My user has the following privileges:
`GRANT CREATE SESSION to user1;
GRANT SELECT ANY TABLE to user1;
GRANT SELECT_CATALOG_ROLE to user1;
GRANT SELECT ANY DICTIONARY to user1;
GRANT SELECT ANY SEQUENCE to user1;
GRANT EXECUTE ANY TYPE to user1;
GRANT ALTER SESSION to user1;`
I can't get the package body runnig the following query from user1:
SELECT owner, name, text, line FROM sys.DBA_source WHERE type='PACKAGE BODY'
AND owner NOT IN ('SYS') AND owner = 'USER2' AND name = 'MY_PKG'
But when I run a query from another user who has all the privileges, I can get the package body.
This issue was reproduced only on one server (Oracle 10.2.0.4).
Tell me please what privileges are missing. Or if it's not about privileges, tell me what to do to make it work.
Related
Hello How I can Create Roles with
ReadOnly(Select any Tables under the tablespace)
And
InsertUpdateRoleOnly(To insert and update Data ,not delete)
Under My tablespace with local access this users?
Tables are owned by someone. The owner grants privileges to other users or to roles; in your case, it'll be a role. As the role doesn't depend on a tablespace (you mentioned), you'd create it as simple as
create role r_read_only;
Then, the owner would grant SELECT privilege on its tables to that role, e.g.
grant select on emp to r_read_only;
grant select on dept to r_read_only;
Such a role would be granted to other users, e.g.
grant r_read_only to littlefoot;
and user littlefoot will be able to select from those tables.
The same goes for your another role, no difference:
create role r_upd_ins;
grant insert, update on emp to r_upd_ins;
grant r_upd_ins to bigfoot;
Privileges cannot be granted at the tablespace level. You must grant privileges to specific tables. e.g:
create role read_data_role;
grant select on [owner].[table_name] to read_data_role;
create role update_data_role;
grant insert, update on [owner].[table_name] to update_data_role;
grant read_data_role, update_data_role to [username];
I am trying to run below query in oracle db .
a. GRANT UPDATE ON MIC_COMMON_AT.SHL_PRODUCERS TO MIC_READWRITE_AT;
This query does not give any error and says GRANT SUCCEEDED.
b. But when I run below query to check this grant in sys.all_tab_privs for the role, to which this grant should have been added, it gives me 0 rows
SELECT * FROM sys.all_tab_privs
WHERE GRANTEE = 'MIC_READWRITE_AT';
I am not sure why the required grant for role(MIC_READWRITE_AT) is not getting inserted in sys.all_tab_privs table (query b returning 0 rows) - even though grant query for that role seems to execute successfully without any error (query a).
The user with which I am executing this query has been given dba role as default role, as well as it has the system privilege of 'GRANT ANY OBJECT PRIVILEGE' AND "GRANT ANY PRIVILEGE'.
What am I missing here?
all_tab_privs only includes object grants for which the current user is the object owner, grantor, or grantee. It won't show you grants on objects in other schemas. Try using the dba_tab_privs view instead.
I create user A and B with system admin
-- CREATE USER1 SQL
CREATE USER USERA IDENTIFIED BY 123456 ;
GRANT CREATE SESSION TO USERA;
CREATE USER USERB IDENTIFIED BY 123456 ;
GRANT CREATE SESSION TO USERB;
and set Privileges to USERA
-- SYSTEM PRIVILEGES USERA
GRANT CREATE TABLE TO USERA;
GRANT DELETE ANY TABLE TO USERA;
GRANT GRANT ANY PRIVILEGE TO USERA;
and create table by USERA
CREATE TABLE tableA
(ID VARCHAR2(5)
, DATA VARCHAR2(20) );
and create Privileges to USERB by USERA set select tableA
GRANT SELECT ON tableA to USERB;
but USERB can't select tableA
ERROR:ORA-00942: table or view does not exist
How do I solve the problem?
If you don't specify the owner for a table, Oracle will assume the owner is the current user.
select * from usera.tablea;
To avoid this issue, it's usually recommended to create a local synonym (owned by userb):
create synonym userb.tablea for usera.tablea;
Now, userb can query the table:
select * from tablea;
I'm wondering if there's a way to set up a user with dba-like read-only privileges.
In my use-case, I'm trying to fetch some data from of schema from SYS.ALL_ARGUMENTS table.
I'm using this statements to create my user:
CREATE USER bbb IDENTIFIED BY bbb;
/
GRANT CREATE SESSION TO bbb;
/
grant select any table to bbb WITH ADMIN OPTION;
/
grant select on SYS.ALL_ARGUMENTS to bbb;
when I try to run the following statement to fetch data of HR schema:
SELECT * FROM SYS.ALL_ARGUMENTS a WHERE a.OWNER = 'HR' ORDER BY SEQUENCE;
I get nothing. If I set my user with DBA role or IMP_FULL_DATABASE role, i manage to get this data but then my user has privileges I don't want him to have.
Privilege SELECT ANY TABLE does not include dictionary views. Run
GRANT SELECT ANY DICTIONARY TO bbb;
in order to grant full read access.
When I'm querying a table in schema C from schema A, I'm getting ORA-01031: insufficient privileges and when I'm querying the same table from schema B, I'm getting ORA-00942: table or view does not exist. On the table neither of the schemas are having any privileges. Why am I getting different error messages in this case?
You may get ORA-01031: insufficient privileges instead of ORA-00942: table or view does not exist when you have at least one privilege on the table, but not the necessary privilege.
Create schemas
SQL> create user schemaA identified by schemaA;
User created.
SQL> create user schemaB identified by schemaB;
User created.
SQL> create user test_user identified by test_user;
User created.
SQL> grant connect to test_user;
Grant succeeded.
Create objects and privileges
It is unusual, but possible, to grant a schema a privilege like DELETE without granting SELECT.
SQL> create table schemaA.table1(a number);
Table created.
SQL> create table schemaB.table2(a number);
Table created.
SQL> grant delete on schemaB.table2 to test_user;
Grant succeeded.
Connect as TEST_USER and try to query the tables
This shows that having some privilege on the table changes the error message.
SQL> select * from schemaA.table1;
select * from schemaA.table1
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> select * from schemaB.table2;
select * from schemaB.table2
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL>
ORA-01031: insufficient privileges happens when the object exists in the schema but do not have any access to that object.
ORA-00942: table or view does not exist happens when the object does not exist in the current schema. If the object exists in another schema, you need to access it using .. Still you can get insufficient privileges error if the owner has not given access to the calling schema.
for ORA-01031: insufficient privileges. Some of the more common causes are:
You tried to change an Oracle username or password without having the appropriate privileges.
You tried to perform an UPDATE to a table, but you only have SELECT access to the table.
You tried to start up an Oracle database using CONNECT INTERNAL.
You tried to install an Oracle database without having the appropriate privileges to the operating-system.
The option(s) to resolve this Oracle error are:
You can have the Oracle DBA grant you the appropriate privileges that you are missing.
You can have the Oracle DBA execute the operation for you.
If you are having trouble starting up Oracle, you may need to add the Oracle user to the dba group.
For ORA-00942: table or view does not exist. You tried to execute a SQL statement that references a table or view that either does not exist, that you do not have access to, or that belongs to another schema and you didn't reference the table by the schema name.
If this error occurred because the table or view does not exist, you will need to create the table or view.
You can check to see if the table exists in Oracle by executing the following SQL statement:
select *
from all_objects
where object_type in ('TABLE','VIEW')
and object_name = 'OBJECT_NAME';
For example, if you are looking for a suppliers table, you would execute:
select *
from all_objects
where object_type in ('TABLE','VIEW')
and object_name = 'SUPPLIERS';
OPTION #2
If this error occurred because you do not have access to the table or view, you will need to have the owner of the table/view, or a DBA grant you the appropriate privileges to this object.
OPTION #3
If this error occurred because the table/view belongs to another schema and you didn't reference the table by the schema name, you will need to rewrite your SQL to include the schema name.
For example, you may have executed the following SQL statement:
select *
from suppliers;
But the suppliers table is not owned by you, but rather, it is owned by a schema called app, you could fix your SQL as follows:
select *
from app.suppliers;
If you do not know what schema the suppliers table/view belongs to, you can execute the following SQL to find out:
select owner
from all_objects
where object_type in ('TABLE','VIEW')
and object_name = 'SUPPLIERS';
This will return the schema name who owns the suppliers table.
try to execute this on sql command line:
connect/ as sysdba;
create user b identified by "password";
grant all privileges to b;
and go create a new connection in SQL Developer;
do the same for schema 'c';
and grant privileges for schema 'a' too:
connect/ as sysdba;
grant all privileges to a;
this method fixed the problem for me.
In SQL Developer: Everything was working fine and I had all the permissions to login and there was no password change and I could click the table and see the data tab.
But when I run query (simple select statement) it was showing "ORA-01031: insufficient privileges" message.
The solution is simply disconnect the connection and reconnect.
Note: only doing Reconnect did not work for me.
SQL Developer Disconnect Snapshot
ORA-01031: insufficient privileges
Solution: Go to Your System User.
then Write This Code:
SQL> grant dba to UserName; //Put This username which user show this error message.
Grant succeeded.