I have a QUEUE_OWNER schema that has some queues. When I connect the application to that data source everything works fine and the app can read the from the queues.
I want to create a _USER schema that has access to the queues so I can connect the app to it and not directly to the _OWNER schema.
This is what I tried:
BEGIN
FOR Q IN (SELECT * FROM ALL_QUEUES WHERE owner = 'AQ_OWNER') LOOP
DBMS_OUTPUT.PUT_LINE('queue = ' ||Q.NAME);
DBMS_AQADM.GRANT_QUEUE_PRIVILEGE('ALL','AQ_OWNER.'||Q.NAME ,'AQ_USER',FALSE);
END LOOP;
END;
but when I put a message in the queue nothing happens in the app.
How about a little help of your DBA?
This is what my user SCOTT sees in all_queues:
SQL> select owner, name from all_queues;
OWNER NAME
------------------------------ ------------------------------
SYS SRVQUEUE
SYS SCHEDULER_FILEWATCHER_Q
SYS SCHEDULER$_EVENT_QUEUE
However, I'd like to see some other data. SYS almighty sees it all:
SQL> show user
USER is "SYS"
SQL> select owner, name from dba_queues;
OWNER NAME
------------------------------ ------------------------------
SYS SYS$SERVICE_METRICS
SYS AQ$_SYS$SERVICE_METRICS_TAB_E
SYSTEM DEF$_AQERROR
SYSTEM AQ$_DEF$_AQERROR_E
SYSTEM DEF$_AQCALL
SYSTEM AQ$_DEF$_AQCALL_E
SYS AQ$_KUPC$DATAPUMP_QUETAB_E
<snip>
Still connected as SYS, I'll create a view which show data only for owner I choose (there's nothing much to choose in my XE database so I'll use SYSTEM-owned values). Then grant select privilege to SCOTT:
SQL> create or replace view v_dba_queues as
2 select name
3 from dba_queues
4 where owner = 'SYSTEM';
View created.
SQL> grant select on v_dba_queues to scott;
Grant succeeded.
Back to SCOTT: to make my life simpler, I'll create a synonym first:
SQL> connect scott/tiger
Connected.
SQL> create synonym v_dba_queues for sys.v_dba_queues;
Synonym created.
Finally:
SQL> select * from v_dba_queues;
NAME
------------------------------
DEF$_AQERROR
AQ$_DEF$_AQERROR_E
DEF$_AQCALL
AQ$_DEF$_AQCALL_E
SQL>
Basically, you'd do the same; it's just that your view would contain data for owner = 'QUEUE_OWNER'. See if it helps.
Related
Considering the following information from the Oracle data dictionary
When the following command is executed, to obtain the information
SELECT grantee,owner,table_name,grantor, privilege, grantable
FROM user_tabs_privs;
What is the SQL statements that have been issued to cause these grants to exist in the
dictionary? Also for each statement which user has executed the statement?
Review this example and compare it to your output; you'll see which command leads to which result.
User mike:
SQL> show user
USER is "MIKE"
SQL> SELECT grantee,owner,table_name,grantor, privilege, grantable
2 FROM user_tab_privs;
no rows selected
User scott will grant a few things to mike:
SQL> connect scott/tiger
Connected.
SQL> grant select on test to mike;
Grant succeeded.
SQL> grant delete on dept to mike with grant option;
Grant succeeded.
Back to mike, see what has happened:
SQL> connect mike/lion
Connected.
SQL> SELECT grantee,owner,table_name,grantor, privilege, grantable
2 FROM user_tab_privs;
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE
------- ------ ---------- ---------- ---------- ----------
MIKE SCOTT DEPT SCOTT DELETE YES
MIKE SCOTT TEST SCOTT SELECT NO
SQL>
after you run the following steps, you can get the result you want
(1) firstly login as Ann,run the SQL statement:
grant select on project to Billy with grant option;
(2) still as Ann, runt the SQL statement:
grant delete on employee to marlam ;
(3) login as Billy, run the SQL statement:
grant select on project to leah ;
I have two Schema Schema-1 and Schema-2. I want to create one super User Who can access both Schema(Schema-1 and Schema-2).
I want to create a user with command in oracle 11g. It is possible?
Such an user already exists; it is called SYS, who owns the database. Though, it is not a very good idea to use it for daily jobs - you'd rather (as you wanted) create your own "superuser" who is capable of doing such things. For example:
SQL> connect sys as sysdba
Enter password:
Connected.
SQL> create user superuser identified by superman;
User created.
SQL> grant dba to superuser;
Grant succeeded.
OK, let's try it:
SQL> connect superuser/superman
Connected.
SQL> select count(*) From scott.emp;
COUNT(*)
----------
14
SQL> select table_name from dba_tables where owner = 'MIKE';
TABLE_NAME
------------------------------
EMP
DEPT
BONUS
SALGRADE
DUMMY
ABC
6 rows selected.
SQL> select * from mike.abc;
KEY ID SEQ THINGS DESCR
---------- ---------- ---------- ---------- ----------
1 1 0 Food Chicken
2 1 1 Cars BMW
3 1 2 Sport Soccer
4 2 0 Food Mutton
5 2 1 Cars Ford
6 2 2 Sport Tennis
6 rows selected.
SQL>
Now, is DBA right role for that user, I can't tell. Maybe it is not, so perhaps you'd rather grant only required set of privileges. Which set is it, I can't tell either.
Maybe it would be enough to grant e.g. select privileges to superuser for both schema1 and schema2 users' tables. Though, you can't do that in a single command - you'd have to do it separately for each user and for each of their tables (which means a lot of grant select statements). Let's try it:
SQL> connect sys as sysdba
Enter password:
Connected.
SQL> revoke dba from superuser;
Revoke succeeded.
SQL>
It is a boring job writing statement-by-statement, so I'll write code to write code for me:
SQL> select 'grant select on ' || owner ||'.' ||table_name || ' to superuser;' str
2 from dba_tables
3 where owner in ('SCOTT', 'MIKE')
4 order by owner, table_name;
STR
--------------------------------------------------------------------------------
grant select on MIKE.ABC to superuser;
grant select on MIKE.BONUS to superuser;
grant select on MIKE.DEPT to superuser;
<snip>
grant select on SCOTT.TEST_B to superuser;
grant select on SCOTT.TEST_D to superuser;
26 rows selected.
SQL>
OK; now copy/paste the above grant statements and run them.
SQL> grant select on MIKE.ABC to superuser;
Grant succeeded.
SQL> grant select on MIKE.BONUS to superuser;
Grant succeeded.
SQL> grant select on MIKE.DEPT to superuser;
Grant succeeded.
<snip>
SQL> grant select on SCOTT.TEST_B to superuser;
Grant succeeded.
SQL> grant select on SCOTT.TEST_D to superuser;
Grant succeeded.
SQL>
Does it work?
SQL> connect superuser/superman
ERROR:
ORA-01045: user SUPERUSER lacks CREATE SESSION privilege; logon denied
Warning: You are no longer connected to ORACLE.
SQL>
Aha! Not just yet! Revoking DBA revoked a large set of privileges, so superuser now exists as user, but can't do anything. So, let's let it connect to the database:
SQL> connect sys as sysdba
Enter password:
Connected.
SQL> grant create session to superuser;
Grant succeeded.
SQL> connect superuser/superman
Connected.
SQL> select * From scott.dept;
DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON
SQL> select * From mike.abc;
KEY ID SEQ THINGS DESCR
---------- ---------- ---------- ---------- ----------
1 1 0 Food Chicken
2 1 1 Cars BMW
3 1 2 Sport Soccer
4 2 0 Food Mutton
5 2 1 Cars Ford
6 2 2 Sport Tennis
6 rows selected.
SQL>
Right; much better. That's what I meant by saying "grant only required set of privileges"; don't grant more privileges than someone really needs.
Using this command, I am able to create a table from another schema, but it does not include triggers. Is it possible to create a table from another schema, including triggers?
create table B.tablename unrecoverable as select * from A.tablename where 1 = 0;
First option is to run CREATE script for those objects, if you have a code repository. I suppose you don't.
If you use any GUI tool, things are getting simpler as they contain the SCRIPT tab that enables you to copy code from source and paste it into target user.
If you're on SQLPlus, it means that you should, actually, know what you're supposed to do. Here's a short demo.
SQL> connect hr/hr#xe
Connected.
SQL> create table detail (id number);
Table created.
SQL> create or replace trigger trg_det
2 before insert on detail
3 for each row
4 begin
5 :new.id := 1000;
6 end;
7 /
Trigger created.
SQL>
SQL> -- you'll have to grant privileges on table to another user
SQL> grant all on detail to scott;
Grant succeeded.
Connect as SCOTT and check what we've got:
SQL> connect scott/tiger#xe
Connected.
SQL> -- now, query ALL_SOURCE and you'll get trigger code
SQL> set pagesize 0
SQL> col text format a50
SQL> select text from all_source where name = 'TRG_DET' order by line;
trigger trg_det
before insert on detail
for each row
begin
:new.id := 1000;
end;
6 rows selected.
SQL>
Yet another option is to export & import table, which will get the trigger as well (I've removed parts that aren't relevant, as Oracle database version):
C:\>exp hr/hr#xe tables=detail file=detail.dmp
About to export specified tables via Conventional Path ...
. . exporting table DETAIL 0 rows exported
Export terminated successfully without warnings.
C:\>imp scott/tiger#xe file=detail.dmp full=y
. importing HR's objects into SCOTT
. importing HR's objects into SCOTT
. . importing table "DETAIL" 0 rows imported
Import terminated successfully without warnings.
C:\>
Check what's imported (should be both table and trigger):
SQL> desc detail
Name Null? Type
----------------------------------------- -------- ---------------
ID NUMBER
SQL> select * From detail;
no rows selected
SQL> insert into detail (id) values (-1);
1 row created.
SQL> select * From detail;
ID
----------
1000
SQL>
Cool; even the trigger works.
There might be some other options, but these 4 should be enough to get you started.
This question already has an answer here:
Allowing a users to select from a table
(1 answer)
Closed 8 years ago.
I am trying to grant a role to another user in Oracle. although I got : grant succeeded, it doesn't appear that the user got the role, can anyone help ?
SQL> select * from students;
no rows selected
SQL> Grant select on students to C##reine;
Grant succeeded.
SQL> disconnect
Disconnected from Oracle Database 12c Release 12.1.0.1.0 - 64bit Production
SQL> connect
Enter user-name: C##reine
Enter password:
Connected.
SQL> select * from students;
select * from students
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL>
I'm sure user C##reine has the role. If you log in as C##reine and try the following query you should see it:
SELECT * FROM User_Tab_Privs
WHERE Table_Name = 'STUDENTS';
The problem is that the table is in another schema, so C##reine needs to alias the table when querying (note that a comment posted after this answer provided the actual schema name):
SELECT * FROM C##jad.students;
To make the table visible to the user without aliasing, try this:
-- As user C##reine
CREATE SYNONYM STUDENTS FOR C##jad.STUDENTS;
User C##reine will need to have the CREATE SYNONYM system privilege.
The user needs to qualify the table with its owner schema:
select * from xyz.students
I want to know the list of all users who have root (administrative) privilege in Oracle.
I would like it in a script or C++ application. Script is preferred.
Exactly what do you mean by "root" or "adminstrative" privileges in Oracle? Do you want the users granted SYSDBA? Or, in the older Oracle releases, there was the DBA role, which had an extensive set of privileges that gave the user the ability to do most anything. It has a reduced set of capabilities in 11g. The answer given by #client09 is valuable for identifying exactly what each user can do.
To me, the root user in Oracle is the SYSDBA account, by default the SYS user. Anyone granted this privilege can log in "AS SYSDBA", which gives that user complete control of the database. You can list the users granted this privilege via this select:
SELECT * FROM v$pwfile_users;
Interestingly enough, if I'm granted the SYSDBA role, and I log in as sysdba, the actual user in the Oracle session is SYS:
SQL> create user test identified by test;
User created.
SQL> grant create session to test;
Grant succeeded.
SQL> grant sysdba to test;
Grant succeeded.
SQL> connect test/test as sysdba
Connected.
SQL> select user from dual;
USER
------------------------------
SYS
SQL> select * from v$pwfile_users;
USERNAME SYSDB SYSOP SYSAS
------------------------------ ----- ----- -----
SYS TRUE TRUE FALSE
TEST TRUE FALSE FALSE
Here is how you find privileges of your users:
select
lpad(' ', 2*level) || granted_role "User, his roles and privileges"
from
(
/* THE USERS */
select
null grantee,
username granted_role
from
dba_users
/* THE ROLES TO ROLES RELATIONS */
union
select
grantee,
granted_role
from
dba_role_privs
/* THE ROLES TO PRIVILEGE RELATIONS */
union
select
grantee,
privilege
from
dba_sys_privs
)
start with grantee is null
connect by grantee = prior granted_role;
This will show you which users have inflated privileges. You can execute this in a shell script by typing
sqlplus / as sysdba --(if you are root on the box)
spool user_privileges.txt
#whos_a_root.sql --(if that's what you call your script)
spool off
exit;