Granting of flashback to a user read-only

Is it possible to give a 'read only' user access to query flashback on a table in another schema while ensuring that they remain a user 'read only '?  I am thinking particularly of a query like the one below.  There are cases where a 'read only' user would see the previous status of a given table.  In this case, one way to read the user can perform only in select queries.

SELECT *.

OF SCHEMA1. TABLE1:

FROM TIMESTAMP (SYSTIMESTAMP - INTERVAL 0 ' 00:05:00 ' DAY TO SECOND)

Just privilege of flashback for the object to the required user.

Kind regards

Ivica Arsov

Tags: Database

Similar Questions

  • A way to designate some users read-only?

    I have a few users who should be able to see our APEX screens but not modify the data.  APEX has a way to do it?

    Rick Silva wrote:

    I have a few users who should be able to see our APEX screens but not modify the data.  APEX has a way to do it?

    Yes. APEX 4.2 support exists for the conditions of read-only area and page level, so that item-level control provided in previous versions.

    Since this seems to be a restriction related to security, you should create a permission scheme to determine the privileges of the current user read/write and evaluate what the status of the page read-only as an expression of PL/SQL to help of the apex_util.public_check_authorization method (replaced by apex_authorization.is_authorized at APEX 5.0).

  • Grant read only to a user only with the role

    Legends of dear,

    Req: create user selection/read-only join specific 3-5 tables in a specific schema and no selection/read only access to the sys/system schema.

    After surfing and tried to grant the "read-only" access for a user as follows.

    create user readonly identified by readonly123;

    create read_only_role role identified by read_only_access;

    Grant connect, read-only resources.

    Grant select on applications. FND_PRODUCT_GROUPS read-only;

    Grant select on applications. FND_USER read-only;

    grant read_only_role read-only;

    The above statements

    1. created user, role

    2. granted to connect/create user session and I am able to run the following query

    logged in as readonly

    Select * from APPS. FND_PRODUCT_GROUPS;

    Where I am able to select even sys or system tables.

    But I'm not able to make the same read only access provided to a role and assign the role to the user subsequently,.

    create user readonly identified by readonly123;

    create the role of read_only_role identified by read_only_access;

    Grant connect to read_only_role;

    Grant select on applications. FND_PRODUCT_GROUPS to read_only_role;

    Grant select on applications. FND_USER to read_only_role;

    grant read_only_role read-only;

    Let me know your suggestions,

    Ref:roles and privileges of user management

    Roles of the Oracle

    GRANT statement

    https://forums.Oracle.com/thread/2223362

    Thank you

    Knockaert

    Hi, Karthik,

    If a role has a password (as in this case), then the user must activate this role during its current session in order to to use, like this:

    ROLE of the read_only_role IDENTIFIED BY read_only_access VALUE.

    If the role does not have a password, then it is enabled by default as soon as the user opens a session.

    Remember, the roles do not count inside procedures AUTHID DEFINE stored (which is the default type).  If you need to use the table inside an AUTHID DEFINER stored procedure, then the privileges must be granted directly to the user and not just a role.

    I hope that answers your question.

    If this isn't the case, after a complete test script that people can run to recreate the problem and test their ideas.  You started great: CREATE instructions you posted were perfect, but you need to add the CONNECTIONS and SELECT statements (and the SETTINGS, if necessary) to show how the error occurs.

  • grant read only to a single user

    Hi all
    I had crossed unlimited forums and blogs, but not to any solution appropriately and is getting confused because I am not good in sql.
    I had created a db user.
    I need to grant more privileges as a user apps only reading: -.
    (1) he can select all tables except dba on the tables, views, etc.
    (2) he can select any table of any user
    (3) he can select the functions, procedures, and all custom objects.
    (4) he can select any table without prefix apps. in front of the table.

    Step by step instructions with sql statements.

    Hello

    Richa says:
    Hi all
    I had crossed unlimited forums and blogs, but not to any solution appropriately and is getting confused because I am not good in sql.
    I had created a db user.
    I need to grant more privileges as a user apps only reading: -.
    (1) he can select all tables except dba on the tables, views, etc.
    (2) he can select any table of any user

    Her SELECT ANY TABLE system privilege allows the user to select any table including dba linked tables and views. If you want to exclude, you must give privileges SELECT on all other tables, one at a time and remember to do for new tables they are created.

    (3) he can select the functions, procedures, and all custom objects.

    The privilege of system to RUN the PROCESS ALL this.

    (4) he can select any table without prefix apps. in front of the table.

    Are not truncated. It's like saying "he can choose any table without giving the name of the table", or "without having to type what whatsoever".
    You could reduce how often you must qualify the name of the table with the schema name using "ALTER SESSION SET CURRENT_SCHEMA = schema_name;".

    Step by step instructions with sql statements.

    To give privileges mentioned in (1), (2) and (3) the FUBAR user, log in as SYSTEM and say

    GRANT  SELECT ANY TABLE          TO fubar;
GRANT  EXECUTE ANY PROCEDURE     TO fubar;

  • Read only access ACS 5.3

    Hello guys,.

    I use ACS 5.3 with the internal database for authentication of users, I would like to give some users read only rights on the systems.

    What is the best way to do it? by not configuring a password to enable for these users? or is there a better way to do this?

    Thanks in advance.

    Give read only access on devices such as the router/switch/firewall?

    If Yes, then we don't have that one best option is to configure ACS and devices for approval of the order.

    ACS 5

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/common_scenarios.html#wp1052579

    Necessary config on devices:

    http://www.Cisco.com/en/us/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#ROU

    If you have any specific questions or some configuration does not work, post it here.

    Kind regards

    Jousset

    The rate of useful messages-

  • Reading only question backup Tablespace

    HII!
    I tried to read-only Table backup space. So, first change the tablespace to aid
    SQL > alter tablespace users read-only;
    Tablespace altered.

    2. then taken backup of all the data files by using the copy of the OS command.

    Now, the issue I'm facing is that can I change the read_write mode table space? If Yes, then how? Help, please...

    I tried to read-only Table backup space. So, first change the tablespace to aid
    SQL > alter tablespace users read-only;
    Tablespace altered.

    2. then taken backup of all the data files by using the copy of the OS command.

    Now, the issue I'm facing is that can I change the read_write mode table space? If Yes, then how? Help, please...

    Yes you can do it,

    SQL > alter tablespace users read write;

    After the successful restoration.

    sys@11GDEMO > select tablespace_name, status of dba_tablespaces where nom_tablespace = "CKPT"

    STATUS TABLESPACE_NAME
    ------------------------------ ---------
    CKPT ONLINE

    sys@11GDEMO > alter tablespace ckpt read-only;

    Tablespace altered.

    sys@11GDEMO > select tablespace_name, status of dba_tablespaces where nom_tablespace = "CKPT"

    STATUS TABLESPACE_NAME
    ------------------------------ ---------
    CKPT READ ONLY+.

    sys@11GDEMO > alter tablespace ckpt read write; +

    Tablespace altered.

    sys@11GDEMO > select tablespace_name, status of dba_tablespaces where nom_tablespace = "CKPT"

    STATUS TABLESPACE_NAME
    ------------------------------ ---------
    CKPT online+.

    sys@11GDEMO >
    Published by: CKPT July 6, 2011 11:22

  • create the user with READ only grant

    Hello
    10 g R2 on AIX.
    How to create users with READ only grant on all tables (or all tables in a schema with 70000 tables)?

    Thank you.

    Please refer to: http://www.ulfet.info/index.php?view=oracle.docs_grant.with.loop

  • ALTER USER on read-only database link db

    Oracle 11.2.0.3.6

    Solaris 10

    I have a primary database and one Active Data Guard standby database physical.  My read-only database users must be able to change their password for read-only standby.  I tried to create a stored procedure with an ALTER USER inside statement and then to have my user call the stored procedure of the unalterable standby by: MIMI EXEC. CHGPWD@PRIM ();

    This translates into:

    ERROR on line 1:

    ORA-16000: database opened for read-only access

    ORA-06512: at "MIMI. CHGPWD', line 27

    ORA-06512: at line 1

    How can I allow a user who cannot access the read-only database to change their password for read-only standby?

    Here my stored procedure:

    CREATE OR REPLACE PROCEDURE MIMI. CHGPWD IS

    -CREATE OR REPLACE PROCEDURE CHGPWD IS

    sql_stmt VARCHAR2 (200);

    BEGIN

    sql_stmt: = 'ALTER USER MIMITEST IDENTIFIED BY 111111';

    EXECUTE IMMEDIATE sql_stmt;

    END CHGPWD;

    /

    Ah, I got it!  I had to create a public synonym for my stored procedure, and then create another stored procedure and use the synonym.  This is explained in the documentation of Oracle packages and PL/SQL procedures coding under the section 'referring to remote objects.  Here is what I have from the beginning to the end (My SID is MIMI and the unique name on the primary is MIMI_A):

    Read-only mode ensures:

    ALTER SYSTEM SET GLOBAL_NAMES IS FALSE SCOPE = BOTH;.

    Elementary school:

    ALTER SYSTEM SET GLOBAL_NAMES IS FALSE SCOPE = BOTH;.

    CREATE THE PUBLIC DATABASE LINK MIMI_A.WORLD WITH THE HELP OF "MIMI_A";

    ALTER SYSTEM SET GLOBAL_NAMES IS TRUE SCOPE = BOTH;.  (I need to have this true on my primary game)

    CREATE OR REPLACE PROCEDURE MIMI. CHGPWD IS

    Working directory;

    BEGIN

    dbms_job. Submit (job,' BEGIN EXECUTE IMMEDIATE "ALTER USER MIMITEST IDENTIFIED BY 666666";) END ;') ;

    END;

    /

    CREATE CHGPASS SYNONYM PUBLIC FOR MIMI. CHGPWD@MIMI_A.WORLD;

    CREATE OR REPLACE PROCEDURE MIMI. LOCAL_PROCEDURE IS

    BEGIN

    CHGPASS;

    END;

    /

    GRANT EXECUTE MIMI. CHGPWD TO MIMITEST;

    GRANT EXECUTE MIMI. LOCAL_PROCEDURE TO MIMITEST;

    Read-only mode ensures:

    Mimi/oracle/1120308 > sqlplus mimitest

    SQL * more: Production of the 11.2.0.3.0 version Fri Sep 19 15:55:56 2014

    Copyright (c) 1982, 2011, Oracle.  All rights reserved.

    Enter the password:

    Connected to:

    Oracle Database 11 g Enterprise Edition Release 11.2.0.3.0 - 64 bit Production

    With partitioning, OLAP, Data Mining and Real Application Testing options

    SQL > exec MIMI. LOCAL_PROCEDURE;

    PL/SQL procedure successfully completed.

  • How to create a read only user

    Hello

    Please, can someone tell me step by step with complete orders to create a single read user who only read only access to tables. functions and procedures but will b totally restricted to make changes or can create all new items etc.

    Hi Richa

    Steps to create read only user: -.

    CREATING USER

    IDENTIFIED BY

    DEFAULT TABLESPACE users

    TABLESPACE TEMPORARY temp2;

    GRANT CREATE SESSION, CONNECT to ;

    BEGIN

    FOR x IN (SELECT master, object_name FROM dba_objects owner WHERE IN ("SCHEMA1", 'SCHEMA2', "SCHEMA3") and object_type in ('TABLE', 'SEE'))

    LOOP

    RUN IMMEDIATELY ' GRANT SELECT ON ' | x.Owner |'. ' | x.object_name | » À ' ;

    END LOOP;

    END;

    /

    Concerning

    Jihane Narain Sylca

  • DBMS - data not visible for read only account users.

    I created below to know the status of my lots which run on server every Sunday.

    CREATE OR REPLACE VIEW CAFDB_REFRESH AS
    SELECT
    log_id,
    owner,
    TO_CHAR (log_date, ' ' DD-MON-YY HH24:MI:SS) TIMESTAMP.
    job_name,
    status,
    ERROR #.
    run_duration,
    INSTANCE_ID,
    additional_info
    Of user_scheduler_job_run_details;

    It works fine and I am able to get the information.
    now, to make it visible for read only account users - using «grant select» I gave access and created also means public.

    but it shows only the names of columns in read only account data.

    How to make this visible to read only account?

    Please guide.

    Views USER_ will have only the objects owned by the user executing the query... In your case, it will be only schedules made by the user.

    You will need EU ALL_ or view s/n (all_scheduler_job_run_details)

  • the user can only read

    Hello
    Should I create a user who can only read the tables in another schema. (this schema has 65000 tables and I want to avoid execution grant select on table1, table2... to MYUSER).
    Then, I created a trigger:
    CREATE TRIGGER set_empno_ctx_trig AFTER LOGON ON DATABASE
     BEGIN
     IF USER='MYUSER' THEN
      execute immediate 'ALTER SESSION SET CURRENT_SCHEMA = SCHEMA';
     END IF
     END;
    /
    Any way to restrict it to read-only? How can I revoke Insert or UPDATE?

    I published that follows, but does not work and the user can INSERT:
    CREATE TRIGGER set_empno_ctx_trig AFTER LOGON ON DATABASE
     BEGIN
     IF USER='MYUSER' THEN
      execute immediate 'ALTER SESSION SET CURRENT_SCHEMA = SCOTT';
      execute immediate 'REVOKE INSERT ANY TABLE FROM MYUSER';
     END IF
     END;
    /
    Thanks for the help.

    user522961 wrote:
    I thank once again.

    For the first query cannot send the result. MY_WRITE role is a role with:
    GRANT SELECT, insert, update, delete any table. Without which MYUSER cannot see the tables in the SCHEMA. MY_WRITE revoked if:

    So, what's you want? You cannot revoke insert, update, delete the grant of the user, if they are granted by a role.

    Grant select any WHAT TABLE or SELECT ON .

    the role of the user and revoke.
    He will be able to choose, but not change data.

  • Create read only user to the database

    Hi all

    I need to create read only the user to one of the databases so that he should have the select query on all tables, views etc...

    Can I create a user of this type with the role OEM_MONITOR at once?

    Please advice
    Concerning
    Arun

    No.:

    SQL> select * from v$version;

BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
PL/SQL Release 11.2.0.1.0 - Production
CORE    11.2.0.1.0      Production
TNS for Linux: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production

SQL> create user toem identified by toem;

User created.

SQL> grant oem_monitor to toem;

Grant succeeded.

SQL> select count(*) from hr.jobs;

  COUNT(*)
----------
        19

SQL> connect toem/toem
Connected.
SQL> select count(*) from hr.jobs;
select count(*) from hr.jobs
                        *
ERROR at line 1:
ORA-01031: insufficient privileges

SQL>

    Grant select ANY TABLE might work, but note it is generally regarded as a bad security practice:
    http://download.Oracle.com/docs/CD/E11882_01/network.112/e10574/guidelines.htm#CHDHFIFG

    Edited by: P. Forstmann on March 8, 2010 21:31

  • How can we create a read only user for the peoplesoft back-end database

    Hi all
    I have fscm9.0 installed instance peoplesoft. Told me to create a new user similar to sysadm but with read-only access, an agency can help in this reagard?

    Create a user ordinary daabase.
    Create a public synonym for objects of the SYSADM.
    Finally GRANT SELECT on each unique objecs (tables and views) to SYSADM objects to the new user.
    You could also work through a database of ROLE and giving the role to the new user.

    Nicolas.

  • How to unlock my user account. or, how to unlock a document on a read-only mode?

    How to unlock my user account. or, how to unlock a document on a read-only mode?

    Hi TerriBuckley,

    1. what operating system do you use?
    2. what happens when you try to connect to the computer?
    3. have you made changes on the computer recently?

    Method 1
    If you forgot the password of the computer, then I suggest you to see the following articles.

    What to do if you forget your Windows password
    http://Windows.Microsoft.com/en-us/Windows7/what-to-do-if-you-forget-your-Windows-password
    http://Windows.Microsoft.com/en-us/Windows-Vista/what-to-do-if-you-forget-your-Windows-password

    The Windows password problems
    http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-Windows-password-problems

    Method 2
    I suggest you try the steps from the following link to open the file or folder.

    What are the permissions?
    http://Windows.Microsoft.com/en-us/Windows7/what-are-permissions
    http://Windows.Microsoft.com/en-us/Windows-Vista/what-are-permissions

  • Read-only - user files - can't change for write access

    In the users (only one user) section all the folders are read-only. I'm moving to the music in my music file, but it won't let me. I get an error indicating that this action requires administrator rights, the diolgue box Monte 'do you want to get permission for this action', click Yes, and then he says denied action! What happens - I have not had this problem before.

    I followed the cmd prompt 'attrib-r + s C:\Users\Mel and Steve\Music' and other combinates, but it wouldn't let me make changes.

    Help, please!

    Windows Vista

    This sounds like a permission problem.  When I came across a similar problem with Vista, I installed a registry patch that adds a' Take Ownership"option in the context menu to reset the permissions on the files."  Simply right click on a folder you are the difficulties to access to the, (IE C:\Users\YourUserName) and then click "Take Ownership" allows you to access these folders and all subfolders beneath it read/write. This is what solved my problems:

Maybe you are looking for

  • Drop-down menu does not work properly in firefox

    My http://www.base-x-of-war.com/ Web page has a menu drop-down.When I hover over the section flyout left menu should be right next to the left with the products menu.But when I fly over the left menu, the mobile part is very good website page and you

  • MacBook Pro 15 "mid 2015 retina freezes

    Hey everybody, I got my macbook pro 15 "2015 high spec, a year ago and it froze twice since then, but lately, it happens more often. Also at the start, the screen resolution is not correct and after entering the password and loading starts, the scree

  • Number of the icon of 'People '.

    I'm fairly new to Skype on iOS, but not Skype. I just noticed that the 'Contacts' icon to the left of all of the icons at the bottom of the screen has the number '1' in a circle orange on it. I hit the icon and looked at each item on the list, sought

  • Strange problem of minimization with satellite notebook

    My screen is reduced to a minimum when I click on something without reason, then he's fine. Help, please.

  • Bing Bar 7.0 (KB2626808) was not installed

    I have WIndows XP SP3.  When the Windows automatic update is enabled, it is not able to install Bing Bar 7.0.  Can you help me?