Users and privileges

Hi All;
What are the steps to create a user and give him full privileges? Can you give me an example with the User Nabil please?
Thanks alot

do like this
grant select,delte,update to nabil;
grant resource to nabil;
and so on;;
<BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR>Originally posted by Nabil Al-baidhani ([email protected]):
Hi all;
Thanks for your help, but i need to give the preveliges step by step, I mean detailed seting. Can someone help?
Regards
Nabil<HR></BLOCKQUOTE>
null

Similar Messages

New User and Privileges - Puzzling

Hi
I know I am missing something here. It is quite puzzling.
I have a schema USER1 - that has public synonyms.
created a new schema USER2 that has the following roles and privs
OBJ     WRITE,READ ON DIRECTORY "SYS.TEMPDATA"
PRV     CREATE PROCEDURE
PRV     CREATE VIEW
PRV     UNLIMITED TABLESPACE
ROL     CONNECT
ROL     EXP_FULL_DATABASE
ROL     IMP_FULL_DATABASE
ROL     RESOURCE
But when I login as USER2, I can access, update and delete rows from USER1. Thats not what I want. I checked the user_tab_privs_recd and nothing shows up there. How come User2 has privileges to update/modify USER1 tables? By just having a public synonym that shouldnt be the case.
I dont think 'Grant all on tablename to public' has been given.
eg. I have table EMP in USER1
s
elect * from dba_tab_privs where table_name = 'EMP'
GRANTEE     OWNER     TABLE_NAME     GRANTOR     PRIVILEGE     GRANTABLE     HIERARCHY
USER1_READONLY     USER1     EMP     USER1     SELECT     NO     NO
ABC     USER1     EMP     USER1     SELECT     YES     NO
CDE     USER1     EMP     USER1     SELECT     YES     NO
ZZZ_READONLY     ZZZ     EMP     ZZZ     SELECT     NO     NO
Any ideas? I am confused, because since USER1_READONLY is not granted to USER2, even with public synonym, USER2 should NOT have access to read. But USER2 can update/delete and perform on USER1.EMP
Thanks

Hello,
But when I login as USER2, I can access, update and delete rows from USER1. The Role EXP_FULL_DATABASE has the Privilege System SELECT ANY TABLE:
SQL> select * from dba_sys_privs
2 where grantee='EXP_FULL_DATABASE';
GRANTEE                        PRIVILEGE                                ADM
EXP_FULL_DATABASE              READ ANY FILE GROUP                      NO
EXP_FULL_DATABASE              RESUMABLE                                NO
EXP_FULL_DATABASE              EXECUTE ANY PROCEDURE                    NO
EXP_FULL_DATABASE              EXECUTE ANY TYPE                         NO
EXP_FULL_DATABASE              SELECT ANY TABLE                         NO
EXP_FULL_DATABASE              ADMINISTER SQL MANAGEMENT OBJECT         NO
EXP_FULL_DATABASE              ADMINISTER RESOURCE MANAGER              NO
EXP_FULL_DATABASE              BACKUP ANY TABLE                         NO
EXP_FULL_DATABASE              CREATE SESSION                           NO
EXP_FULL_DATABASE              SELECT ANY SEQUENCE                      NO
EXP_FULL_DATABASE              CREATE TABLE                             NO
11 ligne(s) sÚlectionnÚe(s).It may explain why USER2 can Select rows from Tables of USER1.
The Role IMP_FULL_DATABASE has the Privileges System DELETE ANY TABLE and UPDATE ANY TABLE. So also it may explain why USER2 can Delete and Update rows from Tables of USER1.
Hope this help.
Best regards,
Jean-Valentin
Edited by: Lubiez Jean-Valentin on Apr 4, 2011 5:44 PM

Workspace/Developer users and Oracle accounts

We plan to install Apex 4 (for first time) into an existing database with many schemas and users. Some users already have developer privileges in their schemas pre-Apex install. Will their user/schema privileges be 'inherited' into the Apex environment or will they have to be re-defined as Workspace admins/developers? If they have to be re-defined as developer user in Apex is there a way for them to keep their old passwords?
Also, we are implementing Oracle Identity Management and plan to move all developer-type accounts to be Enterprise User accounts in OIM. Will Apex developer users be compatible with this?
Thanks,
Pat

Yes, I have no problem with end-user authentication -- we have already implemented LDAP authentication in another Apex environment with our central LDAP directory as an alternate user authentication. I am glad to hear that some plans are being made for other methods of authentication of developers--why not become compatible with Oracle's own OIM and the concept of Enterprise User??
Quoting an Oracle whitepaper entitled: Directory Services Integration with Database Enterprise User Security
"... many enterprises today are still managing database users and privileges in individual databases. From end user perspective, managing passwords in multiple databases is confusing and results in poor user experience. From administration perspective, redundant user management is costly, and managing user authorizations in multiple databases is error prone. From auditing and compliance perspective, on time provision and de-provision of user access and privileges across databases is challenging.
Enterprise User Security (EUS), an Oracle Database Enterprise Edition feature, leverages the Oracle Directory Services, and gives you the ability to centrally manage database users and role memberships in an LDAP directory. Enterprise User Security reduces administration cost, increases security, and improves compliance through centralized database user account management, centralized provisioning and de-provisioning of database users, centralized password management and self-service password reset, and centralized management of authorizations using global database roles. "
Sounds like a great option to consider!!
Pat

Grant privileges and permission to user, to create user and database in 10g

Hi,
I'm very much new to Oracle 10g database and after all my search, I think this forum will help me to solve my puzzle. Installed Oracle 10g database and during installation created a Global database "TestDB". I created an user "user1" in sqlplusw, by logging in as system.
Now I need to know, what privileges and permissions should be given to this "user1", so that I can create new users and create database by logging as "user1". I don't want to Inherit all the sytem privileges of SYSTEM or SYSDBA or SYS or SYSOPER.
Is there a way where I could achieve this by explicitly granting the required privileges and permissions

You may need to know all the views to get the privilege information.
SQL> conn /as sysdba
SQL> select table_name from dict where table_name like '%PRIV%';
And also, take a look into below Oracle Documentations.
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#SQLRF01603
Regards,
Sabdar Syed.

Call PL/SQL Package to Create DB User and assign Privileges

Hi All,
I'm sure this has been covered before but I couldn't find anything relevant....
I'm calling a PL/SQL Process from within an Apex (version 2.0) Page, that ultimately Creates a New DB user.
I am receiving an ORA-01031: insufficient privileges error. My Application User and the Package owner both have privileges to Create a DB user.
What am I missing?
Thanks,
Mike

Never, ever grant additional privileges to the apex_public_user account. It achieves nothing and makes the account over-privileged. The only privilege it needs is CREATE SESSION.
Mike - Your application's parsing schema (I assume that's the package owner) needs to be granted privileges directly and not through roles. I don't know what you mean by your application user's privileges. Those users are not database accounts (unless you are using a dedicated DAD, etc.).
Scott

How to assign "Public Group" and "Privilege" to user create with ldapadd

Hello,
We create users with ldapadd and a ldif file.
The ldif file is like that :
dn: cn=user1,cn=users,dc=def,dc=eau,dc=cgeaux,dc=fr
sn: user1
cn: user1
userPassword: user1
mail: [email protected]
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: orcluser
objectClass: orcluserv2
It works but Public Group" and "Privilege" aren't assigned.
How can I assign these privileges without using Portal admin interface ?
Thanks.
Best Regards.
Luc Ponelle

Hi Luc..
we now are trying the same thing..
We managed to create one user...
but, when we check in the OID "http"//ourserver:7777/oiddas
we cannot see the user?
Why?..
We now try to create user automatically by batch..
and did you find the solution yet to ur problem?
Thanks.

Best way to assign multiple users security, privileges and workbook shares.

Is there another way to assign multiple users to a single workbook other than using the workbook management option. Something that can be done from the command line? How about assigning security and privileges from the command line?

You could consider altering the appropriate EUL tables directly - I'm sure someone has the code for this - but requires database interaction (and might not be supported by Oracle, etc.).
However, the concept or Oracle responsibilities (in Oracle Apps EUL) or Oracle roles (in Oracle database) is what's usually done. In fact, I don't like using users directly as if they go, etc. it's a pain.
Better to use pre-defined groupings that you probably already have (ie: Apps responsibility such as: AP Inquiry). You set the privs / security there and it takes effect for all users logging in with that responsibility / role.
Russ

Create new user same as a existing roles and Privileges

Hi Team,
I am a junior DBA. New user Joined in Application team. So, Client requested me.....
Crerate new user with same privileges as like as existing user.
As of now i am creating user like "create user username identified by "password". Then grant privileges to that user. earliar I never comapare or copied users.
Please suggest any one how to create new user as like as existing user roles and privileges.
Thanks,
Venkat

For basic cloning:
select dbms_metadata.get_ddl('USER', '...') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('ROLE_GRANT','...') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('SYSTEM_GRANT','...') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('OBJECT_GRANT','...') FROM DUAL;
SELECT DBMS_METADATA.GET_granted_DDL(‘TABLESPACE_QUOTA’, ‘...’) FROM dual;
Then just replace the username with the new one you want to create.

Oracle users and revoking privileges

Hello,
To test out some error conditions in an application, I'd like to temporarily revoke a privilege on a table from a database user.
I am trying to do that, logged into SQL*Plus as "sys" or "system", and running the command:
REVOKE UPDATE ON USERX.TABLE_A FROM USERX;
However, this is failing with the following message:
ORA-01927: cannot REVOKE privileges you did not grant
I've also tried logging into my server as oracle, typing "sqlplus /nolog" at the command line, then "connect internal as sysdba;" from the SQL*Plus prompt, and then running the REVOKE command, but that results in the same error message.
So basically my question is: if neither the "sys" nor the "system" user is able to revoke the privilege from the "userx" user (because they did not specifically grant it), how would I determine which oracle user would be able to do this? Or how else would I go about revoking the privilege?
I'm running Oracle8i Enterprise Edition Release 8.1.6.1.0 on Linux.
Thanks for your help with this. I am not very familiar with Oracle DBA concepts.

Hello,
I am fully agree with Eric....Yes! a User created a table means...the User is OWNER of the table....and that means......the User is by default having the privilege of DML operations...i belive...OK
And the privilege which you have not granted...then how could you revoke them...Whether it may b e SYS or SYSTEM or for that matter any User a/c.
If you really want to restrict the restrict option on table owned by your User, then i can suggest to put a Schema Level Trigger on DML action. This will be fired when update in invoked on table by the user and there you can have your STOP mechanism.....BUT..this is not really suggested.
Regards,
Kamesh Rastogi
Oracle - DBA

Tracing all users and their privileges

Hi everbody!
I want to trace all users(online/offline) and those user's given privileges as a system dba. Are there any data dictionary views to trace it ?
i.e.
we have 3 users and 3 of them have connect,resource. How can we know who have which privs ?
i checked dba_role_privs, nothing to solve my prob.
thanks.

You should never assign CONNECT or RESOURCE to anyone.
Determine what privileges each connected user requires and create a role that contains the actual privs required.
System and Object privileges may be granted explicitly or in roles and roles can be granted to roles. Check here too:
all_tab_privs_made
all_tab_privs_recd
all_col_privs_made
all_col_privs_recd

Script to list the users and their privileges in a database

Hi Team,
Can someone provide me a script that list all the users and their privileges in a database?
DB version:11.2.0.2
OS:AIX

Osama_mustafa wrote:
Why you create your own script
SELECT * FROM USER_SYS_PRIVS;
SELECT * FROM USER_TAB_PRIVS;
SELECT * FROM USER_ROLE_PRIVS;
That won't tell him what privileges a user has via a role. It will only tell him what privilges were granted directly, and what roles were granted directly. But those roles have privileges, and may have other roles, which have still more roles and privs, etc. It's a recursive issue and a simple select from user__privs won't get it.
Pete Finnigan has a good script for reporting the entire picture. I leave it as an exercise for the student to use google to find it. I have already given all the information needed to complete that exercise.

Mapping a user's role and privilege to another

Hi all,
Is there a command/way to map the role and privileges of a current user to a new user? I am new to oracle, I did read through the online docs but was not able to figure it out.
Thank you very much!

Check this link would help: Check the part where they are copying roles and grants for the users using dbms_metadata. You can limit this to one user you want by adding additional where clause like "where username = <username>
Copying Oracle Users

User and Group privileges Migration

Hi All,
I am using OBIEE10g. I have created 2 users in RPD.2 Groups in RPD.same group name in Answer catalog.
then we created 2 dashbords.
We implimented below security,
"Dashboar1 for group1 and Dashboard2 for Group2."
Now,We have to migrate 2 dashboards and users and Group with privileges.
Could you please let me know how will do.
Thanks
Gram.

Hi,
If your production doesn't has any obiee contents.
Then, this would be your 1st rpd, catalog which moves on production, this can be done simply by copying contents to the same locations in the production server.
i.e. copy rpd, catalog to the production server (Rpd goes in Oraclebi - server - repository and change rpd in nqs config) and (catalog goes to oracle bi data - web - catlog and change the instance config catlog path).
If your production has any previous contents.
Then, you need to merge the exisiting ones. So, check for repository merge and catalog merge.
http://www.eeblog.org/index.php/obiee-10g-repository-and-catalog-migration-merging/
Thnk u.

SSO and how to Managing User Roles/Privileges with Forms using Oracle db

We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
Questions:
-- Do we have to create users/passwords in both OID and application database?
-- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
Any advice and/or direction would be greatly appreciated.
Thank you,
Mika
Edited by: user11846198 on Sep 1, 2009 1:41 PM
Edited by: user11846198 on Sep 1, 2009 1:53 PM

Yes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
Greetings.

ODI not able to detect primary/foreign keys from XML- user lacks privilege or object not found

Hi Guys,
Im trying to load an xml file with two entities address and employee as below. The topology reverse engineering everything works fine. Im even able to view the xml data in ODI, but when i try to load the data from these two entities joining by the schema primary keys and foreign keys which odi created on reverse engineering process for xml, im getting the below error. Im able to load data from one entity, error only occurs when i use the join odi creates internally to identify the xml components employee and address
XML File:
<?xml version="1.0" encoding="UTF-8" ?>
<EMP>
<Empsch>
<Employee>
<EmployeeID>12345</EmployeeID>
<Initials>t</Initials>
<LastName>john</LastName>
<FirstName>doe</FirstName>
</Employee>
<Address>
<WorkPhone>12345</WorkPhone>
<WorkAddress>Test 234</WorkAddress>
</Address>
</Empsch>
</EMP>
Topology: jdbc:snps:xml?f=C:/Temp/RR/Empsch.xml&s=Empsch&re=EMP&dod=true&nobu=false
Error Message:
-5501 : 42501 : java.sql.SQLException: user lacks privilege or object not found: EMPSCH.EMPSCHPK
java.sql.SQLException: user lacks privilege or object not found: EMPSCH.EMPSCHPK
    at org.hsqldb.jdbc.Util.sqlException(Unknown Source)
    at org.hsqldb.jdbc.JDBCPreparedStatement.<init>(Unknown Source)
    at org.hsqldb.jdbc.JDBCConnection.prepareStatement(Unknown Source)
    at com.sunopsis.jdbc.driver.xml.SnpsXmlConnection.prepareStatement(SnpsXmlConnection.java:1232)
    at sun.reflect.GeneratedMethodAccessor65.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at oracle.odi.core.datasource.dwgobject.support.OnConnectOnDisconnectDataSourceAdapter$OnDisconnectCommandExecutionHandler.invoke(OnConnectOnDisconnectDataSourceAdapter.java:200)
    at $Proxy2.prepareStatement(Unknown Source)
    at oracle.odi.runtime.agent.execution.sql.SQLCommand.doInitializeStatement(SQLCommand.java:83)
    at oracle.odi.runtime.agent.execution.sql.SQLCommand.getStatement(SQLCommand.java:117)
    at oracle.odi.runtime.agent.execution.sql.SQLCommand.getStatement(SQLCommand.java:111)
    at oracle.odi.runtime.agent.execution.sql.SQLDataProvider.readData(SQLDataProvider.java:81)
    at oracle.odi.runtime.agent.execution.sql.SQLDataProvider.readData(SQLDataProvider.java:1)
    at oracle.odi.runtime.agent.execution.DataMovementTaskExecutionHandler.handleTask(DataMovementTaskExecutionHandler.java:70)
    at com.sunopsis.dwg.dbobj.SnpSessTaskSql.processTask(SnpSessTaskSql.java:2913)
    at com.sunopsis.dwg.dbobj.SnpSessTaskSql.treatTask(SnpSessTaskSql.java:2625)
    at com.sunopsis.dwg.dbobj.SnpSessStep.treatAttachedTasks(SnpSessStep.java:577)
    at com.sunopsis.dwg.dbobj.SnpSessStep.treatSessStep(SnpSessStep.java:468)
    at com.sunopsis.dwg.dbobj.SnpSession.treatSession(SnpSession.java:2128)
    at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor$2.doAction(StartSessRequestProcessor.java:366)
    at oracle.odi.core.persistence.dwgobject.DwgObjectTemplate.execute(DwgObjectTemplate.java:216)
    at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor.doProcessStartSessTask(StartSessRequestProcessor.java:300)
    at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor.access$0(StartSessRequestProcessor.java:292)
    at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor$StartSessTask.doExecute(StartSessRequestProcessor.java:855)
    at oracle.odi.runtime.agent.processor.task.AgentTask.execute(AgentTask.java:126)
    at oracle.odi.runtime.agent.support.DefaultAgentTaskExecutor$2.run(DefaultAgentTaskExecutor.java:82)
    at java.lang.Thread.run(Thread.java:662)
Caused by: org.hsqldb.HsqlException: user lacks privilege or object not found: EMPSCH.EMPSCHPK
    at org.hsqldb.error.Error.error(Unknown Source)
    at org.hsqldb.ExpressionColumn.checkColumnsResolved(Unknown Source)
    at org.hsqldb.QueryExpression.resolve(Unknown Source)
    at org.hsqldb.ParserDQL.compileCursorSpecification(Unknown Source)
    at org.hsqldb.ParserCommand.compilePart(Unknown Source)
    at org.hsqldb.ParserCommand.compileStatement(Unknown Source)
    at org.hsqldb.Session.compileStatement(Unknown Source)
    at org.hsqldb.StatementManager.compile(Unknown Source)
    at org.hsqldb.Session.execute(Unknown Source)
    ... 27 more
Please advice
Thanks
Revanth

Thats obvious from the xml file contents you have given here. In this xml file You have four complex type. Two of them are employee and address. However the employee doesnot have any relation with address as you have not added the relationship. Thats why its failing. Its not the fault of ODI.
Also I would suggest not to use auto generated dtd by ODI as you might face problem in future. For example the address type of XML has 8 attributes and 4 of them are not mandatory. That means each of your xml file may have attributes between 4 to 8. This is where ODI auto generated DTD fails.
XML Schema complexType Element
Thanks
Bhabani

Users and privileges

Similar Messages

Maybe you are looking for