System and Object privileges question

Similar Messages

• System and object privileges

  hi,
  when we assign the privileges to a user using connect, resource that user will be having connect privilege and create table, view... etc. but we are not assigning any alter table, updating table, drop table privileges to him, how he can perform this object level privileges on the objects.
  please let me know.
  thank u

  851707 wrote:
  hi,
  when we assign the privileges to a user using connect, resource that user will be having connect privilege and create table, view... etc. but we are not assigning any alter table, updating table, drop table privileges to him, how he can perform this object level privileges on the objects.
  please let me know.
  thank uIf the user is the owner of the object, he doesn't need to be explicitly assigned the object privs. He already has all the privs on the object . So the user can perform all the operations on the object.
  Aman....

• Docs about RowSet, and Object RowSet questions?

  Docs about RowSet, and Object RowSet questions?
  I can find RowSet forum, so I ask here!
  Can you give me URLs where I can find more about RowSet and URLs for any RowSet implementation?
  Does Borlans, Oracle, IBM, etc., have RowSet implementation?
  I find out about Sun's RowSet implementation, but I can't find Object Rowset in this implementation?
  Is it possible to develop Object RowSet and is it useful?
  I know about O/R tools like Hibernate, but Object RowSet can be useful?
  Run SQL query and get Objects, or maybe even run Object query (like EJB or Hibernate or JDO have) and get Objects.
  No XML mapping mess and simmilar, like with EJB or Hibernate or JDO?

  You can try
  http://java.sun.com/developer/Books/JDBCTutorial/chapter5.html
  This is a tutorail for RowSet

• SCC4 and Object Changeability question

  Gurus,
  Note - Please do not send me links ,which has no reference to my questions whtsoever,pls provide me direct answers to the questions if possible.
  1)do you need to open the system using SCC4 in order to make the "object changeability" option work??
  2)what is the relation between SCC4 and  "object changeability"
  3)Can the Infopackage transported from dev to prod be changed with "object changeability" option??if yes how ?
  or only object created in the production local be changed using "object changeability" option
  or i can only change the transported Infopack in production using SCC4 ,system open
  thanks in advance.

  1)do you need to open the system using SCC4 in order to make the "object changeability" option work??
  ans) Pre-requisite -Close the system
  2)what is the relation between SCC4 and "object changeability"
  ans) Objects of the selected object types exist in your system as changeable with "object changeability option" even if this system is globally set to not changeable.
  3)Can the Infopackage transported from dev to prod be changed with "object changeability" option??if yes how ?
  or only object created in the production local be changed using "object changeability" option
  or i can only change the transported Infopack in production using SCC4 ,system open
  ans)"Choose Original Changeable" If you not only want to make objects which are generated in this system changeable, but also those that were imported. This option is required, for example, if you need to make repairs or want to change flexible starting times. Note: New imports can overwrite the changes again
  I would advocate to read this link carefully -
  http://help.sap.com/saphelp_nw04s/helpdata/en/0e/a7343e8c7f6329e10000000a114084/frameset.htm
  Hope it Helps
  Chetan
  @CP..

• Object privilege question

  Hi, the oracle documentation says:
  A user automatically has all object privileges for schema objects contained in his or her schema. A user can grant any object privilege on any schema object he or she owns to any other user or role. A user with the GRANT ANY OBJECT PRIVILEGE can grant or revoke any specified object privilege to another user with or without the GRANT OPTION of the GRANT statement. Otherwise, the grantee can use the privilege, but cannot grant it to other users.
  For example, assume user SCOTT has a table named t2:
  SQL>GRANT grant any object privilege TO U1;
  SQL> connect u1/u1
  Connected.
  SQL> GRANT select on scott.t2 \TO U2;
  SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
  WHERE TABLE_NAME = 'employees';
  GRANTEE                        OWNER                                GRANTOR                        PRIVILEGE                            GRA
  U2                             SCOTT                              SCOTT                          SELECT                                NONow this confuses me. Surely it is U1 who is the grantor, and not Scott, no??

  Oracleguy,
  I do got your point but I guess the right reason for this would be this only that even though the user U1 didn't have the privilege and could grant it only because of Grant Any Object priv, he is not shown as the grantor but Scott does!
  [oracle@edhdr1p0-prod sqlplus]$ sqlplus / as sysdba
  SQL*Plus: Release 11.2.0.1.0 Production on Thu Feb 18 09:19:39 2010
  Copyright (c) 1982, 2009, Oracle.  All rights reserved.
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> create user u1 identified by u1;
  User created.
  SQL> grant create session, create table to u1;
  Grant succeeded.
  SQL> conn u1/u1
  Connected.
  SQL> select * from tab;
  no rows selected
  SQL> conn scott/tiger
  Connected.
  SQL> create table t2( a number);
  Table created.
  SQL> conn  / as sysdba
  Connected.
  SQL> grant grant any object privilege to u1;
  Grant succeeded.
  SQL> conn u1/u1
  Connected.
  SQL> select * from scott.t2
    2  ;
  select * from scott.t2
  ERROR at line 1:
  ORA-01031: insufficient privileges
  SQL> grant select on scott.t2 to system;
  Grant succeeded.
  SQL> conn / as sysdba
  Connected.
  SQL>  SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
  WHERE TABLE_NAME = 'T2';
  WHERE TABLE_N 'T2'
  ERROR at line 2:
  ORA-00920: invalid relational operator
  SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
    2  where table_name='T2';
  GRANTEE                        OWNER
  GRANTOR                        PRIVILEGE                                GRA
  SYSTEM                         SCOTT
  SCOTT                          SELECT                                   NO
  SQL>
  Now, when I explicitly give the priv to U1 and than he grants it, he is shown as the Grantee
  Sorry, I didn't realize that its still Scott only which is shown at both the places.
  USER is "SYS"
  SQL> grant select on scott.t2 to U1;
  Grant succeeded.
  SQL> conn u1/u1
  Connected.
  SQL> grant select on scott.t2 to system;
  Grant succeeded.
  SQL> conn / as sysdba
  Connected.
  SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
  WHERE TABLE_NAME = 'T2';   2 
  GRANTEE                        OWNER
  GRANTOR                        PRIVILEGE                                GRA
  SYSTEM                         SCOTT
  SCOTT                          SELECT                                   NO
  U1                             SCOTT
  SCOTT                          SELECT                                   NO
  SQL> Update:
  Oracleguy,
  This is what I found about this priv from docs,
  http://download.oracle.com/docs/cd/E11882_01/server.112/e10592/statements_9013.htm#i2077938
  GRANT ANY OBJECT PRIVILEGE
       Grant any object privilege that the object owner is permitted to grant.So I guess this should explain what is being shown in the view. Since the owner is Scott who is permitted to grant the privilege , its his name which is shown here since its his privilege which is passed to the second user. Does that sounds like a reasonable explanation?
  HTH
  Aman....
  Edited by: Aman.... on Feb 18, 2010 9:36 AM
  Edited by: Aman.... on Feb 18, 2010 11:55 AM added update

• Query created in production system and object changeability

  Hi,
  The production BW has the object changeability for query elements set to 'Changeable original'. Some queries which have been created in this system can be changed, others, which have also been created in the system, can not.
  All queries are assigned to the development packate $TMP. None of them have been transported anywhere, nor have they been created somewhere else and transported into the system.
  The system is BW 3.5, SP 17.
  Has anyone got any idea what the problem could be?
  Best regards,
  Rita

  Hi,
  The object changeability in the system is set to 'Changeable Original' and I know where to switch from 'not changeable' to 'changeable original' to 'everything changeable'.
  The normal development cycle sees reports being created in the development system and then being transported through to the production system. Here, they should not be changeable. However, users with the relevant authorisation should be able to either -
    - create new copies of these reports and change them or
    - create new ad-hoc reports and also change these
  We have several of these reports on the production system. The object changeability is set to 'changeable original', as I mentioned. I would expect that all queries which have been created on this system and never transported (either in or out of the system) should be changeable, based on this setting. However, some are, some ar not. The error message when trying to change the 'non-changeable' ones is 'Operation falied! No error message available from the server'. If I make a copy of one of these queries, hoping to save is as an ad-hoc query and change it, the error message is 'query could not be saved due to a problem in transport'.
  How come some can be changed, others can't? Is there anywhere I can check what the difference is between the changeable and non-changeable reports which have been created on the system?
  Best regards,
  Rita

• Where is the getString() implementation for RS and Object class question

  Dear all,
  I had these two questions ringing since a long time.
  1)ResultSet is an interface.
  In my jdbc code I have generally written rs.getString() and rs.getInt etc.. without giving a second thought as to where exactly is this getter implemented !
  I have RTF API .. without too much help.
  Could some one kindly explain Where is the implementation of the getString method ?
  2) Could you please tell why the Wait() Notify() and NotifyAll methods have been implemented in the Object class ? What was the need to define em in the Object class ?
  Thanks in advance for your time spent on this.
  Rgds

  Sarvananda wrote:
  In the MySQL driver for example it's implemented in com.mysql.jdbc.ResultSet Right. Now it makes sense to me. Every single db that gives me a driver will have their specific implementation for the interface methods of ResultSet.
  >
  why do you need that?
  ..Thats a design decision
  One of my friends asked me this and I was caught unawares. Any ideas on what factors could have made this design decision ?
  Rgds
  >
  In the MySQL driver for example it's implemented in com.mysql.jdbc.ResultSet Right. Now it makes sense to me. Every single db that gives me a driver will have their specific implementation for the interface methods of ResultSet.
  >
  why do you need that?
  ..Thats a design decision
  One of my friends asked me this and I was caught unawares. Any ideas on what factors could have made this design decision ?
  A desire to not have to couple your code to a particular database and JDBC driver. It's a classic example of the abstract factory pattern

• JNDI bind/rebind and object state question

  Hi,
  I have an object that is part of an EAR application that is deployed into an app server. I load a Webapp that initializes an object and then binds it to an initial context under java:comp/env setting some initial state.
  However, when I access the object from an MDB as part of the EAR application, the state, when retrieved from the same context, was not retained. Here is the code I am using to bind the object to the context:
  if (!object.isRunning()) {
         System.out.println("Starting App...");
         object.start();
         try {
             getNamingContext().bind(object);
         } catch (Exception e) {
             System.out.println("Name bound already, rebinding...");
             try {
                 getNamingContext().rebind(object);
                 e.printStackTrace();
             } catch (Exception e1) {
                 e1.printStackTrace();
         System.out.println("Broker started...");
     }When I retrieve the object from the initial context as part of a message received within an MDB, the state is such that the object is always failing the .isRunning method test and subsequently throws an exception.
  What am I doing wrong? Is this related to the fact that possibly the WAR and the MDB create duplicate contexts when I expect there to be only one?
  Any insight is greatly appreciated.
  Thanks,
  John

  following procedure works fine for now, if there is any straight forward solutions,
  that will be helpful.
  1) Create the Subcontexts for each of the sub entries in the jndi name tree
  2) bind the object to the last entry in the tree.
  i.e if the jndi tree name is "one.two.three", and the bind object is Obj
  ctx = ctx.createSubcontext("one");
  ctx = ctx.createSubcontext("two");
  ctx = ctx.bind("three", obj);
  Thanks,
  Gangs.
  "Gangadhar" <[email protected]> wrote:
  >
  Hi,
  I am trying to bind the local object to the Weblogic JNDI, using the
  code below.
  It works fine if the bind name is a straight forward String(not a tree).
  It is
  throwing naming Exception when i am trying to bind into a new tree.
  Thanks,
  Gangs.
  //GETTING THE INITIAL CONTEXT:
  private Context getInitialContext() throws NamingException {
  Properties h = new Properties();
  h.put(Context.INITIAL_CONTEXT_FACTORY,
  "weblogic.jndi.WLInitialContextFactory");
  h.put(Context.SECURITY_PRINCIPAL, "user");
  h.put(Context.SECURITY_CREDENTIALS, "password");
  h.put(Context.PROVIDER_URL, url);
  return new InitialContext(h);
  } catch (NamingException ne) {
  log("We were unable to get a connection to the WebLogic server
  at "+url);
  log("Please make sure that the server is running.");
  throw ne;
  private registerObject()
  throws NamingException
  // Lookup the beans home using JNDI
  Context ctx = getInitialContext();
  try{
  //This binding works fine.
  String bname = "Ganga";
  ctx.bind("plainname", bname);
  //This one throws an Naming Exception..
  ctx.rebind("one.two.three", bname);
  } catch(javax.naming.NameAlreadyBoundException nlb){
  System.out.print(nlb.getMessage());
  System.exit(0);
  }catch(javax.naming.directory.InvalidAttributesException iae){
  System.out.print(iae.getMessage());
  System.exit(0);
  }catch(NamingException ne){
  System.out.print(ne.getMessage());
  System.exit(0);
  Exception msg is : Unable to resolve 'one.two.three' Resolved: '' Unresolved:'one'

• BIP and Siebel server - file system and load balancing question

  1. I just need to understand whenever the reports are generated through BIP, are there reports stored on some local directory (say Reports) on the BIP server or Siebel File system? If on a File system how will archiving policy be implemented.
  2. When we talk of load balancing BIP Server. Can the common load balancer be used for BIP and Siebel servers?
  http://myforums.oracle.com/jive3/thread.jspa?threadID=335601

  Hi Sravanthi,
  Please check the below for finding ITS and WAS parameters from backend :
  For ITS - Go to SE37 >> Utilities >> Setting >> Click on ICON Right Top Corner in popup window >> Select Internet Transaction Server >> you will find the Standard Path and HTTP URL.
  For WAS - Go to SE37 >> Run FM - RSBB_URL_PREFIX_GET >> Execute it >> you will find PRefix and PAth paramter for WAS.
  Please refer to this may help step-by-step : How-to create a portal system for using it in Visual Composer
  Hope it helps
  Regards
  Arun

• Find all system and object privs granted to a user

  I need a query to find out all sys and ibject qyery given to a user. This is because a user was able to query all_directories few days ago in production instance, now he is unable to do it.
  I found a query to find all roles inside a role. This role "APPS_QUERY_ROLE" has another 25 roles inside it. I want a query which will drill down to each role and "role within a role" to find all privileges associated to a role and hence to the user.

  This may be helpful to you :
  SYS@orcl> select 'create role ' || role || ';'
    2  from dba_roles
    3  where role = '&&role';
  Enter value for role: APPS_QUERY_ROLE      <------Make sure it should be in CAPS
  old   3: where role = '&&role'
  new   3: where role = 'APPS_QUERY_ROLE'
  no rows selected
  SYS@orcl> select 'grant ' || privilege || ' to &&role' ||
    2  decode(admin_option,'YES',' with admin option;','NO',';')
    3  from role_sys_privs
    4  where role = '&&role';
  old   1: select 'grant ' || privilege || ' to &&role' ||
  new   1: select 'grant ' || privilege || ' to APPS_QUERY_ROLE' ||
  old   4: where role = '&&role'
  new   4: where role = 'APPS_QUERY_ROLE'
  no rows selected
  SYS@orcl> select 'grant ' || privilege || ' on ' || owner || '.' || table_name
    2  || ' to &&role ' || decode(grantable,'YES','with grant option;','NO',';')
    3  from role_tab_privs
    4  where role = '&&role';
  old   2: || ' to &&role ' || decode(grantable,'YES','with grant option;','NO',';')
  new   2: || ' to APPS_QUERY_ROLE ' || decode(grantable,'YES','with grant option;','NO',';')
  old   4: where role = '&&role'
  new   4: where role = 'APPS_QUERY_ROLE'
  no rows selected
  SYS@orcl>Source:Re: Help to Generate Role Creation Script
  Regards
  Girish Sharma

• System and admin privileges after restore

  I just restored my system from a disk image.
  The system boots fine, but I can only launch programmes that are owned by my user (firefox, photoshop etc.). Programmes owned by the system (system - rw, admin - rw, everyone - r) will not launch, so no mail, no system prefs and no terminal.
  The HD is system owned and I can't unlock the lock in get info o the HD or any of the programmes.
  repair permissions from the install disk (though it's a 10.4 disk) or from a 10.5 via target HD mode doesn't help.
  Tried adding my user to the admin group using single user mode, but it said that user was already part of the group. And even if I'm not an admin I should still be able to launch programmes, no?
  Thanks,
  John

  VK said for locked HDs and volumes at http://discussions.apple.com/thread.jspa?threadID=2329689
  sudo chflags 0 /volumes/*
  sudo chmod a+rx /volumes/*

• Tracing all users and their privileges

  Hi everbody!
  I want to trace all users(online/offline) and those user's given privileges as a system dba. Are there any data dictionary views to trace it ?
  i.e.
  we have 3 users and 3 of them have connect,resource. How can we know who have which privs ?
  i checked dba_role_privs, nothing to solve my prob.
  thanks.

  You should never assign CONNECT or RESOURCE to anyone.
  Determine what privileges each connected user requires and create a role that contains the actual privs required.
  System and Object privileges may be granted explicitly or in roles and roles can be granted to roles. Check here too:
  all_tab_privs_made
  all_tab_privs_recd
  all_col_privs_made
  all_col_privs_recd

• Roles/System privileges/Object privileges

  Oracle 10g. we created a role and assigned this role to the user. We also assigned some system privileges and Object privileges directly to the same user. Now the company's new policy is that the user's permissions have to be assigned only via role. system privileges and Object privileges cannot be assigned directly to the user. So I have to alter the role. The steps are:
  1. grant system privileges and Object privileges to role. (this will be executed as a script)
  These privileges were directly assigned to the user.
  2. revoke all privileges which were directly assigned to the user.
  Do I miss anything?
  Please advise.
  Thanks
  S.

  Object privileges cannot be assigned directly to the user.Privileges acquired via ROLE do not apply within PL/SQL procedures.
  You may face some coding challenges in the future due to this policy.

• Difference between system level privilege and object level privilege

  hi
  i just want to know the difference between system level privileges and object level privilege.
  please correct me if i am wrong
  with system level privilege user can create objects such as creating tables,view,synonyms etc
  where as in object privilege we can only manipulate operations on object i.e perform dml not ddl
  please help

  Hi,
  810345 wrote:
  hi
  i just want to know the difference between system level privileges and object level privilege.
  please correct me if i am wrong
  with system level privilege user can create objects such as creating tables,view,synonyms etc
  where as in object privilege we can only manipulate operations on object i.e perform dml not ddl There are some system privileges that only concern manipulating objects: SELECT ANY TABLE, for example.
  The main difference is that the system-level privileges tend to cover all objects of a certain type, including objects that haven't been created yet.
  Object-level privileges usually apply only to one specifi object, such as one particular table, and are lost if the object is dropped. (For example, if I create a table called table_x, give you SELECT pivileges on it, then you can query my table. But if I then drop table_x and re-create it, you will not be able to see it unless I grant the privilege again.)

• Deleting a Business System and related/assigned objects

  I am PI newbie (as will soon become apparent) so first I apologise for my “simple” question.
  In PI one business system has been replaced with another e.g. BS_US_1CLNT is replaced by BS_US_2CLNT. I want to delete the first business system and all its related components and links without breaking anything, preferably.
  What is the best way to do this? I assume I go to the interface builder, select Object View, then select BS_US_1CLNT and open the object list. The object list consists only of communication channels so I can right click on each CC and delete? But what if these have been assigned already to Configuration Scenarios? Are there other objects/assignments I should take care of or check? Is this the right way to go about this i.e. simply right click on each CC under the BS_US_1CLNT tree and then delete?
  Please help me with the steps I should take to proceed with this, and any objects etc. I should take care of.
  All help greatly appreciated.
  Wish you all a nice day further.

  Hi Glen,
  It is not easy just to delete all the objects pointing to a certain business system, but the way to delete would be communication channels first and then the business system would be last.
  When deleting a communication channel, you can see where it is used by right-clicking on it and then select the Where-Used List option. It will list the objects that uses that communication channel, namely receiver agreement (for receiver) and sender agreement (for sender).
  Once you have re-created the receiver/sender agreements to use the new business system, it should now be safe to delete the channels and the sender/receiver agreements. You should also do the same with the business system, right-click it and select Where-Used List. You also need to re-create the objects that uses that business system e.g receiver det, interface det, receiver agreement (if not yet deleted), sender agreement.
  Do not worry about being a newbie, everyone of us started as one
  Hope this helps,
  Mark