SQL & PL/SQL :: Grant All Roles Of One User To Another Through Script
Nov 24, 2010
I am trying to create a script where a user can be granted all the roles that another user has. I created a script:
create user yyyyy identified by zzzz default tablespace ahspace temporary tablespace temp_data;
grant connect to yyyyy;
declare
cursor grantpriv is
select granted_role from dba_role_privs where grantee='xxxxx'; -- existing user
cursor_name integer;
statement varchar2(200);
Begin
cursor_name :=dbms_sql.open_cursor;
I am working on the roles and privs. I want to provide the privs on any object to any user through the roles. not a direct grant.I am having 150 users and 50 roles, I want to do this using the script is few strokes. for this I have tried to create a script but I am not able to make that.
For example There is 2 user scott and test
A. test is having select privs on scott.emp. B. Test is having insert,delete,update privs on scott.emp; c. DB is having 2 roles scott_edit - insert,delete,update privs on tables scott_read - select privs on tables
I want to revoke separate privs from test and want to given only scott_edit and scott_read (which(roles) is having all privs)
Conn xyz/passwordxyz grant create procedure to 'xyz';
I want to give permissions to my current user 'xyz' , I am able to give permissions to user using system user but Is there any way to grant permissions to user 'xyz' while I am using 'xyz' user.
I have a procedure in my schema. I have created a sys context name xyz for passing the date in that i am passing the sysdate to that context which is used in a view.i have used/called that procedure in form.
My problem is that when i am giving Grant select any dictionary to the user then form is compiled otherwise form is giving error procedure name must be declared. But for security reasons i don't to give select any dictionary to that user.
I have a role in my Oracle 10g instance like below:
GRANT ALTER USER TO <role_name> WITH ADMIN OPTION;
And this works fine for any user who has:
GRANT <role_name> TO <user>;
What I need is to limit <user> to only have the ALTER USER privilege to a set of users. Preferrably where the set of users are identified by a column value in a table, something like:
WHERE PeopleTable.InList = "YES"
Or maybe where set of users are defined by their membership in another role.
GRANT ALTER USER TO <role_name> FOR USERS IN MEMBERS_LIST_ROLE;
Actually I was performing "grant all on table_name to user_name;" to grant the privilege but 1 of my friends suggested "grant all on any table to user_name;"
I'm not sure if this belong to this place. move it to the proper place.
I'm having an annoying problem: (I'm not sure if it is a problem) - In a package body I'm trying to delete/update/insert/select the contents of a table in other schema. - The respective synonym exists. - I had created a role with the respective privileges over the synonym. - I granted the role to the package's owner. - I try to compile the package, but it keeps returning compilation errors. (Not table found) - In standard SQL, I can delete/insert/update/select over the table. - The only way to compile the package, without errors, is to grant the privileges directly to the package's owner.
I am using Oracle9i Enterprise Edition Release 9.2.0.6.0 - 64bit Production.I have a table D_GEOGRAPHY_25729 in RDS schema and I have created a role ACC_D_TABLES logging as ADMIN.
Now I have given GRANT SELECT access for table D_GEOGRAPHY_25729 to role ACC_D_TABLES.
There is another schema TRANS in the same database which has the role ACC_D_TABLES. But after logging in this schema, I am not able to query directly from table D_GEOGRAPHY_25729. I need to use like below to access the table.
select * from RDS.D_GEOGRAPHY_25729 Having the correct role ACC_D_TABLES to TRANS schema, why should I use RDS.D_GEOGRAPHY_25729 ? Is it not possible without prefixing the RDS schema name?
It is possible when I create a public synonym for D_GEOGRAPHY_25729 in RDS schema, but if i do so everyone can access this table.
i want to get user (dba roles in combo box runt time).i have write down this code in when new form instance.
declare rg_id recordgroup := find_group('RG') ; ln_error number ; begin if not id_null(rg_id) then ln_error := populate_group(rg_id) ; if ln_error = 0 then populate_list('BLOCK3.T' , rg_id) ; else message('Error in Populating Group') ; end if ; end if ; end ;
attached file.when i run it gives the follwoing error. frm-41334-invalid record group.
record group query is: SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE='MTSYS'
I read that few privilegs can not be granted to roles like 'UNLIMITED TABLESPACE ' and they need to granted to user directly.
1. Is there any reason behind that few privileges cant be granted to roles or is it just oracle design. 2. what kind of privileges cant be assigned to roles.
I want to import schema1 from sourcedb to targetdb. For this I need to generate create sripts and grant scripts for roles related to schema. For example schema1 has role1; rol1 has rol2; rol2 has rol3 and some system privileges and object privileges. How can I generate this script from sourcedb?
When I try to drop the roles in dbartisan tool, I get an error saying "Drop DDL for **_***********_ROLE has not been generated because it is a system object", but if i go to sql prompt and say "drop role rolename", it is working. How do I remove the role in dbartisan itself?
I am looking for a query which can select all existing Oracle predefined users and roles from db.I need it because one of my other scripts needs to know a given user name or role is a customised one or a system one.It looks like sys.user$ does not have any column that can be used to distinguish predefined users/roles.
I could find all the list of Oracle predefined users and roles by googling and hardcoded them in a query. I can also collect all the customised users and roles as well. However, I prefer a query which can automatically reports that and minimise the maintenance cost as new names and roles, either Oracle predefined or customised, may come out at anytime.
I have got single sign on working via the built in LDAP Directory authentication in APEX. But at the moment this is letting everyone who is within AD log inHow can I assign role permissions to each logged in user so some users have an admin role and see certain parts of the application / pages / navigation items while editors and readers have different permissions
And also to restrict access to certain pages within the application
i want to do a schema export from Database A. There are hundreds of users under this schema.I have to import this schema into other database say B. My question's are:
1) Do i need to pre-create only schema user or all the users under it.
2) Will the schema export all the roles,procedures,packages,synonyms,funsctions and triggers?
wanted to grant dbms_scheduler permission to the system user in oracle 11.2.0.3,but it is showing insufficient privileges, but my System has Sysdba rights.
SQL> SELECT * FROM v$pwfile_users WHERE sysdba='TRUE'; USERNAME SYSDB SYSOP SYSAS ------------------------------ ----- ----- ----- SYS TRUE TRUE FALSE
[code]....
Revoke succeeded.
SQL> conn system Enter password: Connected.
[code]...
while i ran this query " SQL> select * from session_privs;"
for system user i have 202 rows of different privileges,but the same query for sysdba has 208 rows...
