I'm logged in as "SYS as SYSDBA" and am inspecting a user with SQL Developer 21.4.3. The user has some system privileges set:
But the SQL tab does not have any system privileges in the DDL:
Why?
Edit User...find a priv, CHECK (enable) it.
Then click on SQL page -
If you simply want to see EXISTING DDL for a USER including system privileges - open the DBA/Security panel.
Related
I have following commands in a script :
ALTER SESSION SET CONTAINER = orclpdb
ALTER session set "_ORACLE_SCRIPT"=true;
CREATE PROFILE test_profile LIMIT password_life_time unlimited;
CREATE USER test IDENTIFIED BY test123
PROFILE test_profile
while dropping user using:
ALTER SESSION SET CONTAINER = orclpdb;
DROP USER test cascade;
I am getting :
ora-28014 cannot drop administrative users
My first concern is how this test user is getting administrative privilege.
Secondly is there anyway better way to do this.
The reason why the user is becoming ADMIN is due that the fact that you are using the underscore parameter _oracle_script=true
ORA-28014: Cannot Drop Administrative Users (Doc ID 1566042.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=267287602351459&id=1566042.1&_afrWindowMode=0&_adf.ctrl-state=w6ehg2ftt_53
As Oracle states in that document:
Users are considered administrative users when are created using the
script catcon.pl, or in that session the parameter "_oracle_script"
is set to TRUE.
You should not use it when you are creating users or anything else for that matter, unless you need to drop an administrative user, which in that case you have to.
To avoid this, when creating users avoid the use of the _oracle_script parameter altogether.
Three days ago, I created another user, it's ok. Now I create another user, not working. I don't know what I missed.
This time I did:
CREATE USER TESTDB identified by N2dTlOBFRZ9x;
GRANT CONNECT, RESOURCE TO TESTDB;
GRANT CREATE SESSION TO TESTDB;
GRANT UNLIMITED TABLESPACE TO TESTDB;
GRANT CREATE TABLE to TESTDB;
GRANT CREATE VIEW to TESTDB;
I can create a view, named viewTest, save it.
TESTDB viewTest
select * from PRODDB.employee
Then open viewTest, it says insufficient privileges.
I have another user. let's call it PRODDB. This is online database
The user I created 3 days ago, is OKDB.
Today I created one another, TESTDB.
In OKDB, I created a view (viewTest) and I can open it.
select * from PRODDB.employee;
But in TESTDB, cannot open.
Thank you for the update! I believe this is a permissions issue.
In OKDB, I created a view and I can open it. select * from
PRODDB.employee;
But in TESTDB, cannot open.
So in this example, there are three users: 1. PRODDB, 2. OKDB, and 3. TESTDB.
The view is named Employee and was created under the PRODDB schema; PRODDB.EMPLOYEE.
If OKDB can query PRODDB.EMPLOYEE, one of two things have to be true. Either: 1. OKDB was granted privileges on PRODDB.EMPLOYEE directly (e.g. grant select on PRODDB.EMPLOYEE to OKDB;), or 2. OKDB has elevated privileges through a role that enables the user to query that view (e.g. grant DBA to OKDB, which will allow OKDB to query any table in the database.)
If TESTDB can't query the view, I would bet that the necessary privileges have not been granted to the user. To fix this, I would recommend checking the privileges and roles that have been granted to the OKDB user and then granting the same privilege(s) to TESTDB. If this is something work related, you may have to work with another DBA if you do not have permission to issue grants.
This is very easy to achieve in SQL Developer, but somehow I cannot find this option in TOAD.
I created a new user, set him a password and now I want to force him to change the password at first logon, due to security policy. Any idea how to do that using GUI / sql statement?
Thanks,
Danijel
open Toad==>Database==>Schema Browser==>swift to User==>right click Alter User
.There is a gui oponion for password expired.Hope useful to you .
I want to create a view in SCHEMA_A using columns from a table LICENSE in SCHEMA_B.
create view SCHEMA_B.V_TEST as
SELECT LICENSE_NUMBER FROM SCHEMA_A.LICENSE L
then
select * from SCHEMA_B.V_TEST
This is giving me "ORA-01031: insufficient privileges" when I try to select from the view as the admin account. (Edit: admin account has SELECT ANY TABLE privileges.) What am I missing?
There is a similar question but the solution has to do with one user granting select to another. Since I'm admin I should have select privilege on both schemas already? However I have tried adding the line "GRANT SELECT ON SCHEMA_A.LICENSE TO admin_account WITH GRANT OPTION" and get the same error.
I think that the creation of the view fails, because schema_b doesn't have select privilege to schema_a.licence. Since you're creating an object in the schema_b, schema_b must have the necessary privilege.
Grant it:
as schema_a (or an DBA - "admin account")
grant select on schema_a.licence to schema_b
then you should be able to create the view and then select from it.
I wanted to create a view that looked something like the following but i keep getting an ORA-01031 - insufficient permission error
create view v_dbinfo as
Select INSTANCE_NAME,HOST_NAME from v$instance;
I can select from v$instance, and create a view from an existing table without any problems.
Any idea on why this is occurring and how i can go about fixing it?
Thanks
I would tend to wager that you have access to V$INSTANCE via a role rather than as a direct grant. If you want to create a view (or reference V$INSTANCE in a definer's rights stored procedure), you would need to have been granted access to the referenced objects via direct grants, not via a role.
In addition, if you intend on granting access to this new view to other users, you will need the access to V$INSTANCE to be granted using the WITH GRANT OPTION clause, i.e.
GRANT SELECT ON v$instance
TO your_user_name
WITH GRANT OPTION;