If I have already connected to database, and can not see the tablenames, functions, or procedures ...does it mean that I have been granted only Connect By session privilege?
When I use column names #database links it gives me an error that does not describe in details that do I have Select privilage or not. But when I write my function and want to compile it it gives you have not been granted a privilege to create a function.
I cannot see in navBar any buttons of related database that my user has been created in. I tried to do smth from Preferences, then relaunched SQL Developer although the result is the same. Just pure empty colons on the left side of my navbar
Related
I am not able to see Procedure/Function body in package view Oracle SQL Developer connected to Oracle 11g.. Any idea how can I see that
You should be able to see the pacakge body if you press the plus (+) button you had right at the name of your pacakge.
If you don’t see it, two things may be happening, you don’t have the permissions (grants) on the user with which you are connected to the database session or the package body doesn’t exist.
To check if the package body exist you could export the definition,
You should also check if you are connected to the right environment
I am new to oracle and using SQL plus terminal to access oracle DB. I tried to create one function and it returned warning that
function created with compilation error
When I executed show errors it always showing
ERROR:
ORA-00942: table or view does not exist
My function :
create or replace function axsaum.get_name
AS
v_name varchar2(20);
begin
v_name:='Helloooooo';
dbms_output.put_line(v_name);
END;
/
Please suggest.
You have the error message: ORA-00942: table or view does not exist. This means your function contains a reference to a database object which the compiler is unable to associate to a table or view within the scope of the function.
There are several reasons why you might get this.
Your function references a table or view which exists in the schema but you have misspelled its name.
Your function references a table or view which exists in a different schema and you have not prefixed the reference with the owning schema and there is no synonym either.
Your function references a table or view which exists in a different schema but the schema owner has not granted you rights on that object.
Your function references a table or view which exists in a different schema and the schema owner has granted you rights on that object through a role. The Oracle security model means that we cannot build database objects (views, stored procedures, etc) using privileges granted to our account through a role. The privileges have to be explicitly granted to our named account.
The object does not exist in your schema or another.
The first two causes are ones you can fix by yourself. The others would require the intervention of the schema owner, or a power user with admin privileges (such as a DBA).
Now that you've posted your function, we can see that you are referencing an Oracle built-in package, DBMS_OUTPUT. Now that package should be installed and granted as part of a default install. But if you have a non-standard install or have accidentally dropped or revoked something you will need to get the SYS user to run the dbmsotpt.sql script which should fix it. The details are covered in the package's documentation. Find out more.
We have table Transfer Order:
This is the view from admin User.
This is the view of the user to whom I need to give read , write, create and delete access, but the two fields 'To Stockroom' and 'From Stockroom' are not visible to this user.
I have created ACLs like:
how I can make these two fields accessible to some user?
Please help me.
In order to find the specific ACL that is failing the user's request for access, you can simply enable the Debug Security module. Then impersonate the user, visit the record, and scroll down the page. You'll eventually come to a line like this:
This red X indicates that a condition of the ACL was not met. Clicking the ACL (In this case, record/alm_asset.model/write) will take you to the specific security rule. Hovering over the red X will tell you what portion of the ACL was not met; the condition, the script, or the role requirement. That is what you must remedy either in the ACL, or by granting the user the necessary permissions.
I suspect in your case, that the user is able to see the record they're viewing, but does not have access to view the record or table referenced in the reference field. However, only the ACL/security debugger can tell you for sure.
To stop debugging, just click the "stop debugging" module in the app navigator, or log out of ServiceNow.
I'm on Oracle 11g, and I do understand the issue of a 3rd-party grant.
But, given that have user1 creating a view "view1" as Select 'foo' from dual.
Then I grant Select on view1 to user2 and I get this error.
But note the "dual" in the view is not qualified as sys.dual, it's just dual. I would think with a synonym public.dual that the actual "dual" used would be public.dual, not sys.dual, so no 3rd party issue should exist because it's public.
And if sys.dual is the one Oracle assumes in this view, one would think that given the use of dual is common in views, and that granting privs on views to other users is also common--wouldn't thousands of users be reporting this issue?
I do see sporadic posts about this but no real solution except to create another copy of dual for the user creating the view, but this doesn't make sense to me.
Thanks for any help.
After consulting our dbas, the issue is an Oracle "Feature" in 11.2.0.4:
TL;DR verison:
As of v 11.0.4, if your View uses Dual, then you can't grant that View anything but SELECT.
Why would we want to grant a view more than Select? In our case the app vendor packaged their updates in such a way that the database portion of the updates automatically scripted full CRUD grants to the master app-schema on every new object, and this included views, because it was simply easier to script that way. This all worked fine until 11.0.4, when Oracle said/enforced "Hey, you can't do that".
Full version:
(Quoted from Oracle site https://support.oracle.com/epmos/faces/BugDisplay?parent=DOCUMENT&sourceId=1628033.1&id=17994036)
Oracle Database - Enterprise Edition - Version 11.2.0.4 to 11.2.0.4 [Release 11.2]
Information in this document applies to any platform.
SYMPTOMS
After upgrading from 11.2.0.3 to 11.2.0.4, you encounter the following error while executing the "create or replace view" statement:
ORA-01720: grant option does not exist
Views were created before the upgrade and "CREATE OR REPLACE VIEW" had worked fine.
CAUSE
The observed behavior is correct. You will get this ORA-1720 error when REPLACING a view that selects from some other user's tables and both of the following conditions are true:
you have already granted select or other privileges on the VIEW to some other user
the view owner does not have the GRANT option on the tables being selected from (or view owner may have some privilege with grant option but not others)
Development has explained it as follows:
The code was changed in 11.2.0.4 so that create view behavior is similar to grant. If you try to make a GRANT on an existing view and the view owner does not have the grant option, then ORA-1720 is the expected result (even in 11.2.0.3). In 11.2.0.4, we have simply made CREATE VIEW consistent with the GRANT behavior, i.e. if an incompatible grant exists, then the new view definition must not be allowed (even with FORCE). In other words, we do not allow incompatible grants to coexist with the view definition and so an error must be thrown. The behavior in release 11.2.0.3 (and earlier) was incorrect; the new behavior in 11.2.0.4 is intentional and correct.
SOLUTION
To avoid this issue, you can do either of the following:
Remove all grants on the view before REPLACING the view. This will ensure that no incompatible grants exist.
Drop and recreate the view. Dropping the view will automatically remove all grants.
REFERENCES
BUG:17994036 - POST UPGRADE TO 11.2.0.4 CREATE OR REPLACE FAILS WITH ORA-01720
BUG:18024486 - ORA-1720 WHEN CREATING VIEW AFTER TO HAVE UPGRADE FROM 11.2.0.3.0 TO 11.2.0.4.0
With sys (as sysdba ) database user grant the necessary privileges, and after that try yo recreate the view with sys (as sysdba ) database user. This was helpful for me.
Regards,
Vase Tusevski
NOTE: I am note DB Admin and I am not that much in sql server security
I am using MS SQL SERVER 2008R2
What I want to do is to give a user a minimal permissions or just what he required
I have a local user in my windows and I add this user in the logins of the database after that I went to this user in my specific database and try to change his set of permissions but the section is coming empty
why it is coming empty?
and how to do this, I mean giving him the permissions that he just need nothing more?
Please I want to do this from the user interface without T-sql
EDIT
I Just want to give the user read, write, execute nothing more
and also I need to know more about how to control users permissions in more details
A. Set up Read/Write
Go to Security/Logins and find your login, double click it
Go to user mapping, and click on the database that you have access to
In the bottom pane under 'Database Role Membership', tick db_datareader and db_datawriter
This gives the user Login SELECT, INSERT, UPDATE, DELETE
B. Revoke DELETE and grant EXECUTE
Create a role that does this:
Go to your database / Security / Roles
Right click, New / Database Role
Give the role a name, I will use executor for this example and press OK
I don't know how to do the next steps in SSMS, You'll need to do it in T-SQL:
Start a new query in your database
Type this and press F5:
GRANT EXECUTE TO executor;
DENY DELETE TO executor;
Now repeat A3 but select your newly created role, 'executor'
Every new user (or group) that you create needs to be a member of these three roles. The best practice is to add a windows group to SQL Server once, and add users to that windows group.
Lastly test this - I don't know for sure that it works.
With regards to the database user securables:
You have to explicitly populate this list to see what it contains. It doesn't populate automatically. Press Search and search for some objects (i.e. all objects belonging to the schema dbo). Now you have a list of objects in the top. Click on an object and click the 'Effecttive' tab on the bottom. This is the users effective (final) permissions for this object. If you want to override this at the object level you can assign something on the explicit tab
Had similar problem after our MSSQL Server was restored on a new server and wanted to set explicit permissions for a user in a DB.
Not sure how to make it default (as it appears to have been previously), but basically just hit the search button in the Securables tab you show to search for "All objects of the types..." and choose the Databases object and click ok / search. You should now see securables for that specific database and can set explicit permissions as well as view existing "effective" permissions.