This question already has answers here:
How to replicate schema with the same privileges of an existing account in oracle?
(2 answers)
Closed 10 months ago.
I have 2 user A and B. They all have some privileges of their own.
Now, i want to give all A's privileges to B.
Is there any way (instantly,...) to do that but write a script to give that grant for each user (by select from USER_SYS_PRIVS - i mean when i have a lot of privileges, it seems impossible to be done!?)?
Thanks in advance!
You can try something like this:
Get all privileges from AAA
SELECT DBMS_METADATA.GET_GRANTED_DDL('ROLE_GRANT','AAA') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('SYSTEM_GRANT','AAA') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('OBJECT_GRANT','AAA') FROM DUAL;
Change the DDL commands with the user 'BBB' and execute.
Or
expdp userid=system directory=DATA_PUMP_DIR dumpfile=AAA.dmp schemas=AAA
impdp userid=system directory=DATA_PUMP_DIR dumpfile=AAA.dmp
Related
This question already has an answer here:
How can i see if an owner has permissions to execute a Store Procedure in Oracle
(1 answer)
Closed 3 years ago.
For a business need, I've tried to get the list of (users, roles, ..) whom have a privileges (execute, debug, ...) on an Oracle procedure on an Oracle database.
Firstly, I've tried to check its script creation but they didn't exist.
Now I want to get the query which can retreive me this information.
Simply, this query can be executed to get the needed result:
SELECT * FROM DBA_TAB_PRIVS
WHERE OWNER = 'OFFER'
and table_name ='PROC_NAME';
A procedure itself doesn't have any "privileges"; they are granted to user or to role.
The only privilege granted on a procedure is EXECUTE.
This question already has answers here:
Grant Select on all Tables Owned By Specific User
(5 answers)
Closed 5 years ago.
I am trying to give schema permissions on all tables in a single instance.
For example, I am in Schema A, and I need to access the tables in Schema A from Schema B.
I tried to grant select on A. * to B and I am getting an invalid table name.
Any idea why I'm getting this error?
Afaik, there's not a direct way to do this. The easiest shortcut I know is to run something like
select 'grant select on A.' || table_name || ' to B;'
from user_tables;
And then copy/paste the results and run that.
As system user, I created a new user and grant him dba privileges : GRANT dba TO user_bdda_adminProjet
I'm trying to look into the DBA_ROLE_PRIVS table into a trigger (I didn't paste all my code, feel free to tell me if it's necessary) :
CREATE OR REPLACE TRIGGER my_trigger
INSTEAD OF
INSERT ON vueEnquete
FOR EACH ROW
DECLARE
tmp int;
BEGIN
SELECT COUNT(*) INTO tmp FROM DBA_ROLE_PRIVS;
...
...
END;
/
But when I try to execute this script, I got the following errors :
Erreur(6,3): PL/SQL: SQL Statement ignored
Erreur(6,39): PL/SQL: ORA-00942: table or view does not exist
Looking at different forums, I found that the problem is in general that the user don't have rights to the table.
But when I execute, as my user user_bdda_adminProjet the following line alone (out of a trigger), it works perfectly
SELECT COUNT(*) FROM DBA_ROLE_PRIVS;
Moreover, if I just comment the line in my trigger, it executes without any errors, so I guess the error is specifically at this line.
Thanks in advance for your help and feel free to tell me if you need any further info.
dba is a role, not a privilege.
Privileges obtained through a role are not "active" in PL/SQL. You need to grant the select privilege on the DBA_ROLE_PRIVS directly to the user.
This question already has an answer here:
Allowing a users to select from a table
(1 answer)
Closed 8 years ago.
I am trying to grant a role to another user in Oracle. although I got : grant succeeded, it doesn't appear that the user got the role, can anyone help ?
SQL> select * from students;
no rows selected
SQL> Grant select on students to C##reine;
Grant succeeded.
SQL> disconnect
Disconnected from Oracle Database 12c Release 12.1.0.1.0 - 64bit Production
SQL> connect
Enter user-name: C##reine
Enter password:
Connected.
SQL> select * from students;
select * from students
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL>
I'm sure user C##reine has the role. If you log in as C##reine and try the following query you should see it:
SELECT * FROM User_Tab_Privs
WHERE Table_Name = 'STUDENTS';
The problem is that the table is in another schema, so C##reine needs to alias the table when querying (note that a comment posted after this answer provided the actual schema name):
SELECT * FROM C##jad.students;
To make the table visible to the user without aliasing, try this:
-- As user C##reine
CREATE SYNONYM STUDENTS FOR C##jad.STUDENTS;
User C##reine will need to have the CREATE SYNONYM system privilege.
The user needs to qualify the table with its owner schema:
select * from xyz.students
I have two users Bob and Alice in Oracle, both created by running the following commands as sysdba from sqlplus:
create user $blah identified by $password;
grant resource, connect, create view to $blah;
I want Bob to have complete access to Alice's schema (that is, all tables), but I'm not sure what grant to run, and whether to run it as sysdba or as Alice.
Happy to hear about any good pointers to reference material as well -- don't seem to be able to get a good answer to this from either the Internet or "Oracle Database 10g The Complete Reference", which is sitting on my desk.
AFAIK you need to do the grants object one at a time.
Typically you'd use a script to do this, something along the lines of:
SELECT 'GRANT ALL ON '||table_name||' TO BOB;'
FROM ALL_TABLES
WHERE OWNER = 'ALICE';
And similar for other db objects.
You could put a package in each schema that you need to issue the grant from which will go through all call each GRANT statement via an EXECUTE IMMEDIATE.
e.g.
PROCEDURE GRANT_TABLES
IS
BEGIN
FOR tab IN (SELECT table_name
FROM all_tables
WHERE owner = this_user) LOOP
EXECUTE IMMEDIATE 'GRANT SELECT, INSERT, UPDATE, DELETE ON '||tab.table_name||' TO other_user';
END LOOP;
END;
There are many things to consider. When you say access, do you want to prefix the tables with the other users name? You can use public synonyms so that you can hide the original owner, if that is an issue. And then grant privs on the synonym.
You also want to plan ahead as best you can. Later, will you want Frank to be able to access Alice's schema as well? You don't want to have to regrant privileges on N number of tables. Using a database role would be a better solution. Grant the select to role "ALICE_TABLES" for example and when another user needs access, just grant them privilege to the role. This helps to organize the grants you make inside the DB.
Another solution if you have different owner:
BEGIN
FOR x IN (SELECT owner||'.'||table_name ownertab
FROM all_tables
WHERE owner IN ('A', 'B', 'C', 'D'))
LOOP
EXECUTE IMMEDIATE 'GRANT SELECT ON '||x.ownertab||' TO other_user';
END LOOP;
END;