privilege on all the tables of a scheme A to schema B.
Thanks in advance.note that USER is the user that will have the select priviledge
the procedure includes views as well
CREATE OR REPLACE PROCEDURE GRANT_ACCESS_ON_USER IS
CURSOR c1 is select table_name from user_tables;
CURSOR c2 is select view_name from user_views;
tablename user_tables.TABLE_NAME%TYPE;
viewname user_views.VIEW_NAME%TYPE;
BEGIN
tmpVar := 0;
OPEN c1;
loop
fetch c1 into tablename;
EXIT WHEN c1%NOTFOUND;
EXECUTE IMMEDIATE 'GRANT SELECT on '||tablename ||' to USER';
end loop ;
close c1;
OPEN c2;
loop
fetch c2 into viewname;
EXIT WHEN c2%NOTFOUND;
EXECUTE IMMEDIATE 'GRANT SELECT on '||viewname ||' to USER';
end loop ;
close c2;
EXCEPTION
WHEN NO_DATA_FOUND THEN
NULL;
WHEN OTHERS THEN
-- Consider logging the error and then re-raise
RAISE;
END;
/ -
Grant select privilege to specific columns on a table to user in Oracle 9i
Can anyone tell me how to grant select privilege to a user for specific columns in a table?
I have tried the following statement
GRANT SELECT (EMP_ID) ON EMP TO USER1
But it's not working and I am getting this error "Missing ON Keyword".
Please anyone tell me how to grant select privilege for specific columns.
Edited by: 899045 on Nov 24, 2011 7:03 AM899045 wrote:
Can anyone tell me how to grant select privilege to a user for specific columns in a table?
I have tried the following statement
GRANT SELECT (EMP_ID) ON EMP TO USER1
But it's not working and I am getting this error "Missing ON Keyword".
Please anyone tell me how to grant select privilege for specific columns.
Edited by: 899045 on Nov 24, 2011 7:03 AMFrom the 9.2 SQL Reference manual, found at tahiti.oracle.com (http://docs.oracle.com/cd/B10501_01/server.920/a96540/statements_912a.htm#2062456)
*"You can specify columns only when granting the INSERT, REFERENCES, or UPDATE privilege. "* -
Accessing logical columns using metadata table
Hi,
I have a requirement to store data coming from multiple sources in various format into single table as the number of tables required is not determinable at development phase. Hence I have defined 2 tables,
1. Metadata table storing the information about logical columns in the incoming data.
2. Raw generic table where the actual data would be stored.
While accessible the logical data first I need to access the metadata table to fetch the column details and then access the raw table to provide actual data in those columns. Even though this option is available the code might not remain readable as need to use actual raw table column names in the code.
I have thought of view based access but again number of views required is not known at development time. Is there any option/feature available which would be able to provide logical view for the raw data?
thank you in advance.Hi
Firstly, this sounds rather messy and is not something I would consider doing - but I shall give you the benefit of the doubt that all other options have been exhausted.
A way I can think of is that you could define your metadata a bit like the oracle data dictionary, then you could use something like APEX where you can use dynamic SQL to show a report on the data. Imagine something like this
DECLARE
l_sql VARCHAR2(32000);
BEGIN
l_sql : = 'SELECT ';
FOR i IN
(SELECT column_name
FROM my_table_data
WHERE table_name = :TARGET_TABLE)
LOOP
IF i = 1
THEN l_sql := l_sql||i.column_name;
ELSE l_sql := l_sql||', '||i.column_name;
END IF;
END LOOP;
l_sql := l_sql||' FROM '||:TARGET_TABLE;
RETURN l_sql;
END;Obviously you can make stick in predicates etc. if you need to but that would be a starting point?
Not very pretty though...
Cheers
Ben
http://www.munkyben.wordpress.com
Don't forget to mark replies helpful or correct ;) -
No segment found in Metadata table
Hi,
We are posting an Idoc from an external application to R/3 using C RFC libraries. There was a new custom segment Z1xxx added to an Extension message type Zxxxx on SAP. There is an error in the external application while trying to build/Map the Idoc segments before sending the idoc to R/3.
The error says "<u>No such segment type found in metadata table</u>". The segments heirarchy is the same as defined on SAP.
The release have been checked for this new segment, its released to 45B as similar to other standard segments.
Please let us for any resolution for successful posting of an Idoc with the custom Z1 segment.
Thanks,
Prabhu
Message was edited by: Prabhu KudlapuraHi Suhas,
Thanks for your quick response.
Yes I have run SE14 and activate & adjust the database, But problem is same.
My select query is:
SELECT VBELN
PI
GJAHR
KUNNR
GPD
GPI
INTO TABLE I_GP_DATA
FROM ZFI_GP_DISCOUNTS
WHERE AUGDT BETWEEN ZFI_GP_DISCOUNTS-AUGDT AND ZFI_GP_DISCOUNTS-P_DATE
AND DOC_NO EQ SPACE.
Thanks & Regards,
Hemant Maurya -
How to grant select permission to all the tables in the user
Hi All,
I have 5 tables in one user, now i want to give only select privilege to another user on those tables. Please help me to solve this issue.
Thanks in Advance.
Thanks and Regards,
chiranthSee following discussion: Re: Select Grant on another schema
-
Query to get objects list for which the current user has 'SELECT' privilege
Hi,
I want to get tables and views list for which the current user has 'SELECT' privilege excluding sytem tables and views. The privilege information for the current user is scattered in more than one system views. I have following system views
USER_TAB_PRIVS_RECD - Object grants for which the current user is the grantee
ROLE_TAB_PRIVS - describes table privileges granted to roles. Information is provided only about roles to which the user has access.
If the object privilege is granted explicitly like "GRANT ALL ON TABLE_NAME TO "USERNAME" then this privilege entry goes to USER_TAB_PRIVIS_RECD
If the object privilege is granted by ROLE. Role is created with certain object privileges. this role is assigned to user "GRANT ROLE_NAME TO "USERNAME"", then this entry goes to ROLE_TAB_PRIVS
From these findings, I have composed below query
(SELECT DISTINCT TABLE_NAME FROM USER_TAB_PRIVS_RECD) UNION (SELECT DISTINCT TABLE_NAME FROM ROLE_TAB_PRIVS WHERE PRIVILEGE = 'SELECT')
Have I got user's all prvilege details? should I look some other system views?
How to exclude system table privileges details?
(SELECT DISTINCT TABLE_NAME FROM USER_TAB_PRIVS_RECD) UNION (SELECT DISTINCT TABLE_NAME FROM ROLE_TAB_PRIVS WHERE PRIVILEGE = 'SELECT' AND OWNER NOT IN ('SYS','SYSTEM') Is this right?
What about Public role in Oracle? Should I consider public role here?
Oracel Version :11g
I want make this query to work on Oracle 8i or above version
Thanks>
I want to get tables and views list for which the current user has 'SELECT' privilege excluding sytem tables and views.
>
You will need a hierarchical query to do that.
Try this script for Listing privileges recursively for Oracle users
http://www.adp-gmbh.ch/ora/misc/recursively_list_privilege.html -
SELECT PRIVILEGES required on Materialized View Logs
Hi,
I have a scenario where in Base table exists in one database and Materialized View on other.
The Materialized View is created with FAST REFRESH option.
I have created Materialized View Log in database where master table exists.
Also I have given Select priv on master table to the user(where MV is created).
I want to know how will i Grant SELECT PRIV on Materialized View Log so that FAST refresh happens.
Both databases are Oracle 10g R2.
I have read following on oracle site:
The owner of the materialized view must have the CREATE TABLE system privilege. The owner must also have access to any master tables of the materialized view that the schema owner does not own (for example, if the master tables are on a remote database) and to any materialized view logs defined on those master tables, either through a SELECT object privilege on each of the tables or through the SELECT ANY TABLE system privilege.
Please tell me the command to GRANT SELECT to the user who has created MV.
Thank You,
Niranjan.Hi,
The privileges required to create a materialized view should be granted directly rather than through a role
To create a materialized view in your own schema:
1- Grant CREATE MATERIALIZED VIEW system privilege and either the CREATE TABLE or CREATE ANY TABLE system privilege.
2-You must also have access to any master tables of the materialized view that you do not own, either through a SELECT object privilege on each of the tables or through the SELECT ANY
TABLE system privilege.
To create a materialized view in another user's schema:
1-You must have the CREATE ANY MATERIALIZED VIEW system privilege.
2-The owner of the materialized view must have the CREATE TABLE system privilege. The owner must also have access to any master tables of the materialized view that the schema owner does not own (for example, if the master tables are on a remote database) and to any materialized view logs defined on those master tables, either through a SELECT object privilege on each of the tables or through the SELECT ANY TABLE system privilege.
To create a refresh-on-commit materialized view (ON COMMIT REFRESH clause), in addition to the preceding privileges, you must have the ON COMMIT REFRESH object privilege on any master tables that you do not own or you must have the ON COMMIT REFRESH system privilege.
see this link
http://download.oracle.com/docs/cd/B12037_01/server.101/b10759/statements_6002.htm -
Create user with select privilege only one schema
can someone tell me how i can create user with select priviliges only one schema.
i don't want the user to have any select privileges with other schema.
can someone advise me.
ThanskIn general, you would do something like
CREATE ROLE abc_read_only;
FOR x IN (SELECT * FROM dba_tables WHERE owner='ABC')
LOOP
EXECUTE IMMEDIATE 'GRANT SELECT ON abc.' || x.table_name || ' TO abc_read_only';
END LOOP;
CREATE USER your_user ...;
GRANT abc_read_only TO your_userYou create a role, grant the role SELECT access to all the tables in the ABC schema (you can extend this to grant access to views, functions, etc depending on the requirements), and then grant that role to your user.
Justin -
I want to grant select privileges on all tables and views belonging to database xyz to the user abc.
What's the best way to do that?
Message was edited by: Diarmuid - 11/07/07
user580522I beg to differ. Of course OP can try to 'GRANT SELECT ANY TABLE'. It's just a matter of his own privileges if he succeeds or not.
To OP: Reading about GRANT might help:
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#i2077938
Note this part from the docs:
To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege. -
Hello,
Please let me know, how to find the apex user table. I need to validate unique user based on the same, for which I am using below function,
DECLARE
VAL BOOLEAN;
BEGIN
VAL := APEX_UTIL.IS_USERNAME_UNIQUE(p_username =>
:P6_USERNAME );
END;
However in this case it is returning always 'FALSE', saying new user exist.
Kindly help me in fixing this issue.Hello Andre,
I am validating records from apex_workspace_apex_users, to check whether user is present or not,
While creating validation, I select SQL-> Not Exist and below query,
select 1 from apex_workspace_apex_users where user_name = :my_user.
If this record is present, it should throw an customised error, however it shows the error of "Unique key violation error...".
Can you please help me out whether while creating validation I should select (EXIST or NOT Exist). Since I am still confuse with the same.
Thanks,
Girish -
Using case when statement in the select query to create physical table
Hello,
I have a requirement where in I have to execute a case when statement with a session variable while creating a physical table using a select query. let me explain with an example.
I have a physical table based on a select table with one column.
SELECT 'VALUEOF(NQ_SESSION.NAME_PARAMETER)' AS NAME_PARAMETER FROM DUAL. Let me call this table as the NAME_PARAMETER table.
I also have a customer table.
In my dashboard that has two pages, Page 1 contains a table with the customer table with column navigation to my second dashboard page.
In my second dashboard page I created a dashboard report based on NAME_PARAMETER table and a prompt based on customer table that sets the NAME_ PARAMETER request variable.
EXECUTION
When i click on a particular customer, the prompt sets the variable NAME_PARAMETER and the NAME_PARAMETER table shows the appropriate customer.
everything works as expected. YE!!
Now i created another table called NAME_PARAMETER1 with a little modification to the earlier table. the query is as follows.
SELECT CASE WHEN 'VALUEOF(NQ_SESSION.NAME_PARAMETER)'='Customer 1' THEN 'TEST_MART1' ELSE TEST_MART2' END AS NAME_PARAMETER
FROM DUAL
Now I pull in this table into the second dashboard page along with the NAME_PARAMETER table report.
surprisingly, NAME_PARAMETER table report executes as is, but the other report based on the NAME_PARAMETER1 table fails with the following error.
Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 16001] ODBC error state: S1000 code: 1756 message: [Oracle][ODBC][Ora]ORA-01756: quoted string not properly terminated. [nQSError: 16014] SQL statement preparation failed. (HY000)
SQL Issued: SET VARIABLE NAME_PARAMETER='Novartis';SELECT NAME_PARAMETER.NAME_PARAMETER saw_0 FROM POC_ONE_DOT_TWO ORDER BY saw_0
If anyone has any explanation to this error and how we can achieve the same, please help.
Thanks.Hello,
Updates :) sorry.. the error was a stupid one.. I resolved and I got stuck at my next step.
I am creating a physical table using a select query. But I am trying to obtain the name of the table dynamically.
Here is what I am trying to do. the select query of the physical table is as follows.
SELECT CUSTOMER_ID AS CUSTOMER_ID, CUSTOMER_NAME AS CUSTOMER_NAME FROM 'VALUEOF(NQ_SESSION.SCHEMA_NAME)'.CUSTOMER.
The idea behind this is to obtain the data from the same table from different schemas dynamically based on what a session variable. Please let me know if there is a way to achieve this, if not please let me know if this can be achieved in any other method in OBIEE.
Thanks. -
Best practice of metadata table in data warehouse environment ?
Hi guru's,
In datawarehouse, we have 1. Stage schema 2. DWH(Data warehouse reporting schema). In stageing we have about 300 source tables. In DWH schema, we are creating the tables which are only required from reporting prespective . some of the tables in stageing schema, have been created in DWH schema as well with different table name and column names. The naming convention for these same tables and columns in DWH schema is more based on business names.
In order to keep track of these tables we are creating metadata table in DWH schema say for example
Stage DWH_schema
Table_1 Table_A
Table_2 Table_b
Table_3 Table_c
Table_4 Table_DMy question is how do we handle the column names in each of these tables. The stage_1, stage_2 and stage_3 column names have been renamed in DWH_schema which are part of Table_A, Table_B, Table_c.
As said earlier, we have about 300 tables in stage and may be around 200 tables in DWH schema. Lot of the column names have been renamed in DWH schema from stage tables. In some of the tables we have 200 column's
so my concern is how do we handle the column names in metadata table ? Do we need to keep only table names in metadata table not column names ?
Any idea will be greatly appriciated.
Thanks!hi
seems quite a buzzing question.
In our project we designed a hub and spoke like architecture.
Thus we have 3 layer, L0 is the one closest to the source and L0 table's name are linked to the corresponding sources names by mean of naming standard (like tabA EXT_tabA tabA_OK1 so on based on implementation of load procedures).
At L1 we have the ODS , normalized model , we use business names for table there and standard names for temporary structures and artifacts
Both L0 an L1 keep source's column names as general rule, new columns like calculated one are business driven and metadata are standard driven.
Datamodeler fits perfect for modelling L1 purpose.
L2 is the dimensional schema business names take place for tables and columns eventually rewritten at presentation layer ( front end tool )
hope this helps D.
Maybe you are looking for
-
I have tried to find this topic in the boards without luck. My MBP (2 years old now, with OSX 10.4.11) has lost all internal audio - no speakers, no headphones, no internal microphone . I was unplugging my guitar cable from the input jack (actually t
-
Hi, From wiki page "Installing Arch Linux on a USB key" under Grub Legacy section it states I should edit menu.lst to change items to reflect what I am using - label, UUID etc. and to ensure the key is (hd0, 0). I am using the latest iso - 2014.01.05
-
Why do I have 2 passcodes? I cant wipe!
I made a mistake setting up a new iPad: I mistakenly restored from my daughters backup. Cant have that, so I went to wipe it but I got prompted for 2 passcodes! Sure I know the first one, but not the second one... Wait 60 minutes great... How ca
-
Refresh Issue in my Effect Plugin
Hi, I'm writing a small effect plugin, where i have one or two color pickers in the UI. The layer i'm applying the effect will be PreComp (with 2 layers inside). So whenever i change the color in my effect, that color should be updated to the Fill Ef
-
Configure Special GL account_ Urgent
Dear all, I want to configure special GL account for down payment, Guarantees, Bill of exchange, reserve for bad debt Please tell me how to configure it step by step Thank in advance Minh