Object-level privileges granted...
HelloI want to grant object-level privileges to some user so that he can view (select) any object which resides under another user. Don't select any option from the table.
I tried in vain to do something like that.
Kind regards
Why do you have thousands of tables in a schema?
And Yes quite easy to grant privileges in this way
Connect the schema that you want to grant of in.
-- 'Granting select on tables and views to scott'
declare
v_sql varchar2(4000);
begin
for cur in
(
select object_name from user_objects
where object_type in ('TABLE','VIEW','MATERIALIZED VIEW')
)
loop
v_sql := 'grant select on '||cur.object_name||' to scott';
execute immediate v_sql;
end loop;
end;
/
If I were you, I would create a role.
And then grant privileges to this role.
He can then grant this role to users.
And it's much easier than the grant select on thousands of tables
Published by: Keith Jamieson on August 28, 2012 10:02
Tags: Database
Similar Questions
-
Hello
Quick question on the privileges granted to a role...
Scenario 1:
---------------
create the CONNECT_ROLE role.
Grant connect to connect_role;
Grant, alter session to CONNECT_ROLE statement.
grant create cluster to CONNECT_ROLE;
grant create procedure CONNECT_ROLE;
grant create sequence to CONNECT_ROLE;
grant create synonym of CONNECT_ROLE;
grant create table CONNECT_ROLE;
grant create trigger to CONNECT_ROLE;
create grant type to CONNECT_ROLE.
grant create view to CONNECT_ROLE;
grant debug connect session to the CONNECT_ROLE;
grant connect_role to tom, mike;
Scenario 2:
---------------
create the dev_role role.
Grant select on scott.emp to dev_role;
Grant execute on rich.emp_pkg to dev_role;
grant dev_role to tom, mike;
To display the privileges that have been granted to a role, I created the following view.
CREATE OR REPLACE VIEW CHECK_PRIVS
(username, rolename, privilege)
AS
SELECT DECODE (SA1. GRANTEE #, 1, 'PUBLIC', U1.NAME), SUBSTR (U2.NAME, 1, 20),.
SUBSTR (SPM.NAME, 1: 27)
OF SYS. SYSAUTH$ SA1, SYS. SYSAUTH$ SA2, SYS. USER$ U1,
SYS. USER$ U2, SYS. SYSTEM_PRIVILEGE_MAP SPM
WHERE SA1. DEALER # = U1. THE USER #.
AND SA1. PRIVILEGE # = U2. THE USER #.
AND U2. USER # = SA2. DEALER #.
AND SA2. PRIVILEGE # = SPM. PRIVILEGE
UNION
SELECT U.NAME, NULL, SUBSTR(SPM.NAME,1,27)
OF SYS. SYSTEM_PRIVILEGE_MAP SPM, SYS. SYSAUTH$ SA, SYS. THE USER$ U
WHERE SA. GRANTEE #= U.USER #.
AND SA. PRIVILEGE #= SPM. PRIVILEGE
I get the correct results of the esteem for the #1 scenario, but I don't get any results for the #2 sight. Am I missing something here?
Thanks for your time.Object level of subsidies are not access privileges.
Oracle already provide views to display system object and the level of privileges such as dba_tab_privs and dba_sys_privs so why do you need to create your own point of view?
HTH - Mark D Powell.
-
How can I determine what were the privileges granted to the PUBLIC?
I don't know 'out of the box' privileges by default Oracle, but rather the privileges that have been granted since the day 0.
SQL > select * from dba_sys_privs where dealer = "PUBLIC";
no selected line
SQL > grant create any table to the public;
Grant succeeded.
SQL > select * from dba_sys_privs where dealer = "PUBLIC";
DEALER PRIVILEGE SMA
------------------------------ ---------------------------------------- ---
PUBLIC CREATE ANY TABLE NO.
SQL > revoke create any table of public;
Revoke succeeded.
SQL > select * from dba_sys_privs where dealer = "PUBLIC";
no selected line
SQL >
The
PUBLIC
role is a special role that each database user account is automatically when the account is created. By default, it has no privileges granted to it, but there are many grants, especially for Java objects.The same binding, which was provided by a member.
DBA_ROLE_PRIVS - roles granted to users and roles
ROLE_ROLE_PRIVS - roles that were granted to roles
ROLE_SYS_PRIVS - privileges granted to the roles system
ROLE_TAB_PRIVS - Table privileges granted to roles
Concerning
Girish Sharma
-
Check the package/procedure for a user level privileges
Hi gurus,
How to check the package/procedure for a user-level privileges? as dba_tab_privs for the tables.
for example: grant execute on User1 dbms_scheduler.
now I must verify that user1 has run on dbms_scheduler privilege or not.
What is the advice for this?
Thanks in advance,
CharlesSQL> select privilege, count(*) from dba_tab_privs group by privilege order by 1; PRIVILEGE COUNT(*) ---------------------------------------- ---------- ALTER 19 DEBUG 256 DELETE 131 DEQUEUE 3 EXECUTE 19315 FLASHBACK 52 INDEX 14 INSERT 137 MERGE VIEW 36 ON COMMIT REFRESH 52 QUERY REWRITE 52 PRIVILEGE COUNT(*) ---------------------------------------- ---------- READ 7 REFERENCES 54 SELECT 3752 UNDER 3 UPDATE 111 WRITE 5 17 rows selected.
DBA_TAB_PRIVS is more than simple tables.
-
What privileges granted to select from all the PDB files
Why the two selected does not return the same result? Or if you want the broader question - what privileges granted to select from all the PDB files.
I want to leave common user that I created to select and see all of the synonyms of all PDB files.
conn / as sysdba
create user c##nir identified by c##nir container=all;
grant connect,dba,resource to c##nir container=all;
grant select on cdb_synonyms to c##nir container=all;
select CON_ID from cdb_synonyms group by CON_ID;
CON_ID
----------
1
4
11
10
14
5
8
13
3
7
15
6
12
9
conn c##nir/c##nir
select CON_ID from cdb_synonyms group by CON_ID;
CON_ID
----------
1
select CON_ID from containers(dba_synonyms) group by CON_ID
*
ERROR at line 1:
ORA-00942: table or view does not existYou must use the CONTAINER_DATA clause:
ALTER USER ##nir set container_data = container c all = current;
After running the above command, try to select again to cdb_synonyms and you will see the data of all containers.
Read more in my Post of Blog
-
Hi all
What is the need for accessors of the entity and object level view-level view
I use 11.1.1.7 jdev
Thank you
Delphine
Timo, I think you might have taken the tack wrong here. As you know EOs can use VO * accessors * (not associations) like your for things like validation entity or object view research
CM.
-
Is it not view DBA_ see the privileges granted to a role?
DB version: 11.2
I couldn't find DBA_ views that would list all the privileges granted to a role. Finally, I had to assign the role to a user and then sign in as a user who has granted and then query view ROLE_TAB_PRIVS. A DBA, I can not connect in business patterns to check for this.
The scenario
==============
SCOTT schema has two tables: HRTB_EMP_MASTER and HELLOWORLD
I want to grant SELECT on these two tables privileges to another user called TESTUSER but not directly. through roles
Since I couldn't find a DBA view that will have the privileges granted to a role, I have granted the role to the user, I had to open a session to the user (against our security policy) and the querySQL> conn / as sysdba Connected. SQL> grant create role to testuser; Grant succeeded. SQL> conn testuser/test123 Connected. SQL> SQL> create role testuser_ro; Role created. SQL> conn / as sysdba Connected. SQL> grant select on scott.hrtb_emp_master to testuser_ro; --- > Granting the SELECT priv to the role first Grant succeeded. SQL> grant select on scott.helloworld to testuser_ro; Grant succeeded. SQL> SELECT ROLE, OWNER, TABLE_NAME, PRIVILEGE FROM ROLE_TAB_PRIVS where owner = 'SCOTT'; ----> This won't work because I am connected as SYS ----> ROLE_TAB_PRIVS is user specific view no rows selected
ROLE_TAB_PRIVS.
SQL > grant testuser_ro to testuser;
Grant succeeded.
SQL > PRIVILEGE OF ROLE_TAB_PRIVS, TABLE_NAME, OWNER, SELECT ROLE where owner = 'SCOTT ';
no selected line
SQL> conn testuser/test123 Connected. SQL> SELECT ROLE, OWNER, TABLE_NAME, PRIVILEGE FROM ROLE_TAB_PRIVS where owner = 'SCOTT'; ROLE OWNER TABLE_NAME PRIVILEGE --------------- --------------- -------------------- ---------- TESTUSER_RO SCOTT HELLOWORLD SELECT TESTUSER_RO SCOTT HRTB_EMP_MASTER SELECT
You must look for beneficiary, no owner
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> create role r1; Role created. SQL> grant select on sys.v$database to r1; grant select on sys.v$database to r1 * ERROR at line 1: ORA-02030: can only select from fixed tables/views SQL> grant select on sys.v_$database to r1; Grant succeeded. SQL> select grantee, privilege, owner, table_name from dba_tab_privs where grantee='R1'; GRANTEE PRIVILEGE OWNER TABLE_NAME --------------- ---------------------------------------- --------------- ------------------------------ R1 SELECT SYS V_$DATABASE
-
WHY object level cancellations are deprecated in Flash CC?
Note: (CC flash Professional only) Cancellation of object level is obsolete and is not available with Flash Pro CC.
Why? Is an essential feature! Removing it makes me to work differently !
Heck, just because of this, I have to stay on Flash CS6. Very poor job, Adobe!
Hi all
Flash Pro CC 2014 (v 14.0.0.110) is now available for download through the creative application of cloud.
We have included back object level Undo, a revamped motion Editor, the projector to export as well as several other new features like the features of Variable width and interpolation, Export SVG, WebGL, edition Panel, Kuler, HTML5 based Extensions etc. with this version of Flash Pro.
Complete list of the new features of Flash Pro CC 2014 is available at these links:
Overview: https://www.adobe.com/in/products/flash.html
What's new: https://helpx.adobe.com/flash/using/whats-new.html
Release notes: https://helpx.adobe.com/flash/release-note/flash-professional-cc-2014.html
Videos: https://helpx.adobe.com/in/flash.html
Thank you
Mabrouk
-
Display of metadata to fetch the privileges granted to a role
Hello
I have a doubt in the display of the metadata of the roles, please give me more details on the same.
According to dba_roles, I could see the list of roles and to dba_role_privs, I could see the list of users who got this role.
Now, I would like to make a list of the privileges granted to this role. What metadata view I could find this information, please help.
Thank you.In addition to SY's message:
to find out which data dictionary tables can help you:SELECT * FROM dict WHERE table_name LIKE'%ROLE%'
-
Data and security function: objects, permissions, forums, grants
Hello world!
I am trying to acquire data (function and) security feature. I read "Oracle system administrator's Guide - Security", but there is no concept and relationships between the features.
I want to understand the concept, the relationship between things like objects, permissions, forums, grants.
Allows a person please forward me to a useful document that can help me, or someone can bring me the understanding of these features?
Hope for your help, friends.
Thanks in advance.
P.S.: the company requirement I need to achieve is to make a slice of data in summary PO, that only the CPAs are seen by a user.Hello
I was working on a restricted access to similar data in the accounts payable module through the user management. However, I don't know if data security strategies are working in all of these modules. Metalink note: Introduction to the security system grants and data [553290.1 ID] security mentions to verify specific product development team to check if the applications user interfaces supports data security strategies. I'm sure that it works for Oracle HRMS, but there is no specific information about the other modules. I'm working on the issue with a few conditions and will update if I find any success. Hope to hear from you as soon as you have an update on this.
Published by: user12222085 on May 28, 2010 11:14
-
Create the privilege granted procedure, but cannot create the procedure
I have a user that I have given the following privileges:
CREATE THE SESION
SELECT ANY TABLE
CREATE A PROCEDURE
CREATE PROCEDURE
RUN THE PROGRAM
RUN THE PROCEDURE
But when I try to create a procedure with this user I get, error proveleges not enough. What I am doing wrong?What's wrong? You open the doors of barn proverbial ito security. This isn't how security should be made - allowing a schema create any code of procedure anywhere in the database. Or select data from any table.
How do you think that Sony's PS network has been hacked and millions of stolen credit card data users?
By this precarious type of stuff-security approach to security.
A schema has the minimum privileges in order to achieve its goals and its requirements. Nothing more.
For example
// standard logical database schema, 10Gb space allocation create user HRDB identified by
default tablespace USERS quota 10G on USERS; // configure the basic security layer for the schema grant create session, --// allow client-server connections to schema create table, create trigger, --// allow to create standard db objects create sequence, create view, --// allow access to defining extended objects create procedure --// allow creating stored proc code to HRDB; In addition, you can decide on assign a profile of resources and specific roles and so on. In some cases, you can also leave the schema create types, synonyms and private database links, views materialized, etc.
Don't grant access. No access to the SYS code and objects. By default. Everything else is a security exception requiring a valid justification.
-
Cisco - level privilege is always 15
I use RADIUS for the AAA process.
When I was running IOS 12.2 on routers, that everything was fine, but after the upgrade for users of 12.4 (12) IOS Version still gets priv-lvl 15 without worrying
what I put in RADIUS profile for the user.I do not understand why router CISCO AV pair priv-lvl = y twice. And why, in the most recent version of the CISCO-AV-pair priv-lvl = came (value set to the RADIUS) first?
IOS 12.2
19 August 15:09:17.926: AAA/AUTHOR/EXEC(0000059A): treatment AV priv-lvl = 15
19 August 15:09:17.926: AAA/AUTHOR/EXEC(0000059A): treatment AV priv-lvl = 1
19 August 15:09:17.926: AAA/AUTHOR/EXEC(0000059A): successful authorization
IOS 12.4 (12)
19 August 15:09:17.926: AAA/AUTHOR/EXEC(0000059A): treatment AV priv-lvl = 1
19 August 15:09:17.926: AAA/AUTHOR/EXEC(0000059A): treatment AV priv-lvl = 15
19 August 15:09:17.926: AAA/AUTHOR/EXEC(0000059A): treatment AV service-type = 6
19 August 15:09:17.926: AAA/AUTHOR/EXEC(0000059A): successful authorization
Thank you
GOING
Looks like the type of service = 'administration', that is what triggers the privilege level escalation.
-
Find privileges granted explicitly to the outside roles
Hi gurus,
Is there a query to find explicit privileges(select,insert...) granted to users outside the roles?
Thank youMaybe like this
Select the dealer | "have privilege | privilege | "on" | owner | '.' || table-name
of dba_tab_privs
When the dealer not in ('SYS', 'SYSTEM', 'GENERAL', S / ', 'PUBLIC')
and dealer not in (select dba_roles role)
/Be careful with the PUBLIC!
-
Display object level settings works does not in CS5
I can't change the display settings to a level of object in an InDesign document, if I want to change the display settings it will work only at the level of the document. If I try to change nothing to the level of the item arrives. This is a high-performance Windows 7 64 bit with Nvidia GeForce 470, with software to date and drivers, running InDesign 7.0.2.
I realized what is happening. Your images are in frames pasted into other frameworks, to apply the level of the object display the parameter to 'high level' framework is not affecting the image which is controlled by the setting on the fame that contains the image.
WASD this document converted from another format, or just built strangely?
-
The issue of security at the object level.
Hello
I am facing a problem in the application of security at the level of the object in OLIVIER.
I did the LDAP authentication successfully.
At the level of the object, I want to give permission to the user currently connected to a general ledger dashboard page.
In this regard, I added the corresponding group the user connected through 'Manage privilège' and given access to dashboards.
After doing this I get following error in my report, but when I'll loggin to the same user.
"Odbc driver returned an error (SQLExecDirectW).
Error details
Error codes: OPR4ONWY:U9IM8TAC:OI2DL65P:OI2DL65P
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error occurred. [nQSError: 27004] Unresolved table: 'financial services - GL balance sheet '. (HY000)
Publ. SQL: {call NQSGetQueryColumnInfo ("SELECT" Profit Center"." Business unit name 'book.' Ledger name"time. "" Fiscal quarter ", time. (» Exercice"DE"Financials-GL-bilan"')}
SQL issued: SELECT "Profit Center". "Unit name"book. "" Book name "time. "" Fiscal quarter ", time. «' Exercise ' OF ' Financials - GL-balance»
"
Please suggest me where else I need to do any setting.Hello
It seems that the user doesn't have access to the presentation/column of table, check and see if the Group has access.
See: http://obiee-tips.blogspot.com/2009/09/obiee-security.html
Kind regards
Matt
Maybe you are looking for
-
Satellite L300 - 17K - how to create a recovery CD?
Hello! Forgot to make a "restore CD" on the first departure to the top, is possible to do it later? I really want to reinstall Windows Vista on my Satellite L300 - 17K, and I don't have any system´s CD when I bought the laptop. I asked the retailer a
-
Lost original remote SIRI, try to synchronize a remote replacement SIRI
Someone knows how to synchronize a replacement remote for Apple TV?
-
partition disappeared after upgrade to el capitan
tried to follow the steps detailed here: https://discussions.Apple.com/thread/7265037 but totally lost, I ran test drive but it does not show my windows partition. Here is my SSD, the 188 is my OSX, the selected song was my windows partition and the
-
Hey guys,.I got Bioshock to my new windows 7 Asus gaming computer and or a reason any after that I turned on the game and learned to play. The game was lagging like crazy. I looked at all the requirements and was unable to understand why it had been
-
Error fatal c0000022 after the installation of Windows updates.
Original title: error fatal c0000022 Hello I was running an update on my windows computer and it crashed. My computer came into repair mode, but when performing a restore of the system, he said:error 0xa - a patch prevents system from starting normal