Grant privileges on the index
Hello
I'm looking to try to manage the security of some object on the Oracle DB 12 c, and I came to the objects of the index.
After watching the magical view: V$ OBJECT_PRIVILEGE, I came across the EXECUTE privilege on the index:
Select * from v$ object_privilege where object_type_name = 'INDEX ';
However, after the creation of some index of test, I could not be able to set this privilege on roles and actors, get this error all the time:
SQL error: ORA-04042: procedure, function, package, or package body does not exist
04042 00000 - "procedure, function, package, or package body there is no.
* Cause: Trying to access a procedure, function, package, or package body
It does not exist.
* Action: Make sure that the name is correct.
I'm sure that the name is correct in the index. So, this privilege makes no sense? What is his purpose on this point of view?
Kind regards
David
documentation: https://docs.oracle.com/database/121/DBSEG/authorization.htm#DBSEG99910
On the privileges of the object
A privilege object grants permission to perform a specific action on a specific schema object.
There are privileges different object for different types of schema objects. The privilege to delete rows in the departments
table is an example of a privilege of the object.
Some schema objects, such as clusters, indexes, triggers and database links, do not associate the object privileges. Their use is controlled with access privileges. For example, to change a cluster, a user must own the cluster or have the ALTER
ANY
CLUSTER
system privilege.
On the view v$ object_privilege.
Select * from v$ object_privilege
where object_type_name = 'INDEX ';
OBJECT_TYPE_NAME OBJECT_TYPE_ID PRIVILEGE_ID PRIVILEGE_NAME
32 12 INDEX RUN
The interesting thing here is the ID of the object type.
The object type 1 is an index.
Object type 32 is put in correspondence with an INDEX_TYPE. This privilege is the privilege to execute for a type of index.
Select object_type_name
the system. REPCAT$ _OBJECT_TYPES
where object_type_id = 32;
OBJECT_TYPE_NAME
INDEX TYPE
Tags: Database
Similar Questions
-
find roles that grant privileges to the same owner
I did an impdo and I saw on a lot of these types of errors:ORA-39083: Type than object_grant cannot be created with the object error:
ORA-01749: you cannot GRANT/REVOKE privileges to yourself
Because sql is:
GRANT SELECT ON "SMART." "" SOURCE_SYSTEM_DIMENSION "TO"SMART ".
Smart notice to smart... Can someone give me a SQL that will allow me to generate a file that I can run to eliminate these types of cases.
Notte is should show the operatation in this "select" cases where it has failed.
Thank you all
It looks like a privileged granted user privileges on the tables of smart chip, which is absurd, but legal.
SQL > create an identified by a tablespace default user user
2 unlimited quota on users;
Created by the user.
SQL > grant create table, create a session to one.
Grant succeeded.
SQL > conn a/a.
Connected.
SQL > create table t (ID, descr varchar2 (10));
Table created.
SQL > conn /.
Connected.
SQL > grant select on Abdel to one.
Grant succeeded.
dev1 > select table_name, privilege, constituent, dealer
2 of dba_tab_privs
3 where dealer = "A";
DEALER PRIVILEGE TABLE_NAME GRANTOR
------- ------- --------- ----------
A A T SELECT
dev1 > revoke select on a.t a;
Revoke succeeded.
dev1 > conn a/a.
Connected.
dev1 > grant select on t for one;
Grant select on t for a
*
ERROR on line 1:
ORA-01749: you cannot GRANT/REVOKE privileges to yourself
To reverse the invalid grant, you can use something like this to generate a script:
Select "revoke". privilege: ' on ' | conceding |'. ' ||
table_name |' a ' | dealer | « ; »
of dba_tab_privs
where dealer = constituting;
Or you can use a similar query in an anonymous block, immediate use of execute to execute the revoke command. The user will have full privileges on the objects that they own.
John
-
I like to read
http://www.DBA-Oracle.com/concepts/grant_user_privileges.htm
and there
grant create index
but I thought that it was not this privilege, such as index creation. I tried and got:
ERROR on line 1:
ORA-00990: missing or not valid privilege
So the site is bad?
Thank youOracleguy,
I'm not sure what is the context of the cited site but in the Oracle docs, there is a small reference that says this,
http://download.Oracle.com/docs/CD/B19306_01/server.102/b14231/indexes.htm#sthref2475
>
Creating indexesThis section describes how to create indexes. To create an index in your own schema, one or more of the following conditions must apply:
The table or cluster to be indexed is in your own schema.
You have the privilege of the INDEXES on the table to be indexed.
You have the CREATE ANY INDEX system privilege. >
The irony is that there is no privilege as such who called Index priv. Once you get a create table, you get automatically create index above. As others have mentioned, there is a creation of an index , but this is something totally different.
The answer to the question you asked, there are no such priv, AFAIK.
HTH
Aman... -
Grant privileges on schema objects
Hi all
I need all the privileges of a user on another user, any objects.
I'm not findign exact command to do so.
for example: x has y objects.
z of the user should be able to select, update, delete all objects x.y.
Any help/insight is appreciated. !You must grant privileges on an object-by-object basis.
You can use a bit of dynamic SQL to automate the process (note that I'm only show the process of granting privileges on tables - you can write similar pieces of code to grant privileges on views and other types of objects as well).
BEGIN FOR i IN (SELECT * FROM dba_tables where owner = 'X') LOOP EXECUTE IMMEDIATE 'grant select, update, delete on x.' || i.table_name || ' to z'; END LOOP; END;
If Z has no privileges granted directly, you'd probably better to create a role, granting privileges to the role and then the role to the Z. Which will facilitate in the future if you need to create another user that has the same privileges as Z.
Justin
Published by: Justin Cave on October 15, 2012 11:50
-
Impdp import does not the privileges of the user
Hi guys,.
IM using expdp/impdp to a schema of 11.1 11.2 database, following importation, I realized that some of the packages are not valid... I did some research and discovered that oracle has not granted privileges to the user (such as
GRANT SELECT ON "SYS". "' V_$ SESSTAT ' TO
GRANT SELECT ON "SYS". "' V_$ STATNAME ' TO
GRANT EXECUTE ON "SYS". "" DBMS_AQADM ' TO
is this a normal behavior of the impdp to jump the sys privileges?It's true.
Let me quote documents"Restrictions".
...
Subsidies on belonged to the SYS schema objects are never exported. » -
Privilege for the creation and deletion of the indexes on all the tables/diagrams
Hello
I have a database running on the HPUnix bit ia64 platform. The version of the db is 10.2.0.3
I have a schema named DPYBATCH.
I need grant creation/deleting indexes on all the tables/diagrams.
I know create a clue will solve the purpose of the creation. But I am confused with deleting indexes.
If I give-> GRANT CREATE ANY INDEX OF DPYBATCH, it will not solve the purpose. He will have the privilege to be able to delete/move the index as well?
If this is not the case, what is the privilege to grant to delete/move the index. Please let me know!
Thank you!You must use DROP ALL INDEX: http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_8015.htm#i2066885.
-
grant user privileges for the execution of a procedure in a package
Hi all
My need is to grant privileges to User1 to run only a single procedure proc1 in package1.
It is possible at all?
Do I need to grant more privileges if procedure1 calls procedure2?Hello
Marco wrote:
OK, so I can create procedureN off package1 claiming enforcement procedureN package1.proc1 and grant privileges to User1.Is this possible without rights for package1.proc1?
Yes, it is possible. If user_x has EXECUTE privileges on procedureN procedureN has DEFINE AUTHID (which is the default), then user_x doesn't have privileges on the packaging or the tables used in procedureN.
-
Hello gurus,
I have about 25 tables in the ABC scheme
I want to give all privialges to the XYZ schema for all tables of 25 which is in the pattern ABC... So is there is SQL statement or a script, I can run to grant privileges to all tables.
Something similar to these...
SELECT 'create synonym ' || table_name || ' for ' || table_name FROM user_tables {code} So i get all the table names ....then i can run as a script.... U r help is greatly appriciated gurus!!! Thank you!!!
Administrator:
set head off set pages 0 set feed off spool myscript.sql Select 'grant select, insert, update, delete on abc.'||table_name||' to xyz;' from dba_tables where owner = 'ABC'; Select 'create synonym xyz.'||table_name||' for abc.'||table_name||';' from dba_tables where owner = 'ABC'; spool off;
Obviously this does not all new table that will be created in the future on ABC schema...
Max
[My Italian blog Oracle | http://oracleitalia.wordpress.com/2010/02/07/aggiornare-una-tabella-con-listruzione-merge/] -
Creating table in the schema has with the user B and granting permissions to the user C
Hello, I have a problem fun - we have a large table which requires a batch to make millions of updates, and he needs to finish more quickly. It takes several hours as an update, but a select create table did the same thing in about a minute. Yay! Then we just delete the old table and rename the new table to the former, rebuild all the index and grant select/insert/update/delete permissions to another user who needs access... and there is the problem, Oracle said insufficient privs.
We have A figure, which is the owner of the table, userid B who done all the stuff of application batch and userid C which performs inserts for a process of middleware. None of them are actual users, of course. We want that user B to do the ETG, rename, rebuild and re-grant of the authorisation of the index. But user B apparently cannot grant permissions on objects in the schema A to user C, even if B has created the table and has the role DBA (not ideal, I know)!
What's really crazy is that there is no sense unique user b can grant permissions to user C, which is to:
grant select any table USER c;
grant insert any table USER c;
grant update any table USER c;
Grant delete any table USER c;
It seems really perverse can create tables in diagram A and even grant C privs "whole table" that user B, but may not grant privs specifically on this object in the schema A, even with DBA privs. I must be missing something... right?Yes. By default, the stored procedures are stored procedures from DEFINER rights. If A is the owner of a stored procedure, this stored procedure can do whatever A enjoys the privileges to directly. If A grants B privileges RUN this stored procedure, when B calls the stored procedure, the procedure runs with the privileges.
I agree point stew, however, re-creating objects in Oracle is generally a bad idea and a TRUNCATE with one insert direct-path, possibly combined with the deactivation and the rebuilding of the index would be more appropriate than a DEC. If you're going to stick with this Assignment, however, that really do in a stored procedure owned by A while B has no need to CREATE ANY TABLE.
Justin
-
grant opt, on the question
Hi Hussein;
I hope you don't think I'm dupm with this quesiton. I need to improve myself on this issue.
I created a schema that does not have anythink inside as the index of table etc. and I want to give all the permits (such as create, move, select) to the user apps. How can I do?
1. I create tablespace:
CREATE TABLESPACE TESTDATAFILE
' / TEST/testdata/TEST_d01.dbf' 100M AUTOEXTEND SIZE LARGE
LOGGING
ONLINE
PERMANENT
MANAGEMENT UNIFORM LOCAL 128K SIZE MEASURE
8K BLOCKSIZE
SEGMENT SPACE MANAGEMENT AUTO
FLASHBACK
2 Creata index:
CREATE TABLESPACE DATAFILE TEST_INDEX
'TEST/testdata/TEST_i01.dbf' SIZE 100M AUTOEXTEND OFF
LOGGING
ONLINE
PERMANENT
MANAGEMENT UNIFORM LOCAL 128K SIZE MEASURE
8K BLOCKSIZE
SEGMENT SPACE MANAGEMENT AUTO
FLASHBACK
3. create the user and give the grant
CREATE THE TEST USER
IDENTIFIED BY TEST
TEST DEFAULT TABLESPACE
TEMPORARY TEMP TABLESPACE
DEFAULT PROFILE
RELEASE OF ACCOUNT;
GRANT CONNECT TO THE TEST;
ALTER USER TESTDEFAULT ROLE;
GRANT CREATE VIEW TO TEST;
GRANT CREATE TABLE TEST;
GRANT CREATE SESSION TEST;
GRANT CREATE SYNONYM TO TEST;
GRANT CREATE TRIGGER TO TEST;
GRANT CREATE SEQUENCE OF TEST.
GRANT CREATE TEST PROCEDURE;
GRANT CREATE A TEST PUBLIC SYNONYM;
ALTER USER TESTQUOTA UNLIMITED ON TEST;
ALTER USER TESTQUOTA UNLIMITED ON TEST_INDEX.
Now, I want to give all the permissions the user to apps on schema TEST... How can I do?
Thank youHello
Please visit the following links.
Note: 166247.1 - Impossible to grant privileges of all the schema customized for APPS
GRANT
http://download.Oracle.com/docs/CD/B19306_01/server.102/b14200/statements_9013.htm#SQLRF01603Kind regards
Hussein -
Grant select on the object a.a to user b to user test
Hello
I am logged in as user test.
I would like to issue the following grant.
grant select on a.a to user b;
Unfortunately, this does not work with the test user. But it works with SYS. What permissions are required for the declaration works as a test.
Best regards
Stone
Documentation, https://docs.oracle.com/cd/E11882_01/server.112/e41084/statements_9013.htm#SQLRF01603
Prerequisites
To grant a privilege to system, one of the following conditions must be met:
- You must have obtained the
GRANT
ANY
PRIVILEGE
system privilege. In this case, if you grant the system privilege to a role, then a user who has been granted the role doesn't have the privilege unless the role is enabled in the user's session. - You must have been granted the privilege of system with the
ADMIN
OPTION
. In this case, if you grant the system privilege to a role, then a user who has been granted the role has the privilege without worrying if the role is enabled in the user's session.
To grant a role, you must either got the role with the
ADMIN
OPTION
or have received theGRANT
ANY
ROLE
privilege system, or you must have already created the role.To grant a privilege object, you must have the object, or the owner of the object must have a permission you privileges of the object with the
GRANT
OPTION
, or you must have obtained theGRANT
ANY
OBJECT
PRIVILEGE
system privilege. If you have theGRANT
ANY
OBJECT
PRIVILEGE
, then you can grant the privilege of the object only if the owner of the object could have granted the same privilege of object. In this case, theGRANTOR
column of theDBA_TAB_PRIVS
view displays the owner of the object rather than the user that issued theGRANT
statement. - You must have obtained the
-
How to give the privilege for the task to the role or named users
I am for the first time using dbms_scheduler instead of dbms_job.
We have a situation where multiple users have privilege to run and change / delete a created with dbms_scheduler job.
The job is running and I'm able to administer as a creator/owner there but is not able to grant privileges to other users.
I executed:
-Grant create any job to < user
-Grant manage scheduler < user >
but without success.When reading the documentation is seems it should be possible to grant privilege on work using alter < user > my_job grant but I don't get that ORA-00990: missing or invalid privilege
I tried to use dbms_scheduler.create_job.
What do I have to use dbms_scheduler.create_program?
With the help of 11.2.0.2.0 (linux)
I missed something fundamental?Regards Niclas Eklund
Hi Niclas,
Yes, you can grant the privilege to alter on a job. As pointed Asy, maybe you just forgot the key word WE?
That being said, the privilege of CREATING a TASK also allows you to edit any job. However, this privilege is very powerful, so you should be very careful before you give him.
-
Change the privileges of the user of the operating system in application
HelloOracle Fusion Middleware 11 GR 1 material
WebLogic Server 11 GR 1 material PS4
We have a security problem that we cannot solve. In application the trigger BUTTON WHEN PRESSED, we open the .pdf on remote server using web.show_document documents. We are in need to restrict access to documents only by the application. To explain. The user should not be able to access the file somehow, but by application on the key. For the moment, we are in little trouble, because the user can access the document by using the address bar in the browser or just type the address in the browser. I am aware that this issue has more with OS privileges as any parameter of Oracle. I would like to know is there a way to restrict the privileges of the user at least OS at the OS level and grant access to the user through the Oracle application?
Kind regards
S Pax
If you want to completely on app I see two different ways.
1 put the files on a share on your application server and make them off-limits via http. To view a file, it load to the client through the WEBUTIL_FILETRANSFER.AS_TO_CLIENT of WEBUTIL and display it using CLIENT_HOST.
2 put the files in a database table. To view a file, load it to the customer through the WEBUTIL_FILETRANSFER of WEBUTIL. DB_TO_CLIENT and show it using CLIENT_HOST.
-
Error of insufficient privileges on the creation of model running in a stored procedure
Hello
I get the error of insufficient privileges on execution of the DBMS_DATA_MINING. Script CREATE_MODEL in a stored procedure.
If I run the same DBMS_DATA_MINING. Script CREATE_MODEL in an anonymous block with just begin... end;
I am able to create a model successfully, but if I do the same thing after having stored the script in the stored procedure, it is throwing error of insufficient privileges.
Scripts:
BEGIN
DBMS_DATA_MINING. () CREATE_MODEL
Model_name = > < template name >
mining_function = > dbms_data_mining. CLASSIFICATION,
DATA_TABLE_NAME = > < data table name >
CASE_ID_COLUMN_NAME = > < case ID >
target_column_name = > < target column >
SETTINGS_TABLE_NAME = > < settings table >
DATA_SCHEMA_NAME = > < schema >
SETTINGS_SCHEMA_NAME = > < schema >
);
END;
The foregoing, works very well and created a model with the model given with success.
But if I keep the above, in a stored procedure as - MINING_TESTING
create or replace procedure MINING_TESTING as
BEGIN
DBMS_DATA_MINING. () CREATE_MODEL
Model_name = > < template name >
mining_function = > dbms_data_mining. CLASSIFICATION,
DATA_TABLE_NAME = > < data table name >
CASE_ID_COLUMN_NAME = > < case ID >
target_column_name = > < target column >
SETTINGS_TABLE_NAME = > < settings table >
DATA_SCHEMA_NAME = > < schema >
SETTINGS_SCHEMA_NAME = > < schema >
);
END;
Compiles correctly.
Enforcement - EXEC MINING_TESTING;
Error message throw sufficient privileges.
The error message complete below:
Error report:
ORA-01031: insufficient privileges
ORA-06512: at "SYS." DBMS_DATA_MINING', line 1798
ORA-06512: at "MIS_ORABI_ODM.CA_MINING_TESTER", line 3
ORA-06512: at line 1
01031 00000 - "insufficient privileges".
* Cause: An attempt was made to change the user name or password
without the privilege appropriate. This error also occurs if
trying to install a database without the need for employment
access privileges.
When Trusted Oracle is configure in DBMS MAC, this error may occur
If the user has been granted the privilege necessary for a higher label
that the connection is active.
* Action: Ask the database to perform the operation or grant administrator
the required privileges.
For users Trusted Oracle get this error, well that granted the
the privilege that is suitable for the top label, ask the database
administrator to grant the privilege to the appropriate label.
Hello
DataMiner UI grants privileges to a role, so if you're depending on these privileges you must proceed as follows when you create a stored procedure.
Your stored procedure was created with the default authid which is definers. It will not use the privileges for the role. Solution is to create the stored procedure with authid current_user. This will pick up the privileges for the role. Another option is to apply the following subsidies directly to the user account:
grant CREATE MINING MODEL
CREATE THE TABLE,
IN ORDER TO CREATE
Example of stored procedure:
create or replace procedure MINING_TESTING AUTHID CURRENT_USER as
BEGIN
DBMS_DATA_MINING. () CREATE_MODEL
MODEL_NAME =>
mining_function-online dbms_data_mining. CLASSIFICATION,
DATA_TABLE_NAME =>
CASE_ID_COLUMN_NAME =>
target_column_name =>
SETTINGS_TABLE_NAME =>
DATA_SCHEMA_NAME =>
SETTINGS_SCHEMA_NAME =>
);
END;
Thank you, Mark
-
ONLY INSERT OR DELETE THE PRIVILEGE TO THE DATABASE LINK
Hi all
Version of DB 11.2.0.1
RedHat 5.5 operating system
I created a link to private database by following the path
create database link test_link
connect to Scott identified by tiger
using
'(DESCRIPTION =)
(ADDRESS = (PROTOCOL = TCP) (HOST = 10.194.180.45)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = prod)
)
)'
The link is created successfully and I am able to perform all the DML operations on it.
The Question is there a way by which we can give only insert or delete or privilege is not to remove from the table at this link.
For operations select only, I know that by creating a view I can restrict the remote user, but is there a way by which I can give only insert or remove remove link of database.
You can not grant any privilege to a link. Can you and your team identify a location in the documentation, if required?
By default, a remote session will get the same privilege as the user to which it connects.
BTW:
- do not use a database link tnsnames.ora makes your hard to maintain link
- using addresses IP hard in a database link makes your link even more difficult to maintain
- by specifying a hardcoded password in a database link is a breach of security.
-------------
Sybrand Bakker
Senior Oracle DBA
Maybe you are looking for
-
How to set the Satellite A100-596 to factory without Recovery DVD settings
I gave my young niece of my old laptop A100-596 for Christmas.It worked perfectly on Christmas Eve I packed it upward, in packing of origin, but at the time my niece connected on it has lost 40 GB of data among the drives C and E - everything E drive
-
In the week OR this year, there was a company that made a device called myHub who connected on top of the myRIO and provided several USB ports (I think only 3) and a physical ethernet port. This same company has also demonstrated a bus CAN add to co
-
Weird createprocess error/o creating submenus
Hello This problem occurs when I try to add a submenu to a menu item. This allows me to add submenu items 3 up but when I try to add more i get this error. I searched through the forum and read something to do with 100 classes and paths of files. I c
-
I have som Aironet LAP1131AG accesspoints, who, after an upgrade to 5.2 WCS (including the upgrade of WLC) will join not the controller. I have attached a dump of the console. The accesspoints will improve the image, if they are hardreset (by pressin