Users and privileges
Hi All;
What are the steps to create a user and give him full privileges? Can you give me an example with the User Nabil please?
Thanks alot
do like this
grant select,delte,update to nabil;
grant resource to nabil;
and so on;;
<BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR>Originally posted by Nabil Al-baidhani ([email protected]):
Hi all;
Thanks for your help, but i need to give the preveliges step by step, I mean detailed seting. Can someone help?
Regards
Nabil<HR></BLOCKQUOTE>
null
Similar Messages
-
New User and Privileges - Puzzling
Hi
I know I am missing something here. It is quite puzzling.
I have a schema USER1 - that has public synonyms.
created a new schema USER2 that has the following roles and privs
OBJ WRITE,READ ON DIRECTORY "SYS.TEMPDATA"
PRV CREATE PROCEDURE
PRV CREATE VIEW
PRV UNLIMITED TABLESPACE
ROL CONNECT
ROL EXP_FULL_DATABASE
ROL IMP_FULL_DATABASE
ROL RESOURCE
But when I login as USER2, I can access, update and delete rows from USER1. Thats not what I want. I checked the user_tab_privs_recd and nothing shows up there. How come User2 has privileges to update/modify USER1 tables? By just having a public synonym that shouldnt be the case.
I dont think 'Grant all on tablename to public' has been given.
eg. I have table EMP in USER1
s
elect * from dba_tab_privs where table_name = 'EMP'
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY
USER1_READONLY USER1 EMP USER1 SELECT NO NO
ABC USER1 EMP USER1 SELECT YES NO
CDE USER1 EMP USER1 SELECT YES NO
ZZZ_READONLY ZZZ EMP ZZZ SELECT NO NO
Any ideas? I am confused, because since USER1_READONLY is not granted to USER2, even with public synonym, USER2 should NOT have access to read. But USER2 can update/delete and perform on USER1.EMP
ThanksHello,
But when I login as USER2, I can access, update and delete rows from USER1. The Role EXP_FULL_DATABASE has the Privilege System SELECT ANY TABLE:
SQL> select * from dba_sys_privs
2 where grantee='EXP_FULL_DATABASE';
GRANTEE PRIVILEGE ADM
EXP_FULL_DATABASE READ ANY FILE GROUP NO
EXP_FULL_DATABASE RESUMABLE NO
EXP_FULL_DATABASE EXECUTE ANY PROCEDURE NO
EXP_FULL_DATABASE EXECUTE ANY TYPE NO
EXP_FULL_DATABASE SELECT ANY TABLE NO
EXP_FULL_DATABASE ADMINISTER SQL MANAGEMENT OBJECT NO
EXP_FULL_DATABASE ADMINISTER RESOURCE MANAGER NO
EXP_FULL_DATABASE BACKUP ANY TABLE NO
EXP_FULL_DATABASE CREATE SESSION NO
EXP_FULL_DATABASE SELECT ANY SEQUENCE NO
EXP_FULL_DATABASE CREATE TABLE NO
11 ligne(s) sÚlectionnÚe(s).It may explain why USER2 can Select rows from Tables of USER1.
The Role IMP_FULL_DATABASE has the Privileges System DELETE ANY TABLE and UPDATE ANY TABLE. So also it may explain why USER2 can Delete and Update rows from Tables of USER1.
Hope this help.
Best regards,
Jean-Valentin
Edited by: Lubiez Jean-Valentin on Apr 4, 2011 5:44 PM -
Workspace/Developer users and Oracle accounts
We plan to install Apex 4 (for first time) into an existing database with many schemas and users. Some users already have developer privileges in their schemas pre-Apex install. Will their user/schema privileges be 'inherited' into the Apex environment or will they have to be re-defined as Workspace admins/developers? If they have to be re-defined as developer user in Apex is there a way for them to keep their old passwords?
Also, we are implementing Oracle Identity Management and plan to move all developer-type accounts to be Enterprise User accounts in OIM. Will Apex developer users be compatible with this?
Thanks,
PatYes, I have no problem with end-user authentication -- we have already implemented LDAP authentication in another Apex environment with our central LDAP directory as an alternate user authentication. I am glad to hear that some plans are being made for other methods of authentication of developers--why not become compatible with Oracle's own OIM and the concept of Enterprise User??
Quoting an Oracle whitepaper entitled: Directory Services Integration with Database Enterprise User Security
"... many enterprises today are still managing database users and privileges in individual databases. From end user perspective, managing passwords in multiple databases is confusing and results in poor user experience. From administration perspective, redundant user management is costly, and managing user authorizations in multiple databases is error prone. From auditing and compliance perspective, on time provision and de-provision of user access and privileges across databases is challenging.
Enterprise User Security (EUS), an Oracle Database Enterprise Edition feature, leverages the Oracle Directory Services, and gives you the ability to centrally manage database users and role memberships in an LDAP directory. Enterprise User Security reduces administration cost, increases security, and improves compliance through centralized database user account management, centralized provisioning and de-provisioning of database users, centralized password management and self-service password reset, and centralized management of authorizations using global database roles. "
Sounds like a great option to consider!!
Pat -
Grant privileges and permission to user, to create user and database in 10g
Hi,
I'm very much new to Oracle 10g database and after all my search, I think this forum will help me to solve my puzzle. Installed Oracle 10g database and during installation created a Global database "TestDB". I created an user "user1" in sqlplusw, by logging in as system.
Now I need to know, what privileges and permissions should be given to this "user1", so that I can create new users and create database by logging as "user1". I don't want to Inherit all the sytem privileges of SYSTEM or SYSDBA or SYS or SYSOPER.
Is there a way where I could achieve this by explicitly granting the required privileges and permissionsYou may need to know all the views to get the privilege information.
SQL> conn /as sysdba
SQL> select table_name from dict where table_name like '%PRIV%';
And also, take a look into below Oracle Documentations.
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#SQLRF01603
Regards,
Sabdar Syed. -
Call PL/SQL Package to Create DB User and assign Privileges
Hi All,
I'm sure this has been covered before but I couldn't find anything relevant....
I'm calling a PL/SQL Process from within an Apex (version 2.0) Page, that ultimately Creates a New DB user.
I am receiving an ORA-01031: insufficient privileges error. My Application User and the Package owner both have privileges to Create a DB user.
What am I missing?
Thanks,
MikeNever, ever grant additional privileges to the apex_public_user account. It achieves nothing and makes the account over-privileged. The only privilege it needs is CREATE SESSION.
Mike - Your application's parsing schema (I assume that's the package owner) needs to be granted privileges directly and not through roles. I don't know what you mean by your application user's privileges. Those users are not database accounts (unless you are using a dedicated DAD, etc.).
Scott -
How to assign "Public Group" and "Privilege" to user create with ldapadd
Hello,
We create users with ldapadd and a ldif file.
The ldif file is like that :
dn: cn=user1,cn=users,dc=def,dc=eau,dc=cgeaux,dc=fr
sn: user1
cn: user1
userPassword: user1
mail: [email protected]
objectClass: top
objectClass: person
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: orcluser
objectClass: orcluserv2
It works but Public Group" and "Privilege" aren't assigned.
How can I assign these privileges without using Portal admin interface ?
Thanks.
Best Regards.
Luc PonelleHi Luc..
we now are trying the same thing..
We managed to create one user...
but, when we check in the OID "http"//ourserver:7777/oiddas
we cannot see the user?
Why?..
We now try to create user automatically by batch..
and did you find the solution yet to ur problem?
Thanks. -
Best way to assign multiple users security, privileges and workbook shares.
Is there another way to assign multiple users to a single workbook other than using the workbook management option. Something that can be done from the command line? How about assigning security and privileges from the command line?
You could consider altering the appropriate EUL tables directly - I'm sure someone has the code for this - but requires database interaction (and might not be supported by Oracle, etc.).
However, the concept or Oracle responsibilities (in Oracle Apps EUL) or Oracle roles (in Oracle database) is what's usually done. In fact, I don't like using users directly as if they go, etc. it's a pain.
Better to use pre-defined groupings that you probably already have (ie: Apps responsibility such as: AP Inquiry). You set the privs / security there and it takes effect for all users logging in with that responsibility / role.
Russ -
Create new user same as a existing roles and Privileges
Hi Team,
I am a junior DBA. New user Joined in Application team. So, Client requested me.....
Crerate new user with same privileges as like as existing user.
As of now i am creating user like "create user username identified by "password". Then grant privileges to that user. earliar I never comapare or copied users.
Please suggest any one how to create new user as like as existing user roles and privileges.
Thanks,
VenkatFor basic cloning:
select dbms_metadata.get_ddl('USER', '...') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('ROLE_GRANT','...') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('SYSTEM_GRANT','...') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('OBJECT_GRANT','...') FROM DUAL;
SELECT DBMS_METADATA.GET_granted_DDL(‘TABLESPACE_QUOTA’, ‘...’) FROM dual;
Then just replace the username with the new one you want to create. -
Oracle users and revoking privileges
Hello,
To test out some error conditions in an application, I'd like to temporarily revoke a privilege on a table from a database user.
I am trying to do that, logged into SQL*Plus as "sys" or "system", and running the command:
REVOKE UPDATE ON USERX.TABLE_A FROM USERX;
However, this is failing with the following message:
ORA-01927: cannot REVOKE privileges you did not grant
I've also tried logging into my server as oracle, typing "sqlplus /nolog" at the command line, then "connect internal as sysdba;" from the SQL*Plus prompt, and then running the REVOKE command, but that results in the same error message.
So basically my question is: if neither the "sys" nor the "system" user is able to revoke the privilege from the "userx" user (because they did not specifically grant it), how would I determine which oracle user would be able to do this? Or how else would I go about revoking the privilege?
I'm running Oracle8i Enterprise Edition Release 8.1.6.1.0 on Linux.
Thanks for your help with this. I am not very familiar with Oracle DBA concepts.Hello,
I am fully agree with Eric....Yes! a User created a table means...the User is OWNER of the table....and that means......the User is by default having the privilege of DML operations...i belive...OK
And the privilege which you have not granted...then how could you revoke them...Whether it may b e SYS or SYSTEM or for that matter any User a/c.
If you really want to restrict the restrict option on table owned by your User, then i can suggest to put a Schema Level Trigger on DML action. This will be fired when update in invoked on table by the user and there you can have your STOP mechanism.....BUT..this is not really suggested.
Regards,
Kamesh Rastogi
Oracle - DBA -
Tracing all users and their privileges
Hi everbody!
I want to trace all users(online/offline) and those user's given privileges as a system dba. Are there any data dictionary views to trace it ?
i.e.
we have 3 users and 3 of them have connect,resource. How can we know who have which privs ?
i checked dba_role_privs, nothing to solve my prob.
thanks.You should never assign CONNECT or RESOURCE to anyone.
Determine what privileges each connected user requires and create a role that contains the actual privs required.
System and Object privileges may be granted explicitly or in roles and roles can be granted to roles. Check here too:
all_tab_privs_made
all_tab_privs_recd
all_col_privs_made
all_col_privs_recd -
Script to list the users and their privileges in a database
Hi Team,
Can someone provide me a script that list all the users and their privileges in a database?
DB version:11.2.0.2
OS:AIXOsama_mustafa wrote:
Why you create your own script
SELECT * FROM USER_SYS_PRIVS;
SELECT * FROM USER_TAB_PRIVS;
SELECT * FROM USER_ROLE_PRIVS;
That won't tell him what privileges a user has via a role. It will only tell him what privilges were granted directly, and what roles were granted directly. But those roles have privileges, and may have other roles, which have still more roles and privs, etc. It's a recursive issue and a simple select from user__privs won't get it.
Pete Finnigan has a good script for reporting the entire picture. I leave it as an exercise for the student to use google to find it. I have already given all the information needed to complete that exercise. -
Mapping a user's role and privilege to another
Hi all,
Is there a command/way to map the role and privileges of a current user to a new user? I am new to oracle, I did read through the online docs but was not able to figure it out.
Thank you very much!Check this link would help: Check the part where they are copying roles and grants for the users using dbms_metadata. You can limit this to one user you want by adding additional where clause like "where username = <username>
Copying Oracle Users -
User and Group privileges Migration
Hi All,
I am using OBIEE10g. I have created 2 users in RPD.2 Groups in RPD.same group name in Answer catalog.
then we created 2 dashbords.
We implimented below security,
"Dashboar1 for group1 and Dashboard2 for Group2."
Now,We have to migrate 2 dashboards and users and Group with privileges.
Could you please let me know how will do.
Thanks
Gram.Hi,
If your production doesn't has any obiee contents.
Then, this would be your 1st rpd, catalog which moves on production, this can be done simply by copying contents to the same locations in the production server.
i.e. copy rpd, catalog to the production server (Rpd goes in Oraclebi - server - repository and change rpd in nqs config) and (catalog goes to oracle bi data - web - catlog and change the instance config catlog path).
If your production has any previous contents.
Then, you need to merge the exisiting ones. So, check for repository merge and catalog merge.
http://www.eeblog.org/index.php/obiee-10g-repository-and-catalog-migration-merging/
Thnk u. -
SSO and how to Managing User Roles/Privileges with Forms using Oracle db
We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
Questions:
-- Do we have to create users/passwords in both OID and application database?
-- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
Any advice and/or direction would be greatly appreciated.
Thank you,
Mika
Edited by: user11846198 on Sep 1, 2009 1:41 PM
Edited by: user11846198 on Sep 1, 2009 1:53 PMYes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
Greetings. -
ODI not able to detect primary/foreign keys from XML- user lacks privilege or object not found
Hi Guys,
Im trying to load an xml file with two entities address and employee as below. The topology reverse engineering everything works fine. Im even able to view the xml data in ODI, but when i try to load the data from these two entities joining by the schema primary keys and foreign keys which odi created on reverse engineering process for xml, im getting the below error. Im able to load data from one entity, error only occurs when i use the join odi creates internally to identify the xml components employee and address
XML File:
<?xml version="1.0" encoding="UTF-8" ?>
<EMP>
<Empsch>
<Employee>
<EmployeeID>12345</EmployeeID>
<Initials>t</Initials>
<LastName>john</LastName>
<FirstName>doe</FirstName>
</Employee>
<Address>
<WorkPhone>12345</WorkPhone>
<WorkAddress>Test 234</WorkAddress>
</Address>
</Empsch>
</EMP>
Topology: jdbc:snps:xml?f=C:/Temp/RR/Empsch.xml&s=Empsch&re=EMP&dod=true&nobu=false
Error Message:
-5501 : 42501 : java.sql.SQLException: user lacks privilege or object not found: EMPSCH.EMPSCHPK
java.sql.SQLException: user lacks privilege or object not found: EMPSCH.EMPSCHPK
at org.hsqldb.jdbc.Util.sqlException(Unknown Source)
at org.hsqldb.jdbc.JDBCPreparedStatement.<init>(Unknown Source)
at org.hsqldb.jdbc.JDBCConnection.prepareStatement(Unknown Source)
at com.sunopsis.jdbc.driver.xml.SnpsXmlConnection.prepareStatement(SnpsXmlConnection.java:1232)
at sun.reflect.GeneratedMethodAccessor65.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.odi.core.datasource.dwgobject.support.OnConnectOnDisconnectDataSourceAdapter$OnDisconnectCommandExecutionHandler.invoke(OnConnectOnDisconnectDataSourceAdapter.java:200)
at $Proxy2.prepareStatement(Unknown Source)
at oracle.odi.runtime.agent.execution.sql.SQLCommand.doInitializeStatement(SQLCommand.java:83)
at oracle.odi.runtime.agent.execution.sql.SQLCommand.getStatement(SQLCommand.java:117)
at oracle.odi.runtime.agent.execution.sql.SQLCommand.getStatement(SQLCommand.java:111)
at oracle.odi.runtime.agent.execution.sql.SQLDataProvider.readData(SQLDataProvider.java:81)
at oracle.odi.runtime.agent.execution.sql.SQLDataProvider.readData(SQLDataProvider.java:1)
at oracle.odi.runtime.agent.execution.DataMovementTaskExecutionHandler.handleTask(DataMovementTaskExecutionHandler.java:70)
at com.sunopsis.dwg.dbobj.SnpSessTaskSql.processTask(SnpSessTaskSql.java:2913)
at com.sunopsis.dwg.dbobj.SnpSessTaskSql.treatTask(SnpSessTaskSql.java:2625)
at com.sunopsis.dwg.dbobj.SnpSessStep.treatAttachedTasks(SnpSessStep.java:577)
at com.sunopsis.dwg.dbobj.SnpSessStep.treatSessStep(SnpSessStep.java:468)
at com.sunopsis.dwg.dbobj.SnpSession.treatSession(SnpSession.java:2128)
at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor$2.doAction(StartSessRequestProcessor.java:366)
at oracle.odi.core.persistence.dwgobject.DwgObjectTemplate.execute(DwgObjectTemplate.java:216)
at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor.doProcessStartSessTask(StartSessRequestProcessor.java:300)
at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor.access$0(StartSessRequestProcessor.java:292)
at oracle.odi.runtime.agent.processor.impl.StartSessRequestProcessor$StartSessTask.doExecute(StartSessRequestProcessor.java:855)
at oracle.odi.runtime.agent.processor.task.AgentTask.execute(AgentTask.java:126)
at oracle.odi.runtime.agent.support.DefaultAgentTaskExecutor$2.run(DefaultAgentTaskExecutor.java:82)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.hsqldb.HsqlException: user lacks privilege or object not found: EMPSCH.EMPSCHPK
at org.hsqldb.error.Error.error(Unknown Source)
at org.hsqldb.ExpressionColumn.checkColumnsResolved(Unknown Source)
at org.hsqldb.QueryExpression.resolve(Unknown Source)
at org.hsqldb.ParserDQL.compileCursorSpecification(Unknown Source)
at org.hsqldb.ParserCommand.compilePart(Unknown Source)
at org.hsqldb.ParserCommand.compileStatement(Unknown Source)
at org.hsqldb.Session.compileStatement(Unknown Source)
at org.hsqldb.StatementManager.compile(Unknown Source)
at org.hsqldb.Session.execute(Unknown Source)
... 27 more
Please advice
Thanks
RevanthThats obvious from the xml file contents you have given here. In this xml file You have four complex type. Two of them are employee and address. However the employee doesnot have any relation with address as you have not added the relationship. Thats why its failing. Its not the fault of ODI.
Also I would suggest not to use auto generated dtd by ODI as you might face problem in future. For example the address type of XML has 8 attributes and 4 of them are not mandatory. That means each of your xml file may have attributes between 4 to 8. This is where ODI auto generated DTD fails.
XML Schema complexType Element
Thanks
Bhabani
Maybe you are looking for
-
Song names imported as "artist - track name" instead of "track name"
When I add a folder to my library (a folder which contains MP3 files which all contain complete ID3 tags), about 50% of the song names get imported as "artist - track name" instead of just "track name". If I click on any track which was imported like
-
Markup doesnt work !!!!!!!
When I execute these lines: SET MARKUP HTML on spool index.html select ... This is the message: SET MARKUP HTML on ERROR at line 1: ORA-00922: missing or invalid option Any one, can help me about this???
-
Problems synching exchange calender with android 5.0
I've set my phone to automatically sync my work calendar using Exchange Active Sync. However, meetings that I add on my phone or on my computer are not synced even though the phone says it has synced. When I do a manual sync everything works fine. I
-
Since upgrading to 10.4.8, when trying to edit some of my photos, I just get the spinning wheel and the edit window doesn't open. Also, When double-clicking on these same photos to open in PE3 I get a message stating "Could not complete your request
-
When someone sends me zipped files that contain fonts (or if I zip collected mechanicals and FTP to a printer), the fonts sometimes show up at their destination as Zero KB Unix files. Theories: • Mac zip cuts off resource fork in Type 1 fonts (Maybe