I have a user who only has permission to create dblinks, create session, and manage Scheduler, I want that it will not be able to create any object, delete it or alter it ... I already managed to prevent delete or create new things but I cannot remove the permission to make alters.
try with the following command with another user who has SYSDBA privileges:
REVOKE ALTER ON USER.TEST_LUIS FROM USER;
But the response tells me that I cannot remove permissions that have not been granted.
Any ideas?
Thanks!
You can't revoke alter privilege over objects from the user who owns them. You would need to remove the privilege to create them in the first place.
Example
sqlplus / as sysdba
SQL*Plus: Release 19.0.0.0.0 - Production on Tue Sep 28 16:14:30 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> drop user test2 cascade ;
User dropped.
SQL> create user test2 identified by Oracle_1234 default tablespace users temporary tablespace temp_group account unlock profile default quota unlimited on users ;
User created.
SQL> grant create session , create table to test2 ;
Grant succeeded.
SQL> exit
Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
sqlplus test2/Oracle_1234
SQL*Plus: Release 19.0.0.0.0 - Production on Tue Sep 28 16:13:24 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> create table t1 ( c1 number ) ;
Table created.
SQL> alter table t1 add ( c2 number ) ;
Table altered.
SQL> exit
Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
sqlplus / as sysdba
SQL*Plus: Release 19.0.0.0.0 - Production on Tue Sep 28 16:14:30 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> revoke alter on test2.t1 from test2 ;
revoke alter on test2.t1 from test2
*
ERROR at line 1:
ORA-01927: cannot REVOKE privileges you did not grant
In my example below, I can't revoke the privilege, because the user is the owner of the table.
I can revoke however the create table privilege
SQL> revoke create table from test2 ;
Revoke succeeded.
Alter objects you own is inherited by the create privilege of the same object type.
Related
Oracle database 21c express edition on Windows 11.
My error
ORA-12154: TNS:could not resolve the connect identifier specified
My password is xxxxxa# . I see https://stackoverflow.com/a/67141887/3728901 How to enter password?
Update: Thank to Connor's answer. I catch
Microsoft Windows [Version 10.0.19044.1889]
(c) Microsoft Corporation. All rights reserved.
C:\Users\Administrator>sqlplus /nolog
SQL*Plus: Release 21.0.0.0.0 - Production on Thu Aug 25 10:21:18 2022
Version 21.3.0.0.0
Copyright (c) 1982, 2021, Oracle. All rights reserved.
SQL> connect sys/"123456a#"#xe
ERROR:
ORA-28009: connection as SYS should be as SYSDBA or SYSOPER
SQL>
Double quotes are your friend here
SQL> create user XXX identified by 123#456;
create user XXX identified by 123#456
*
ERROR at line 1:
ORA-00922: missing or invalid option
SQL> create user XXX identified by "123#456";
User created.
SQL> grant create session to xxx;
Grant succeeded.
SQL> connect xxx/123#456#db19_pdb1
ERROR:
ORA-12154: TNS:could not resolve the connect identifier specified
Warning: You are no longer connected to ORACLE.
SQL> connect xxx/"123#456"#db19_pdb1 as sysdba
Connected.
sqlplus /nolog
connect sys/"123456a#"#xe as sysdba
SQL> alter session set "_ORACLE_SCRIPT"=true;
SQL> create user donhuvy identified by "123456a#";
SQL> grant create session to donhuvy;
SQL> connect donhuvy/"123456a#"#xe
Oracle sys user database connection with ORACLE_SID is not working. dev is my ORACLE_SID .
sqlplus sys/manager#dev as sysdba
SQL*Plus: Release 12.1.0.2.0 Production on Thu Nov 25 01:25:33 2021
Copyright (c) 1982, 2014, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
But without ORACLE_SID connection is working
sqlplus sys/manager as sysdba
SQL*Plus: Release 12.1.0.2.0 Production on Thu Nov 25 01:34:05 2021
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL>
Looks like this connection is using OS authentication. Because if I provide wrong password for sys user still connection works.
Any help why with ORACLE_SID sys user connection is not working?
In my database sec_case_sensitive_logon parameter is set to false.
SQL> show parameter sec_case_sensitive_logon
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
sec_case_sensitive_logon boolean FALSE
Following was the root cause:
remote_login_passwordfile parameter was set to EXCLUSIVE
SQL> show parameter remote_login_passwordfile
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_login_passwordfile string EXCLUSIVE
REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file.
For me password file was missing.
Created password file
orapwd file=$ORACLE_HOME/dbs/orapw<sid> password=<password> force=y ignorecase=n
Bounce database.
Then Oracle sys user database connection with ORACLE_SID is working.
sqlplus sys/manager#dev as sysdba
SQL*Plus: Release 12.1.0.2.0 Production on Thu Nov 25 03:35:47 2021
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
In Docker for Windows I installed an Oracle DB 18c XE Linux Docker container by the books:
Downloaded official sources (from https://github.com/oracle/docker-images)
Created an image from it
Created a container:
docker run --name $containerName -d -p 15210:1521 -e ORACLE_PWD=$dbPassword -v $dbVolume:/opt/oracle/oradata 'oracle/database:18.4.0-xe'
When I open SQL*Plus within the container, everything works fine:
> docker exec -it DevDB sqlplus sys/pwd#//localhost:1521/xe as sysdba
SQL*Plus: Release 18.0.0.0.0 - Production on Fri May 21 19:47:10 2021
Version 18.4.0.0.0
Copyright (c) 1982, 2018, Oracle. All rights reserved.
Connected to:
Oracle Database 18c Express Edition Release 18.0.0.0.0 - Production
Version 18.4.0.0.0
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL>
In my Windows host I installed SQLPlus Instant Client. When I run SQL*Plus from there, I get a warning message telling me that "LOGIN.SQL" cannot be opened.
However, I seem to be able to run queries:
> sqlplus sys/pwd#//localhost:15210/xe as sysdba
SQL*Plus: Release 18.0.0.0.0 - Production on Fri May 21 21:34:58 2021
Version 18.5.0.0.0
Copyright (c) 1982, 2018, Oracle. All rights reserved.
Connected to:
Oracle Database 18c Express Edition Release 18.0.0.0.0 - Production
Version 18.4.0.0.0
SP2-0310: unable to open file "LOGIN.SQL"
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL>
What is causing this warning message? How can I get rid of it?
After some more testing I now found the answer to my issue:
Apparently, the reported error is a glitch in the 18.5.0.0 release of SQL*Plus.
I just updated SQL*Plus to 19.11.0.0, and the warning message is gone:
> sqlplus sys/pwd#//localhost:15210/xe as sysdba
SQL*Plus: Release 19.0.0.0.0 - Production on Fri May 21 21:53:11 2021
Version 19.11.0.0.0
Copyright (c) 1982, 2020, Oracle. All rights reserved.
Connected to:
Oracle Database 18c Express Edition Release 18.0.0.0.0 - Production
Version 18.4.0.0.0
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL>
I have a sql statement executed in a script which connects to sqlplus and execute some GRANTS statements. In the bash script the instruction is something like:
sqlplus sys as sysdba #script.sql
but I need to add the password. How can I do in a single line ?
I tried:
sqlplus "sys as sysdba"/password #script.sql
or without " but it does not work.
Thanks
Example 1
oracle#esmd:~> sqlplus / as sysdba #ulcase1.sql
SQL*Plus: Release 11.2.0.3.0 Production on Fri Feb 21 12:07:50 2020
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
Disconnected from Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
oracle#esmd:~>
Example 2
oracle#esmd:~> sqlplus sys/password as sysdba #ulcase1.sql
SQL*Plus: Release 11.2.0.3.0 Production on Fri Feb 21 12:08:44 2020
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
Disconnected from Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
oracle#esmd:~>
Example 3
oracle#esmd:~> sqlplus sys/password#esmd as sysdba #ulcase1.sql
SQL*Plus: Release 11.2.0.3.0 Production on Fri Feb 21 12:14:49 2020
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
Disconnected from Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
oracle#esmd:~>
You can execute it on this way:
sqlplus sys/password as sysdba #script.sql
I want to clear the table from all data (Table_with_DB (it is in program sqldeveloper)) through sqlplus and based on filenames in the path (path/to/files) using SQLPlus completes the table (Table_with_DB) the filenames that are in the path.
I create 2 separate SQL files
(clear.sql ; register.sql)
and 1 with bash (bashloop.sh)
clear.sql
BEGIN
package.clear('Table_with_DB');
END;
register.sql
BEGIN
package.register('folderName' , '&1);
END;
bashloop.sh
for i in path/to/files;
do
sqlplus -s userid/password# #clear.sql
sqlplus -s userid/password# #register.sql
done
I expect the query clear Table_with_DB and transfer the filenames from path/to/files to Table_with_DB using SQLPlus
but the actual it not work :(
Example sqlplus in loop .
#!/bin/bash
username=system
password=passwordsystem
tns_alias=esmd
for i in /opt/oracle/example1/test*/file*.txt;
do
$ORACLE_HOME/bin/sqlplus $username/$password#$tns_alias <<EOF
SET SERVEROUTPUT ON SIZE 2000
BEGIN
dbms_output.put_line('$i');
END;
/
EOF
done;
Example output
Connected to:
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
SQL> SQL> 2 3 4 /opt/oracle/example1/test2/file2.txt
PL/SQL procedure successfully completed.
SQL> Disconnected from Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
SQL*Plus: Release 11.2.0.3.0 Production on Tue Oct 22 13:59:24 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
SQL> SQL> 2 3 4 /opt/oracle/example1/test3/file3.txt
PL/SQL procedure successfully completed.
SQL> Disconnected from Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
SQL*Plus: Release 11.2.0.3.0 Production on Tue Oct 22 13:59:24 2019
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
SQL> SQL> 2 3 4 /opt/oracle/example1/test4/file4.txt
PL/SQL procedure successfully completed.
SQL> Disconnected from Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
oracle#esmd:~/example1>
If I understand what you want to do then in your bashloop.sh you want to replace db_name with $i - or ${i} if you have filenames with spaces.