There are several schemas in my database. Some of them are for debugging (we call them DEV schemas) and the others are for production. To differ the DEV schemas from others we use one package which has function named is_debug. In default it return false. To make the schemas as DEV we replace this package with the function that returns true and compile it.
But, recently I learned about Conditional-compilation and PLSQL_CCFLAGS. And I think it could be better to use flags to differ the DEV schemas from others. But it can be set to the DATABASE and SESSION only. I want to set it to the SCHEMA, so that the every package in this schema can use it. Is it possible?
As the documentation states
PLSQL_CCFLAGS provides a mechanism that allows PL/SQL programmers to
control conditional compilation of each PL/SQL library unit
independently.
And can only be changed at session or system level
Modifiable ALTER SESSION, ALTER SYSTEM
However, you might overcome this limitation by using a logon trigger. Let's imagine you want to change this debug to true when anyone is connecting with the SCHEMA_DEV , and leave it as false when they connect with any other one
create or replace trigger sys.logon_flags_plsql
after logon on database
declare
v_true varchar2(200) := 'ALTER SESSION SET PLSQL_CCFLAGS = ''debug:TRUE'' ';
v_false varchar2(200) := 'ALTER SESSION SET PLSQL_CCFLAGS = ''debug:FALSE'' ';
v_user varchar2(128);
v_os_user varchar2(128);
begin
SELECT UPPER(SYS_CONTEXT ('USERENV', 'SESSION_USER')),
UPPER(SYS_CONTEXT('USERENV', 'OS_USER')),
INTO
v_user,
v_os_user
FROM DUAL;
--
if v_user in ( 'SCHEMA_PRE', 'SCHEMA_PRO' )
then
execute immediate v_false;
elsif v_user = 'SCHEMA_DEV'
then
execute immediate v_true;
else
null; -- or whatever you consider to
end if;
end;
/
One advantage of using logon triggers is that you can apply a lot of settings to connections coming from users, operating system users, and any other property you can think of available in the default context sys_context
However, this solution will only work as long as the users are not setting the flag by themselves. Keep in mind that the privilege alter session to modify any parameter is inherited by the privilege create session.
Demo of this ( as sys we create an user with only create session privilege )
SQL> create user test3 identified by Oracle_1234 ;
User created.
SQL> grant create session to test3 ;
Grant succeeded.
SQL> exit
Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
Connected as this user with only create session privilege
$ sqlplus test3/Oracle_1234
SQL*Plus: Release 19.0.0.0.0 - Production on Mon Oct 4 14:39:47 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> alter session SET PLSQL_CCFLAGS = 'debug:FALSE' ;
Session altered.
SQL>
So, as long as your users are not kind of "cheating" this could solve the issue at schema level, applying the alter session you want depending on who is connecting. Of course, if you are using personal users with privileges over the schema, you have to use another logic if you want to make it work. I think you get the idea.
Related
I am using Edition Based Redefinition in Autonomous Database. How can I force a user to use the edition I want?
Disclaimer: I am a product manager for Autonomous Database.
This can be done using a logon trigger and the dbms_session package.
Here is an example. I create two editions with the admin user and I grant access to it for the test user.
SQL> create edition e1;
Edition created.
SQL> create edition e2;
Edition created.
SQL> grant use on edition e2 to test;
Grant succeeded.
Then I create a logon trigger that sets the edition for that user when she logs in.
create or replace trigger sess_logon
after logon on database
begin
if sys_context('USERENV','SESSION_USER') = 'TEST'
then
DBMS_SESSION.SET_EDITION_DEFERRED ('E2');
end if;
END;
/
When this user logs in, she can see the current edition with this query.
SQL> select sys_context('userenv', 'current_edition_name') from dual;
SYS_CONTEXT('USERENV','CURRENT_EDITION_NAME')
--------------------------------------------------------------------------------
E2
Disclaimer: I am a product manager for Autonomous Database.
I want to recompile a broken synonym in another schema but get an error about privileges.
As per Oracle states:
To modify a private synonym in another user's schema, you must have the CREATE ANY SYNONYM and DROP ANY SYNONYM system privileges.
Okay, see my snippet:
SQL*Plus: Release 11.2.0.1.0 Production on Thu Sep 24 18:47:29 2020
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.2.0.4.0 - 64bit Production
SQL> select user, sys_context( 'userenv', 'current_schema' ) cur_schema from dual;
USER
------------------------------
CUR_SCHEMA
--------------------------------------------------------------------------------
STAT_ADM
STAT_ADM
SQL> SELECT s.privilege
2 FROM dba_sys_privs s
3 WHERE s.grantee = USER
4 AND s.privilege LIKE '%ANY%SYNONYM%';
PRIVILEGE
----------------------------------------
DROP ANY SYNONYM
CREATE ANY SYNONYM
SQL> alter synonym ADB011_T_PRO.SA_BRAND compile;
alter synonym ADB011_T_PRO.SA_BRAND compile
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> select dbms_metadata.get_ddl(object_type => 'SYNONYM'
2 ,NAME => 'SA_BRAND'
3 ,SCHEMA => 'ADB011_T_PRO') ddl_code from dual;
DDL_CODE
--------------------------------------------------------------------------------
CREATE OR REPLACE SYNONYM "ADB011_T_PRO"."SA_BRAND" FOR "STAT_INT"."SA_BRAND"
SQL>
Do I really lack of some permission? Or how should I properly recompile synonym? I have also CREATE ANY SYNONYM permission so I workaround it by issuing DDL statement of this synonym to make it valid again but I want to use a compile option.
This does seem to be documented as Oracle Bug 4189542 (Doc ID 4189542.8). From your code, it looks like you are using a version 11.2.0.4 database. If you update your version of Oracle, or apply a recent patch set to your 11.2.0.4 database, then it should resolve the issue.
I have tried
set schema apps;
trying in Oracle e-business suite tables getting below message
line 2: SQLPLUS Command Skipped: set schema apps
Is it executed?
As far as I understood the question, it is alter session you're looking for, e.g.
alter session set current_schema = apps;
(presuming that schema/username really is apps).
Adding one idea to Littlefoot's correct answer: To avoid typing this over and over again, you should ask your DBAs to create a logon trigger for that user, e.g. APPS_QUERY
create or replace trigger apps.apps_query_logon_trg
after logon on apps_query.schema
begin
execute immediate 'alter session set current_schema=apps';
end;
/
On TOAD there are many options to export data.
What I want to do is to export a schema/user and its related object (tablespace, sequences, etc) in order to import it on another oracle installation on another machine.
Is there a specific option suitable for my goal?
I wouldn't do it with TOAD, but from command prompt, using Data Pump Export and Import on command prompt. Here's an example.
First, as SYS, create a directory (Oracle object) which points to directory (folder) on my hard disk drive. Grant required privileges on it to user which will be using it.
SQL> show user
USER is "SYS"
SQL> create directory my_dir as 'c:\temp';
Directory created.
SQL> grant read, write on directory my_dir to mdp;
Grant succeeded.
As MDP (it is user I created while answering your other question, here: What are roles and privileges to give a user in order to perform CRUD(on Oracle 12)), create some objects:
SQL> connect mdp/pdm#xe
Connected.
SQL> create table test (id number);
Table created.
SQL> create view v_test as select * From test;
View created.
SQL> insert into test
2 select level from dual
3 connect by level <= 5;
5 rows created.
SQL> commit;
Commit complete.
OK, operating system level, command prompt: export the user:
C:\>expdp mdp/pdm#xe directory=my_dir file=mdp.dmp log=mdp_exp.log
Export: Release 11.2.0.2.0 - Production on Ned Vel 3 18:00:54 2019
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
Connected to: Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
Legacy Mode Active due to the following parameters:
Legacy Mode Parameter: "file=mdp.dmp" Location: Command Line, Replaced with: "dumpfile=mdp.dmp"
Legacy Mode Parameter: "log=mdp_exp.log" Location: Command Line, Replaced with: "logfile=mdp_exp.log"
Legacy Mode has set reuse_dumpfiles=true parameter.
Starting "MDP"."SYS_EXPORT_SCHEMA_01": mdp/********#xe directory=my_dir dumpfile=mdp.dmp logfile=mdp_exp.log reuse_dumpfiles=true
Estimate in progress using BLOCKS method...
Processing object type SCHEMA_EXPORT/TABLE/TABLE_DATA
Total estimation using BLOCKS method: 64 KB
Processing object type SCHEMA_EXPORT/PRE_SCHEMA/PROCACT_SCHEMA
Processing object type SCHEMA_EXPORT/TABLE/TABLE
Processing object type SCHEMA_EXPORT/TABLE/INDEX/INDEX
Processing object type SCHEMA_EXPORT/TABLE/CONSTRAINT/CONSTRAINT
Processing object type SCHEMA_EXPORT/TABLE/INDEX/STATISTICS/INDEX_STATISTICS
Processing object type SCHEMA_EXPORT/TABLE/COMMENT
Processing object type SCHEMA_EXPORT/VIEW/VIEW
. . exported "MDP"."TEST" 5.031 KB 5 rows
Master table "MDP"."SYS_EXPORT_SCHEMA_01" successfully loaded/unloaded
******************************************************************************
Dump file set for MDP.SYS_EXPORT_SCHEMA_01 is:
C:\TEMP\MDP.DMP
Job "MDP"."SYS_EXPORT_SCHEMA_01" successfully completed at 18:01:24
C:\>
Nice; exported successfully.
Now, using SYS Oracle user, I'll drop MDP user; CASCADE is used because user has some objects which have to be dropped too. Why am I dropping it? To simulate your case, i.e. moving the DMP file to another computer/database which doesn't contain that user.
C:\>sqlplus sys#xe as sysdba
SQL*Plus: Release 11.2.0.2.0 Production on Ned Vel 3 18:02:32 2019
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
SQL> drop user mdp cascade;
User dropped.
SQL>
Pretend we're now on another computer; first, I'm going to create the MDP user:
SQL> show user
USER is "SYS"
SQL> create user mdp identified by test
2 default tablespace users
3 temporary tablespace temp
4 quota unlimited on users;
User created.
SQL> grant create session to mdp;
Grant succeeded.
SQL>
Back to operating system command prompt as I'm now going to import DMP file's contents.
C:\>impdp system#xe directory=my_dir dumpfile=mdp.dmp logfile=mdp_imp.log
Import: Release 11.2.0.2.0 - Production on Ned Vel 3 18:09:47 2019
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
Password:
Connected to: Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
Master table "SYSTEM"."SYS_IMPORT_FULL_01" successfully loaded/unloaded
Starting "SYSTEM"."SYS_IMPORT_FULL_01": system/********#xe directory=my_dir dumpfile=mdp.dmp logfile=mdp_imp.log
Processing object type SCHEMA_EXPORT/PRE_SCHEMA/PROCACT_SCHEMA
Processing object type SCHEMA_EXPORT/TABLE/TABLE
Processing object type SCHEMA_EXPORT/TABLE/TABLE_DATA
. . imported "MDP"."TEST" 5.031 KB 5 rows
Processing object type SCHEMA_EXPORT/VIEW/VIEW
Job "SYSTEM"."SYS_IMPORT_FULL_01" successfully completed at 18:09:51
C:\>
Import has finished successfully. Now I can use the MDP user with all its objects, e.g.
C:\>sqlplus mdp/test#xe
SQL*Plus: Release 11.2.0.2.0 Production on Ned Vel 3 18:12:52 2019
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
SQL> select * from v_test;
ID
----------
1
2
3
4
5
SQL>
Don't forget what I said in another topic: grant MPD only privileges it needs. Currently, it can only create session and use existing objects, but can't create anything.
That's how it goes, more or less. Don't rely too much on GUI (you know how it is; those who live by the GUI, die by the GUI), clicking here and clicking there, hoping that something good will happen. Most probably won't. Though, once you know what you're doing, GUI is really a great help.
I am new to Oracle and want to practice SQL.
I downloaded the Application Express Edition 11g for Windows x64. I followed instructions and created a workspace and user.
However when I try to create a table I get an error "ORA-20000: User xxx has no privileges on the schema. Error checking privileges.
However when I go and look at the user in the administration is says that I am the workspace administrator. I also cannot seem to log in as SYSTEM or SYS using the password I created when I installed.
I am very confused.
There are two terms you are dealing with:
a database, which contains tables and data - tables belong to users such as SYS or SYSTEM - you should not use them at all, except for unlocking existing user (HR or SCOTT; whichever it is) in order to use it for practicing
Application Express, which is a tool you use to access the database and create applications which will manage data stored in your tables. Once you log on as admin, you can create workspaces (which are mapped to database users/schemas) and developers (who will create applications). This "admin" user is very different from database owners (sys/system), so you can't log on to Apex using sys as username and its password
As you installed the 11g XE database (which has built-in Apex version 4.x, I think - it is not Apex 11g, it doesn't exist), at the operating system command prompt run SQL*Plus and connect as SYS:
C:\>sqlplus sys#xe as sysdba
SQL*Plus: Release 11.2.0.2.0 Production on Sub Lis 6 20:26:19 2018
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
SQL>
List users in the database:
SQL> select username, account_status from dba_users order by username;
USERNAME ACCOUNT_STATUS
------------------------------ --------------------------------
ANONYMOUS OPEN
APEX_PUBLIC_USER LOCKED
APEX_040000 LOCKED
APPQOSSYS EXPIRED & LOCKED
CTXSYS EXPIRED & LOCKED
DBSNMP EXPIRED & LOCKED
DIP EXPIRED & LOCKED
FLOWS_FILES LOCKED
HR LOCKED
IMPORTER OPEN
MDSYS EXPIRED & LOCKED
MIKE OPEN
ORACLE_OCM EXPIRED & LOCKED
OUTLN EXPIRED & LOCKED
SCOTT OPEN
SYS OPEN
SYSTEM OPEN
XDB EXPIRED & LOCKED
XS$NULL EXPIRED & LOCKED
19 rows selected.
SQL>
See the HR (human resources) user? It is locked. We'll unlock it and change its password (to "hr") so that you could use it in Apex, as it already contains several tables full of data.
SQL> alter user hr account unlock;
User altered.
SQL> alter user hr identified by hr;
User altered.
SQL>
Connect as HR, just to see what it contains:
SQL> connect hr/hr#xe
Connected.
SQL> select * From tab;
TNAME TABTYPE CLUSTERID
------------------------------ ------- ----------
COUNTRIES TABLE
DEPARTMENTS TABLE
DEPT TABLE
EMPLOYEES TABLE
EMP_DETAILS_VIEW VIEW
INSTRUCTOR TABLE
JOBS TABLE
JOB_HISTORY TABLE
LOCATIONS TABLE
PRODUCT TABLE
REGIONS TABLE
RIGHTS TABLE
TEACHES TABLE
USERS TABLE
14 rows selected.
SQL>
If you want to create your own tables, do it in HR schema. As I said, leave SYS and SYSTEM alone; they are special, you don't use them for everyday purposes. If you do something unusual, you might destroy the database.
OK; now run Apex, connect as admin, navigate to "Manage workspaces" and:
create workspace - follow the wizard. When asked, "re-use existing schema" answer "Yes" and select HR from list of values
manage developers and users - create user. Follow the wizard. As a workspace, select previously created workspace, set the password
Once you're done, logout of admin and logon as newly created user - provide workspace name, username and password - that should let you in. Once you're in Apex - as a developer - you can create your first page (an interactive report might be a good choice).
Good luck!
[EDIT: built-in Apex on 11gXE]
click Start - All programs - Oracle database 11g Express Edition - Get started
a page opens, offering several red buttons; the last of them is "Application Express"; click it
login asks for database user with DBA privileges; enter username = SYS (or SYSTEM) and its password
you're now redirected to "create Apex workspace" page. Items' labels are underlined; it means that they contain help (feel free to click). The first item is "Database user" radio button which offers "Create new" and "Use existing" - you'd choose "Use existing"
for "Database username", choose "HR" from select list. HR is now unlocked, right? If it is expired, make sure you altered it in order to set the password (alter user hr identified by hr)
Application Express username (and password) represents username related to Apex (i.e. not the database user) - you'll use it to log on to Apex
If you want to see which workspaces already exist, connect to the database as SYS (using SQLPlus at the operating system command prompt):
C:\>sqlplus sys#xe as sysdba
SQL*Plus: Release 11.2.0.2.0 Production on Ned Lis 7 12:40:34 2018
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
SQL> select * from all_users where username like 'APEX%';
USERNAME USER_ID CREATED
------------------------------ ---------- --------
APEX_040000 47 29.05.14
APEX_PUBLIC_USER 45 29.05.14
SQL> -- describe table that contains info about workspaces
SQL> desc apex_040000.apex_workspaces
Name Null? Type
----------------------------------------- -------- ----------------------------
WORKSPACE NOT NULL VARCHAR2(255)
SOURCE_IDENTIFIER VARCHAR2(8)
SCHEMAS NUMBER
LAST_PURGED_SESSION DATE
ALLOW_APP_BUILDING_YN VARCHAR2(1)
ALLOW_SQL_WORKSHOP_YN VARCHAR2(1)
ALLOW_WEBSHEET_DEV_YN VARCHAR2(1)
ALLOW_TEAM_DEVELOPMENT_YN VARCHAR2(1)
ALLOW_TO_BE_PURGED_YN VARCHAR2(1)
SESSIONS NUMBER
APPLICATIONS NUMBER
APPLICATION_PAGES NUMBER
APEX_USERS NUMBER
APEX_DEVELOPERS NUMBER
APEX_WORKSPACE_ADMINISTRATORS NUMBER
FILES NUMBER
SQL_SCRIPTS NUMBER
TRANSLATION_MESSAGES NUMBER
FILE_STORAGE NUMBER
LAST_LOGGED_PAGE_VIEW DATE
PAGE_VIEWS NUMBER
WORKSPACE_ID NOT NULL NUMBER
SQL> col workspace format a10
SQL> select workspace, source_identifier, apex_developers
2 from apex_040000.apex_workspaces;
WORKSPACE SOURCE_I APEX_DEVELOPERS
---------- -------- ---------------
HR HR 1
INTERNAL 0
SQL>
If HR workspace already contains, it means that you've already created it.
In web browser, connect as admin (use address http://127.0.0.1:8080/apex/apex_admin). (Workspace name is "internal"; you don't have to enter it). Username = admin, password = ... huh, not sure. Try SYS password. If you can't connect, you can change that password. Locate file named APXCHPWD.SQL ("Apex change password") on your disk; for example, it'll be in C:\oraclexe\app\oracle\product\11.2.0\server\apex\apxchpwd.sql directory. In SQLPlus, connected as SYS, execute that file:
SQL> show user
USER is "SYS"
SQL> #C:\oraclexe\app\oracle\product\11.2.0\server\apex\apxchpwd.sql
Enter a value below for the password for the Application Express ADMIN user.
Enter a password for the ADMIN user []
Session altered.
...changing password for ADMIN
PL/SQL procedure successfully completed.
Commit complete.
SQL>
Admin will now have password you've just typed, so - back to Apex admin, connect; you'll have to change that password so - do it, and connect again.
You'll now see "Manage Workspaces" button. In there, there are numerous links which do stuff. If you want, you can remove the HR workspace (following the "Remove Workspace" link) and create it back again.
The next step is to create a developer - use "Manage Developers and Users" link. Once you do that, you should be able to log on to Apex as developer, using "HR" as workspace name, developer username and password as credentials.
In order to be able to simultaneously adjust Apex as admin and connect as a developer, open a new connection using a different browser (for example, Chrome for one thing, Internet Explorer for another) - if you use the same browser (but different tabs or even a new browser session entirely), it won't work - new connection will terminate previous one.
I hope that the above will get you started.
Apparently, built-in Apex version is 4.0.2 (quite old one, at least 5-6 years), but will do at the beginning. Upgrade to a more recent version isn't difficult - download it and run SQL file which does everything for you. Just follow the Installation Guide.
I'd also suggest you to read & follow 4.0 Apex User's Guide, so that I wouldn't have to create a tutorial here, on Stack Overflow :)