problem users, roles and privileges!
Hello worldI use oracle 10.2.0.
I have a (dba1) user who is the owner of the tables in my database. I have connected to sqlplus as sysdba and created the admin role < b > < /b > and granted the admin privileges.
SQL> grant all privileges to admin;
Grant succeeded.
SQL>
Then I gave the admin < /b > < b > user dba1 role:SQL> grant admin to dba1;
Grant succeeded.
I created another role, sel_role and gave privileges to select tables. For example:SQL> grant select on kund to sel_role;
Grant succeeded.
Now, I created another user, Anton and gave this user the sel_role role:grant sel_role to Anton;
Grant succeeded.
Now when I try to login as anton and try to use the select statement that is given to Anton by sysdba, using the sel_role, to select the kund table, I get an error:SQL> connect anton/oracle
Connected.
SQL> select * from kund;
select * from kund
*
ERROR at line 1:
ORA-00942: table or view does not exist
What could be the solution to this problem?Thanks in advance
Oops, has nothing to do with provoleges. Kund table is not owner by user anton, right? Therefore, you must perfix with the owner, that is, based on "I have a (dba1) user who is the owner of the tables in my database", dba1. Then issue:
Select * from dba1.kund;
SY.
Tags: Database
Similar Questions
-
Roles and privileges, I'm really confused, 1st edition
I'm having some trouble with the privileges assigned through roles. I read a few articles on the topic, but I'm still confused. I have actually some problems and I am speaking to them in two separate threads: this one and 'roles and privileges, I'm really confused, 2nd edition.
To begin with, I am familiar with the following statement.
, The owner of the schema containing the view must have the necessary privileges to either select, insert, update, or delete rows from all tables or views on which the opinion is based. The owner must be granted these privileges directly, rather than a role.
Here's what's happening.
I have a role, say ROLE1 has the privilege of system CREATE SEQUENCE (without the GRANT OPTION) are attributed to him. I then set ROLE1 User1 (it's just a dummy user and a role, if they conflict with reserved roles or accounts, they are not the real names of role and the user that I use). User1 has also created a package in its schema that calls a SEQUENCE to CREATE breast in a package procedure.
When the user runs the package procedure we get an insufficient privileges error. When we do a SELECT * FROM SESSION_PRIVS the CREATE SEQUENCE privilege is listed; This should mean that the user can create a sequence, right? However, when the privilege is assigned directly to the user directly to the user, not by a role, the statement runs without error.
I don't understand this. The user has the CREATE SEQUENCE privilege through the role, verified by the SESSION_PRIVS table (or view), but is not able to create the sequence, unless this privilege is assigned directly to the user - if this is true, that I seem to contradict the purpose of having roles.
Anyway, anyone know how I can get it to work properly?DBelt wrote:
We are talking about all rights of the DEFINER vs applicant rights. I won't use the rights of the appellant, I like the guarantee of the rights of the author. WO what should I do to get things to work with the rights of the author?Grant privilege explicitly to the user, not a role.
-
Cannot run script queued for roles and privileges
Hi all;
I'm recreating a u1 user and also try to attempt to define the roles and privilege from the file put on hold.
but I get the error message.
$ cat f1.sql
GRANT CONNECT to u1
Grant RESOURCE to u1
Grant CREATE SESSION to u1
Grant UNLIMITED TABLESPACE to u1
Grant CREATE TABLE to u1
Grant CREATE ANY TABLE to u1
Grant CREATE the CLUSTER to u1
Grant CREATE SYNONYM to u1
Grant CREATE VIEW to u1
Grant CREATE SEQUENCE to u1
Grant CREATE ANY SEQUENCE to u1
Grant CREATE DATABASE LINK to u1
Grant CREATE PROCEDURE for u1
Grant CREATE TRIGGER to u1
Grant CREATE TYPE U1
GRANT CREATE OPERATOR to u1
Grant CREATE INDEXTYPE U1
SYS > create the u1 user identified by u1;
Created by the user.
SYS > @f1.sql;
5
DB version is 11.2.0.1 on redhat 4.7
Thank you
Where are you semicolons? Each command must end with a semicolon.
Hemant K Collette
-
A query involving roles and privileges.
I am trying to create the following query:
Given a table (or view) and a user, I wish that the query to list all the ways of the roles with which the user has been granted given privilege (for example "SELECT") to the selected table. The path will look something like
TABLE = > ROLE1 = > ROLE2 = > 3 = > USER
If the user only has the right to SELECT on the table that the query will return well on lines. If there is more than one path through which the user gets the privilege, then the query returns multiple lines.
Can someone help please
GeorgeHi, Girard,.
Sorry, I can't reproduce the problem. I get ouptut like this:
PATH -------------------------------------------------------------------------------- DBA_TS_QUOTAS => SELECT_CATALOG_ROLE => DBA => FUBAR DBA_TS_QUOTAS => SELECT_CATALOG_ROLE => FUBAR DBA_TS_QUOTAS => SELECT_CATALOG_ROLE => EXP_FULL_DATABASE => DBA => FUBAR DBA_TS_QUOTAS => SELECT_CATALOG_ROLE => IMP_FULL_DATABASE => DBA => FUBAR DBA_TS_QUOTAS => SELECT_CATALOG_ROLE => OLAP_DBA => DBA => FUBAR
Message from the query that you run in fact, even if you copied it just of my message. There may be an error in editing.
All the names within quotation marks are correctly capitalized?
This query works for any table and the user? Try on a few cases where you know exactly why (or at least a reason why) a certain user has privileges on a table of some.What system user privileges GEO2 there? View the results of
SELECT privilege FROM dba_sys_privs WHERE grantee = 'GEO2' ;
This doesn't apply right now, but remember that the name you may know a synonym. The view used in this query, dba_role_privs, and dba_tab_privs, only covers the real table names. DBA_SYS_PRIVS is a synonym, but it happens be the actual name of the display also, so, as I said, which is not causing your current problem. Just keep in mind if you use the data dictionary views that contain $ in their names.
Published by: Frank Kulash, 17 December 2010 15:34
I just saw your discussion with Justin; I see you have already posted the system privileges.
I guess that any role GEO2 has, directly or indirectly, might have a privilege of system as SELECT ANY DICTIONARY.
What happened to you?WITH all_roles AS ( SELECT granted_role , SYS_CONNECT_BY_PATH (granted_role, '/') AS path FROM dba_role_privs START WITH grantee = 'GEO2' CONNECT BY grantee = PRIOR granted_role ) SELECT r.granted_role , r.path , p.privilege FROM all_roles r JOIN dba_sys_privs p ON r.granted_role = p.grantee WHERE privilege LIKE 'SELECT ANY%' ;
Published by: Frank Kulash, 17 December 2010 15:47
-
Trying to auto generate roles and privileges
Hello all,.
Oracle 11g v11.2.0.1.0 on Windows Server 2008 Enterprise
I have a database with many schemas. One of the patterns is referred to as the CM_MASTER schema in that it was granted the following: s/n, create user, drop user, alter user, create any table, select any table and a few others, all with the clause "with admin option".
We have developers who need to select only the access to tables and views non-maitre patterns. My plan was to create a unique ROLE for each schema, then grant select on each table and discovers in this scheme to this unique role. Then grant the role appropriate to every developer therefore giving them only read access.
I can accomplish the above manually when you are logged in as the CM_MASTER schema.
I am creating a procedure owned and run by the schema CM_MASTER which creates a new role and then give this role. The procedure accepts a parameter that contains the username of the target schema. The procedure is able to create the role (create a role scott_r) successfully.
However, I get an error of insufficient privileges (see below), after that the role was created, trying to issue the command "grant select on scott.some_table to scott_r" via "immediate execution".
Any ideas, what privilege (s) the user needs CM_MASTER to be able to issue the grant (s) for the role?
Error message below:
exec ('scott') gen_schema_role;
Error report:
ORA-01031: insufficient privileges
ORA-06512: at "CM_MASTER. GEN_SCHEMA_ROLE', line 30
ORA-06512: at line 1
01031 00000 - "insufficient privileges".
The procedure code is below:
Utl_file.put_line commands have been added for debugging, but nothing came out.
When the "immediate execution" lines are commented, the utl_file.put_line command output displays the correct SQL create and grant statements.
create or replace
procedure gen_schema_role (p_db_user in varchar)
as
v_role_name varchar2 (30);
v_bat_out utl_file.file_type;
cursor get_object_names is
Select object_name dba_objects
where owner = upper (p_db_user)
and object_type in ('TABLE', 'SEE')
and status = "VALID".
and object_name not like "DR$ %.
and object_name not like '% XT;
Start
v_bat_out: = utl_file.fopen ('SR_BACKUP', 'Create_Roles.sql', 'W');
v_role_name: = substr (p_db_user, 1, 28). '_r';
UTL_FILE.put_line (v_bat_out, ' ');
UTL_FILE.put_line (v_bat_out, 'create role' | v_role_name);
run immediately "create role" | " v_role_name; < <-this seems to work, the role is created
for a get_object_names in
loop
UTL_FILE.put_line (v_bat_out,' grant select on ' | p_db_user |) '.' || a.object_name | « à » || v_role_name);
run immediately ' grant select on "| p_db_user | '.' || a.object_name | « à » || v_role_name;
end loop;
UTL_FILE.fclose (v_bat_out);
end gen_schema_role;
Thank you
SnydsHello
It seems that CM_MASTER needs to GRANT any OBJECT PRIVILEGE.
And this should be given directly to him (not by the role DBA, which you shouldn't use anyway)
My guess is, however, that this will not work unless scott has actually created his own one or more tables.
Concerning
Peter -
vCenter roles and privileges to migrate virtual machines
I created a custom role named 'Build VMs' that I have assigned to an ad group. This role is assigned in the data centers, all spread and no. folder where elsewhere. The role was designed to allow a specific group of users to manage virtual machines (create, move, delete, but not clone, etc.).
For the most part, it works fine, but I have a problem: they cannot migrate powered off VMs. vMotion is available and works, but I need to move a cluster virtual machines to a different (more old hw & 3.5 to new hw & 4.1).
The role has the following privileges:
Name Id
---- --
Anonymous System.Anonymous
View System.View
Read System.Read
Create the folder Folder.Create
Allocate space Datastore.AllocateSpace
Update of virtual machine files Datastore.UpdateVirtualMachineFiles
Configure Network.Config
Affect the Network.Assign network
Change DVSwitch.Modify
Operation of DVSwitch.PortConfig port configuration
Setting of port DVSwitch.PortSetting operation
Change DVPortgroup.Modify
Create the virtual machine Host.Local.CreateVM
Reconfigure the virtual machine Host.Local.ReconfigVM
Create new VirtualMachine.Inventory.Create
Create existing VirtualMachine.Inventory.CreateF...
Register VirtualMachine.Inventory.Register
Delete VirtualMachine.Inventory.Delete
Unregister VirtualMachine.Inventory.Unregister
Move VirtualMachine.Inventory.Move
Power VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.PowerOff power off
Suspension VirtualMachine.Interact.Suspend
Discount to zero VirtualMachine.Interact.Reset
Question answer VirtualMachine.Interact.AnswerQu...
Console interaction VirtualMachine.Interact.ConsoleI...
Device connection VirtualMachine.Interact.DeviceCo...
Configure support CD VirtualMachine.Interact.SetCDMedia
Configure floppy media VirtualMachine.Interact.SetFlopp...
VMware Tools install VirtualMachine.Interact.ToolsIns...
Buy tickets to control comments VirtualMachine.Interact.GuestCon...
Defragmentation of disks all VirtualMachine.Interact.Defragme...
Turn on the VirtualMachine.Interact.CreateSe of fault tolerance...
Disable VirtualMachine.Interact.TurnOffF of fault tolerance...
Test failover VirtualMachine.Interact.MakePrimary
Restarting the VM VirtualMachine.Interact.Terminat secondary...
Disable VirtualMachine.Interact.DisableS of fault tolerance...
Enable fault tolerance VirtualMachine.Interact.EnableSe...
Record session on Machine virtual VirtualMachine.Interact.Record
Review the session on virtual computer VirtualMachine.Interact.Replay
Backup operation on a virtual machine VirtualMachine.Interact.Backup
Create a screenshot VirtualMachine.Interact.CreateSc...
Rename VirtualMachine.Config.Rename
Add a disk existing VirtualMachine.Config.AddExistin...
Add the new disk VirtualMachine.Config.AddNewDisk
Remove the VirtualMachine.Config.RemoveDisk disc
Raw device VirtualMachine.Config.RawDevice
Host VirtualMachine.Config.HostUSBDevice USB device
Change the number of CPU VirtualMachine.Config.CPUCount
Memory VirtualMachine.Config.Memory
Add or remove devices VirtualMachine.Config.AddRemoveD...
Change the settings of the device VirtualMachine.Config.EditDevice
Parameters VirtualMachine.Config.Settings
Change resources VirtualMachine.Config.Resource
Updating of the virtual hardware VirtualMachine.Config.UpgradeVir...
Reset the VirtualMachine.Config.ResetGuest customer information...
Advanced VirtualMachine.Config.AdvancedCo...
Lease of disk VirtualMachine.Config.DiskLease
Swapfile placement VirtualMachine.Config.SwapPlacement
Extend the virtual disk VirtualMachine.Config.DiskExtend
Change disk monitoring VirtualMachine.Config.ChangeTrac...
Unlock the virtual machine VirtualMachine.Config.Unlock
Queries files without owner VirtualMachine.Config.QueryUnown...
Reloading the way VirtualMachine.Config.ReloadFrom...
Compatibility VirtualMachine.Config.QueryFTCom of the fault tolerance of queries...
Customize the VirtualMachine.Provisioning.Cust...
Promote records VirtualMachine.Provisioning.Prom...
Deploy the model of VirtualMachine.Provisioning.Depl...
Clone model VirtualMachine.Provisioning.Clon...
Mark as virtual machine VirtualMachine.Provisioning.Mark...
Read about the customization VirtualMachine.Provisioning.Read...
Edit the VirtualMachine.Provisioning.Modi customization specifications...
Allow access to the disk VirtualMachine.Provisioning.Disk...
Allow access to the read-only disc VirtualMachine.Provisioning.Disk...
Assign the virtual machine resources... Resource.AssignVMToPool
Migrate from Resource.HotMigrate
Query vMotion Resource.QueryVMotionIt is the main thing I thought it would take to a simple move of a virtual machine while it is turned off:
Name Id
---- --
Move VirtualMachine.Inventory.MoveI gave to create a folder because some of the permissions were not yet allowing the creation of virtual machines, even though it probably isn't necessary.
Any ideas?
~ Luc
http://thephuck.comWhat happens if you add resources > permission to move?
-
Roles and privileges of the sys schema default APPS
Dear all
What are all the privileges system & roles should be there, and unlimited tablespace should be there?
Guru cleared my doubt that DBA should not be there for apps schema. but I need information please.
Thank you and best regards,
Apps user must have quota access on the following storage spaces:
APPS_TS_ARCHIVE
APPS_TS_INTERFACE
APPS_TS_MEDIA
APPS_TS_NOLOGGING
APPS_TS_QUEUES
APPS_TS_SEED
APPS_TS_SUMMARY
APPS_TS_TX_DATA
APPS_TS_TX_IDX
APPS_TS_TX_INTERFACE
You can use this command for the applications of the user to have unlimited quotas on the tablesapces above - alter apps on
unlimited user quota. Thank you
Hussein
-
Enter the user groups and privileges in labVIEW
Hey Gang,
We are developing an application in LV 2010 where we need to control user access to the parts of the application. This application will be installed on about 50 machines. It dept can assign users to one or more of the three special groups to manage permissions through Windows. I need to be able to read what the current user belongs to groups by programming LabVIEW. I know that this can be done in Teststand, but we do not use that.
I know how to get the user name of the application object, but we have to manage our own list of privileges on the network somewhere and we do not want to do that.
I saw here in the DevZone that someone posted a DLL that return a Boolean value if the user is an administrator, and who has come close, but do not do.
I hope that we don't need to dig into the programming to do this Windows System. It seems that someone would have done this before.
Any help is appreciated!
Roger
Ready to deal with a .NET solution? The joint assumes that you are in an environment Active Directory. NOTE: This requires .NET 3.5.
-
I created a user and the roles to access the tables.
SQL > create role trans_role;
SQL > grant select, insert, delete, update on pmms.table1 to trans_role;
SQL > grant select, insert, delete, update on pmms.table2 to trans_role;
SQL > grant trans_role User1, User2.
SQL > grant connect User1, User2.
But there is error when user1, user2 connected and tried to select tables.
SQL > select * from pmms.table1;
Select * from pmms.table1
*
ERROR on line 1:
ORA-00942: table or view does not exist
SQL >Hello
don123 wrote:
... I know that the password is case sensitive but I don't know if username is also case sensitive in oracle? ...
Yes, the user names are case-sensitive in Oracle. "User1" is not the same user name "user1".
(Passwords are case-sensitive in Oracle 11.1 and upward, not in earlier versions.)
-
Problem user HotSync and backup
Hello! I'm having a little trouble with the hotsync process and can't find anything relevant in the troubleshooting pages.
He was not used to do this, but,.
N ° 1: every time I hotsync, the computer asks me to assign a new user name or identify the user
No. 2: he then began to reinstall ALL my files that are already on the Palm of the computer toward the palm and card
N ° 3: it gets stuck on a file somewhere near the end of the process, and that the computer answers 'Cancel '. The palm cancels and prompts a reset, but only about 10 minutes after tapping "Cancel".
If someone can give an explanation or point me to the thread, I sure would appreciate it.
By renaming the backup folder, you have saved the file to a different name, so if you need you can always get it and it is not completely removed, but since it is renamed, it is not connected to your user name so it is not placed on your palm.
See if you find the graffiti folder in the backup folder and rename as well.
Let me know if you can sync without problems now.
Message relates to: Tungsten E2
-
How to hide users (roles and organization) list from a user in IOM
Hello
Admin (xelsysadm) has created a user to IOM. Now, if this user is connected to the IOM Self Service (http:// < url > / identity), he can see other users in his organization, as well as the list of roles, role categories, organizations, etc. I have an obligation to hide all links in the administration of the end-user. At present, it has the role of "All Users" and has no admin role, but can see all these links administration. What should I do to hide these links to the end-user? Should we delete the role of "All Users", or assign another role, or do something in law, or in the access policy?
Thank you.You can write EL condition on visible (or display the component property) Administration menu item: #{oimcontext.currentUser.roles ['SYSTEM ADMINISTRATORS']! = null}
Visit this link on the writing of EL http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/uicust.htm#BABHBFGH
-
User roles and access right to the portal
the friends that I need your help include a senario application
Another company has developed some apex application and there are some groups that is created in oracle portal name super_admin, admin, etc.
The challenege that I face, is that my username has received by super_admin group so I'm able to see all the pages developed pursuant to the apex
But when I try to connected in the application by other users, which is having only administrator privileges I can't see all of the pages and tabs which I am able to see using super_admin group.
In the apex where I see users who are defined in groups to find out what privileges, they got.
Currently I see the homepage of the Summit and on the right side of it manage explicit users of the application, but under the present, only admin users did not others.
I will be really thankful to you people, if you could help me find the solution to this goal.
Thank you
ADIHello Adi,
You can the authorisation schemes re-branded to the individual components like tabs as well.
So you could check if there is some.Merry Christmas, Tine.
-
Role and authorization in VC for each user
Hello world
I want to pull-out user role and permissions for all users exist in the VC findout this privilege they have and that members that they belong and also at what level of Powercli script in csv. Any help on this appreciated.Thank you
vmguyYou want to say that the XML file attached to your previous answer?
Yes, I did. And it is empty (except for the XML framework).
This seems to indicate that the script was not able to retrieve the roles and permissions.
Led me to believe that the 'Get-View Manager' does not work for one reason or the other.
-
Hi, I am using db oracle 10g, sql developer 4.0.2
I create a user called "MED" and he has granted privileges "Role DBA, ALTER SYSTEM, SELECT ON V_$ SESSION."
I export it and then import it again, it will have these privileges or any other privilege I granted him his?
-I do not understand because each user you create, you must grant "create session and select,..." etc", but when I tried after him granting the privileges above,.
I found it can establish a connection and can choose, but cannot select session $ v for example (as I remember)!
What is the role here please? and what do I do to import the user with privileges, I give him?
Thank you
Hello
Export will retrieve roles and privileges of access granted to a user. However, it will not extract direct subsidies to the system objects. So in your case, all will be loaded by import outside the selection on v_$ session
see you soon,
rich
-
Export / import tablespace with all objects (data, users, roles)
Hi, I have a problem or a question to the export of the section / import tablespace.
On the one hand, I have a database 10g (A) and on the other hand, an 11g database (B).
At there is a tablespace called PRO.
Also 3 users:
PRO_Main - contains the datas - space PRO
PRO_Users1 with a PRO_UROLE - professional role
PRO_Users2 with a PRO_UROLE - professional role
Now, I want to transfer the tablespace set PRO (included users PRO_MAIN, PRO_USER1, PRO_User2 and PRO_UROLE role) from A to B.
On B, I created the user PRO_Main and the tablespace PRO.
On A, I run suite statement:
expdp TABLESPACES PRO_Main/XXX DIRECTORY PRO = DUMPFILE TSpro.dmp LOGFILE = backup_datapump = = TSpro.log
B:
Impdp TABLESPACES PRO_Main/XXX DIRECTORY PRO = DUMPFILE TSpro.dmp LOGFILE = backup_datapump = = TSpro.log
Result:
The user PRO_Main has been imported with all data.
But miss me PRO_USER1, PRO_User2 and PRO_UROLE role...
I guess, I've used wrong settings in my experienced and / or impdp.
Would be nice, if someone can give me a hint.
Thanks in advance.
Best regards
FrankWhen you perform an export of TABLESPACE mode by simply specifying tablespaces, then everything gets exported are tables and dependent objects. Users, roles, and tablespace definitions themselves don't get exported.
When you perform a SCHEMA mode export by specifying the schemas, you will get the schema definitions (if the schema running export is privied) and all of the objects that has the schema. The schema is not owner of roles or tablespace definitions.
In your case, you want to move
1 patterns - that you have already created 1 on your target database
2. the roles
3 all in the storage spaces belonged to several patterns.There is not 1 import/export command that will do that. This is how I could do this:
1. move the schema definitions
a. you can either create them manually or
B1. expdp schemas =include = user
impdp B2 b1 results.2 transfer the roles
complete expdp = include = role...
don't forget, this will include all the roles. If you want to limit what is exported, use:
include = role: "in (" ROLE1","ROLE2", etc.).
impdo roles come to export3. move the user information
a. If you want to move all the objects in the diagram as functions, packages, etc., then you need to use a schema view
Export
patterns of username/password expdp = a, b, c...
b. If you want to move only the objects in these storage spaces, and then use the export of tablespace
expdp username/password = tbs1 storage spaces, tbs2,...c. import the dumpfile generated in step 3
Impdp username/password...I hope this helps.
Dean
Maybe you are looking for
-
My iPad has been removed from secure devices!
I received an email telling me that my iPad has been removed from my list of secure devices. Apparently, if I read correctly, because it "has been DELETED." But my iPad has NOT ERASED! I connected to my Apple ID page and restored my iPad to my secu
-
ac635tu: upgrade RAM in HP 15-ac635tu
The upgrade of RAM the HP PC laptop 15-ac635tu, because the tour does not access RAM slot on the bottom window. Any repair with illustrations on properly disassemble the laptop will help me much... The specification states that the Tower has an empty
-
How to import a photo online unique genealogy program?
I have already imported unique photos in a genealogy online program by dragging from iPhoto. However, when I drag an image from Photos, I get "there is no file to import" the program online. How can I do this - I don't think that this program has an
-
Pavilion 6000 series: no video on core amd 3
not changed on the old motherboard and processor core amd 3 and no video at all all cables are simply no video at all?
-
My computer is fried. I want to make sure that I can install the Creative Suite 3 on the new computer I buy. I plan to get the same computer as before, a Mac 10.4.11 Tower installed on it.Thank you!