Who may grant a system privilege?

Similar Messages

• Granting ALTER SYSTEM privilege to Application user

  DB version:10gR2
  When we purchased a logistics application software, we have been asked to grant alter system privileges to the Application Oracle user/schema by the application vendor. They said they need this to change Instance level parameters like OPTIMIZER_MODE,..etc. What do you guys think?
  Edited by: GarryB on Feb 17, 2009 10:25 PM

  GarryB,
  This is a strange idea. Many parameters can be altered on session level.
  If they want to change static parameters, do they also require the privilege to bounce the instance?
  Even if the application would need to change parameters, this should be encapsulated in a procedure created in a privileged user, with execute privilege granted to the application owner.
  If feel you will regret to have purchased this application sooner or later, the vendor doesn't seem to know much about Oracle.
  Hth
  Sybrand Bakker
  Senior Oracle DBA

• Granting any privilege system privilege....in Ora10g

  Hi,
  In order to be given to a user -Info_bi let's name him - the grant to select any table from user Info , This user (Info) must be given the system privilege "any privilege".... So :
  connect sys/....@.... as sysdba;
  Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
  Connected as SYS
  SQL> GRANT ANY PRIVILEGE TO "INFO";
  GRANT ANY PRIVILEGE TO "INFO"
  ORA-00990:Privilege is missing or invalidWhat error do i do...????
  Many thanks...
  Sim

  There is.......!!!!
  Read at :
  Oracle® Database SQL Reference
  10g Release 2 (10.2)
  Part Number B14200-02
  The Prerequisites section of the grant command....
  I pasted there an extract of it...
  To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege. Greetings,
  Sim

• *Listing admin_option for System Privilege *

  Hi All,
  I have a use case where in i have to list the admin_option for all the system privileges.
  Apart from two privileges listed below i could find this info from dba_sys_priv and dba_wm_sys_priv views.
  SYSDBA
  SYSOPER
  We can find these privileges information from v$pwfile view which do not give any information abt admin_option.
  Is there any way we can find out this inforamtion?
  I executed following steps :
  =================================
  SQL> conn user2/password
  Connected.
  SQL>select user from dual;
  USER
  USER2
  SQL> conn user2/password as sysdba
  Connected.
  SQL> select user from dual;
  USER
  SYS
  SQL> conn user2/password
  Connected.
  SQL> grant sysdba to user1;
  grant sysdba to user1
  ERROR at line 1:
  ORA-01031: insufficient privileges
  SQL> conn user2/password as sysdba
  Connected.
  SQL> run
  1* grant sysdba to user1
  Grant succeeded.
  ======================================
  Here when 'user2' is connecting as sysdba, its becoming 'sys' and its 'sys' who is granting sysdba privilege to 'user1'.
  So from this, can we say that its always 'sys' who can grant the sysdba privilege and admin_option for sys is always 'YES' where as for other users its always 'NO'
  Is this same for 'sysoper' privilege, because initially, its only 'sys' who has both the privileges assigned?
  If above is not true, is there any way to find this information?
  I am in URGENT need of this information. Could anybody please help me on this?

  Just a correction...
  From Oracle management Console, we can not change the admin_option assigned by default.
  Even if we try to change, the following sql gets executed
  REVOKE SYSDBA FROM USER2
  GRANT SYSDBA TO USER2
  So its ultimately With admin option always :)
  That has solved my problem
  Thanks all for your help..
  --Mrunal                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

• VLD-2771 System privileges may not allow extraction from source ....??

  When I try to deploy the mappings in OWB Deployment Manager, I got a Warning "VLD-2771 System privileges may not allow extraction from source ORDER_ITEMS". WHY? ^^""
  ========================================
  I define a Runtime Repository Connections "ORACLE_HW_RUNTIME"
  Host Name: localhost
  Port Number: 1521
  Service Name: GBGLM
  Connect As User: owb904rr
  Runtime Repository Owner: owb904rr
  and the "ORACLE_HW_RUNTIME" is in "ORACLE_WAREHOUSE" module, the "ORACLE_WAREHOUSE" use the link "OE" and the owner is "OWBUSER"
  p.s. the table "ORDER_ITEMS" is in "OE" schema. I had grant DBA to "owb904rr" and "OWBUSER".
  then use "ORACLE_HW_RUNTIME" to deploy the Mappings "WH_ORDERS_MAP". What I need to do for deploy?
  ^_^||

  Anyone with similar experience using SQL Server as the source?
  First I get: VLD-2771: System privileges may not allow extraction from source Product.
  Then if i ignore the warning and deploy, i get
  ORA-06550: line 15, column 18:
  PL/SQL: ORA-00942: table or view does not exist
  I have a public database link to the sql server database.
  When I create the mapping, I am able to see the tables and create the map. So why this problem when deploying. Which user is to be granted access to the source tables. I belive we cannot grant access to remote database tables using a database link. So what is the work around?
  Any help is highly appreciated.
  Please email me at [email protected]

• VLD-2771: System privileges may not allow extraction from source T.

  How to solve this problem.
  while deploying I am getting this message,besides where in oracle site I can find documentation for the errors in warehouse builder.
  VLD-2771: System privileges may not allow extraction from source T.
  I had given dba privileges to both source and target schemas, but still getting the error.
  Regards,
  Prabhathg

  When I tried to deploy my mapping, I am getting warning message <<VLD-2771: System privileges may not allow extraction from source D_UII_MV_NCA_INFRACONN.>>. As solution written in "http://forums.oracle.com/forums/thread.jsp?forum=57&thread=252565&message=742299", I gave SELECT privilege on the source table to the target user. But still, I am getting this error message.
  Can you please guide me in right direction?

• How to check whether system privilege are granted

  How to check whether system privileges like 'create session' and other ones are granted for user.
  Is there any sys table where this information is available?
  Regards - Neuron

  Keep in mind select * from dba_sys_privs where grantee = 'some-user' will give you a list of privileges granted to some-user directly. To get complete list of system privs granted to a user both directly an via roles use:
  ACCEPT USER PROMPT 'Please enter user name: '
  COLUMN PATH FORMAT A90
  SET LINESIZE 132
  SELECT  PATH,
          PRIVILEGE
    FROM  DBA_SYS_PRIVS,
            SELECT  'DIRECT GRANT' PATH,
                    '&USER' GRANTED_ROLE
              FROM  DUAL
           UNION ALL
            SELECT  LTRIM(SYS_CONNECT_BY_PATH(GRANTED_ROLE,'->'),'->') PATH,
                    GRANTED_ROLE
              FROM  DBA_ROLE_PRIVS
              START WITH GRANTEE = UPPER('&USER')
              CONNECT BY PRIOR GRANTED_ROLE = GRANTEE
    WHERE GRANTEE = GRANTED_ROLE
  /Now on top of privileges granted to a user, user also has privileges granted to PUBLIC. To get privileges user receives via PUBLIC run the above script specifying PUBLIC at the prompt.
  SY.

• What is the system privilege required to grant "Analytic Privilege" to a user

  Hi SCN,
  I have the user with following privileges:
  SYSTEM Privileges: CATALOG READ,CREATE STRUCTURED PRIVILEGE,DATA ADMIN,STRUCTUREDPRIVILEGE ADMIN,USER ADMIN
  PACKAGE Privileges: SECURITY
  OBJECT Privileges: _SYS_BI,_SYS_BIC and REPOSITORY_TEST
  Am able to create a AP, but not able to assign to a user.  Checked different threads and documents, Am able to add with "SYSTEM" user but not with the generic user i have
  I can't do tracing as it is disabled in the client system
  Am i missing something here? Can someone help me please?
  Regards,
  Krishna Tangudu

  Thank you so much Raj.
  I was expecting this kind of privilege under SYSTEM PRIVILEGE.
  So other privileges which i mentioned are fine right?
  Regards,
  Krishna Tangudu

• ALLOW A USER TO KILL A SESSION WITHOUT ALTER SYSTEM PRIVILEGE.

  Hi
  I need a user to have permission to kill a session without having the ALTER SYSTEM privilege. I created a procedure on sys schema and granted the EXECUTE privilege to the user but it doesn't work, how can I do, help please.
  CREATE OR REPLACE PROCEDURE SYS.PRC_SESSION_KILLER (P_SID IN NUMBER, P_SERIAL IN NUMBER)
  AS
  BEGIN
       EXECUTE IMMEDIATE 'GRANT ALTER SYSTEM TO SYSADMIN';
       EXECUTE IMMEDIATE 'ALTER SYSTEM KILL SESSION ''' || P_SID || ',' || P_SERIAL || ''' IMMEDIATE';
       EXECUTE IMMEDIATE 'REVOKE ALTER SYSTEM FROM SYSADMIN';
  END;
  Thank you very much.

  Hi,
  I second everything John said.
  Are you sure the arguments are correct?
  Below is the procedure I use. You may want to run it, just to see what the error is.
  PROCEDURE     kill_internal
       s_id          IN     NUMBER,
       serial_num     IN     NUMBER,
       stat_out     OUT     VARCHAR2
  IS
       alter_handle     INTEGER;
       ex_val          INTEGER;     -- Returned by dbms_sql.execute
  BEGIN
       alter_handle := dbms_sql.open_cursor;
       dbms_sql.parse
            alter_handle,
            'ALTER SYSTEM     KILL SESSION '''     ||
                 TO_CHAR (s_id, '999990')     ||
                 ', '                    ||
                 TO_CHAR (serial_num, '999990')     ||
            dbms_sql.native
       ex_val := dbms_sql.execute (alter_handle);
       dbms_sql.close_cursor (alter_handle);
       stat_out := 'Success: '                    ||
                 TO_CHAR (s_id, '999990')     ||
                 ', '                    ||
                 TO_CHAR (serial_num, '999990');
  EXCEPTION
       WHEN OTHERS
       THEN
            stat_out := 'Failure:'          ||
                 SQLERRM;
  --          dbms_output.put_line (stat_out);
            dbms_sql.close_cursor (alter_handle);
  END     kill_internal
  ;

• Roles/System privileges/Object privileges

  Oracle 10g. we created a role and assigned this role to the user. We also assigned some system privileges and Object privileges directly to the same user. Now the company's new policy is that the user's permissions have to be assigned only via role. system privileges and Object privileges cannot be assigned directly to the user. So I have to alter the role. The steps are:
  1. grant system privileges and Object privileges to role. (this will be executed as a script)
  These privileges were directly assigned to the user.
  2. revoke all privileges which were directly assigned to the user.
  Do I miss anything?
  Please advise.
  Thanks
  S.

  Object privileges cannot be assigned directly to the user.Privileges acquired via ROLE do not apply within PL/SQL procedures.
  You may face some coding challenges in the future due to this policy.

• System privileges

  dear DBAs,
  in our banking application we are using a profile where the SELECT_ANY_DICTIONARY priv. is included, and this profile is granted to the user who owns the application database objects.
  the problem is that when this user is trying to query the V$SESSION within a procedure and we are obliged to grant him the SELECT_ANY_DICTIONARY priv. from outside the profile, otherwise the procedure will not be properly compiled.
  do someone have an idea about how to make this procedure properly compiled without granting him this privileges from outside and keep it only within the profile.
  appreciate your suggestion.
  Regards
  Elie

  Do not give SELECT_ANY_DICTIONARY system privileges.You have to give explicitly SELECT or EXECUTE privileges according objects like
  grant select on v_$session to <user name>This will solve your problem.

• DEBUG CONNECT SESSION system privilege

  Hi everyone. It's my first post to this forum so I'd like to say hello :)
  I'm completely new to PL/SQL language. I'm using PL/SQL Developer and I want to make a simple testscript but when I launch it communicate appears
  Debugging requires the DEBUG CONNECT SESSION system privilege
  could You tell me how to set that? Greetings. P.

  in the xp:
  start>run>cmd
  in the cmd console:
  1. set oracle_sid=<bobens_83-here_goes_your_db-name>
  2. sqlplus /nolog
  3. conn sys as sysdba
  4. sqlplus may asks for password - if it does, bobens_83, supply the password that was chossen during the install process.
  5. grant DEBUG CONNECT SESSION to =<bobens_83-here_goes_your_db-username>
  6. exit sqlplus
  7. exit cmd
  in the xp:
  try to debug using PL/SQL Developer.
  Have fun,
  Amiel Davis

• How to grant create table privilege for a user on a specific table

  Hi:
  I created a user, for a test scenario. I granted this user create any table, and I made the default tablespace as example.
  When I connect as the user and try to create a table, I get this:
  SQL> create table T1 (NAME varchar2 (500), AGE number(2));
  create table T1 (NAME varchar2 (500), AGE number(2))
  ERROR at line 1:
  ORA-01950: no privileges on tablespace 'EXAMPLE'
  How can I grant the necessary privilege to have user create/delete tables on tablespace example?
  Thanks.
  DA

  create user ADAM identified by radge default tablespace EXAMPLE
  quota 10M on EXAMPLE;
  for example 10Mbytes given to Example tablespace.... or you can write:
  .....quota unlimited on EXAMPLE
  and
  grant connect to ADAM
  grant create table to ADAM .....
  or
  grant connect , resource to ADAM .... although grant resource is not recommended...
  ....and something else....
  you should define temporary tablespace in create user command... otherwise the system would be used...
  Greetings...
  Sim
  Message was edited by:
  sgalaxy

• Create a new user for oracle 10G ASM instance with sysdba system privilege

  Hi,
  In our Golden Gate Project, we require the SYS user credential to connect to the Oracle 10g  ASM instance to read the database transaction logs.But our client is not providing the SYS user credential to  connnect to ASM instance.
  I'm getting the error message "ORA-01109:  database not open",When I tried to create a new user using the  below the steps in oracle 10g ASM instance
  1. Login using "sqlplus / as sysdba"
  2. Create user <username> identified by <password>;
  But in oracle 11g ASM instance, I'm able to create new  user  by connecting the ASM instance with SYSASM role without issues.
  Is there is any workaround to create a new user with sysdba system privilege in oracle 10g ASM instance?.
  Thanks in advance .

  Hi,
  Recreate the password file for the ASM instance as follows:
  Unix:
  orapwd file=<ORACLE_HOME>/dbs/PWD<SID> password=<sys_password>
  Windows:
  orapwd file=<ORACLE_HOME>/database/PWD<SID>.ora password=<sys_password>
  Now sys password is reset, we are ready to use sys for ASM management. I decided to create another user ASMDBA as I tried above.
  SQL> create user ASMDBA identified by test01;
  User created.
  SQL> grant SYSASM, SYSOPER to ASMDBA;
  Grant succeeded.
  SQL> select * from v$pwfile_users;
  USERNAME SYSDBA SYSOPE SYSASM
  SYS TRUE TRUE TRUE
  ASMDBA FALSE TRUE TRUE
  Please see this link : http://orachat.com/how-to-change-asm-sys-password-creating-sysasm-user-11g/
  Thank you

• System privileges do not enable extraction from source

  Hi
  I'm new to OWB, Also for this I granted select on source to target.
  I'm using OWB10g/Oracle on Windows xp on same m/c(Local Host), I created mapping source tables emp/dept (look up on dept) and taget to dept_emp.
  When I valaidate gives validation compled successfully, When I go to deployment manager, It gives System privileges (I granted select privilges using SQLPLUS), When I tried to deploy it gives another error Runtime owned by different platform.
  What is the error, Pl help.
  Many thanks in advance
  Murthy

  I fixed the problem