SQL & PL/SQL :: Grant Privilege To Role
Jun 3, 2010
I have a stored procedure which when executed creates a user and grants some roles to the user and also makes certain roles DEFAULT using "alter user"
The issue comes when i execute the procedure.
I have a User who has a role and this role has the "alter user" privilege, for example lets say that the user1 has the role ABC, and role ABC has the "alter user" privilege.
SQL> grant alter user to ABC;
Grant succeeded.
SQL> grant ABC to user1;
Grant succeeded.
Now, when i run the stored procedure as the user1, it gives me an error on a line saying "insufficient privileges", when i check the line, its this line:
alter user user1 DEFAULT ROLE "ROLE1", "ROLE2"
But as far as i know the user1 has the "alter user" privilege
I want to make those two roles ROLE1, ROLE2 DEFAULT because i don't want the other roles ROLE3,ROLE4 to be default, as you know if there are many roles and if we alter user with default for certain roles other roles become DEFAULT=NO.
So i get the error at "alter user" statement though the user has the "alter user" privilege, what do you think might be wrong?
OR is there anyway to grant roles to the user with default=NO option?
View 9 Replies
ADVERTISEMENT
Jun 20, 2013
I have 2 users in my oracle DB. They both have very different privileges and they both have too many different privileges. Now I want to grant user 1 the same privilege that user2 has while user1 keeps his existing privilege. How can this be done without manually comparing their difference and manually grant user 1 each privilege that he doesn't have? Or second option, can I override user 1's privilege with user 2's privileges?
View 2 Replies
View Related
Aug 18, 2010
I have created a role, when i try to grant privilege to that role, it give me insufficient privilege error. After granting privileges to this role, i have to grant this role to other. what type of privileges should i have.
Create Role cb_select;
Grant select on atable to cb_select; (Got error)
View 7 Replies
View Related
Apr 2, 2013
I logged in as system and I just execute below script, however Im getting error "SQL Error: ORA-00942: table or view does not exist 00942. 00000 - "table or view does not exist""
GRANT execute ON UTL_FILE TO USER1;
How to grant privilege on ult_file?
View 5 Replies
View Related
Jun 21, 2012
I wonder if exists a privilege, that i could grant to a user, just to run a specific function.
I searched in dba_sys_privs something about it but, returned nothing.
13:38:10 brunos@fastora1> select * from dba_sys_privs where privilege like '%FUNCTION%';
GRANTEE PRIVILEGE ADMIN_OPTION
View 7 Replies
View Related
Oct 8, 2010
I grant sysdba privilege to user1. After that i connected with user1. But i could not shutdown the database.
View 3 Replies
View Related
Aug 9, 2010
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - 64bit Production
PL/SQL Release 11.1.0.6.0 - Production
"CORE 11.1.0.6.0 Production"
Is there a way to grant EXECUTE on a group of procedures/functions/packages to a particular role , in a single statement ? Or we have to do it one by one... like
GRANT EXECUTE on event_main to role1,
GRANT EXECUTE on event_main2 to role1,
GRANT EXECUTE on event_main3 to role1,
View 2 Replies
View Related
Jun 8, 2010
I bought Selftestsoftware for 1z0-147 for 9i and 10g. Selftestsoftware is endorsed by Oracle, should be high quality.
But its below sample question and answer seem to be wrong: It says that privilege for subprogram can be granted via role. But from Urman 9i book: the grant the execute privilege must be done explicitly and not through a role.
Did Selftestsoftware made a mistake? Or the question did not mention or assume that the subprogram is based on invoker rights not definer right?
Quote:
Question: All users in the HR_EMP role have UPDATE privileges on the EMPLOYEE table. You create the UPDATE_EMPLOYEE procedure. HR_EMP users should only be able to update the EMPLOYEE table using this procedure. Which two statements should you execute? (Choose two.)
GRANT UPDATE ON employee TO hr_emp;
GRANT SELECT ON employee to hr_emp;
REVOKE UPDATE ON employee FROM hr_emp;
REVOKE UPDATE ON employee FROM public;
GRANT EXECUTE ON update_employee TO hr_emp;
Explanation:
The two statements you should execute are:
REVOKE UPDATE ON employee FROM hr_emp;
GRANT EXECUTE ON update_employee TO hr_emp;
Unless you are the owner of the PL/SQL construct, you must be granted the EXECUTE object privilege to run it or have the EXECUTE ANY PROCEDURE system privilege. By default, a PL/SQL procedure executes under the security domain of its owner. This means that a user can invoke the procedure without privileges on the procedures underlying objects. To allow HR_EMP users to execute the procedure, you must issue the GRANT EXECUTE ON update_employee TO hr_emp; statement. To prevent HR_EMP users from updating the EMPLOYEE table unless they are using the UPDATE_EMPLOYEE procedure, you must issue the REVOKE UPDATE ON employee FROM hr_emp;
All of the other options are incorrect because they will not meet the specified requirements.
View 7 Replies
View Related
Oct 23, 2012
I have a role in my Oracle 10g instance like below:
GRANT ALTER USER TO <role_name> WITH ADMIN OPTION;
And this works fine for any user who has:
GRANT <role_name> TO <user>;
What I need is to limit <user> to only have the ALTER USER privilege to a set of users. Preferrably where the set of users are identified by a column value in a table, something like:
WHERE PeopleTable.InList = "YES"
Or maybe where set of users are defined by their membership in another role.
GRANT ALTER USER TO <role_name> FOR USERS IN MEMBERS_LIST_ROLE;
View 7 Replies
View Related
Dec 6, 2010
i have created one user SVC_LAMR and created one ROLE - SVC_LAMR_ROLE.
i have attachd this role to abv user SVC_LAMR.
i need to grant SELECT privilege on some tables ( from some other schema TPAOWNER ) to this role.so that this user SVC_LAMR can access those tables lying in TPAOWNER schema.
for e.g.
SQL> show user
USER is "SYS"
SQL> grant SELECT on TPAOWNER.USER_APPLICATION to SVC_LAMR_ROLE;
grant SELECT on TPAOWNER.USER_APPLICATION to SVC_LAMR_ROLE
*
ERROR at line 1:
ORA-01031: insufficient privileges
But, if i connect this user: TPAOWNER, and give SELECT privilge directly to this role, it is accepting.
i.e.
SQL> conn tpaowner/*******
Connected.
SQL> grant select on USER_APPLICATION to SVC_LAMR_ROLE;
Grant succeeded.
SQL> grant SELECT on USERS to SVC_LAMR_ROLE;
Grant succeeded.
View 5 Replies
View Related
May 30, 2010
As we all know, privileges granted to a user through role are not visible from within a stored procedure. What is the reasoning behind this design?
Moreover, privileges granted through role are visible from anonymous PL/SQL block. Why such discrimination between anonymous PL/SQL and stored PL/SQL?
View 3 Replies
View Related
Aug 13, 2013
Is there any Role where 'exp_full_database' role is contained in it? or it is compulsory to grant to the user for exporting objects.,
View 2 Replies
View Related
Oct 31, 2012
I would like to know what happens when we fire:
grant all on any table to user_name;
and
grant all on table_name to user_name;
Actually I was performing "grant all on table_name to user_name;" to grant the privilege but 1 of my friends suggested "grant all on any table to user_name;"
View 5 Replies
View Related
Oct 10, 2012
But what I noticed is that user HIEL has a connect role but YONC does not. (Result set is below) Have searched for information but did not find what I was looking for. I did read something about backward compatibility.I'm leaning towards that thought since the other user YONC does not have this role.
Database: 11g R1
SQL> select * from dba_role_privs where grantee in ('YONC', 'HIEL') order by grantee;
GRANTEE GRANTED_ROLE ADM DEF
--------------------------- --------------------------- --- ---
YONC WCAIMS_INQUIRY NO YES
YONC ENDUSER NO YES
HIEL WCAIMS_CSR_ADDR NO YES
[code].........
View 4 Replies
View Related
Oct 18, 2013
i have user with the name 'Rob' and this user has been assigned a role 'MY_SRC_ROLE' . I developed a table under rob schema and granted access to this table via role GRANT DELETE, INSERT, SELECT, UPDATE ON rob.emp TO MY_ SRC_ ROLE; I have 100 more users & they have been granted this role 'MY_SRC_ROLE'. These 100 users can now access emp table via Role 'MY_SRC_ROLE' without any issues. Now i took a datapump export & performed datapump import on target server which is also HP Unix with 11.20.3 .
On target server i have user 'JACK' and a role called 'MY_WORK_ROLE'. 5000 users have been granted 'MY_ WORK_ ROLE' on this server. I have used remap tablespace clause & remap schema clause in datapump import script. Once i performed an import , due to schema remap , i can see JACK now owns table 'emp', however grants are still not there, I tried searching on Google & oracle documentation, if somehow we can remap ROLE GRANTS also while doing datapump imp, but i couldn't find supporting syntax. can i assume datapump import is not capable to handle this particular scenario ? I was able to do it by manipulating sqlfile and replacing role name in that but i am looking for a sol. within datapump itself. how can grants assigned to ROLE 'X' be transferred to 'Role Y' via datapump import.
View 2 Replies
View Related
Sep 20, 2012
is there a way to create a role just like DBA role?
View 6 Replies
View Related
Mar 2, 2010
A function returns the metadata of named objects (Directories, Users, Tablespace....) in the form of DDL. When i execute the function in the schema having the privileges of CONNECT, RESOURCE, DBA, SELECT ANY TABLE, UNDER ANY VIEW AND EXECUTE ANY PROCEDURE, function returns the empty clob without any error. But he same function created and executed in the User having SYSDBA privilege, we get output.how to get output without SYSDBA privilege ?
CREATE OR REPLACE FUNCTION SCHEMA.DBLINK
RETURN CLOB
AS
v_meta_handle NUMBER;
v_meta_handle_trans NUMBER;
V_DOC CLOB;
V_LOB CLOB;
[code]....
View 7 Replies
View Related
Oct 14, 2011
User Scott having DBA privilege
create or replace procedure pt is
l_count integer:=0;
v_sid varchar2(1000);
begin
SELECT name
INTO v_sid
FROM v$database;
dbms_output.put_line('SID='||v_sid);
end pt;
Warning: Procedure created with compilation errors.
SQL> sho err
Errors for PROCEDURE PT:
LINE/COL ERROR
-------- -----------------------------------------------------------
5/1 PL/SQL: SQL Statement ignored
7/9 PL/SQL: ORA-00942: table or view does not exist
SQL>
SQL> select name from v$database;
NAME
---------
ORCL
I can't access v$parameter,or v$database from a procedure?
View 1 Replies
View Related
Dec 5, 2011
how will i know if i have execute privilege on a package which is in user?
View 6 Replies
View Related
Jul 3, 2013
There two users a and b,and the table b.test_part.And one procedure under a ,text like below:
create or replace procedure a.sp_test
is
vs_sqls varchar2(32767);
begin
vs_sqls:='alter table b.test_part truncate partition p_day';
execute immediate vs_sqls;
end;
now,i have to grant drop any table to a.but in fact,i prefer to drop the special one table "b.test_partany" rather than any other table.how ? no by trigger!
View 5 Replies
View Related
Mar 10, 2011
When i want to connect inro database by Following:
# sqlplus /nolog
sql>conn / as sysdba
Insufficient privilege.
What are the reasons.
View 10 Replies
View Related
Jul 19, 2013
I am not able to select from the VIEW while connecting with the Schema who is the owner itself:
FX@db > select * from B_UTIL
select * from B_UTIL
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-02063: preceding line from FXDB2TST
Describe works but select does not. Even I connected with SYSDBA and performed SELECT * FROM FX.B_UTL but it again gives the above errors. 11.2.0.2 on RHL.
View 18 Replies
View Related
Nov 13, 2013
How to know what object/tab privileged a user have ? without connecting that user and using USER_TAB_PRIVS by connecting on that user I mean on DBA table .
View 0 Replies
View Related
May 24, 2012
what privilege is require for a user to execute explain plan? I get below error while try to execute explain plan.
SQL> explain plan for SELECT /*+ FULL(t) */ COUNT(*) FROM "DREAM"."CONSUMER.TAB" t WHERE ROWNUM <= 1000000;
explain plan for SELECT /*+ FULL(t) */ COUNT(*) FROM "DREAM"."CONSUMER.TAB" t WHERE ROWNUM <= 1000000
*
ERROR at line 1:
ORA-01031: insufficient privileges
View 9 Replies
View Related
Apr 19, 2010
I connect to an Oracle-10g database using OEM, and if I click to see the list of users, roles, storage options, ... everything is ok, but if I click to see the list of schemas, I get "1031: insufficient privileges" error.
The user account I use has the SELECT_ANY_DICTIONARY privilege and SELECT_CATALOG_ROLE role granted, and if I try to do "select * from dba_tables" in the SQL*Plus, I get a result.
The matter is even more strange because, if I use the SYSTEM account, I get the same error (!!!).
Do I need any other privilege/role to see the user's schemas with OEM?
View 2 Replies
View Related
Jun 29, 2011
1.How to check a user has 'create table' privilege?
2.how to check a user has privilege to grant 'create table' privilege to other user ?
View 6 Replies
View Related
May 14, 2011
What privilege is required to gather table statistics using dbms_stats ?
View 2 Replies
View Related
Jan 3, 2012
I want to create new database and i follow the following steps.
C:SET ORACLE_SID=ASIM
ORAPWD FILE=ORAPWDASIM.ORA PASSWORD=ASIM ENTRIES=6
ORADIM -NEW -SID ASIM -STARTMODE AUTO
THE TRY TO CONNECT TO SQLPLUS
SQLPLUS /NOLOG
AFTER THAT I WRITE THE CODE TO CONNECT THE SYS
Connect sys/ASIM as SYSDBA
BUT IT DISPLAY ERROR ORA-01030, INSUFICENT PREVILAGES.
View 6 Replies
View Related
Apr 28, 2011
I want to extract roles and privileges DDL for tablespace using dbms_metadata.get_ddl. How to do it?
View 3 Replies
View Related
May 27, 2012
what privilege is required to run dbms_stats package for gathering table and schema statistics.
SQL> show user
USER is "JACK"
SQL>
SQL> select * from user_sys_privs;
no rows selected
SQL> select * from user_role_privs;
no rows selected
SQL> select * from role_sys_privs;
no rows selected
SQL> exec dbms_stats.gather_table_stats('JACK','EN1')
PL/SQL procedure successfully completed.
I revoke all the privileges from JACK user but still i am able to gather stats for a table.what privilege is require to gather stats.
View 4 Replies
View Related