UNLIMITED TABLESPACE in RESOURCE role
Hi all,<br>
It's known that UNLIMITED TABLESPACE is included in RESOURCE role.<br>
My question is: <b>Why I don't see the system privilige UNLIMITED TABLESPACE when I try to display the priviliges granted to that role?</b><br>
SQL> select PRIVILEGE
2 from ROLE_SYS_PRIVS
3 where
4 role='RESOURCE'
5 /
PRIVILEGE
CREATE TYPE
CREATE TABLE
CREATE CLUSTER
CREATE TRIGGER
CREATE OPERATOR
CREATE SEQUENCE
CREATE INDEXTYPE
CREATE PROCEDURE<br>
Also, in the Enterprise Manager, it is shown that a user who is granted the RESOURCE role has the UNLIMITED TABLESPACE. However, when I display the priviliges granted to the RESOURCE role, I don't see the privilige granted to the role.<br>
Oralce DB 10g R2 on Win XP<br><br>
Thanks in advance
Why I don't see the system privilige UNLIMITED TABLESPACE
when I try to display the priviliges granted to that role?Because that privilege cannot be granted to a role, but to a user only, albeit granting RESOURCE role implicitly grants UNLIMITED TABLESPACE, That's why I never grant RESOURCE role directly to a user. See this example.
SYS@db102 SQL> create role user_role;
Role created.
SYS@db102 SQL> grant connect, resource to user_role;
Grant succeeded.
SYS@db102 SQL> create user test1 identified by test1;
User created.
SYS@db102 SQL> grant user_role to test1;
Grant succeeded.
SYS@db102 SQL> conn test1/test1
Connected.
TEST1@db102 SQL> select * from session_privs;
PRIVILEGE
CREATE SESSION
CREATE TABLE
CREATE CLUSTER
CREATE SEQUENCE
CREATE PROCEDURE
CREATE TRIGGER
CREATE TYPE
CREATE OPERATOR
CREATE INDEXTYPE
9 rows selected.
TEST1@db102 SQL> conn / as sysdba
Connected.
SYS@db102 SQL> create user test2 identified by test2;
User created.
SYS@db102 SQL> grant connect,resource to test2;
Grant succeeded.
SYS@db102 SQL> conn test2/test2
Connected.
TEST2@db102 SQL> select * from session_privs;
PRIVILEGE
CREATE SESSION
UNLIMITED TABLESPACE
CREATE TABLE
CREATE CLUSTER
CREATE SEQUENCE
CREATE PROCEDURE
CREATE TRIGGER
CREATE TYPE
CREATE OPERATOR
CREATE INDEXTYPE
10 rows selected.
TEST2@db102 SQL> The following is from Oracle documentation :
UNLIMITED TABLESPACE
Use an unlimited amount of any tablespace. This privilege overrides any specific quotas assigned. If you revoke this privilege from a user, then the user's schema objects remain but further tablespace allocation is denied unless authorized by specific tablespace quotas. You cannot grant this system privilege to roles.
Similar Messages
-
ORA-01536 Space Quota with resource and unlimited tablespace privilege
Good morning.
I've got the following error ORA-01536: space quota exceeded for tablespace, but my owner has the following grants:
- RESOURCE
- UNLIMITED TABLESPACE
The tablespace transaction has allocated 150GB and when it's about 90% of space used the error occurs, but we have auto extend in all tablespaces.
My environment:
Oracle Database 10.2.0.2
RAC - ASM
Server Red Hat release 4
Best Regards,
Rafael Ceolimjgarry wrote:
Check the ddl for all objects in the tablespace. There was a thread yesterday where an unused partitioned index had part of it's data in an offline tablespace, or something like that. You might also look at dba_segments for the objects too, in case something is just not where you expect.tanks jgarry for your reply. -
The problem of connect and resource role
Hi,
As we know, that while crating a new user, we can assign connect and resource so that the user can access the system tablespace.
The problem that i got is instead of assigning the connect and resource role, i have assigned each and every privilege individually from this role. But, surprisingly, my user has not got the privilege o accessing the system tablespace.
I was working in oracle 9i database. Can anyone help me in this regard and tell me what is the reason behind this?
Thanks in advance.what huntrex said is quite valid i would like to add some more..
SQL> create user myuser identified by myuser
2 /
User created.
SQL> select grantee,privilege
2 from dba_sys_privs
3 where grantee='MYUSER'
4 /
no rows selected
SQL> grant resource to myuser
2 /
Grant succeeded.
SQL> select grantee,privilege
2 from dba_sys_privs
3 where grantee='MYUSER'
4 /
GRANTEE PRIVILEGE
MYUSER UNLIMITED TABLESPACEWhen you create a new user, the user is not able to save data until given a tablespace quota.As well when you create user and dont define its default tablespace then it is assigned tablespace what you defined at the time of database creation.If you dont define the tablespace at the time of creating database then it goes to system tablespace.
When you grant resource role then user get unlimited tablespace over specified tablespace while creating users or
default when not mentioning tablespace.
conn myuser/muyuser
SQL> select * from session_privs;
PRIVILEGE
CREATE SESSION
ALTER SESSION[b]
UNLIMITED TABLESPACE
CREATE TABLE
CREATE CLUSTER
CREATE SYNONYM
CREATE VIEW
CREATE SEQUENCE
CREATE DATABASE LINK
CREATE PROCEDURE
CREATE TRIGGER
CREATE TYPE
CREATE OPERATOR
CREATE INDEXTYPEAs you created the user and i assume you didnt specify the default tablespace ,this user goes for system tablespace
but you didnt assign resource role then you will have to have assign quota for that user to create any object within
this created user.
SQL> conn sys/sys as sysdba
Connected.
SQL> drop user myuser
2 /
User dropped.
SQL> create user myuser identified by myuser
2 /
User created.
SQL> grant connect to myuser
2 /
Grant succeeded.
SQL> conn myuser/myuser
Connected.
SQL> select * from session_privs;
PRIVILEGE
CREATE SESSION
ALTER SESSION
CREATE TABLE
CREATE CLUSTER
CREATE SYNONYM
CREATE VIEW
CREATE SEQUENCE
CREATE DATABASE LINK
8 rows selected.
SQL> create table mytable (a number)
2 /
create table mytable (a number)
ERROR at line 1:
ORA-01950: no privileges on tablespace 'USERS'
SQL> conn sys/sys as sysdba
Connected.
SQL> grant unlimited tablespace to myuser
2 /
Grant succeeded.
SQL> conn scott/tiger
Connected.
SQL> conn myuser/myuser
Connected.
SQL> create table mytable (a number)
2 /
Table created.
SQL> Khurram -
Hi
Granting resource role to a user gives unlimited quota on default tablespace.
Then why it's not shown when i query like this
BANNER
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for Linux: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
SQL> select PRIVILEGE from role_sys_privs where ROLE='RESOURCE';
PRIVILEGE
CREATE SEQUENCE
CREATE TRIGGER
CREATE CLUSTER
CREATE PROCEDURE
CREATE TYPE
CREATE OPERATOR
CREATE TABLE
CREATE INDEXTYPESecondly
I created a user granted connect and create table privs only. Now i can create the table but when i try to insert then i get error that no quota on the users TS. Why does it allow to create table in the first place.?
Thanks1:
SQL> create user u1 identified by u1;
User created.
SQL> grant resource to u1;
Grant succeeded.
SQL> select * from dba_sys_privs where grantee='U1';
GRANTEE PRIVILEGE ADM
U1 UNLIMITED TABLESPACE NO
SQL> select * from dba_role_privs where grantee='U1';
GRANTEE GRANTED_ROLE ADM DEF
U1 RESOURCE NO YES2: please check:
SQL> show parameter deferred
NAME TYPE VALUE
deferred_segment_creation boolean TRUE
SQL>Edited by: P. Forstmann on 15 nov. 2011 19:16 -
"UNLIMITED TABLESPACE" is revoked - don't know who did that
I got call from developer they encountered error from insert statement stating
ERROR at line 1:
ORA-01536: space quota exceeded for tablespace 'XXXXXXXX'
I went there and found that "unlimited tablespace" is revoked from that user.
I can not explain how it happened since I am the only DBA for this database. Although one of the developers has DBA privilege, I don't think he has the ability to do so. There is no reason for anybody to do so.
The database is 9.2.0.7 with 2nd Quarter CPU patch.
My question is that is there any other mechanism to make this happen? This is really strange to me.
jzcThis is most curious.
It turns out that granting resource also grants unlimited tablespace and revoking resource also revokes unlimited tablespace. However, unlimited tablespace is not a privilege granted to resource, rather it is granted to the user.
If I grant unlimited tablespace, I can see the user has it.
If I then grant resource, the user keeps unlimited tablespace -- of course.
If I revoke resource, unlimited tablespace goes away.
If I then grant resource, unlimited tablespace comes back.
resource has an interesting property in this -- at least in 10.2
SQL> create user test01 identified by test01;
User created.
SQL> grant unlimited tablespace to test01;
Grant succeeded.
SQL> @privs_all
Enter User ID: test01
System Priveleges Granted to test01.
Privilege Via Role?
UNLIMITED TABLESPACE No Admin
SQL> grant resource to test01;
Grant succeeded.
SQL> @privs_all
Enter User ID: test01
System Priveleges Granted to test01.
Privilege Via Role?
CREATE CLUSTER No Admin RESOURCE
CREATE INDEXTYPE No Admin RESOURCE
CREATE OPERATOR No Admin RESOURCE
CREATE PROCEDURE No Admin RESOURCE
CREATE SEQUENCE No Admin RESOURCE
CREATE TABLE No Admin RESOURCE
CREATE TRIGGER No Admin RESOURCE
CREATE TYPE No Admin RESOURCE
UNLIMITED TABLESPACE No Admin
SQL> revoke resource from test01;
Revoke succeeded.
SQL> @privs_all
Enter User ID: test01
SQL> grant resource to test01;
Grant succeeded.
SQL> @privs_all
Enter User ID: test01
System Priveleges Granted to test01.
Privilege Via Role?
CREATE CLUSTER No Admin RESOURCE
CREATE INDEXTYPE No Admin RESOURCE
CREATE OPERATOR No Admin RESOURCE
CREATE PROCEDURE No Admin RESOURCE
CREATE SEQUENCE No Admin RESOURCE
CREATE TABLE No Admin RESOURCE
CREATE TRIGGER No Admin RESOURCE
CREATE TYPE No Admin RESOURCE
UNLIMITED TABLESPACE No Admin -
I have created a user and granted connect,resource to that user.
Then how the unlimited tablespace quota is applied automatically over that user?
whereas when I am applying all the privileges under the connect,resource separately the user is not getting any quota on any tablespace. What is actually happening in case of connect,resource role in oracle9i?hi in 9i RESOURCE role is having unlimited tablespace privilege internally
even you cannot see this from role_sys_privs view.
so it is dangerous to grant resource role to a user in 9i unless required. -
Hi,
would like to have a better understanding on the unlimited tablespace privilege isue.
1.) Am i right to say that when an account for example A is granted with the unlimted tablespace privilege, A can use any tablespace in the database, no restriction on the amount of size to be used?
2.) For example, tables were created on tablespace T1_data. So when user account B insert records into the tables, where will the data be stored at? The default tablespace that the user B is assigned or the T1_data tablespace? Does the user account B need to be granted with the unlimited tablespace or quota on the T1_data tablespace?
Thank You. Anyone can advise.http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/admusers.htm#sthref1493
Oracle® Database Security Guide
10g Release 2 (10.2)
Part Number B14266-01
11.1.1.4.2 UNLIMITED TABLESPACE System Privilege
To permit a user to use an unlimited amount of any tablespace in the database, grant the user the UNLIMITED TABLESPACE system privilege. This overrides all explicit tablespace quotas for the user. If you later revoke the privilege, then explicit quotas again take effect. You can grant this privilege only to users, not to roles. -
Hello
I am using Oracle XE 11G (no Oracle support, I know). CentOS 6.5 64bit
I am getting following error when I create a user, add/import some data and try to drop it:
[code]SQL> drop user test_user cascade;
drop user test_user cascade
ERROR at line 1:
ORA-00600: internal error code, arguments: [kdddgb:clsviol_kcbgcur_9], [0],
[4194452], [1], [4294967250], [8192], [], [], [], [], [], [][/code]
To reproduce at my machine I do:
[code]CREATE USER TEST_USER IDENTIFIED BY TEST_PASSWORD
DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP
QUOTA 200M ON USERS;
GRANT CREATE TRIGGER, CREATE SEQUENCE, CREATE SYNONYM, CREATE TABLE, CREATE VIEW,
CREATE TYPE, CREATE SESSION, CREATE MATERIALIZED VIEW , CREATE PROCEDURE TO TEST_USER;
ALTER USER TEST_USER GRANT CONNECT THROUGH apex_rest_public_user;
GRANT EXECUTE ON UTL_HTTP TO TEST_USER;
GRANT EXECUTE ON UTL_SMTP TO TEST_USER;
GRANT EXECUTE ON UTL_TCP TO TEST_USER;
GRANT EXECUTE ON DBMS_CRYPTO TO TEST_USER;
imp test_user/TEST_PASSWORD file=MyDUmp.dmp fromuser=pageh touser=test_user
SQL> drop user test_user cascade;
drop user test_user cascade
ERROR at line 1:
ORA-00600: internal error code, arguments: [kdddgb:clsviol_kcbgcur_9], [0],
[4194452], [1], [4294967250], [8192], [], [], [], [], [], []
grant unlimited tablespace to test_user;
[/code]
But when I run following I am able to drop my user without a problem:
[code]SQL> grant unlimited tablespace to test_user;
Grant succeeded.
SQL> drop user test_user cascade;
User dropped.
[/code]
History:
Some DBA working in past some months ago executed following:
[code]grant unlimited tablespace to public;[/code]
It was revoked after a few months by:
[code]revoke unlimited tablespace from public;[/code]
I would be really thankful if someone can help me fix this issue.
Thanks in advance,
HabibCentOS is not a supported distro for installing XE - Oracle® Database Express Edition - so things may or may not work as expected. The ORA-600 errors are internal oracle errors that only Support can troubleshoot. Since no support is available for XE, I suggest you perform a full export, delete the XE install, re-install XE and perform a full import.
-
Unlimited Tablespace Privilege
I have one user in the database say'user1'. Let this user has only 'create session' privilge.
I have two sessions open. In one session I am connect as:
"sys/oracle as sysdba" and in other session, I am connect as : "user1/user1".
Now from "sys" session I am granting dba privilege to 'user1'. "grant dba to user1".
When I go to "user1" session and fire a command with out reconnecting :
'select * from session_privs', I see the only two privileges
1 . Create session
2. Unlimited Tablespace.
Here I understand that :
1. I need to connect again as user1/user in order to reflect the dba privilges.
2. But even if I do no connect again, why am I getting "Unlimited Tablespace " privilge.
My question is : Is there something special about this privilege or is this a bug?This is definitely a wrinkle I wasn't aware of, and which I don't see documented.
In session 1
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.3.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.3.0 - Production
system@jcave > create user newUser identified by newUser;
User created.
system@jcave > grant create session to newUser;
Grant succeeded.
system@jcave > @connect newUser/newUser;
Connected.
newuser> select * from session_privs
2 ;
PRIVILEGE
CREATE SESSIONIn session 2
system@jcave > grant dba to newUser;
Grant succeeded.And new back in session 1
newuser> select * from session_privs;
PRIVILEGE
CREATE SESSION
UNLIMITED TABLESPACEIf I log off and log back on as newUser, I see 140 some rows in session_privs.
Justin -
Unlimited tablespace and dba_ts_quotas dynamic view
Hi everybody,
I have read an article about the dba_ts_quotas and particularly the following query :
select username, tablespace_name,
bytes/1024/1024 used,
max_bytes/1024/1024 quota
from dba_ts_quotas
order by username
which returns for each user and its tablespace the used tablespace and quota (size in the tablespace which can host user's objects).
In the article , it is pointed out that if a user has unlimited tablespace on the tablespace then the column quota has the value of -0.000 , whereas in my database (oracle 10g v.2 on XP) the value -9,5367431 appears!!!!
What may be the reason ...the different database versions????
However the value -9,5367431 seems to be like 'irrelevant'.......
Thanks , a lot
SimonYes, and you can see it here:
SQL> select username, tablespace_name,
2 bytes/1024/1024 used,
3 max_bytes/1024/1024 quota
4 from dba_ts_quotas
5 where
6 tablespace_name = 'USERS'
7 and username = 'KKISHORE'
8 order by username
9 /
USERNAME TABLESPACE_NAME USED QUOTA
KKISHORE USERS 0 -9.537E-07
1 row selected.
SQL> column quota format 999
SQL>
SQL> /
USERNAME TABLESPACE_NAME USED QUOTA
KKISHORE USERS 0 -0
1 row selected.
SQL> -
UNLIMITED TABLESPACE vs MAXEXTENTS...
Hi,
Let's assume that :
1)a db user has been granted the UNLIMITED TABLESPACE privilege....
2)all tables's extents he created have been full ....
3)the tables's maximum number of extents has been reached....
4)there is almost no other free tablespace empty..... so , it must be resized....
when a/some records in one table are going to be inserted.... what may happen....????
1) because of the maxextents number has been reached... so as there is no possibility another extent(s) to be added..., the records will not be inserted....????
2) because of the UNLIMITED TABLESPACE... the tablespace would be resized and as a result the records... will be inserted....????
In other words....which one is prevailing....
the UNLIMITED TABLESPACE.... or MAXEXTENTS .....????
Thanks... a lot
Simunlimited tablespace privilege means tablespace quotas do not apply and you can create objects in any tablespace, including SYSTEM.
Consequently, granting UNLIMITED TABLESPACE should be avoided, as it allows the grantee to create havoc in your database.
Setting maxextents is a thing of the past. Usually maxextents is unlimited.
You forgot however: datafiles have limits too
As to your questions:
If you did set quota for the owner of the table and the quota is used up, the statement will fail.
However, usually one sets quota unlimited on the tablespace(s) the owner has access to, and one sets the tables maxextents to unlimited.
In that case the statement will fail when the datafile and/or the disk is full.
Final note: as altering quotas is quite easy, you could have experimented, and one proper answer would have been 'did you try?'
Hth
Sybrand Bakker
Senior Oracle DBA -
Unlimited tablespace and unlimited quota
What is the differences between granting a user unlimited tablespace and giving unlimited quota. Is unlimited tablespace mean the user can create object in any tablespace?
Thanks,
Nur Hidayatunlimited tablespace = user can create objects in any tablespace. In any tablespace he can use unlimited amount of space.
unlimited quota can be given to a user for a particular tablespace.
Disadvantages of giving unlimited tablespace privilege
1) The privilege overrides all explicit tablespace quotas for the user.
2) You cannot selectively revoke tablespace access from a user with the UNLIMITED TABLESPACE privilege. You can grant access selectively only after revoking the privilege.
-aijaz -
Enough space, unlimited tablespace ,why faces the error ORA-01536
the error happened the production database.the case is that enough space, unlimited tablespace for the table owner,but the table index has another owner,the index has a tablespace,the error happened on the index which was in the tablespace. at that time,we were worried,because the error had affected the foregrounding,then we execuated "ALTER USER the table_owner QUOTA <integer> [K/M] ON <tablespacename>;" but now i make a test which reappeared the error,the error has reappeared,but i execuated ALTER USER the table_owner QUOTA <integer> [K/M] ON <tablespacename>; " the error still hanppened. so i don't know if i make a mistak to decide the production database error??? please tell me why ,thank you !
01536, 00000, "space quota exceeded for tablespace '%s'"
// *Cause: The space quota for the segment owner in the tablespace has
// been exhausted and the operation attempted the creation of a
// new segment extent in the tablespace.
// *Action: Either drop unnecessary objects in the tablespace to reclaim
// space or have a privileged user increase the quota on this
// tablespace for the segment owner.
ALWAYS
Post Operating System (OS) name & version for DB server system.
Post results of
SELECT * from v$version
or post Oracle version to 4 decimal places -
Resource role information from shared resource pool file to a master project file
Hi,
I am using Microsoft Project Professional 2013. We have multiple project managers running their own projects. We are building out a PMO and are bringing all these plans into one master 'portfolio' plan. So
we have one master plan file, subproject 1, subproject 2... and then we have setup a shared resource file where all resources are utilising the same shared pool.
This works well and in the master file we can do resource usage checks. We have also added extra columns such as resource group which gets shown in the master file and we can filter which group (in our
case infrastructure, projects, applications etc) are consuming most resources.
The bit I am stuck on is management also wanted to report on the resource role ie which person is a project manager, business analyst etc. I have created a custom field in the shared resource plan as 'resource role' and populated as per their job role but for
some reason the info added in the shared resource file doesn't get conveyed to the master file as say the resource group does.
Any ideas ?
Thanks in advanceThanks Dales for helping out. Thats how I originally did it. Went into organizer. At first I had copied the 'Resource Role' custom field to the global template and then in the master file added the same column but nothing showing. Then tried same again
but this time copying directly to the master file but still no joy.
I am seeing 'Resource group' appear as it should. I make a change to a someones resource group in the share pool file and I see the change in the master file but not happening with the custom field resource role.
Terry -
Why Oracle removed "Create View" privilege from "Resource" role?
Seems like a silly question, but does anyone know why?
>
Hm.. deprciated and replaced by what? I know they trimmed CONNECT a lot but only create view seemed missing from RESOURCE.
>
Replaced by NOTHING. They didn't just 'trim' CONNECT; it only has the CREATE SESSION privilege now.
The only published info I've seen are these two notes in the Oracle is this from the Database Security Guide.
http://docs.oracle.com/cd/B28359_01/network.111/b28531/authorization.htm
>
Note:
Each installation should create its own roles and assign only those privileges that are needed, thus retaining detailed control of the privileges in use. This process also removes any need to adjust existing roles, privileges, or procedures whenever Oracle Database changes or removes roles that Oracle Database defines. For example, the CONNECT role now has only one privilege: CREATE SESSION. Both CONNECT and RESOURCE roles will be deprecated in future Oracle Database releases.
Note:
Customers should discontinue using the CONNECT and RESOURCE roles, as they will be deprecated in future Oracle Database releases. The CONNECT role presently retains only the CREATE SESSION privilege.
Maybe you are looking for
-
Override method on an object construted by somebody
customMenuComponent.addCustomLink(new CustomLinkComponenet("strlink","Storage Inbox",Index.class) { protected BookmarkablePageLink getBookmarkablePageLink() { BookmarkablePageLink bookmarkablePageLink= new Bo
-
Java Stored Proc, passing BLOB, not stored in a table.
I have checked this article, and found it will not suit my needs. http://otn.oracle.com/sample_code/tech/java/codesnippet/jdbc/lob/LobToSP.html I have even looked at the 4 articles on the "JSP How-To Documents" page. I need to pass in a BLOB to my Ja
-
When I am spell checking an email prior to sending, if I want to go back to modify the text, the document is sent if I press return. How do I modify the body of a document once in spell check? Related to this, how do I cancel out of spell check once
-
Latest perl module for tuxedo available
The latest version of the Tuxedo perl module uses the C tuxedo api and allows you to write services in perl. It can be downloaded from... http://search.cpan.org/~afryer/Tuxedo-2.08/Tuxedo.pm
-
Looking for recommendations on training books for PS CS3
I'm not complete newbie to Photoshop, but I know there is so much more I could get out of it.... so I'm looking for a good tutorial book. One that isn't going to cost me an arm & a leg. Thanks!