define AUTHID
Hi all
I'm using oracle 11.2.0.4
I m using this for the purpose of learning
I have a table in the procedure in a Mark scheme
CREATE TABLE NUMBERS (NUMBER OF N,
NAME VARCHAR2 (30))
CREATE OR REPLACE PROCEDURE INSERT_NUMBERS (P_NUM NUMBER)
DEFINE AUTHID
AS
INSERT A NUMBER VALUES(P_NUM,USER);
END;
SQL > GRANT EXECUTE ON INSERT_NUMBERS to PUBLIC;
Grant succeeded
--------------------------------------------------------------------------------------------------------------------------
I have a different schema, chris
where I am trying to run the brand procedure
SQL > EXEC MARK. INSERT_NUMBERS (12345);
start the BRAND. INSERT_NUMBERS (12345); end;
ORA-06550: line 2, column 12:
PLS-00905: MARK object. INSERT_NUMBERS is not valid
ORA-06550: line 2, column 7:
PL/SQL: Statement ignored
Please help me why this error is coming
Thanks and respect.
Guylaine
Your procedure is not valid. You can find that by questioning the USER/ALL/DBA_OBJECTS. You missed the BEGIN keyword!
CREATE OR REPLACE PROCEDURE INSERT_NUMBERS (P_NUM NUMBER)
DEFINE AUTHID
AS
BEGIN
INSERT A NUMBER VALUES(P_NUM,USER);
END;
Also, avoid using words of reserve/keys to Oracle.
Tags: Database
Similar Questions
-
Useless DEFINE AUTHID clause of the procedures that contain privs SYSTEM right?
Hello
I'm 11 GR 2. I have a user DB OPER I want to allow the creation of other users, so I did the following:
1 / create a procedure as SYSTEM containing some EXECUTE IMMEDIATE instructions for the creation of a
user etc., procedure I did with the option DEFINE AUTHID.
2 / I granted EXECUTE on this procedure to the OPER
3 / then connected under OPER and tried
SQL > exec crea_user ('name')
and received an "ORA-01031: insufficient privileges".
I tried also directly grant the privilege to CREATE a USER to OPER, but it still doesn't work! -. In any case
It is not my goal, of course - I don't want OPER to be able to create any user, I just want to allow
it run/use my procedure AUTHID DEFINE manufactured CREA_USER...
Obviously for this kind of requirement it not there no solution is?
Thank you very much.
Kind regards
SEB
Yes, there is a solution.
Stop creating things under SYSTEM.
SQL> create user oper identified by oper; User created. SQL> grant create session to oper; Grant succeeded. SQL> create user u1 identified by u1; User created. SQL> grant create session, create procedure, create user to u1; Grant succeeded. SQL> conn u1/u1 Connected. SQL> create procedure t(x in varchar2) as 2 begin 3 execute immediate 'create user ' || x || ' identified by ' || x; 4 end; 5 / Procedure created. SQL> grant execute on t to oper; Grant succeeded. SQL> conn oper/oper Connected. SQL> exec u1.t('FOO'); PL/SQL procedure successfully completed. SQL> conn foo/FOO ERROR: ORA-01045: user FOO lacks CREATE SESSION privilege; logon denied
Yes, foo could not open a session because of any privilege, but the user was created successfully.
-
PL/SQL function to calculate the non-working days
Hello
I have the following pl/sql function which generates a number of days between two selected dates (i.e. excluding weekends). However, I also need to exclude specific holidays - day of Christmas etc. These holiday dates are stored in a table in our database (11 GR 2) called "HOLIDAY".
How can I integrate the holidays which is held in the table of holidays in the following query to exclude these dates as well? I know how to write a separate funtion pl/sql for a number of days between two dates using SELECT... BUT I can't work out how to bring together them in a single query.
Could someone show me how with the pl/sql / dates below please?
Example of HOLIDAY table below.
Thank you!
TP
create or replace function WORKING_DAYS (pi_start_date in date, pi_end_date in date) return integer is v_start_date date :=pi_start_date; v_end_date date:=pi_end_date; v_count integer:=0; begin while v_start_date <= v_end_date loop if to_char(v_start_date,'D') not in ('6','7') then v_count := v_count+1; end if; v_start_date:=v_start_date+1; end loop; return v_count; end;
(select '10-Apr-2013' as NWD from dual union all select '06-May-2013' from dual union all select '27-May-2013' from dual union all select '26-Aug-2013' from dual union all select '26-Dec-2013' from dual union all select '25-Dec-2013' from dual union all select '01-Jan-2014' from dual union all select '18-Apr-2014' from dual union all select '21-Apr-2014' from dual union all select '05-May-2014' from dual union all select '26-May-2014' from dual union all select '25-Aug-2014' from dual union all select '25-Dec-2014' from dual union all select '26-Dec-2014' from dual) HOLIDAYS
Hello
the link is on MOSC, not OTN... Here's a copy:
This function calculates the number of days between two dates, ignoring weekends and holidays (if requested and if the holidays are stored in a table)
I give an example of table 'public_holiday' with sample data, but users must ensure that their table contains the relevant data (all holidays within the maximum range of use of the service)
CREATE TABLE public_holiday (calendar_day, DATE, text VARCHAR2 (30));
FUNCTION to CREATE or REPLACE nb_days (p_date_from IN DATE
p_date_to DATE by DEFAULT TRUNC (sysdate)
, p_public_holidays in CHAR DEFAULT 'Y '.
) RETURN NUMBER
DEFINE AUTHID
AS
/*********************************************************************/
/ * Author: Bruno Vroman * /.
/ * Created: 23-AUG-2012 * /.
/ * Last updated: 23-AUG-2012 * /.
/ * Object: to calculate the number of days between 2 dates, to the exclusion of * /.
/ * Saturday and Sunday, but also "holidays" If the * /.
/ * argument 'p_public_holidays' = 'Y ' * /.
/ * Support: p_date_from<= p_date_to ="">=>
/ * component ' hour min dry "ignored (just counting days) * /.
/* First step: */
/ * the calendar days between 2 days * /.
/ Remove 2 days for each "week" and 0 or 1 extra day * /.
/ * function to a condition "complex" mix day of first week * /.
/ * and the number of days when full remaining weeks are removed * /.
/ * (set up once for all, for example if there is 3 days and the * /)
(/ * first day is a Thursday, there is 1 "Sat/Sun" to subtract) * /.
/ * Second step: If 'p_public_holidays' = 'Y': other * /.
/ * days, do not count holidays. */
/ Holiday everyday are defined in a table "public_holiday" * /.
/ * Note: there may be holidays defined on Saturday/Sunday. */
/*********************************************************************/
l_result NUMBER;
l_from DATE;
l_to DATE;
l_case tank (4);
BEGIN
l_from: = TRUNC (p_date_from);
l_to: = TRUNC (p_date_to);
l_case: = TO_CHAR (l_from, 'Dy', 'NLS_DATE_LANGUAGE = English').
To_char (MOD (l_to - l_from + 1, 7));
l_result: = l_to - l_from + 1
-TRUNC ((l_to-l_from + 1) / 7) * 2
-CASE
WHEN l_case IN ('Mon6', 'Tue5', 'Wed4', 'Thu3', 'Fri2'
, "Sat1", "Sun1", "Sun2', 'Sun3", "Sun4".
, "Sun5', 'Sun6.
)
THEN 1
WHEN l_case IN ('Tue6', 'Wed5', 'Wed6', 'Thu4', "Thu5"
, 'Thu6', 'Fri3', 'Fri4', 'Fri5', 'Fri6 '.
, "Sat2", "Sat3', 'Sat4', 'Sat5", "Sat6.
)
THEN 2
0 OTHERWISE
END
;
IF SUPERIOR (p_public_holidays) = "Y".
THEN
SELECT l_result - COUNT (*)
IN l_result
OF public_holiday p
WHERE p.calendar_day > = l_from
AND p.calendar_day<=>=>
AND SUBSTR (TO_CHAR (p.calendar_day
, "Dy".
'NLS_DATE_LANGUAGE = English'
)
, 1, 1 ) != 'S'
;
END IF;
RETURN l_result;
EXCEPTION
WHILE OTHERS
THEN
DBMS_OUTPUT. Put_line (' CTF nb_days (' |))
To_char (p_date_from, "MON-DD-YYYY"). ', ' ||
To_char (p_date_to, "MON-DD-YYYY"). ', ' ||
p_public_holidays | ' ) : ' || SQLERRM
);
LIFT;
END nb_days;
/
REM
REM example:
REM A) fill out the 'public_holidays '.
REM
TRUNCATE TABLE public_holiday;
INSERT INTO public_holiday VALUES (DATE ' 2012-01-01', ' new year (a Sunday)');
INSERT INTO public_holiday VALUES (DATE '' 2012-01-03, "for example");
REM (insert other days...)
COMMIT;
Call the function for some pairs of dates of REM B)
REM nb1: remove only Sat/Sun
REM nb2: also remove holidays
REM
ALTER SESSION SET nls_date_format ='Dy DD-MON-YY';
WITH some_dates AS
(SELECT DATE ' 2011-12-29'd dual FROM
UNION ALL SELECT DATE ' 2012-01-08' FROM dual
UNION ALL SELECT DATE ' 2012-01-10' FROM dual
)
SELECT d1.d 'FROM '.
, d2.d ' to THE '.
, nb_days (d1.d, d2.d, ' don't) nb1
, nb_days (d1.d, d2.d, 'Y') nb2
OF some_dates d1
some_dates d2
WHERE d1.d<=>=>
ORDER BY nb1, nb2, d1.d
;
GO TO NB1 NB2
------------- ------------- ---- ----
Monday, January 8, 12 Monday, January 8, 12 0 0
Friday, December 29, 11 Friday, December 29, 11 1 1
Wednesday, January 10, 12 Wednesday, January 10, 12 1 1
Monday, January 8, 12 Wednesday, January 10, 12 2 2
Friday, December 29, 11 Monday, January 8, 12 7 6
Friday, December 29, 11 Wednesday, January 10, 12 9 8
Hope that this could be useful, but note that this code has not been completely tested, so check and test before you trust it (in the case of any questions, please post a comment)
Bruno Vroman.
Best regards
Bruno
-
insufficient privileges as sys
Can someone explain this situation?
DB version: 11.2.0.4.0
in the scheme of the User1, there is a procedure:
create or replace procedure do_alter_user is begin execute immediate 'alter user hr identified by hr acount unlock'; end;
now, we run the procedure like this
conn / as sysdba exec user1.do_alter_user;
There is an error return
ORA-01031: insufficient privileges
its easy to give the user to alter privilege to User1.
But im running the procedure as SYS?
Thank you.
Update:
When running the steps in a database 11.2.0.2.0 the procedue completes successfully.
its easy to give the user to alter privilege to User1.
But im running the procedure as SYS?
Caution - it is important to be VERY precise in the terms / words that you use.
You say you 'perform the procedure as SYS' but most likely, you mean that the SYS user is to PERFORM the procedure, which is owned by USER1.
The procedure is a defect, the DEFINER rights procedure so it runs with the privileges of USER1, not SYS privileges.
See "how the work of roles in PL/SQL blocks" in the doc of database security
http://docs.Oracle.com/CD/B28359_01/network.111/B28531/authorization.htm#i1007304
See 'Rights of appellant to help' or define (AUTHID Clause) in the doc of the PL/SQL language
http://docs.Oracle.com/CD/B28359_01/AppDev.111/b28370/subprograms.htm#LNPLS00809
For units stored PL/SQL that you create or change with the following statements, you can use the optional parameter
AUTHID
clause to specify eitherCURRENT_USER
orDEFINER
. The default value isDEFINER
. -
Spend multiple values with parameter of stored procedure
CREATE TABLE VTEST_INSERT)
NUMBER OF MY_ID,
COLUMN1 VARCHAR2 (50)
);
-SELECT * FROM VTEST_INSERT;
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (1, 'TEST1');
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (2, "TEST2");
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (3, "TEST3");
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (4, "TEST4");
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (5, 'TEST5');
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (1, "TEST6");
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (2, 'TEST7');
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (3, "TEST8");
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (4, 'TEST9');
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (5, "TEST10");
CREATE OR REPLACE
PROCEDURE VTEST_INSERT_SP (vid in VARCHAR2, vname IN VARCHAR2)
AS
BEGIN
DELETE FROM VTEST_INSERT WHERE MY_ID IN (vid);
INSERT INTO VTEST_INSERT (MY_ID, COLUMN1) VALUES (vid, vname);
END;
/
EXEC VTEST_INSERT_SP(1,'TEST999');
This set works well above. But I want to be able to pass multiple values VNAME. so, something like:
EXEC VTEST_INSERT_SP(1,'TEST999','TEST888','TEST777');
any help is appreciated. Thank you.
This would make many inserts each with the same vid and values of different VNAME.
Try something like this
- SET SQLBLANKLINES
- ALTER SESSION SET PLSQL_WARNINGS = ' ENABLE: ALL ';
- DROP TABLE vtest_insert;
- CREATE TABLE vtest_insert (vid NUMBER, vname VARCHAR2 (20));
- INSERT ALL
- IN vtest_insert (vid, vname) VALUES (1, "yyyy")
- IN vtest_insert (vid, vname) VALUES (1, "bb")
- IN vtest_insert (vid, vname) VALUES (1, "cccccc")
- IN vtest_insert (vid, vname) VALUES (2, "ddd")
- IN vtest_insert (vid, vname) VALUES (2, 'ee')
- SELECT * FROM .dual 'PUBLIC '.
- SELECT * FROM vtest_insert;
- CREATE or REPLACE TYPE vnames_tab_ty IS TABLE OF VARCHAR2 (20)
- /
- DISPLAY ERRORS;
- CREATE OR REPLACE PROCEDURE vtest_insert_sp
- (
- p_vid IN vtest_insert.vid%TYPE,
- p_vnames IN vnames_tab_ty
- )
- DEFINE AUTHID
- IS
- BEGIN
- DELETE FROM vtest_insert WHERE the vid = p_vid;
- FORALL idx IN p_vnames. FIRST... p_vnames. LAST
- INSERT INTO vtest_insert (vid, vname) VALUES (p_vid, p_vnames (idx));
- END vtest_insert_sp;
- /
- DISPLAY ERRORS;
> - DECLARE
- Vnam vnames_tab_ty;
- vid vtest_insert.vid%TYPE.
- BEGIN
- BK.vid: = 1;
- BK.vnames: is vnames_tab_ty ('vn-01', 'vn-02', 'vn-03');.
- vtest_insert_sp (p_vid-online bk.vid, p_vnames-online bk.vnames).
- COMMIT;
- BK.vid: = 2;
- BK.vnames: is vnames_tab_ty ('vn-04', 'vn-05', 'vn-06', 'vn-07');.
- vtest_insert_sp (p_vid-online bk.vid, p_vnames-online bk.vnames).
- COMMIT;
- END;
- /
- SELECT * FROM vtest_insert;
Which produces the following output
Table created.
5 rows created.
VNAME VID
---------- --------------------
1-aaaa
1 bb
1 cccccc
2 ddd
2 EA
Type of creation.
No errors.
Created procedure.
No errors.
PL/SQL procedure successfully completed.
VNAME VID
---------- --------------------
1 VL-01
1 VL-02
1 VL-03
2 vn-04
2 vn-05
2 vn-06
2 vn-07
7 selected lines.
SQL >
Kind regards
Dariyoosh
-
Why the DR unit does not trigger schema when it is called remotely?
Hi all
I have a question about the triggers of oracle schema and I would be grateful if you could kindly give me a helping hand.
Oracle version: 11 GR 2 (11 g Enterprise Edition Release 11.2.0.1.0 - 64 bit)
OS: Linux Fedora Core 17 (X86_64)
I was reading the online documentation on schema triggers where oracle says:
Assume that users user1 and user2 own schema triggers and user1 invokes a DR unit owned by user2. Inside the DR unit, User2 is the current user. Therefore, If the DR unit triggers the triggering event of a trigger schema that User2 owns, while the trigger is activated.
I wanted to see this behavior in practice, so I made the following test case:
-There are two schemas:
- testuser where I create a procedure with AUTHID DEFINE (a unit of the Dr. therfore) named createTab. This procedure takes a table name as a parameter and if no table with this name exists already in the testuser schema, it will create a new table with the same name with a single column of type NUMBER (well, it's just an example to this issue, in practice I never create my tables this way)
- training is therefore another scheme to which we grant the privilege EXECUTE on the above mentioned procedure createTab so that it may be possible to create tables on schema testuser by calling the remote procedure.
The idea behind the test is to create a schema for testusertrigger, so that whenever he is, for example, a creation of the table, a message is inserted into a table of newspaper (just an example to show proof that trigger the diagram has been drawn on the table creation event). Now assuming I admit the EXECUTE privilege on the procedure of createTab for the trainingscheme, then any creation of the remote table must trigger the schema trigger, because according to the documentation inside the unit of the DR, the user is not considered appellant user (= training) but actually the owner (= testuser) that created the trigger and procedure.
The problem is that I cannot see it in my test. Therefore I will write here my test case so that you can have a look at it and to indicate where I did wrong, and what I misunderstood in the documentation.
So here's what I created on the schema testuser
Code SET SQLBLANKLINES
ALTER SESSION SET PLSQL_WARNINGS = ' ENABLE: ALL ';
SET SERVEROUTPUT ON;
-A table of newspaper in which the schema trigger inserts messages
-indicating that the schema trigger was triggered (as proof)CREATE TABLE tablog (logMsg VARCHAR2 (100));
-Here is the procedure that updates the above defined log table (tablog)
-This procedure (autonomous transaction) is called by the schema trigger
CREATE OR REPLACE PROCEDURE updateLog (p_logMsg IN tablog.logMsg%TYPE)
DEFINE AUTHID
IS
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
INSERT INTO tablog (logMsg) VALUES (p_logMsg);
COMMIT;
END updateLog;
/
DISPLAY ERRORS;
-This is the procedure we use to create tables (which will be called so
-remotely from another schema-> training)
-As stated above, the procedure takes a table
-name as a parameter and creates a table with a single column of type NUMBER-that if no table with this name exists already
CREATE OR REPLACE PROCEDURE createTab
(
p_tabName IN user_tables.table_name%TYPE
)
AUTHID DEFINE - Therefore a unit DR that we explicitly specify AUTHID DEFINE
IS
BEGIN
< < bk > >
DECLARE
tabName user_tables.table_name%TYPE;
BEGIN
-Check to see if a table with the name p_tabName
-already existsT1.table_name SELECT INTO bk.tabName
FROM user_tables t1
WHERE t1.table_name = upper (p_tabName);
EXCEPTION
-No table with this name exists, so we create now
WHEN NO_DATA_FOUND THEN
IMMEDIATELY RUN 'CREATE TABLE ' |
p_tabName | '(NUMÉRO n) ';
END;
END createTab;
/
DISPLAY ERRORS;
- And finally it is the schema for the schema 'testuser '.
-Any appeal of the above mentioned procedure createTab (if the procedure)
-creates a new table) fires the following triggerCREATE OR REPLACE TRIGGER testuser_schema_tr
Before you CREATE on testuser.schema
BEGIN
-Just insert a message into the table of the newspaper showing the evidence
-that our schema trigger wiped of CREATE TABLE
-statementsupdateLog
(
TO_CHAR (sysdate, ' ' MON-DD-YYYY HH24:Mi:ss) |
' ': Schema for testuser trigger pulled.
);
END testuser_schema_tr;
/
DISPLAY ERRORS;
-I grant the privileges required for the formation of the user/schema
-may also be able to remotely run my procedureGRANT EXECUTE ON createTab to training;
GRANT SELECT ON tablog to training;
First, I tested the procedure createTab locally (so be etre connecte connected as drawing testuser , in other words, the owner of the procedure and the relaxation). Everything worked pretty well and created table, that table the journal has been updated by the trigger which showed that in fact after each CREATE TABLE statement, the trigger was activated.
However, when I opened a new SQL * Plus term, this time in being connected as a training scheme, I have observed that, once again, it was possible to create tables on schema testuser remotely, but the log table has been updated no more, which means that the trigger has not wiped CREATE TABLE statements that were issued remotely (by remote createTab procedure call).
Code SQL > EXECUTE testuser.createTab ('tmptab');
PL/SQL procedure successfully completed.
SQL > SELECT * FROM testuser.tablog;
no selected line
SQL > USER to see THE
The USER is 'TRAINING'
SQL >
Any idea? Why unity DR (createTab procedure) does not have the schema trigger, unlike what documents said, when it is called remotely?
Thanks in advance,
Dariyoosh
It works for me on Oracle 11.2.0.3
August 21, 2013 18:10:12: trigger pulled schema
But not on 11.2.0.1
It looks like a bug.
- testuser where I create a procedure with AUTHID DEFINE (a unit of the Dr. therfore) named createTab. This procedure takes a table name as a parameter and if no table with this name exists already in the testuser schema, it will create a new table with the same name with a single column of type NUMBER (well, it's just an example to this issue, in practice I never create my tables this way)
-
A question about ROLLBACK and in stored subprograms unhandled Exceptions
Hello
Oracle version: Enterprise Edition Release 11.2.0.1.0 - 64 bit
OS : Linux Fedora Core 17 (X86_64)
In Chapter 11 of the PL/SQL online, here's what oracle says about The unhandled Exceptions :
If a stored subprogram stops with an unhandled exception, PL/SQL does not restore of database changes made by the subprogramme.
I tried the following code:
code HOST clear;
SET SQLBLANKLINES
ALTER SESSION SET PLSQL_WARNINGS = ' ENABLE: ALL ';
DROP TABLE tmptab;
CREATE TABLE tmptab (n NUMBER);
CREATE or REPLACE PACKAGE pkg1_pkg
DEFINE AUTHID
AS
EXCEPTION MYEXCEPTION.
PRAGMA EXCEPTION_INIT (MYEXCEPTION,-20001);
END;
/
DISPLAY ERRORS;
-It is a subroutine that exists
-with an exception unhandled
CREATE OR REPLACE PROCEDURE mytestProc
DEFINE AUTHID
IS
BEGIN
INSERT INTO tmptab (n) VALUES (100);
-Unhandled exception does a ROLLBACK
-which annuls the previous INSERT statementRAISE pkg1_pkg. MYEXCEPTION;
END mytestProc;
/
DISPLAY ERRORS;
BEGIN
mytestProc();
END;
/
SELECT * FROM tmptab;
And here is the result
BEGIN
*
ERROR on line 1:
ORA-20001:
ORA-06512: at "TRAINING. MYTESTPROC', line 6
ORA-06512: at line 2
no selected line
The fact that SELECT * FROM tmptab gives: no selected line indicates that the exception unhandled in the stored routine myTestProc is doing a ROLLBACK for the INSERT statement in the tmptab table.
So I do not understand why in the documentation noted that no ROLLBACK is not done.
Could someone kindly do some clarification on this?
Thanks in advance,
Kind regards
Dariyoosh
Hello
If a stored subprogram exits with an unhandled exception, PL/SQL does not restore changes to the database made by the subprogramme.
What is happening here, it is an anonymous block (which is not stored) stops with an unhandled exception, and who restores the uncommitted transactions.
I created a procedure to see how many lines is in tmptab:
CREATE OR REPLACE PROCEDURE tmptab_cnt (in_txt IN VARCHAR2)
DEFINE AUTHID
AS
n PLS_INTEGER;
BEGIN
SELECT COUNT (*)
N
OF tmptab;dbms_output.put_line (n
|| "lines of tmptab in.
|| in_txt
);
END tmptab_cnt;
/and called it of your procedure with your anonymous block:
CREATE OR REPLACE PROCEDURE mytestProc
DEFINE AUTHID
IS
BEGIN
INSERT INTO tmptab (n) VALUES (100);
tmptab_cnt ("mytestProc");RAISE pkg1_pkg. MYEXCEPTION;
END mytestProc;
/
DISPLAY ERRORS;BEGIN
mytestProc();
EXCEPTION
WHILE OTHERS THEN
tmptab_cnt (anonymous"block" ");
LIFT;
END;
/The result of this is:
...
Created procedure.
No errors.
1 lines in tmptab in mytestProc
1 lines in block anonymous tmptab
BEGIN
*
ERROR on line 1:
ORA-20001:
ORA-06512: at line 6no selected line
As you can see, there is 1 row in the table after that the procedure back to the anonymous block.
Thanks for posting such a complete and clear test script; that really helps.
How put you in the form code, with green background and title?
-
What good is Oracle roles?
Hello all,.
I created a role (sr_project_role) which gives a select multiple tables in A schema.Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production Windows 2008 R2
The sr_project_role was then given to the schema-B.
I am trying to create a view in the diagram B (as schema-B) that refers to a table in A schema. This table has been included in the above sr_project_role.
I get an "ORA-01031: insufficient privileges" error.
If I give you select on the table schema-A directly to the schema B, works to create view statement.
Why the role that I created (sr_project_role) did not provide schema-B the privileges that have been granted to the role?
Thanks for your time,
BobHi, Bob,.
Roles do not count for creating views. If schema_b wants to create a view that references tables of schema_s, then schema_a must give privileges directly to schema_b or to the PUBLIC.
It is the same for the stored procedure with DEFINE AUTHID (which is the default). The reason is related to know when a view (or a strored procedure) becomes invalid. If the privileges granted through roles were allowed, then the system would essentially to detect all the privileges of all lives (and all stored procedures), any time a privilege has been revoked from any role in order to see what was still allowed.
If you think this is confusing and inconvenient, you have company.
-
grant user privileges for the execution of a procedure in a package
Hi all
My need is to grant privileges to User1 to run only a single procedure proc1 in package1.
It is possible at all?
Do I need to grant more privileges if procedure1 calls procedure2?Hello
Marco wrote:
OK, so I can create procedureN off package1 claiming enforcement procedureN package1.proc1 and grant privileges to User1.Is this possible without rights for package1.proc1?
Yes, it is possible. If user_x has EXECUTE privileges on procedureN procedureN has DEFINE AUTHID (which is the default), then user_x doesn't have privileges on the packaging or the tables used in procedureN.
-
Procedure call to different users
HelloW to all,
I have three database users
1 USER1
2 USER2
3 USER3
I created a procedure to User1
Now, I want to use this same process in the User2 and user3 without created in these users.
is there a way to do this?
Any help will be appreciated...Hervé wrote:
It is the use of tables of sml users...
I want to use the tables of the bus user...The procedure declared to the SML schema must be created in the procedure of the appellant's rights. It's
AUTHID CURRENT_USER
Unlike the default
DEFINE AUTHIDRead all about it
http://download.Oracle.com/docs/CD/E11882_01/AppDev.112/e25519/subprograms.htm#LNPLS682Concerning
Peter -
newbie question: sql runs under sqlplus but does not compile in pl/sql?
I have the following two tables, I have a SQL in pl/sql packages so I can use dbms_jobs to automate it however, I get the compile time error. It seems to me that pl/sql dislikes my sql that works well in sqlplus. Here is the error message and my test case?
mdb_user@cmd > view the error
PACKAGE BODY DATA_QUALITY_REPORT_P errors:
LINE/COL ERROR
-------- -----------------------------------------------------------------
10/1 PL/SQL: statement ignored
13/42 PL/SQL: ORA-00942: table or view does not exist
create the table S_ORG_EXT
(
accnt_type_cd varchar2 (100),
cust_stat_cd varchar2 (100)
)
/
insert into s_org_ext
Select column_name, data_type for user_tab_columns where rownum < = 100
/
Select * from s_org_ext
/
create the table data_quality_report
(
RunId number not null,
report_type number of non-null, - type of report as dup dup or not other measures
org_level number not null, - organization level nsgn, sgn, shipto
loc_level number of non-null, - local level by city, by country, by region, grand_total
name varchar2 (100) not null,-the line output of the tot name.
Value number not null, - line value of the tot.
rundate date default sysdate
)
/
create sequence data_quality_report_seq with 1000
INCREMENT BY 1
NOCACHE
NOCYCLE
/
insert into data_quality_report
Select data_quality_report_seq.nextval, 3, 99, 99, accnt_type_cd, cnt, sysdate from
(
Select accnt_type_cd, count cnt (*) of S_ORG_EXT where cust_stat_cd = 'VARCHAR2' group by accnt_type_cd by 2 desc order
)
/
Select * from data_quality_report
/
truncate table data_quality_report
CREATE or replace PACKAGE data_quality_report_p AS
function pull_data return data_quality_report.runid%type;
END data_quality_report_p;
/
create or replace package body data_quality_report_p as
function pull_data return data_quality_report.runid%type is
new_rid data_quality_report.runid%type;
Start
Select data_quality_report_seq.nextval in the double new_rid;
insert into data_quality_report
Select new_rid, 3, 999999, 999999, accnt_type_cd, cnt, sysdate from
(
Select accnt_type_cd, count cnt (*) of S_ORG_EXT where cust_stat_cd = 'VARCHAR2' group by accnt_type_cd by 2 desc order
);
Return new_rid;
exception
When no_data_found then
DBMS_OUTPUT. Put_line ("NO_DATA_FOUND handles the exception.");
while others then
DBMS_OUTPUT. Put_line ("' handling ANOTHER exception.");
end; -end pull_data
end data_quality_report_p;
/Hello
Sorry, I was not clear about that.
The owner of the package needs direct privileges (not only privileges through a role) to compile the code, whehter it is DEFINE AUTHID or AUTHID CURRENT_USER. Option (3) does not help in this case; my mistake.I usually create packages in the same schema tables they use, which was option (2) in my previous message. There may be good reasons why you can't do that; for example, the package may reference multiple schemas tables. In this case, grant the necessary privileges directly to the owner of the whole.
-
insufficient \n(Assurez-vous
Hello
When I am trying to create a table in a procedure.
I have as long as a user can create the table.
But when I try to create the table through procedure then it says not sufficient privileges.
Why?
I mentioned the 'DEFINE AUTHID' clause
Yet it won't let me create table...He is infamous question of subsidy based on ROLES. Use the VALUE NONE ROLE and then try to create the table. If you can't then you have the grant through ROLE but should you direct privilege.
Re: compile errors -
Variable declaraton Question?
Hello
I am trying to establish a procedure that uses a similar to variable declaration
Table_name.column%type var1
I get an error as shown below when I compile the procedure.
3/3 PL/SQL: statement ignored
4/33 PLS-00201: identifier TABLE_XYZ' must be declared
I can describe the table TABLE_XYZ and can select in the table through SQL Plus.
So, what could be wrong with my statement?
Please notify.
Thank youHello
Roles do not count inside stored procedures with DEFINE AUTHID (which is the default).
To refer to a table in a stored procedure, privileges must be granted directly to the user owner of the procedure, or the pseudo-user PUBLIC. The privileges granted in a role that the author will work orders DESCRIBE, SQL statements outside of PL/SQL and PL/SQL anonymous blocks, but not in strored procedures.
The owner of the table directly you pay all you need of the privileges.
-
Hello
I have Oracle 10 g 2 on windows 2003 server. Here is an example of I have to have for users of oracle:
Suppose I have three oracle users: u1, u2, u3.
I want to create a profile p1 as seen grants only on the DML statements on u1 schema. A different profile p2 have agreed on only the on u1 schema ddl statements.
Now, suppose I concede the P1 profile for u2, u2 can only pull the DML statements in the schema of u1.
Please can anyone suggest how can I implement this?
VinitaSomething like this:
I know that update, insert, and delete are LMD and
create, delete, modify, replace and truncate. (I don't know what fusion is; dml or ddl, I think that its LMD)In the script below, I kept in mind that the tables can be created with quotes such as "Table1" and we cannot grant any privileges for external tables.
onlydmlonscott drop role;
onlyddlonscott drop role;
create the onlydmlonscott role.
create the onlyddlonscott role.
left head;
coil c:\f1.sql
Select ' give an update on ' | owner: '. ' || Chr (34) | object_name | Chr (34): ' to onlydmlonscott;' to
DBA_OBJECTS
where
owner = 'SCOTT '.
and
object_type = 'TABLE '.
and object_name
not in (select table_name from dba_external_tables where owner = 'SCOTT')
Union of all the
Select ' allow delete on ' | owner: '. ' || Chr (34) | object_name | Chr (34): ' to onlydmlonscott;' to
DBA_OBJECTS
where
owner = 'SCOTT '.
and
object_type = 'TABLE '.
and object_name
not in (select table_name from dba_external_tables where owner = 'SCOTT')
Union of all the
Select ' grant insert on ' | owner: '. ' || Chr (34) | object_name | Chr (34): ' to onlydmlonscott;' to
DBA_OBJECTS
where
owner = 'SCOTT '.
and
object_type = 'TABLE '.
and object_name
not in (select table_name from dba_external_tables where owner = 'SCOTT');
spool off;
host edit c:\f1.sql;
@c:\f1.sql;create the user1 user identified by User1;
Grant connect User1;
grant onlydmlonscott User1;
create user user2 identified by user2;
Grant connect to User2.
grant onlyddlonscott to User2;
*******Now for the DOF. I created a procedure in the scott schema:
CREATE OR REPLACE PROCEDURE create_table (sql_string VARCHAR)
DEFINE AUTHID
AS
BEGIN
EXECUTE IMMEDIATE sql_string;
END;
/
GRANT execute ON onlyddlonscott TO create_table;
Source:Create table without the privilege of "CREATE ANY TABLE"In this case User1 can trigger any dml in schema scott, but cannot issue any ddl (by default) in the scott schema, while;
User2 can issue all ddl in the schema scott as "exec scott.create_table ("CREATE TABLE scott.newtab (a number)");", but cannot give any dml for schema scott. User2 can issue all ddl with the help of procedure in the scott schema, above just replace statement 'create table'. Everything works fine at my end (10.2.0.1 on win xp box, I just checked).Concerning
Girish SharmaPublished by: Girish Sharma on March 19, 2010 15:42
A few lines added albums. -
ORA-01031: insufficient privileges when you try to run a proc
I have a procedure called KILL_MY_SESSION that is defined with a value of DEFINE AUTHID
The schema JOHN belonged procedure. The procedure makes several calls to PL/SQL DBMS_SQL package.
The last thing that not with DBMS_SQL proceedings concern an ALTER SYSTEM KILL SESSION statement.
Schema JOHN has privileges to kill a session in the database.
If I log in the scheme of JOHN, I can issue the statement ALTER SYSTEM KILL SESSION successfully.
Also, when you are logged in the scheme of JOHN, I can run the KILL_MY_SESSION procedure.
Now I have the ISTO schema. I got ISTO privileged EXECUTE on the JOHN. Procedure KILL_MY_SESSION.
Since JOHN. KILL_MY_SESSION is a privilege of rights DEFINERs, if RIGHTS shouldn't be able to execute the procedure correctly and kill a session?
This is an output of the session of the ISTO when you try to run JOHN. KILL_MY_SESSION:
SQL > conn oifs@dbname
Enter password: *.
Connected.
SQL > 500 fixed lines
SQL > select username, osuser, sid, serial #.
2 session $ v
3 where username = "OIFS."
USERNAME OSUSER SID SERIAL #.
------------------------------ ------------------------------ ---------- ----------
OIFS administrator 142 325
OIFS administrator 139 613
SQL > exec ('142 ', 325') john.kill_my_session
BEGIN john.kill_my_session ('142 ', 325'); END;
*
ERROR on line 1:
ORA-01031: insufficient privileges
ORA-06512: at "SYS." DBMS_SYS_SQL", line 1204
ORA-06512: at "SYS." DBMS_SQL", line 323
ORA-06512: at "EIADBA. KILL_MY_SESSION', line 20
ORA-06512: at line 1
Someone at - he a clue as to what I'm doing wrong?
View DBA_PROCEDURES, here's the record for KILL_MY_SESSION
OWNER
------------------------------
OBJECT_NAME
--------------------------------------------------------------------------------
OBJECT_TYPE AUTHID
------------------- ------------
JOHN
KILL_MY_SESSION
DEFINE PROCEDUREI mean the privilege of system alter directly, not through roles.
GRANT ALTER SYSTEM TO JOHN;
Please read the articles below, you should restrict the sessions that can be killed, according to what will be your implementation.
It could be useful.
http://asktom.Oracle.com/pls/asktom/f?p=100:11:0:P11_QUESTION_ID:226613885088
http://DBA-Oracle.com/t_granting_alter_system_kill_session.htm
Maybe you are looking for
-
When I try loggin inhttps://appleid.apple.com/ using my apple id, I'm always questioning security displaying the update of your apple id dialog box. because of, I don't remember security questions, this step cannot be passed by me. I'm trying to find
-
I created a shared album on the Photos in my library to iCloud. Now, I want to delete the whole album and we tried all three methods to remove. However impossible to remove this album, although I was able to remove the other albums shared in the past
-
Dear experts, I adopted with written cvi2013 of software, and although I expirience with other development systems, but not with Labview, CVI, I could not solve the problem of linker below: options.c #include "radioGroup.h" / / "custctrl\radioGroup.h
-
Update KB931125 guard installation root certificate. __
I installed this update, but it keeps wanting to be installed again & again & again...
-
Images are not displayed but the cargo space
Images are not displayed on any service. There is no empty box with a red X in the upper left. Any space where the image should be. This includes backgrounds and individual images. Even the buttons to link and change the font on this application