Privileges on falling object

Please find below, when an object on which are granted privileges and object is deleted, I see the reference to that object is lost in the dba_tab_privs table, but the record still exists. How to handle this kind of situation. I mean how to get rid of obsolete privileges of metadata.

In our many DB tables will be created and dropped, affect us privileges on tables as they are created, but if the table is deleted is there a way to drop everything related to it.

SQL > create role test_role;

Created role.

SQL > grant test_role to test.

Grant succeeded.

SQL > create table t (a number (1));

Table created.

SQL > grant select on t for test_role;

Grant succeeded.

SQL > select * from role_tab_privs where role = "TEST_ROLE";

TABLE_NAME COLUMN_NAME PRIVILEGE GRA OWNER ROLE
TEST_ROLE DBADMIN T SELECT NO

SQL > drop table t constraints waterfall;

Deleted table.

SQL > select * from role_tab_privs where role = "TEST_ROLE";

TABLE_NAME COLUMN_NAME PRIVILEGE GRA OWNER ROLE
TEST_ROLE DBADMIN BIN$ r0Le1EwAFZ7gRPLJp5OqCg == $0 SELECT NO

Thank you...

user634631 wrote:
Please find below, when an object on which are granted privileges and object is deleted, I see the reference to that object is lost in the dba_tab_privs table, but the record still exists. How to handle this kind of situation. I mean how to get rid of obsolete privileges of metadata.

SQL > create role test_role;

Created role.

SQL > grant test_role to test.

Grant succeeded.

SQL > create table t (a number (1));

Table created.

SQL > grant select on t for test_role;

Grant succeeded.

SQL > select * from role_tab_privs where role = "TEST_ROLE";

TABLE_NAME COLUMN_NAME PRIVILEGE GRA OWNER ROLE
TEST_ROLE DBADMIN T SELECT NO

SQL > drop table t constraints waterfall;

Deleted table.

SQL > select * from role_tab_privs where role = "TEST_ROLE";

TABLE_NAME COLUMN_NAME PRIVILEGE GRA OWNER ROLE
TEST_ROLE DBADMIN BIN$ r0Le1EwAFZ7gRPLJp5OqCg == $0 SELECT NO

Thank you...

PURGE RECYCLEBIN;

Tags: Database

Similar Questions

Grant privileges on schema objects
Hi all

I need all the privileges of a user on another user, any objects.
I'm not findign exact command to do so.

for example: x has y objects.
z of the user should be able to select, update, delete all objects x.y.

Any help/insight is appreciated. !
You must grant privileges on an object-by-object basis.

You can use a bit of dynamic SQL to automate the process (note that I'm only show the process of granting privileges on tables - you can write similar pieces of code to grant privileges on views and other types of objects as well).
```
BEGIN
  FOR i IN (SELECT * FROM dba_tables where owner = 'X')
  LOOP
    EXECUTE IMMEDIATE 'grant select, update, delete on x.' || i.table_name || ' to z';
  END LOOP;
END;
```
If Z has no privileges granted directly, you'd probably better to create a role, granting privileges to the role and then the role to the Z. Which will facilitate in the future if you need to create another user that has the same privileges as Z.

Justin

Published by: Justin Cave on October 15, 2012 11:50

Privileges of the object. Who is the grantor?

Nice day.
Please explain the next issue

SQL> conn /as sysdba
Connected.
SQL> create user test identified by test;

User created.

SQL> create user test1 identified by test;

User created.

SQL> grant resource, connect to test;

Grant succeeded.

SQL> conn test
Enter password:
Connected.
SQL> create table t (x number);

Table created.

SQL> grant select on t to test1;

Grant succeeded.

SQL> conn /as sysdba
Connected.

SQL> grant select on test.t to scott;

Grant succeeded.

--########################---
SQL> select * from dba_tab_privs where table_name='T';

GRANTEE    OWNER      TABLE_NAME GRANTOR    PRIVILEGE            GRA HIE
---------- ---------- ---------- ---------- -------------------- --- ---
SCOTT      TEST       T          TEST       SELECT               NO  NO
TEST1      TEST       T          TEST       SELECT               NO  NO

SQL>

Suppose that what was previously-#-a black box.
How can you determine which is issued a grant?

Apparently, this is the result of change that put oracle implement 9i or 10g (you have not, as most of the users here mention a version, being that it's completely unimportant that Oracle has not changed since its creation).
Before 9i, only the owner of the table was able to grant privileges. It's a problem with the BEDS and other applications where DBA did not know the password. Either you need to change the password, or to implement a hack.
Since the 9i SYS can administer grants on behalf of other users.
The result seems to be that the owner of the object is registered as the grantor.
So basically: when you assign AUDIT_SYS_OPERATIONS to true, or do not level GRANT, you won't be able to see.

------------
Sybrand Bakker
Senior Oracle DBA

Unlike PL/SQL directly granted to the privileges of the object, or by role
Hello
"PL/SQL respect object delivered directly to the user privileges, but does not have the privileges given through roles."
Can someone explain this behavior? Why plsql does not take gender into account?

Thank you very much
The reason for this is the PL/SQL binds all during compilation, and the roles are volatile.
So if the compilation would have respected roles, change a role could have invalidated automatic recompilation of PL/SQL and strength.
As roles are volatile, they are ignored.
IMO, the best way to avoid this is to always create PL/SQL under the same owner as the owner of the table.
In this case user foo can simply give run to the bar of the user and do with it.
If bar has the PL/SQL this translates a myriad of subsidies, which are not also exported during the export of the database complete, subsidies are owned by SYS.

-------
Sybrand Bakker
Senior Oracle DBA

Privileges of the object and the compilation of triggers
Hi all
Just want to refresh my memory.

If you have the fred schema. Fred has a table1 with a trigger1, who needs to select another schema 'wilma's table2 and his sequence2.

Now, if fred is given a role of 'wilma_role' which includes:
Select on wilma.table2
Select on wilma.sequence2

But no ' direct subsidies to these objects, except that 'wilma_role' its trigger will fail to compile, correct?

In the firing of fred order (basically a proc stored for analogy here) to compile, it must be explicitly granted:
Select on wilma.table2
Select on wilma.sequence2

on these object... even if he got that role. It must be a direct subsidy for use in triggers and stored procedures is that OK?

Thanks in advance,

Cayenne
Yes, that's correct. At the time of the compilation of the PL/SQL code stored, all roles are implicitly disabled.

-Mark

How to grant object privileges to a user?

Hello
I use the Data Modeler 4.0.3 and I'm trying to find out where I can assign object privileges to a user that you create in the physical model. I see a "Access Privileges" tab in the user properties window, but I don't see an 'object of privileges' a.
Where you define the privileges of the object for a new user? For example, I would grant the privilege to execute on DBMS such as DBMS_LOCK, DBMS_ALERT, or packages. Is there a way I can do? Should I import from a database?
Thank you

Hello

Double-click the user name that you want to grant privileges in the physical model (or right-click and select properties), then general tab on permissions. You must at least have the name of the package in the physical model in order to be able to grant privileges.

Best regards

Heli

Privileges to the front-end objects
Hello

When privileges to the objects of the catalog come into effect? It seems that I need to restart presentation services to activate the reading privileges on responses to selected users... Are the changes spread after a while, I have to reload metadata or really restart presentation services?

Thank you
Marcin
Marcin salvation,

No need to restart services after changing the privilege in the catalog in the presentation layer.

It will reflect immediately. No need to restart the service.

Awards points than me it's useful.

Thank you
Satya

Privileges of access and object privileges
Version: 10 gr 2 and more

I'm a bit confused about the differences between system and object privileges.

Documentation

System privilege is the right to perform a particular action, or to perform an action of objects of a particular type schema. For example, the privileges to create storage areas and remove rows from the table in a database are system privileges.

CREATE A TABLE
for example: GRANT CREATE ANY TABLE to SCOTT
is a system privilege

and CREATE TABLE
for example: GRANT CREATE TABLE to SCOTT
is a privilege object

Right?
The CREATE ANY TABLE and CREATE TABLE are two System privileges.

Think of system privileges and privileges pertaining to a particular instance of an object.

Grant for example SELECT on a specific table is a privilege object because it applies to a particular object based on the grant statement. However, grant select ANY TABLE is a system privilege because it is a privilege that allows you to issue selects against all tables.

You can find a list of the privileges system and object here.

HTH!

question of privilege object

Hi, the oracle documentation says:

A user automatically has all the privileges object for the schema contained in its own schema objects. A user can grant a privilege object on any schema object, that he or she belongs to another user or role. A user with the GRANT ANY OBJECT privilege can grant or revoke privileges specified object to another user with or without the GRANT option of the GRANT statement. Otherwise, the recipient can use the privilege, but may be granted to other users.

For example, suppose that the user SCOTT has a table named t2:

SQL>GRANT grant any object privilege TO U1; 
SQL> connect u1/u1 
Connected. 
SQL> GRANT select on scott.t2 \TO U2; 
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS 
 WHERE TABLE_NAME = 'employees'; 

GRANTEE                        OWNER                                GRANTOR                        PRIVILEGE                            GRA 
------------------------------ ------------------------------ ------------------------------ ----------------------------------------  --- 
U2                             SCOTT                              SCOTT                          SELECT                                NO

Now this confuses me. Surely it's U1, who is the grantor and not Scott, no?

Oracleguy,

I don't have you your point, but I guess that right reason if only that although the U1 user has not had the privilege and he could grant only because of the Grant Any Object private, it is not represented as the grantor, but Scott doesn't!

[oracle@edhdr1p0-prod sqlplus]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on Thu Feb 18 09:19:39 2010

Copyright (c) 1982, 2009, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> create user u1 identified by u1;

User created.

SQL> grant create session, create table to u1;

Grant succeeded.

SQL> conn u1/u1
Connected.
SQL> select * from tab;

no rows selected

SQL> conn scott/tiger
Connected.
SQL> create table t2( a number);

Table created.

SQL> conn  / as sysdba
Connected.
SQL> grant grant any object privilege to u1;

Grant succeeded.

SQL> conn u1/u1
Connected.

SQL> select * from scott.t2
  2  ;
select * from scott.t2
                    *
ERROR at line 1:
ORA-01031: insufficient privileges

SQL> grant select on scott.t2 to system;

Grant succeeded.

SQL> conn / as sysdba
Connected.

SQL>  SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
 WHERE TABLE_NAME = 'T2';
 WHERE TABLE_N 'T2'
               *
ERROR at line 2:
ORA-00920: invalid relational operator

SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
  2  where table_name='T2';

GRANTEE                        OWNER
------------------------------ ------------------------------
GRANTOR                        PRIVILEGE                                GRA
------------------------------ ---------------------------------------- ---
SYSTEM                         SCOTT
SCOTT                          SELECT                                   NO

SQL>

Now, when I explicitly give the priv to U1 and it gives him, he is shown as the beneficiary

Sorry, I did not know that its still only Scott who is shown in both places.

USER is "SYS"
SQL> grant select on scott.t2 to U1;

Grant succeeded.

SQL> conn u1/u1
Connected.
SQL> grant select on scott.t2 to system;

Grant succeeded.

SQL> conn / as sysdba
Connected.
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
 WHERE TABLE_NAME = 'T2';   2  

GRANTEE                        OWNER
------------------------------ ------------------------------
GRANTOR                        PRIVILEGE                                GRA
------------------------------ ---------------------------------------- ---
SYSTEM                         SCOTT
SCOTT                          SELECT                                   NO

U1                             SCOTT
SCOTT                          SELECT                                   NO

SQL>

Update:

Oracleguy,
That's what I found on this priv to docs,
http://download.Oracle.com/docs/CD/E11882_01/server.112/e10592/statements_9013.htm#i2077938

GRANT ANY OBJECT PRIVILEGE
     Grant any object privilege that the object owner is permitted to grant.

So I guess it must explain what is shown in the view. Given that the owner is Scott who is authorized to grant the privilege, the name which is given here since its his privilege that is passed to the second user. -What looks like a reasonable explanation?
HTH
Aman...

Published by: Aman... on February 18, 2010 09:36

Published by: update added Aman... February 18, 2010 11:55

Object/roles/system privileges privileges
Oracle 10g. We created a role and this role assigned to the user. We have also assigned certain access privileges and privileges of the object directly to the same user. Now, the new policy of the company is that the permissions of the user are to be awarded only through role. access privileges and privileges of the object can be assigned directly to the user. So I have to change the role. The steps are:

1 grant access privileges and privileges the role of object. (this will be run as a script)
These privileges were directly attributed to the user.

2. remove all the privileges that have been assigned directly to the user.

Do not miss anything?

Please notify.

Thank you

S.
That should be good...

But test before run you

Stop element fall a specific position

I found this expression here to a falling object start simulating gravity:
seedRandom (index, true)
mGravBase = 9.81; gravity base
mGravVar = random (-1, 1); variation of gravity
mAccel = time *(mGravBase+mGravVar);
X = value [0];
Y = value [1] + math. Pow(mAccel,2);
[X, Y]
But that make the object fall forever, how do I set the last position of the animation and stop?

If you want the elements to speed up as they because of gravity and then click on a floor, you add a post to speak to your expression. The best way to do that is used an if statement indicating whether position Y layer is less than value of position there of speech then falls on the other y = position y of the word. I'm not going to write for your but which is the approach that will work with the least amount of fussing around.

You will probably also want to add some bounce or squash and stretch to sell the move. Unless you have a bunch of these layers to animate I suggest you just key in hand image by using the graph Editor to set the speed.

Grant select on the object a.a to user b to user test

Hello
I am logged in as user test.
I would like to issue the following grant.
```
grant select on a.a to user b;
```
Unfortunately, this does not work with the test user. But it works with SYS. What permissions are required for the declaration works as a test.
Best regards
Stone

Documentation, https://docs.oracle.com/cd/E11882_01/server.112/e41084/statements_9013.htm#SQLRF01603

Prerequisites

To grant a privilege to system, one of the following conditions must be met:
- You must have obtained the GRANT ANY PRIVILEGE system privilege. In this case, if you grant the system privilege to a role, then a user who has been granted the role doesn't have the privilege unless the role is enabled in the user's session.
- You must have been granted the privilege of system with the ADMIN OPTION . In this case, if you grant the system privilege to a role, then a user who has been granted the role has the privilege without worrying if the role is enabled in the user's session.
To grant a role, you must either got the role with the ADMIN OPTION or have received the GRANT ANY ROLE privilege system, or you must have already created the role.

To grant a privilege object, you must have the object, or the owner of the object must have a permission you privileges of the object with the GRANT OPTION , or you must have obtained the GRANT ANY OBJECT PRIVILEGE system privilege. If you have the GRANT ANY OBJECT PRIVILEGE , then you can grant the privilege of the object only if the owner of the object could have granted the same privilege of object. In this case, the GRANTOR column of the DBA_TAB_PRIVS view displays the owner of the object rather than the user that issued the GRANT statement.

User and role are the object?

Dear all,
1. There are many object as a TABLE, INDEX, VIEW...
We can change to help change the ddl statement.
So, can we say user is also a database object or not.
because we can change the user using ddl statement and corresponding information stored in the data dictionary.
2. we know that ALTER is a privilege of the object, and we can also change the DBA user. then we can say user is an object?
3 is an object?
Thanks in advance,
Alain Coppey.

1. There are many object as a TABLE, INDEX, VIEW...

We can change to help change the ddl statement.

So, can we say user is also a database object or not.

because we can change the user using ddl statement and corresponding information stored in the data dictionary.

2. we know that ALTER is a privilege of the object, and we can also change the DBA user. then we can say user is an object?

3 is an object?

Yes - users and roles are objects. But they are SYSTEM objects and not contained in a schema.

See the section 'Introduction to schema objects' Oracle documentation

http://docs.Oracle.com/CD/B28359_01/server.111/b28318/schema.htm#i22627

The first section lists the schema objects - objects belonged to a schema

The following section lists the system objects, or non-schema,
Other types of objects are also stored in the database and can be created and manipulated with SQL, but are not contained in a schema:
- Contexts
- Directories
- Settings files ( PFILE s) and server parameter files ( SPFILE s)
- Profiles of school boards
- Roles
- Rollback segments
- Storage spaces
- Users
You won't find the schema objects not listed in the views that display information of schema object, but there are other views system for them.

So if it is an "interview" questions answers just YES and refer them to this link above. Or you can use this link for the 'sql elements' doc section if you prefer:

http://docs.Oracle.com/CD/E11882_01/server.112/e41084/sql_elements007.htm

Schema objects

Other types of objects are also stored in the database and can be created and manipulated with SQL, but are not contained in a schema:

Contexts

Directories

Editions

Restore points

Roles

Rollback segments

Storage spaces

Users

In this reference, each object type is described in the Chapter 10 , Chapter 19, in the section dedicated to the statement that creates the database object. These statements begin with the keyword CREATE . For example, for the definition of a cluster, see CREATE CLUSTER.

In this link, unlike the other one, Oracle uses explicitly the terms "run things" and "objects" by referring to the items in the list above.

A simple NET search for "objects nonschema oracle 11g" returns this link as the first result.

The documentation is your friend! Some info may be harder to find, but the docs usually include information for ALL Oracle basic terms and functionality.

find roles that grant privileges to the same owner

I did an impdo and I saw on a lot of these types of errors:
ORA-39083: Type than object_grant cannot be created with the object error:
ORA-01749: you cannot GRANT/REVOKE privileges to yourself
Because sql is:
GRANT SELECT ON "SMART." "" SOURCE_SYSTEM_DIMENSION "TO"SMART ".
Smart notice to smart... Can someone give me a SQL that will allow me to generate a file that I can run to eliminate these types of cases.
Notte is should show the operatation in this "select" cases where it has failed.
Thank you all

It looks like a privileged granted user privileges on the tables of smart chip, which is absurd, but legal.

SQL > create an identified by a tablespace default user user

2 unlimited quota on users;

Created by the user.

SQL > grant create table, create a session to one.

Grant succeeded.

SQL > conn a/a.

Connected.

SQL > create table t (ID, descr varchar2 (10));

Table created.

SQL > conn /.

Connected.

SQL > grant select on Abdel to one.

Grant succeeded.

dev1 > select table_name, privilege, constituent, dealer

2 of dba_tab_privs

3 where dealer = "A";

DEALER PRIVILEGE TABLE_NAME GRANTOR

------- ------- --------- ----------

A A T SELECT

dev1 > revoke select on a.t a;

Revoke succeeded.

dev1 > conn a/a.

Connected.

dev1 > grant select on t for one;

Grant select on t for a

*

ERROR on line 1:

ORA-01749: you cannot GRANT/REVOKE privileges to yourself

To reverse the invalid grant, you can use something like this to generate a script:

Select "revoke". privilege: ' on ' | conceding |'. ' ||

table_name |' a ' | dealer | « ; »

of dba_tab_privs

where dealer = constituting;

Or you can use a similar query in an anonymous block, immediate use of execute to execute the revoke command. The user will have full privileges on the objects that they own.

John

Grant privileges on the index

Hello
I'm looking to try to manage the security of some object on the Oracle DB 12 c, and I came to the objects of the index.
After watching the magical view: V$ OBJECT_PRIVILEGE, I came across the EXECUTE privilege on the index:
Select * from v$ object_privilege where object_type_name = 'INDEX ';
However, after the creation of some index of test, I could not be able to set this privilege on roles and actors, get this error all the time:

SQL error: ORA-04042: procedure, function, package, or package body does not exist
04042 00000 - "procedure, function, package, or package body there is no.
* Cause: Trying to access a procedure, function, package, or package body
It does not exist.
* Action: Make sure that the name is correct.
I'm sure that the name is correct in the index. So, this privilege makes no sense? What is his purpose on this point of view?
Kind regards
David

documentation: https://docs.oracle.com/database/121/DBSEG/authorization.htm#DBSEG99910

On the privileges of the object

A privilege object grants permission to perform a specific action on a specific schema object.

There are privileges different object for different types of schema objects. The privilege to delete rows in the departments table is an example of a privilege of the object.

Some schema objects, such as clusters, indexes, triggers and database links, do not associate the object privileges. Their use is controlled with access privileges. For example, to change a cluster, a user must own the cluster or have the ALTER ANY CLUSTER system privilege.

On the view v$ object_privilege.

Select * from v$ object_privilege

where object_type_name = 'INDEX ';

OBJECT_TYPE_NAME OBJECT_TYPE_ID PRIVILEGE_ID PRIVILEGE_NAME

32 12 INDEX RUN

The interesting thing here is the ID of the object type.

The object type 1 is an index.

Object type 32 is put in correspondence with an INDEX_TYPE. This privilege is the privilege to execute for a type of index.

Select object_type_name

the system. REPCAT$ _OBJECT_TYPES

where object_type_id = 32;

OBJECT_TYPE_NAME

INDEX TYPE

Privileges on falling object

Similar Questions

Prerequisites

Schema objects

On the privileges of the object

Maybe you are looking for