Checking roles & sys privs granted to a user.

Hi all

11.2.0.1

Im still confused in many roles and privileges required a user.

What is the role or sys privs granted to a user, then it can export/import its own table?

Thank you very much

zxy

> so this is something developers and DBA not so it should be granted.

But how a developer will get create a privilege if operator that is not given to DBA.  Obviously, operator and PL/SQL are used and written by the developer, but they are maintained by DBA at the database level.

> Unlimited tablespace, what would you say? I did not grant this privilege to HR, but he was able to acquire access unlimited tablespace.

Because HR user resource. which implicitly grant unlimited tablespace privilege to the user, as I already mentioned, do not use resource to the user it is also recommended by Oracle.  Create your own role, grant privileges system and object required role and now assign this role to the user.

Concerning

Girish Sharma

Tags: Database

Similar Questions

  • all grants to a user

    Hi all

    Can you me the script share how to list EVERYTHING - all roles, objects, privileges granted to a user? say 'HR' to the user.


    Thank you.

    USER_SYS_PRIVS lists all the system privileges granted to a user

    SELECT privilege
  FROM user_sys_privs
 WHERE username = 'HR'

    USER_TAB_PRIVS lists all the privileges granted to a user object

    SELECT owner, table_name, privilege
  FROM user_tab_privs
 WHERE grantee = 'HR'

    And USER_ROLE_PRIVS lists all the roles that have been granted to a user

    SELECT granted_role
  FROM user_role_privs
 WHERE username = 'HR'

    It may become more complex as of here, however, if you want to list all the privileges granted to these roles, the role given to the roles, privileges granted to these roles, etc. recursively. Fortunately, Pete Finnigan has a handy script that implements this logic. You can go down the script of find_all_privs.sql his site.

    And it becomes much more complicated if you want to grant privileges that do not follow the normal patterns. Privileges of Java, for example, network ACL, Workspace Manager privileges, etc.

    Justin

  • How to find the ROLE of all 10 GB DB users

    Is there a way to discover the ROLE of all users in the database. Is there any DISPLAY for it.

    THX

    Hello

    Some scripts:

    PROMPT
PROMPT
PROMPT ******************************************** ROLES AND PRIVILEGES
PROMPT
PROMPT ******************************************** USER ROLES

SELECT grantee user, granted_role, admin_option, default_role
FROM dba_role_privs
WHERE grantee IN (SELECT username FROM dba_users) AND
      grantee NOT LIKE '%SYS%' AND
      grantee NOT IN ('DBSNMP','OUTLN')
ORDER BY grantee;

PROMPT
PROMPT ******************************************** USER PRIVILEGES

SELECT grantee user, privilege, admin_option
FROM dba_sys_privs
WHERE grantee IN (SELECT username FROM dba_users) AND
      grantee NOT LIKE '%SYS%' AND
      grantee NOT IN ('DBSNMP','OUTLN')
ORDER BY grantee;

    set pages 58
column role         format a19 heading 'User or Role'
column admin_option format a3  heading 'Ad?'
column owner        format a7 heading 'Owner'
column table_name   format a26 heading 'Table name'
column privilege    format a21 heading 'Priv, Grant or Role'
column r_ord noprint
break on role
start titel132 'ORACLE ROLES REPORT'
select
  2 r_ord, b.role role, b.owner owner, b.table_name,
  b.privilege privilege, b.grantable admin_option
from
  sys.role_tab_privs b
union
select
  1 r_ord, a.role role, 'N/A' owner, 'N/A' table_name,
  a.privilege privilege, a.admin_option admin_option
from
  sys.role_sys_privs a
union
select
  3 r_ord, c.role role, 'N/A' owner, 'N/A' table_name,
  c.granted_role privilege, c.admin_option admin_option
from
   sys.role_role_privs c
order by
   role,r_ord;
set flush on term on pagesize 22  linesize 80
clear columns
clear breaks
ttitle off
pause Press enter to continue

    I hope this will help you.

    See you soon,.

    Francisco Munoz Alvarez
    http://www.oraclenz.com

  • grant select a user to a new user

    I know it should be easy, but can't seem to find a way around it.

    I can grant roles granted to a user to a new user, but the existing user has loads of select on other tables.

    How to get the selection of existing user and give them to the new user?

    Thank you

    See all the privileges granted to ALICE directly (not through a role)

    select * from dba_tab_privs where grantee='ALICE';

    With this, you can write a select statement that generates SQL to grant the same privileges to BOB

    select 'grant '||privilege||' on '||owner||'.'||table_name||' to BOB;' from dba_tab_privs where grantee='ALICE';

    Then, run the output of this statement to make grants.

  • Select grant to a user

    Hello
    I'm working on oracle10g and HP - UX.
    I need to create only one user on reading, how can select data from other users tabels.

    One way to do this - is glove instruction to create a srript...
    As

    Grant select on UserA.Tb1 to UserB;
    Grant select on UserA.Tb2 to UserB;
    Grant select on UserA.Tb3 to UserB;

    and so on...

    There are 4000 tables in the schema UserA... .and we need to write a sql script and run it on the database...

    Question-

    Is there a way to UserB's Select glove on all the obj. for use in a sql statement...?

    N ° there is no single GRANT command. You can, however, write a small script to PL/SQL, i.e.

    FOR x IN (SELECT * FROM dba_tables WHERE owner = 'UserA')
LOOP
  EXECUTE IMMEDIATE 'GRANT SELECT ON UserA.' || x.table_name || ' to UserB';
END LOOP;

    Of course, you would usually create a new role, grant this role to UserB and grant the privileges to this role, i.e.

    CREATE ROLE UserA_Select;

GRANT UserA_Select TO UserB;

BEGIN
  FOR x IN (SELECT * FROM dba_tables WHERE owner = 'UserA')
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON UserA.' || x.table_name || ' to UserA_Select';
  END LOOP;
END;

    In this way, when you need create the next read-only user, you just need to give this user the role of UserA_Select.

    Justin

  • WorkflowCA: [SYS] ORA-01017: name of user and password invalid. connection refused

    Hello

    Please help me, I'm getting below error when I set up the wizard of Configuration Workflow 2.6.4.0.0 - Linux


    Workflow Configuration Assistant 2.6.4.0.0 - Linux
    WFCA version: WorkflowCA.java 26.106 29/06/2005-04:33
    WorkflowCA:
    WorkflowCA: Configuration of current workflow...
    WorkflowCA: Kills Feb 16 21:08:57 GMT + 05:30 2010
    WorkflowCA:
    WorkflowCA: Screen-1024, height-768 screen width-
    WorkflowCA:
    WorkflowCA: Graphical User Interface Mode
    WorkflowCA:
    WorkflowCA:
    WorkflowCA: Start to test the connection, which takes less than 3 minutes.
    WorkflowCA:
    WorkflowCA: Test for SYS account login
    WorkflowCA: [SYS] ORA-01017: name of user and password invalid. connection refused

    WorkflowCA: Unable to connect to jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=abc.d.com)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=PROD)))
    java.lang.Exception: invalid connection
    at oracle.apps.fnd.wf.install.db.WorkflowCA.createJDBCConnection(WorkflowCA.java:4806)
    at oracle.apps.fnd.wf.install.db.WorkflowCA.createSYSConnection(WorkflowCA.java:4902)
    at oracle.apps.fnd.wf.install.db.WorkflowCA.schemaCreation(WorkflowCA.java:1039)
    at oracle.apps.fnd.wf.install.db.WfFrame.actionPerformed(WfFrame.java:2051)
    at oracle.ewt.button.PushButton.processActionEvent (unknown Source)
    at oracle.ewt.lwAWT.LWButton.processActionEvent (unknown Source)
    at oracle.ewt.button.PushButton.processEventImpl (unknown Source)
    at oracle.ewt.lwAWT.LWComponent.redispatchEvent (unknown Source)
    at oracle.ewt.lwAWT.LWComponent.processEvent (unknown Source)
    at oracle.ewt.button.PushButton.activate (unknown Source)
    at oracle.ewt.lwAWT.AbstractButton.processMouseReleased (unknown Source)
    at oracle.ewt.lwAWT.AbstractButton.processMouseEvent (unknown Source)
    at java.awt.Component.processEvent(Component.java:5266)
    at java.awt.Container.processEvent(Container.java:1966)
    at oracle.ewt.lwAWT.LWComponent.processEventImpl (unknown Source)
    at oracle.ewt.button.PushButton.processEventImpl (unknown Source)
    at oracle.ewt.lwAWT.LWComponent.redispatchEvent (unknown Source)
    at oracle.ewt.lwAWT.LWComponent.processEvent (unknown Source)
    at java.awt.Component.dispatchEventImpl(Component.java:3968)
    at java.awt.Container.dispatchEventImpl(Container.java:2024)
    at java.awt.Component.dispatchEvent(Component.java:3803)
    at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4212)
    at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3892)
    at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3822)
    at java.awt.Container.dispatchEventImpl(Container.java:2010)
    at java.awt.Window.dispatchEventImpl(Window.java:1778)
    at java.awt.Component.dispatchEvent(Component.java:3803)
    at java.awt.EventQueue.dispatchEvent(EventQueue.java:463)
    at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
    at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)
    WorkflowCA: Kills Feb 16 21:09:19 GMT + 05:30 2010
    WorkflowCA: java.lang.Exception: invalid connection (0)
    WorkflowCA: end...

    The respect of
    Rerry

    Hello

    OH, / as sysdba dba using password file

    How to check is there any file password and where?

    already mentioned in document valid

    $ls - ltr $ORACLE_HOME/dbs/orpw *.

    After the release

    Please check and come back.

    Concerning

  • Grant to the user API

    Hi team

    someone can tell me how we can grant API Oracle user, really appreciate help.

    Kind regards
    Mahesh

    Mahesh,

    Are you talking about [url http://docs.oracle.com/cd/E23943_01/portal.1111/e10238/pdg_cm_intro.htm#POBLD478] 9.3 providing access to APIs and Secure views?

    In this case, you can use provsyns.sql. Note that the instructions to get the portal password apply to the 10g only. If you want to get on 11g, use the instructions in the Note [url https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=843978.1] 843978.1, "How to recover the portal schema Portal 11g password?".

    Thank you
    EJ

  • Can I connect to SQL * more as SYS after connecting as a user and then run a GRANT?

    Oracle 11 g 2

    Linux RHEL 6.3

    SQL * Plus 11.2.0.2 on Windows 7

    ------------------------------------------------

    I am running a script SQL through SQL * more connected as "DOE, JOHN".

    In the SQL script, I need to connect as SYS to make a GRANT EXECUTE on a SYS package (e.g. GRANT EXECUTE ON DBMS_CRYPTO to JOHN;).

    But it fails with the following error:


    GRANT EXECUTE ON TO JOHN DBMS_CRYPTO
    *
    ERROR on line 1:
    ORA-01917: user or role 'JOHN' does not exist

    But of course, 'JOHN' are.  The rest of the SQL script is running "DOE, JOHN" without any problem.

    The code segment of SQL script in question is:

    connect sys/password as sysdba
    GRANT EXECUTE ON DBMS_CRYPTO TO ROYSECITYDATA;  <-fails here
    to connect/DOE

    Please advise on what my being the issue.

    tx103108 wrote:

    I connect to a remote database.  All dbs distance have the same instance name as they are all images.  I see where you're going (I think).  Should I try

    I'll try to connect sys/password@MYDB

    Sounds like a plan... (the instance_name returned with what you expected? or something else?)

  • Roles really simplify the management of users?

    I am trying to establish a role where I can add users to become members of the role to execute select statements on another scheme of.

    I cut the code to generate the "Grant Select on table_xxx to < new_role >" and run it. The 1600 various odd given that all appear on the new role. I give membership to a user of vanilla with nothing except create session to this role. And the user can select count (*) by means of a simple test.

    However, if I directly grant the same access to a table, the user can make a selection in the schema? What gives.

    Can you please explain what is happening here or help with what I'm missing here. See you soon.


    PS: If the granting of 1600 odd selects (for each of the objects) for EACH user is the answer, why anyone would use roles? Still reeling from the discovery that after 11 iteration of Oracle, there are still NO grant select on < schema > < user >.

    You need to activate your role before you start using it.
    Run this query and check:
    Select * from session_roles;

    If the output of the above query is 'no rows selected', this means that you don't have any active role.

    You have two options in this case:
    (1) role play OR
    (2) Alter user role default all;

  • Why the SYS is granted the HS_ADMIN_ROLE?

    Strangely enough, in my system, SYS is the only user granted the HS_ADMIN_ROLE.

    Is this necessary? If I revoke the role of SYS, it will make a difference?

    All roles are automatically given to SYS SYS is owner of all roles.

    Better not follow you the advice of Dinesh Maroo.

    ---------
    Sybrand Bakker
    Senior Oracle DBA

  • System to grant to the user of the application views

    Hi all

    11.2.0.1

    Batch process Tha night encounter problem blocking where their generations report affected and delayed.

    I give this command operators, so that they will kill or stop the process that keeps the lock:

    SELECT TO_CHAR ("sysdate, ' HH24:MI:SS of MON-DD-YYYY"). ' The user '. S1. UserName | | » @'|| S1.machine | | "(SID = ' | s1.sid |)

    ') with the statement: ' | sqlt2.sql_text | |' if it blocks the SQL statement ' | S2. UserName | | » @'|| S2.machine |

    ' (SID ='|) S2.SID | |') Blocked-> SQL ' | sqlt1.sql_text AS blocking_status

    GV $ lock l1, Gv$ session s1, Gv$ lock Gv$ session s2, l2, Gv$ sqlt2, Gv sql $ sql sqlt1

    WHERE s1.sid = l1.sid

    AND s2.sid = l2.sid

    AND sqlt1.sql_id = s2.sql_id

    AND sqlt2.sql_id = s1.prev_sql_id

    AND l1. BLOCK = 1

    AND l2.request > 0

    AND l1.id1 = l2.id1

    AND l2.id2 = l2.id2;

    But this needs system views and you can not run the app user ID.

    On the security audit decision or without having violated, what I have to grant select to all system views accessed by this script to the user of the application, then create synonyms it 1 by 1?

    Or is it a one-time grant for all views of the system? So I is not need to type a plus creating synonyms so that I can't miss any?



    Thank you

    Petra k.

    f55237a7-2c38-4DB3-a7a3-1d77256f0730 wrote:

    Hi all

    11.2.0.1

    Process batch Tha night meets lock problem where their generations report interrupted.

    I give this command operators, so that they will kill or stop the process that keeps the lock:

    SELECT TO_CHAR ("sysdate, ' HH24:MI:SS of MON-DD-YYYY"). ' The user '. S1. UserName | | » @'|| S1.machine | | "(SID = ' | s1.sid |)

    ') with the statement: ' | sqlt2.sql_text | |' if it blocks the SQL statement ' | S2. UserName | | » @'|| S2.machine |

    ' (SID ='|) S2.SID | |') blocked SQL-> ' | sqlt1.sql_text AS blocking_status

    GV $ lock l1, Gv$ session s1, Gv$ lock Gv$ session s2, l2, Gv$ sqlt2, Gv sql $ sql sqlt1

    WHERE s1.sid = l1.sid

    AND s2.sid = l2.sid

    AND sqlt1.sql_id = s2.sql_id

    AND sqlt2.sql_id = s1.prev_sql_id

    AND l1. BLOCK = 1

    AND l2.request > 0

    AND l1.id1 = l2.id1

    AND l2.id2 = l2.id2;

    But this needs system views and you can not run the app user ID.

    In view of the security check or without having violated, what I give select all system views accessed by this script to the user of the application, and then create the names it 1 by 1?

    Or is it a one-time grant for all views of the system? So I no need to type one by one so that I can't miss any?

    Thank you

    Petra k.

    While approach posted will work subsequently, it's like making three left turns around the block;

    instead of making a single term of law.

    Place the SQL desired in a procedure (FIND_LOCKER) owned by the extremely privileged schema; then do as below

    GRANT EXECUTE ON FIND_LOCKER TO OPERATOR_USER;

  • Political DAP to check the domain name for MAC OS users!

    Hi all

    How can we configure DAP for Mac OS users, to allow access by the validation of the configuration of the domain name in the MacOS?

    I was able able to configure the same for Windows users by using the domain name 'Register' value in the DAP. However, as MacOS do not have to 'Register', I'm trying to find a solution on how would be the authorized user by looking at the entrance to domain somewhere in the MacOS.

    I heartily thank you &.

    Ameya diabate

    Registry check Looking for a registry key (Microsoft Windows only)
    File check Verification of a file
    Verification of the BONE Check the operating system
    Verification of certificate Verification of a certificate (Microsoft Windows only)
    IP address control Check the IP address of the interface

  • How to hide users (roles and organization) list from a user in IOM

    Hello

    Admin (xelsysadm) has created a user to IOM. Now, if this user is connected to the IOM Self Service (http:// < url > / identity), he can see other users in his organization, as well as the list of roles, role categories, organizations, etc. I have an obligation to hide all links in the administration of the end-user. At present, it has the role of "All Users" and has no admin role, but can see all these links administration. What should I do to hide these links to the end-user? Should we delete the role of "All Users", or assign another role, or do something in law, or in the access policy?

    Thank you.

    You can write EL condition on visible (or display the component property) Administration menu item: #{oimcontext.currentUser.roles ['SYSTEM ADMINISTRATORS']! = null}

    Visit this link on the writing of EL http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#BABHBFGH

  • You can get the roles, but you can get the user's role

    You can display or hide items dependant on the roles of the logged in user is affected too.

    I know you can do this for the menu using menu.json

    'visible': true,

    'applyIf': {}

    'userHasRoles': ['administrators']

    But what about other elements inside the app. Is there a way to get the roles for the logged-on user.

    Is this lack as a feature or am I missing some pieces.

    Hey,.

    Not at the moment.

    Talked to the BC guys on this subject with some stuff from varius, they understand the need. Don't know when things will be implemented for us, they're looking to Admin tags or API options etc. for this and a few other bits.

  • How to grant resources for users of table

    Hello

    Security of the ADF, I did it in my application. I created two users and assigned to the newly created application role 'xxx-employees '.

    I got my pages to the application role 'xxx-employees '.

    If I run my application, using new users I can connect because it works very well.

    But, I created SQLAuthenticator and I changed the sql code as per my request.

    Now, I should clarify one thing, how can I assign this list of users to the existing application role that created at the application level.

    Thank you very much in advance,
    SAN

    Hello

    your database roles are the roles of the user enterprise. So in your application, you have defined a mapping between application roles and the user company roles. If the user enterprise roles are the same as that returned by the table, then that's how it works

    Frank

Maybe you are looking for