Who may grant a system privilege?
I am asking this as the Oracle doc explains:
Only users who have been granted a specific system privilege with the ADMIN OPTION or users with the system privileges GRANT ANY PRIVILEGE or GRANT ANY OBJECT PRIVILEGE can grant or revoke system privileges to other users.
http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96524/c24privs.htm#791
Im not clear on this: why does GRANT ANY OBJECT PRIVILEGE give you the ability to grant SYSTEM privs??
Thanks,
DA
This conflicts with the admin guide (http://download-uk.oracle.com/docs/cd/B10501_01/server.920/a96521/privs.htm#15326) which says: "To grant a system privilege, you must have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege."
It works as said in the admin guide.
SQL> create user test identified by test;
User created.
SQL> grant grant any object privilege to test;
Grant succeeded.
SQL> grant create session to test;
Grant succeeded.
SQL> conn test
Enter password:
Connected.
SQL> grant create any synonym to test2;
grant create any synonym to test2
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> conn sys as sysdba
Enter password:
Connected.
SQL> grant grant any privilege to test;
Grant succeeded.
SQL> conn test
Enter password:
Connected.
SQL> grant create any synonym to test2;
Grant succeeded.
Message was edited by:
Yas
Similar Messages
-
Granting ALTER SYSTEM privilege to Application user
DB version:10gR2
When we purchased a logistics application software, we have been asked to grant alter system privileges to the Application Oracle user/schema by the application vendor. They said they need this to change Instance level parameters like OPTIMIZER_MODE,..etc. What do you guys think?
Edited by: GarryB on Feb 17, 2009 10:25 PMGarryB,
This is a strange idea. Many parameters can be altered on session level.
If they want to change static parameters, do they also require the privilege to bounce the instance?
Even if the application would need to change parameters, this should be encapsulated in a procedure created in a privileged user, with execute privilege granted to the application owner.
If feel you will regret to have purchased this application sooner or later, the vendor doesn't seem to know much about Oracle.
Hth
Sybrand Bakker
Senior Oracle DBA -
Granting any privilege system privilege....in Ora10g
Hi,
In order to be given to a user -Info_bi let's name him - the grant to select any table from user Info , This user (Info) must be given the system privilege "any privilege".... So :
connect sys/....@.... as sysdba;
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
Connected as SYS
SQL> GRANT ANY PRIVILEGE TO "INFO";
GRANT ANY PRIVILEGE TO "INFO"
ORA-00990:Privilege is missing or invalidWhat error do i do...????
Many thanks...
SimThere is.......!!!!
Read at :
Oracle® Database SQL Reference
10g Release 2 (10.2)
Part Number B14200-02
The Prerequisites section of the grant command....
I pasted there an extract of it...
To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege. Greetings,
Sim -
*Listing admin_option for System Privilege *
Hi All,
I have a use case where in i have to list the admin_option for all the system privileges.
Apart from two privileges listed below i could find this info from dba_sys_priv and dba_wm_sys_priv views.
SYSDBA
SYSOPER
We can find these privileges information from v$pwfile view which do not give any information abt admin_option.
Is there any way we can find out this inforamtion?
I executed following steps :
=================================
SQL> conn user2/password
Connected.
SQL>select user from dual;
USER
USER2
SQL> conn user2/password as sysdba
Connected.
SQL> select user from dual;
USER
SYS
SQL> conn user2/password
Connected.
SQL> grant sysdba to user1;
grant sysdba to user1
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> conn user2/password as sysdba
Connected.
SQL> run
1* grant sysdba to user1
Grant succeeded.
======================================
Here when 'user2' is connecting as sysdba, its becoming 'sys' and its 'sys' who is granting sysdba privilege to 'user1'.
So from this, can we say that its always 'sys' who can grant the sysdba privilege and admin_option for sys is always 'YES' where as for other users its always 'NO'
Is this same for 'sysoper' privilege, because initially, its only 'sys' who has both the privileges assigned?
If above is not true, is there any way to find this information?
I am in URGENT need of this information. Could anybody please help me on this?Just a correction...
From Oracle management Console, we can not change the admin_option assigned by default.
Even if we try to change, the following sql gets executed
REVOKE SYSDBA FROM USER2
GRANT SYSDBA TO USER2
So its ultimately With admin option always :)
That has solved my problem
Thanks all for your help..
--Mrunal -
When I try to deploy the mappings in OWB Deployment Manager, I got a Warning "VLD-2771 System privileges may not allow extraction from source ORDER_ITEMS". WHY? ^^""
========================================
I define a Runtime Repository Connections "ORACLE_HW_RUNTIME"
Host Name: localhost
Port Number: 1521
Service Name: GBGLM
Connect As User: owb904rr
Runtime Repository Owner: owb904rr
and the "ORACLE_HW_RUNTIME" is in "ORACLE_WAREHOUSE" module, the "ORACLE_WAREHOUSE" use the link "OE" and the owner is "OWBUSER"
p.s. the table "ORDER_ITEMS" is in "OE" schema. I had grant DBA to "owb904rr" and "OWBUSER".
then use "ORACLE_HW_RUNTIME" to deploy the Mappings "WH_ORDERS_MAP". What I need to do for deploy?
^_^||Anyone with similar experience using SQL Server as the source?
First I get: VLD-2771: System privileges may not allow extraction from source Product.
Then if i ignore the warning and deploy, i get
ORA-06550: line 15, column 18:
PL/SQL: ORA-00942: table or view does not exist
I have a public database link to the sql server database.
When I create the mapping, I am able to see the tables and create the map. So why this problem when deploying. Which user is to be granted access to the source tables. I belive we cannot grant access to remote database tables using a database link. So what is the work around?
Any help is highly appreciated.
Please email me at [email protected] -
VLD-2771: System privileges may not allow extraction from source T.
How to solve this problem.
while deploying I am getting this message,besides where in oracle site I can find documentation for the errors in warehouse builder.
VLD-2771: System privileges may not allow extraction from source T.
I had given dba privileges to both source and target schemas, but still getting the error.
Regards,
PrabhathgWhen I tried to deploy my mapping, I am getting warning message <<VLD-2771: System privileges may not allow extraction from source D_UII_MV_NCA_INFRACONN.>>. As solution written in "http://forums.oracle.com/forums/thread.jsp?forum=57&thread=252565&message=742299", I gave SELECT privilege on the source table to the target user. But still, I am getting this error message.
Can you please guide me in right direction? -
How to check whether system privilege are granted
How to check whether system privileges like 'create session' and other ones are granted for user.
Is there any sys table where this information is available?
Regards - NeuronKeep in mind select * from dba_sys_privs where grantee = 'some-user' will give you a list of privileges granted to some-user directly. To get complete list of system privs granted to a user both directly an via roles use:
ACCEPT USER PROMPT 'Please enter user name: '
COLUMN PATH FORMAT A90
SET LINESIZE 132
SELECT PATH,
PRIVILEGE
FROM DBA_SYS_PRIVS,
SELECT 'DIRECT GRANT' PATH,
'&USER' GRANTED_ROLE
FROM DUAL
UNION ALL
SELECT LTRIM(SYS_CONNECT_BY_PATH(GRANTED_ROLE,'->'),'->') PATH,
GRANTED_ROLE
FROM DBA_ROLE_PRIVS
START WITH GRANTEE = UPPER('&USER')
CONNECT BY PRIOR GRANTED_ROLE = GRANTEE
WHERE GRANTEE = GRANTED_ROLE
/Now on top of privileges granted to a user, user also has privileges granted to PUBLIC. To get privileges user receives via PUBLIC run the above script specifying PUBLIC at the prompt.
SY. -
What is the system privilege required to grant "Analytic Privilege" to a user
Hi SCN,
I have the user with following privileges:
SYSTEM Privileges: CATALOG READ,CREATE STRUCTURED PRIVILEGE,DATA ADMIN,STRUCTUREDPRIVILEGE ADMIN,USER ADMIN
PACKAGE Privileges: SECURITY
OBJECT Privileges: _SYS_BI,_SYS_BIC and REPOSITORY_TEST
Am able to create a AP, but not able to assign to a user. Checked different threads and documents, Am able to add with "SYSTEM" user but not with the generic user i have
I can't do tracing as it is disabled in the client system
Am i missing something here? Can someone help me please?
Regards,
Krishna TanguduThank you so much Raj.
I was expecting this kind of privilege under SYSTEM PRIVILEGE.
So other privileges which i mentioned are fine right?
Regards,
Krishna Tangudu -
ALLOW A USER TO KILL A SESSION WITHOUT ALTER SYSTEM PRIVILEGE.
Hi
I need a user to have permission to kill a session without having the ALTER SYSTEM privilege. I created a procedure on sys schema and granted the EXECUTE privilege to the user but it doesn't work, how can I do, help please.
CREATE OR REPLACE PROCEDURE SYS.PRC_SESSION_KILLER (P_SID IN NUMBER, P_SERIAL IN NUMBER)
AS
BEGIN
EXECUTE IMMEDIATE 'GRANT ALTER SYSTEM TO SYSADMIN';
EXECUTE IMMEDIATE 'ALTER SYSTEM KILL SESSION ''' || P_SID || ',' || P_SERIAL || ''' IMMEDIATE';
EXECUTE IMMEDIATE 'REVOKE ALTER SYSTEM FROM SYSADMIN';
END;
Thank you very much.Hi,
I second everything John said.
Are you sure the arguments are correct?
Below is the procedure I use. You may want to run it, just to see what the error is.
PROCEDURE kill_internal
s_id IN NUMBER,
serial_num IN NUMBER,
stat_out OUT VARCHAR2
IS
alter_handle INTEGER;
ex_val INTEGER; -- Returned by dbms_sql.execute
BEGIN
alter_handle := dbms_sql.open_cursor;
dbms_sql.parse
alter_handle,
'ALTER SYSTEM KILL SESSION ''' ||
TO_CHAR (s_id, '999990') ||
', ' ||
TO_CHAR (serial_num, '999990') ||
dbms_sql.native
ex_val := dbms_sql.execute (alter_handle);
dbms_sql.close_cursor (alter_handle);
stat_out := 'Success: ' ||
TO_CHAR (s_id, '999990') ||
', ' ||
TO_CHAR (serial_num, '999990');
EXCEPTION
WHEN OTHERS
THEN
stat_out := 'Failure:' ||
SQLERRM;
-- dbms_output.put_line (stat_out);
dbms_sql.close_cursor (alter_handle);
END kill_internal
; -
Roles/System privileges/Object privileges
Oracle 10g. we created a role and assigned this role to the user. We also assigned some system privileges and Object privileges directly to the same user. Now the company's new policy is that the user's permissions have to be assigned only via role. system privileges and Object privileges cannot be assigned directly to the user. So I have to alter the role. The steps are:
1. grant system privileges and Object privileges to role. (this will be executed as a script)
These privileges were directly assigned to the user.
2. revoke all privileges which were directly assigned to the user.
Do I miss anything?
Please advise.
Thanks
S.Object privileges cannot be assigned directly to the user.Privileges acquired via ROLE do not apply within PL/SQL procedures.
You may face some coding challenges in the future due to this policy. -
dear DBAs,
in our banking application we are using a profile where the SELECT_ANY_DICTIONARY priv. is included, and this profile is granted to the user who owns the application database objects.
the problem is that when this user is trying to query the V$SESSION within a procedure and we are obliged to grant him the SELECT_ANY_DICTIONARY priv. from outside the profile, otherwise the procedure will not be properly compiled.
do someone have an idea about how to make this procedure properly compiled without granting him this privileges from outside and keep it only within the profile.
appreciate your suggestion.
Regards
ElieDo not give SELECT_ANY_DICTIONARY system privileges.You have to give explicitly SELECT or EXECUTE privileges according objects like
grant select on v_$session to <user name>This will solve your problem. -
DEBUG CONNECT SESSION system privilege
Hi everyone. It's my first post to this forum so I'd like to say hello :)
I'm completely new to PL/SQL language. I'm using PL/SQL Developer and I want to make a simple testscript but when I launch it communicate appears
Debugging requires the DEBUG CONNECT SESSION system privilege
could You tell me how to set that? Greetings. P.in the xp:
start>run>cmd
in the cmd console:
1. set oracle_sid=<bobens_83-here_goes_your_db-name>
2. sqlplus /nolog
3. conn sys as sysdba
4. sqlplus may asks for password - if it does, bobens_83, supply the password that was chossen during the install process.
5. grant DEBUG CONNECT SESSION to =<bobens_83-here_goes_your_db-username>
6. exit sqlplus
7. exit cmd
in the xp:
try to debug using PL/SQL Developer.
Have fun,
Amiel Davis -
How to grant create table privilege for a user on a specific table
Hi:
I created a user, for a test scenario. I granted this user create any table, and I made the default tablespace as example.
When I connect as the user and try to create a table, I get this:
SQL> create table T1 (NAME varchar2 (500), AGE number(2));
create table T1 (NAME varchar2 (500), AGE number(2))
ERROR at line 1:
ORA-01950: no privileges on tablespace 'EXAMPLE'
How can I grant the necessary privilege to have user create/delete tables on tablespace example?
Thanks.
DAcreate user ADAM identified by radge default tablespace EXAMPLE
quota 10M on EXAMPLE;
for example 10Mbytes given to Example tablespace.... or you can write:
.....quota unlimited on EXAMPLE
and
grant connect to ADAM
grant create table to ADAM .....
or
grant connect , resource to ADAM .... although grant resource is not recommended...
....and something else....
you should define temporary tablespace in create user command... otherwise the system would be used...
Greetings...
Sim
Message was edited by:
sgalaxy -
Create a new user for oracle 10G ASM instance with sysdba system privilege
Hi,
In our Golden Gate Project, we require the SYS user credential to connect to the Oracle 10g ASM instance to read the database transaction logs.But our client is not providing the SYS user credential to connnect to ASM instance.
I'm getting the error message "ORA-01109: database not open",When I tried to create a new user using the below the steps in oracle 10g ASM instance
1. Login using "sqlplus / as sysdba"
2. Create user <username> identified by <password>;
But in oracle 11g ASM instance, I'm able to create new user by connecting the ASM instance with SYSASM role without issues.
Is there is any workaround to create a new user with sysdba system privilege in oracle 10g ASM instance?.
Thanks in advance .Hi,
Recreate the password file for the ASM instance as follows:
Unix:
orapwd file=<ORACLE_HOME>/dbs/PWD<SID> password=<sys_password>
Windows:
orapwd file=<ORACLE_HOME>/database/PWD<SID>.ora password=<sys_password>
Now sys password is reset, we are ready to use sys for ASM management. I decided to create another user ASMDBA as I tried above.
SQL> create user ASMDBA identified by test01;
User created.
SQL> grant SYSASM, SYSOPER to ASMDBA;
Grant succeeded.
SQL> select * from v$pwfile_users;
USERNAME SYSDBA SYSOPE SYSASM
SYS TRUE TRUE TRUE
ASMDBA FALSE TRUE TRUE
Please see this link : http://orachat.com/how-to-change-asm-sys-password-creating-sysasm-user-11g/
Thank you -
System privileges do not enable extraction from source
Hi
I'm new to OWB, Also for this I granted select on source to target.
I'm using OWB10g/Oracle on Windows xp on same m/c(Local Host), I created mapping source tables emp/dept (look up on dept) and taget to dept_emp.
When I valaidate gives validation compled successfully, When I go to deployment manager, It gives System privileges (I granted select privilges using SQLPLUS), When I tried to deploy it gives another error Runtime owned by different platform.
What is the error, Pl help.
Many thanks in advance
MurthyI fixed the problem
Maybe you are looking for
-
I am working with a client that currently has an ASA 5505 with two ISPs for failover using a tracked interface. I would like to configure logging so that the ASA will email us when the Primary ISP goes down and fails over to the backup. Here is wha
-
Help -- I have a Lenovo Samsung SSD MZ7PC256HAFU on HP laptop -- ssd firmware will not update
1. i tried updating the SSD firmware by doing it with the samsung magician software --- it does not see the SSD 2. then i tried doing it with the Lenovo iso found here: http://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-69806 this suppose
-
I have created a new Project with Business components using a Microsoft Access DB with four tables. I can view succesfully the records on the tbales(next, prior, query). I cannot Insert od Edit a record, the icons in the Navigator are greyout (not se
-
More than one flat files with same external table
Is it possible to create external table in owb associated with more than one file ie to generate code like LOCATION ( FILE1,FILE2) in create table ddl.
-
Unable to update apps in UK app store
i I have been trying to update 6 apps, including Amazon, for the last 3 days. The circles just spin, and eventually I get a message on 1 of them saying "unable to purchase (app name) at this time".