SQL & PL/SQL :: Grant Privileges To Subprogram Via Role - Should Not Work
Jun 8, 2010
I bought Selftestsoftware for 1z0-147 for 9i and 10g. Selftestsoftware is endorsed by Oracle, should be high quality.
But its below sample question and answer seem to be wrong: It says that privilege for subprogram can be granted via role. But from Urman 9i book: the grant the execute privilege must be done explicitly and not through a role.
Did Selftestsoftware made a mistake? Or the question did not mention or assume that the subprogram is based on invoker rights not definer right?
Quote:
Question: All users in the HR_EMP role have UPDATE privileges on the EMPLOYEE table. You create the UPDATE_EMPLOYEE procedure. HR_EMP users should only be able to update the EMPLOYEE table using this procedure. Which two statements should you execute? (Choose two.)
GRANT UPDATE ON employee TO hr_emp;
GRANT SELECT ON employee to hr_emp;
REVOKE UPDATE ON employee FROM hr_emp;
REVOKE UPDATE ON employee FROM public;
GRANT EXECUTE ON update_employee TO hr_emp;
Explanation:
The two statements you should execute are:
REVOKE UPDATE ON employee FROM hr_emp;
GRANT EXECUTE ON update_employee TO hr_emp;
Unless you are the owner of the PL/SQL construct, you must be granted the EXECUTE object privilege to run it or have the EXECUTE ANY PROCEDURE system privilege. By default, a PL/SQL procedure executes under the security domain of its owner. This means that a user can invoke the procedure without privileges on the procedures underlying objects. To allow HR_EMP users to execute the procedure, you must issue the GRANT EXECUTE ON update_employee TO hr_emp; statement. To prevent HR_EMP users from updating the EMPLOYEE table unless they are using the UPDATE_EMPLOYEE procedure, you must issue the REVOKE UPDATE ON employee FROM hr_emp;
All of the other options are incorrect because they will not meet the specified requirements.
View 7 Replies
ADVERTISEMENT
Jun 3, 2010
I have a stored procedure which when executed creates a user and grants some roles to the user and also makes certain roles DEFAULT using "alter user"
The issue comes when i execute the procedure.
I have a User who has a role and this role has the "alter user" privilege, for example lets say that the user1 has the role ABC, and role ABC has the "alter user" privilege.
SQL> grant alter user to ABC;
Grant succeeded.
SQL> grant ABC to user1;
Grant succeeded.
Now, when i run the stored procedure as the user1, it gives me an error on a line saying "insufficient privileges", when i check the line, its this line:
alter user user1 DEFAULT ROLE "ROLE1", "ROLE2"
But as far as i know the user1 has the "alter user" privilege
I want to make those two roles ROLE1, ROLE2 DEFAULT because i don't want the other roles ROLE3,ROLE4 to be default, as you know if there are many roles and if we alter user with default for certain roles other roles become DEFAULT=NO.
So i get the error at "alter user" statement though the user has the "alter user" privilege, what do you think might be wrong?
OR is there anyway to grant roles to the user with default=NO option?
View 9 Replies
View Related
Aug 9, 2010
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - 64bit Production
PL/SQL Release 11.1.0.6.0 - Production
"CORE 11.1.0.6.0 Production"
Is there a way to grant EXECUTE on a group of procedures/functions/packages to a particular role , in a single statement ? Or we have to do it one by one... like
GRANT EXECUTE on event_main to role1,
GRANT EXECUTE on event_main2 to role1,
GRANT EXECUTE on event_main3 to role1,
View 2 Replies
View Related
Oct 23, 2012
I have a role in my Oracle 10g instance like below:
GRANT ALTER USER TO <role_name> WITH ADMIN OPTION;
And this works fine for any user who has:
GRANT <role_name> TO <user>;
What I need is to limit <user> to only have the ALTER USER privilege to a set of users. Preferrably where the set of users are identified by a column value in a table, something like:
WHERE PeopleTable.InList = "YES"
Or maybe where set of users are defined by their membership in another role.
GRANT ALTER USER TO <role_name> FOR USERS IN MEMBERS_LIST_ROLE;
View 7 Replies
View Related
Oct 20, 2010
How can i find out or list all the privileges that were given to a role with sqlplus cmd?
View 2 Replies
View Related
Sep 9, 2013
I have a role R.I want to see what privileges have been granted to this Role R. Where should i query?
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit ProductionPL/SQL Release 11.2.0.3.0 - Production"CORE 11.2.0.3.0 Production"TNS for Solaris: Version 11.2.0.3.0 - ProductionNLSRTL Version 11.2.0.3.0 - Production
View 2 Replies
View Related
Aug 1, 2012
How CONNECT Role in oracle works.
I have my schema "SchemaABC" with ROLES created as CONNECT and RESOURCE. Also it doesn't have DBA role (to say).
SQL> Select * from User_Role_Privs;
USERNAME GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE OS_GRANTED
------------------------------ ------------------------------ ------------ ------------ ----------
SCHEMAABC CONNECT NO YES NO
SCHEMAABC RESOURCE NO YES NO
SQL>Currently we are able connect to this schema through code as well as from PL/SQL Developer. And uses it for all coding purposes like Create, Insert, Update, Stored Procedures, functions, triggers etc.
Now my question is, can this schema be changed to a role/privilege where all the above said activities can be done through code, but not from PL/SQL developer (making it to Read-only)? Yet, I will be using the same schema Name in code as well to connect from PL/SQL Developer.
I understand Connect role has big share in this. But if I remove the connect privilege(role), then will that work when I connect to it through code?
View 1 Replies
View Related
Dec 6, 2010
i have created one user SVC_LAMR and created one ROLE - SVC_LAMR_ROLE.
i have attachd this role to abv user SVC_LAMR.
i need to grant SELECT privilege on some tables ( from some other schema TPAOWNER ) to this role.so that this user SVC_LAMR can access those tables lying in TPAOWNER schema.
for e.g.
SQL> show user
USER is "SYS"
SQL> grant SELECT on TPAOWNER.USER_APPLICATION to SVC_LAMR_ROLE;
grant SELECT on TPAOWNER.USER_APPLICATION to SVC_LAMR_ROLE
*
ERROR at line 1:
ORA-01031: insufficient privileges
But, if i connect this user: TPAOWNER, and give SELECT privilge directly to this role, it is accepting.
i.e.
SQL> conn tpaowner/*******
Connected.
SQL> grant select on USER_APPLICATION to SVC_LAMR_ROLE;
Grant succeeded.
SQL> grant SELECT on USERS to SVC_LAMR_ROLE;
Grant succeeded.
View 5 Replies
View Related
Mar 1, 2012
I am observing a strange behavior for the ROLES:
The DBA granted the RESOURCE role for my user USER1:
GRANT RESOURCE TO USER1;
The USER1 logged and activated the role RESOURCE.
CONN USER1/USER1
SET ROLE RESOURCE;
... it has some privileges in database ( UNLIMITED TABLESPACE for example that grant to him create table in any tablespace).
Now I created a new tablespace, but the user1 cannot use this new tablespace.So I will to revoke the RESOURCE for the USER1:REVOKE RESOURCE TO USER1;
It seems ok, but the user USER1 can still create tables in the new tablespace.I repared that UNLIMITED TABLESPACE still active, and the REVOKE RESOURCE just will have effect in the next LOGON of the USER1.
How can I REVOKE the ROLE and disable all the privileges from it immediately?
View 3 Replies
View Related
Aug 6, 2012
I want to find role dependency on another role.
1. If its a basic role (made of priviliges), what data dictionary view I should query?
2. If the role is made of some other role and additional priviliges, what query I should fire to find that?
3. Role is granted to which users?
View 15 Replies
View Related
Jul 14, 2011
I have a role mfg_grp .I want to know, to whom the role is granted and which objects and which privileges on those objects are assigned to this role.
View 4 Replies
View Related
May 25, 2010
Say we have db1 and db2 two databases installed on two different servers.For internal needs, I have to insert some data from a table t1 on db1 to a table t2 in db2. This can be done by issuing from a user on db1 :
insert into t2@dblink2
select *
from t1;
where dblink2 is a correct database link that points to u2 (the t2 owner for example) on db2.
Now what I want to do is to grant privileges remotely.Is there a way to issue somthing like
execute@dblink2 'grant select on t2 to public';
It would be like u2 has issued the statment...
I don't want to use OS scripts (.sh or .bat).
View 14 Replies
View Related
Jun 28, 2011
When i try to grant all privilege to a object i get error
SQL> GRANT ALL PRIVILEGES ON tab1 TO PUBLIC;
GRANT ALL PRIVILEGES ON tab1 TO PUBLIC
*
ERROR at line 1:ORA-01929: no privileges to GRANT
how to check the user has privilege to use grant privilege or grant all privileges to object and what privileges exist in ALL PRIVILEGES.
View 5 Replies
View Related
Dec 10, 2010
I am a java developer and would like to install data locally in my computer for testing purpose.
I login as sysdba in sqlplus, created a user.
In the installation documentation it said :
This user should have at least the following privileges.
CREATE TABLE, CREATE VIEW, CREATE PROCEDURE, CREATE PUBLIC SYNONYM, CREATE USER, CREATE ROLE, CREATE SEQUENCE, CREATE SESSION CREATE TRIGGER, AND CREATE TYPE.
If you choose, you can grant DBA role to this user.
Note: Coeus Schema owner should have CREATE USER and ALTER USER right explicitly granted to it, not through a role like DBA.
1)How to grant all this prvileges to that user ?
2)How this user will have CREATE USER and ALTER USER right explicitly granted to it, not through a role like DBA ?
View 5 Replies
View Related
Oct 27, 2011
My need is to grant priveleges for select on view without granting on nested tables.
Actual problem is that I can grant privileges for particular user, but can't grant privileges for user group.
View 4 Replies
View Related
Jul 9, 2011
grant insert,update,delete,select on staging_tb1 to public;
What is public here? i know something about public user like it is users exist in the database .
View 5 Replies
View Related
Sep 30, 2011
have an automated process which runs on an Oracle 8i database server as user abc. This process creates views/tables in other schemas, on the same database server, which point to objects owned by the abc user.
The issue I'm getting is that when I try to execute GRANT SELECT ON xyz.view123 TO PUBLIC as the abc user, I get an insufficient privileges.I should add that the abc user created the xyz.view123 table/view.
What grants/priviliges or whatever do I have to do to the abc schema?
View 2 Replies
View Related
Sep 30, 2011
I have an automated process which runs on an Oracle 8i database server as user abc.This process creates views/tables in other schemas, on the same database server, which point to objects owned by the abc user.
The issue I'm getting is that when I try to execute GRANT SELECT ON xyz.view123 TO PUBLIC as the abc user, I get an insufficient privileges.I should add that the abc user created the xyz.view123 table/view.
What grants/priviliges or whatever do I have to do to the abc schema?
View 1 Replies
View Related
Aug 13, 2013
Is there any Role where 'exp_full_database' role is contained in it? or it is compulsory to grant to the user for exporting objects.,
View 2 Replies
View Related
Oct 31, 2012
I would like to know what happens when we fire:
grant all on any table to user_name;
and
grant all on table_name to user_name;
Actually I was performing "grant all on table_name to user_name;" to grant the privilege but 1 of my friends suggested "grant all on any table to user_name;"
View 5 Replies
View Related
Oct 10, 2012
But what I noticed is that user HIEL has a connect role but YONC does not. (Result set is below) Have searched for information but did not find what I was looking for. I did read something about backward compatibility.I'm leaning towards that thought since the other user YONC does not have this role.
Database: 11g R1
SQL> select * from dba_role_privs where grantee in ('YONC', 'HIEL') order by grantee;
GRANTEE GRANTED_ROLE ADM DEF
--------------------------- --------------------------- --- ---
YONC WCAIMS_INQUIRY NO YES
YONC ENDUSER NO YES
HIEL WCAIMS_CSR_ADDR NO YES
[code].........
View 4 Replies
View Related
Sep 15, 2011
i mean which can generate a primary key when the table name and column name are passed as parameters
View 7 Replies
View Related
Oct 18, 2013
i have user with the name 'Rob' and this user has been assigned a role 'MY_SRC_ROLE' . I developed a table under rob schema and granted access to this table via role GRANT DELETE, INSERT, SELECT, UPDATE ON rob.emp TO MY_ SRC_ ROLE; I have 100 more users & they have been granted this role 'MY_SRC_ROLE'. These 100 users can now access emp table via Role 'MY_SRC_ROLE' without any issues. Now i took a datapump export & performed datapump import on target server which is also HP Unix with 11.20.3 .
On target server i have user 'JACK' and a role called 'MY_WORK_ROLE'. 5000 users have been granted 'MY_ WORK_ ROLE' on this server. I have used remap tablespace clause & remap schema clause in datapump import script. Once i performed an import , due to schema remap , i can see JACK now owns table 'emp', however grants are still not there, I tried searching on Google & oracle documentation, if somehow we can remap ROLE GRANTS also while doing datapump imp, but i couldn't find supporting syntax. can i assume datapump import is not capable to handle this particular scenario ? I was able to do it by manipulating sqlfile and replacing role name in that but i am looking for a sol. within datapump itself. how can grants assigned to ROLE 'X' be transferred to 'Role Y' via datapump import.
View 2 Replies
View Related
Mar 22, 2012
how to design subprogram which can generate a primary key value whenever the table name and column name are passes as parameter.?
View 19 Replies
View Related
Jul 25, 2013
I have a procedure inside a package which consists of more than 1000 lines, and also many subprograms used inside that particular package, while call that package i receive an error, well i like to find out in which particular line this error arises, how to overcome this problem is what ways?
View 17 Replies
View Related
Sep 20, 2012
is there a way to create a role just like DBA role?
View 6 Replies
View Related
Aug 19, 2005
what is the role of SGA and PGA in oracle . And want kind of functionality they provide the oracle. i not understand what is system global Area and Program global Area (SGA and PGA).
View 7 Replies
View Related
Jun 3, 2010
If iam create a new role in scott/tiger user why not creating. can any one explan me.
SQL> create role test_role;
create role test_role
*
ERROR at line 1: ORA-01031: insufficient privileges
View 2 Replies
View Related
Aug 18, 2010
I have created a role, when i try to grant privilege to that role, it give me insufficient privilege error. After granting privileges to this role, i have to grant this role to other. what type of privileges should i have.
Create Role cb_select;
Grant select on atable to cb_select; (Got error)
View 7 Replies
View Related
Apr 16, 2013
I am trying to find out what is the minimum Oracle User Role required for the GetSchema command to work using ODP.NET and the Oracle.DataAccess library.
Dim cn As New OracleConnection(ConnectionString) 'Oracle.DataAccess.Client.OracleConnection Return cn.GetSchema("Tables")
View 0 Replies
View Related
