I got some tables:
Book(bookId, libraryId, bookName, bookType);
BookType(bookType, typeName);
Library(LibrayId);
User(UserId);
BookBorrowed(BorrowId, LibraryId, UserId);
BorrowDetail(BorrowId, bookId)
and a user created in sqlDeveloper, C##DG.
How to GRANT privileges(select) ON BookBorrowed and User with UserId = 1(C##DG can only see and use SELECT the data on the 2 table whose UserId column is 1)?.
Can you guys show me some examples?
Thanks you very much.
The proper Oracle solution to this is Virtual Private Database.
if that isn't an option, another way is to define views such as:
create view userBookBorrowed
as select * from bookBorrowed bb
join users u on (u.userid = bb.userid)
where u.username = USER;
Then only grant the users access to the view, not the table.
There's no such thing as column-level privileges that you can grant or revoke. You need to implement Virtual Private Database policies for those kinds of filters or restrictions. See here: https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/using-oracle-vpd-to-control-data-access.html#GUID-06022729-9210-4895-BF04-6177713C65A7
Related
I am building a blog application and one of the features is being able to follow other users. This creates many-to-many relationship between the user which I declared like so:
type User struct {
gorm.Model
Username string
Password string
Followers []*User `gorm:"many2many:user_followers"`
}
When migrating this model, the following join table is created:
join table: user_friends
foreign key: user_id, reference: users.id
foreign key: follower_id, reference: users.id
My question is, how can I retrieve the followings of a user?
To get the followers of a user, I can simply do:
var followers []User
db.Model(&user).Association("Followers").Find(&followers)
But I can't figure out a way to retrieve the followings in a similar manner. I know I can query the join table to get the followings but this means that for each object thats returned from this query, I'd need another query to get the user associated with the user_id. This seems super inefficient at scale.
How can I do this effectively and efficiently?
Thank you!
i have some problem on my student Database schema. I want to find with query which Tables don't have: for example 'SELECT' grant to role XXX. Second example is that in Tables i have like Grants for delete,alter but now i want to check all Tables with one query to find which Tables don't have Select grant to role 'STUDENT_DBA' or where this role don't have grant for Select...
Please help 😅😅😅
SELECT table_name
FROM dba_tables
WHERE owner = 'STUDENT'
AND table_name NOT IN
(SELECT table_name
FROM dba_tab_privs
WHERE owner = 'STUDENT'
AND privilege = 'SELECT'
AND grantee = 'STUDENT_DBA');
This will return all tables in the STUDENT schema that do not have select permissions directly granted to the STUDENT_DBA role.
I have request and i would like assistance. I have created this query:
select username, profile, r.GRANTED_ROLE, decode(account_status,'OPEN','ACTIVE','EXPIRED','EXPIRED','INACTIVE') "ACCOUNT STATUS",created,
s.PTIME "Password Change Time", last_login
from dba_users, dba_role_privs r, sys.user$ s
where username=r.grantee(+)
and username=s.NAME
order by 1;
So i am ok with it, but i wanted to know how can i join personal database accounts with some of Oracle's HRMS table in order to get for them details like email, employee_id etc.
I should give username “Username1” read access to the “Product_id”, “Price” columns for all entries in the “Sales” table that have a “Price”> 10. Assume that the user exists and has the "Connect" role. The table exists in its schema.
I tried this code but it does not work:
Grant select(product_id, price) on sales where price > 10 to ‘Username1’;
You can create a view:
CREATE VIEW TEST AS
SELECT s.PRODUCT_ID, s.PRICE
FROM SALES s
WHERE s.PRICE > 10
/
then use:
GRANT SELECT ON TEST TO USERNAME1
/
As far as I know You cannot add grant on strict column with where condition, but view can.
I wanted to delete some unused schemas on our oracle DB.
How can I query for all schema names ?
Using sqlplus
sqlplus / as sysdba
run:
SELECT *
FROM dba_users
Should you only want the usernames do the following:
SELECT username
FROM dba_users
Most likely, you want
SELECT username
FROM dba_users
That will show you all the users in the system (and thus all the potential schemas). If your definition of "schema" allows for a schema to be empty, that's what you want. However, there can be a semantic distinction where people only want to call something a schema if it actually owns at least one object so that the hundreds of user accounts that will never own any objects are excluded. In that case
SELECT username
FROM dba_users u
WHERE EXISTS (
SELECT 1
FROM dba_objects o
WHERE o.owner = u.username )
Assuming that whoever created the schemas was sensible about assigning default tablespaces and assuming that you are not interested in schemas that Oracle has delivered, you can filter out those schemas by adding predicates on the default_tablespace, i.e.
SELECT username
FROM dba_users
WHERE default_tablespace not in ('SYSTEM','SYSAUX')
or
SELECT username
FROM dba_users u
WHERE EXISTS (
SELECT 1
FROM dba_objects o
WHERE o.owner = u.username )
AND default_tablespace not in ('SYSTEM','SYSAUX')
It is not terribly uncommon to come across a system where someone has incorrectly given a non-system user a default_tablespace of SYSTEM, though, so be certain that the assumptions hold before trying to filter out the Oracle-delivered schemas this way.
SELECT username FROM all_users ORDER BY username;
select distinct owner
from dba_segments
where owner in (select username from dba_users where default_tablespace not in ('SYSTEM','SYSAUX'));
Below sql lists all the schema in oracle that are created after installation
ORACLE_MAINTAINED='N' is the filter. This column is new in 12c.
select distinct username,ORACLE_MAINTAINED from dba_users where ORACLE_MAINTAINED='N';
How about :
SQL> select * from all_users;
it will return list of all users/schemas, their ID's and date created in DB :
USERNAME USER_ID CREATED
------------------------------ ---------- ---------
SCHEMA1 120 09-SEP-15
SCHEMA2 119 09-SEP-15
SCHEMA3 118 09-SEP-15
Either of the following SQL will return all schema in Oracle DB.
select owner FROM all_tables group by owner;
select distinct owner FROM all_tables;