I am auditing an Oracle BD and I need to know the password policy assigned to this Database.
One way I thought to do it is retrieving the body of verify_function that is assigned to the profiles.
How can I list the body of these "verify_function"? Such as the body of utlpwdmg.sql and ora12c_strong_verify_function etc.
Thx!
As I see the problem from the comments you can't find the function "ORA_COMPLEXITY_CHECK" which is an oracle standart function. The code might be obtained under
{ORACLE_HOME}/rdbms/admin/catpvf.sql
And it could be that the catpvf.sql script wasn't executed against the instance you're on.
In general, here is the script to get the ddl of an object withour specifying it's type(might take longer time to execute).
select owner, object_name, object_type, dbms_metadata.get_ddl(object_type, object_name)
from dba_objects
where object_name = 'CFL_BITAND';
The same way you'd get the DDL for any object in the database -- dbms_metadata.get_ddl. There's nothing magic about the particular function you are after. It's just another function defined in the database.
Related
I would like to know if it exists an Oracle command to know if a DB-LINK (name: myBDLink) is used somewhere in a DB and how to display the objects (views,materialized views, procedures, functions, ...) which use it.
Could you please help me with that ?
Thanks for your help
Well, you could try to query various system views and see whether any of them contains a string you're looking for. As you want to check the whole database, you'll probably connect as a privileged user and check dba_ views; otherwise, all_ or user_ would do.
For example, to check procedures, functions, packages, ...:
select owner, name, type, line
from dba_source
where owner not in ('SYS', 'SYSTEM')
and lower(text) like '%mydblink%';
To check views, you'll need a function which will search through its LONG datatype column (as you can't use it directly in SQL):
create or replace function f_long(par_view in varchar2, par_String in varchar2)
return varchar2
is
l_text varchar2(32000);
begin
select text
into l_text
from dba_views
where owner not in ('SYS', 'SYSTEM')
and view_name = par_view;
return case when instr(lower(l_text), lower(par_string)) > 0 then 1
else 0
end;
end;
/
and then
select owner, view_name
from dba_views
where f_long(view_name, 'mydblink') = 1;
I excluded SYS and SYSTEM as they should not contain anything of users' stuff. Perhaps you'd want to exclude some more users.
To see some more (re)sources, query the dictionary, e.g.
select table_name, comments
from dictionary;
TABLE_NAME COMMENTS
------------------------------ --------------------------------------------------
USER_CONS_COLUMNS Information about accessible columns in constraint
definitions
ALL_CONS_COLUMNS Information about accessible columns in constraint
definitions
DBA_CONS_COLUMNS Information about accessible columns in constraint
definitions
<snip>
There is no complete answer. How would the database know of code that is outside of the database? It can't. So if you have a sql script, or some application that does not rely on stored procedures to do everything, the database will not know of them.
That said, for dependencies that are in stored procedures in the database, you can try this:
select *
from dba_dependencies
where referenced_link_name is not null
;
To add to the other (correct) answers that have been posted by #Littlefoot and #EdStevens, a quick-and-dirty analysis can also be made against the Automated Workload Repository (AWR).
The benefit of this approach is it will find usages of remote objects from SQL submitted to the database whether that SQL is in DBA_SOURCE or not (e.g., is embedded in an external application).
-- Find any objects referenced across a database link (sort of)
select object_node, object_name, count(distinct sql_id) sql_id_count
from dba_hist_sql_plan
where object_type = 'REMOTE'
group by object_node, object_name
order by object_node, object_name
;
The problem is that AWR data isn't 100% complete. First of all, it's not kept around forever, so a database link last used more than a month (or two months or however long your DBAs keep AWR data for) wouldn't be seen. Second of all, AWR only takes snapshots periodically, say every hour. So it's theoretically possible for a SQL to use a database link and then get aged out of the library cache before the next AWR snapshot.
I think the chance of missing something due to that last bit is small on the systems I work with. But, if you have poorly written applications (i.e., no bind variables) and limited shared pool space, it's something to worry about.
I did search for a similar question, but if I overlooked an existing answer I am glad to be redirected there.
I am working to untangle an Oracle Stored Proceedure in a legacy system written by a long departed developer.
The focus of the proceedure is to upload user data into the existing table structure in a bulk collection and save keystroke time adding 1-x-1 records.
The procedure appears to work without error and the user group would like to expand it to allow additional data to load to separate but related tables.
The author is using the NEXTVAL and CURRVAL commands to add primary key information as new records are added using the CSV data.
But I am confused because my understanding of NEXTVAL/CURRVAL was that they required context and declaration to be used correctly.
For example the Proceedure has the following:
SELECT seq_site.nextval INTO v_curr
FROM DUAL;
UPDATE temp_table
SET site_id = seq_site.currval
However [SEQ_SITE] is not declared anywhere in the preceding lines of the Procedure.
Am I inferring correctly that the clause [SELECT seq_site.nextval INTO v_curr] is the declaration for [SEQ_Record_count]?
(...v_curr is declared an integer early in the procedure declarations btw...)
I'm developing a .NET front end that interacts with an Oracle database. I have figured out how to get a list of stored procedures to execute, but I don't know how to get a list of parameters that belong to the stored procedure. I want to be able to show a list of all the parameters that are both input and output parameters for the stored procedure.
I have tried using the DBA_SOURCE, DBA_PROCEDURES, ALL_DEPENDENCIES, but I haven't seen anything that shows the parameters that belongs to the specified stored procedure.
Any ideas?
I believe that both responses I received are correct, but I ended up finding a different query which gives me exactly what I'm looking for:
SELECT
ARGUMENT_NAME,
PLS_TYPE,
DEFAULT_VALUE
FROM
USER_ARGUMENTS
WHERE
OBJECT_NAME = '<my_stored_proc>'
This has been working for me so far and pulls all the OracleParameter information that I want as well.
You find parameter metadata in DBA/ALL/USER_ARGUMENTS view.
This is the query that we use, more or less:
SELECT *
FROM
ALL_ARGUMENTS
WHERE
DATA_TYPE IS NOT NULL
-- This check removes package procedure arguments that don't really
-- seem to mean anything
AND
DATA_LEVEL = 0
-- Use this predicate to remove entries for the return value of functions
AND
POSITION > 0
ORDER BY
OWNER,
PACKAGE_NAME,
OBJECT_NAME,
OBJECT_ID,
OVERLOAD,
POSITION
I've researched here and elsewhere but haven't found an answer for the following.
I'd like to get a list of all procedures available to my application's Oracle account (AFAIK they're part of one package), and have tried the following command in sqlplus:
SELECT * from user_procedures;
However this only returns one row/procedure, when in fact the app has probably 20+ procedures it calls (successfully) on a regular basis. I can just look through the source code and extract all the stored procedure names, but I'd like to use the above and see it working, and as a basis for further examination of the db to assist in debugging (instead of always needing to run the app or write test client code, for example).
Does the above statement only return procedures my account owns explicitly, or should it show anything the account has access to? [I'm not very familiar with Oracle's specific features.]
I've tried other variations; for example, referencing 'dba_procedures' results in a 'table or view does not exist error.'
Are all of these symptoms the result of limited permissions on my app's Oracle account (which I'm using to connect via sqlplus)?
[Background: Dysfunctional environment--direct access to the DBMS and its external owners is extremely limited, so I'd like to be able to increase my understanding of the db design and get the information I need without assistance.]
You can see which stand-alone procedure you can execute with this:
select ao.object_type, ao.owner ||'.'|| ao.object_name
from all_objects ao, user_tab_privs utp
where ao.object_type = 'PROCEDURE'
and utp.owner = ao.owner
and utp.table_name = ao.object_name
and utp.privilege = 'EXECUTE';
But if they are in a package you can't directly see the procedure names, AFAIK, but you can see which package you can execute with this:
select ao.object_type, ao.owner ||'.'|| ao.object_name
from all_objects ao, user_tab_privs utp
where ao.object_type = 'PACKAGE'
and utp.owner = ao.owner
and utp.table_name = ao.object_name
and utp.privilege = 'EXECUTE';
And then you can desc[ribe] the package to see the individual procedures and functions within it. I guess that is probably held somewhere in the data dictionary but don't knwo where off-hand...
user_procedures is a system view that holds all the procedures owned by certain schema (user). Not the ones that the schema (user) is granted to execute.
You can try DBMS_METADATA.GET_GRANTED_DDL stored procedure. You might find something useful there. But I don't know what kind of privileges you need to run it within your application.
Hope it helps.
If the procedures are part of a package (i.e. you're calling them by PACKNAME.PROCNAME, then you have an all-or-nothing grant on the package, not individual procedures within the package.
I've created a package that contains a stored procedure that I plan to invoke from a separate application. The stored procedure will return a sorted list of all the views and tables in the schema. To do that, it performs a simple select on the DBA_TABLES and DBA_VIEWS synonyms, as shown below:
CREATE OR REPLACE
PACKAGE BODY TITAN_ENTITY AS
PROCEDURE GETSCHEMAOBJECTS (RESULTS IN OUT T_CURSOR)
IS
V_CURSOR T_CURSOR;
BEGIN
OPEN V_CURSOR FOR
SELECT 'T' OBJECTTYPE, TABLE_NAME OBJECTNAME
FROM DBA_TABLES
WHERE OWNER = 'SONAR5'
UNION ALL
SELECT 'V' OBJECTTYPE, VIEW_NAME OBJECTNAME
FROM DBA_VIEWS
WHERE OWNER = 'SONAR5'
ORDER BY OBJECTNAME;
RESULTS := V_CURSOR;
END GETSCHEMAOBJECTS;
END TITAN_ENTITY;
I have verified that the synonyms in question exist, and are public:
CREATE PUBLIC SYNONYM "DBA_TABLES" FOR "SYS"."DBA_TABLES"
CREATE PUBLIC SYNONYM "DBA_VIEWS" FOR "SYS"."DBA_VIEWS"
My understanding is that, because they are public, I don't need any further permissions to get to them. If that understanding is incorrect, I wish someone would disabuse me of the notion and point me to more accurate data.
Now here's my problem: I can open a worksheet in Oracle SQL Developer and select from these tables just fine. I get meaningful data just fine (567 rows, as a matter of fact). But when I try to execute the stored procedure, Oracle complains with a compilation error, as shown below:
Error(9,8): PL/SQL: SQL Statement ignored
Error(10,16): PL/SQL: ORA-00942: table or view does not exist
When I double-click on that second error message, SQL Developer takes me to the first FROM clause ("FROM DBA_TABLES").
So I'm fairly stumped. I know SQL Server pretty well, and I'm new to Oracle, so please bear with me. If you could provide some clues, or point me in the right direction, I'd really appreciate it.
Thanks in advance!
Use ALL_TABLES and ALL_VIEWS instead of DBA_TABLES and DBA_VIEWS. ALL_% views should be accessible to all users.
If you select from a table or a view in a stored PL/SQL-procedure or a stored PL/SQL-function you need a direct grant. A grant via a database role isn't enough.
You probably need a direct grant on view dba_tables. (public) synonyms are just (public) synonyms. You need directly granted select rights.
See here: http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:48704116042682#48798240264807
Edit: Sorry, I glossed over the part where you seem to say that you can select from DBA_TABLES directly. Most likely the issue is that your privileges are granted through a role as someone else answered. But it's still worth explaining that your understanding of PUBLIC synonyms is incomplete, and that using ALL_TABLES would be better if it accomplishes what you need.
The synonym being PUBLIC only means that all users can reference the synonym; it does not grant them any access to the object that the synonym refers to.
What you would do to most directly solve this error is grant SELECT privilege on the SYS views to the user(s) that will run this procedure. However, I think that is a very bad idea.
As suggested by Raimonds, consider whether you can get what you need from USER_TABLES or ALL_TABLES instead. What user is calling this procedure, and what access does that user have to SONAR5's tables?
Generally, if your application is interested in a table, presumably it has some privileges on it, in which case is should be listed in ALL_TABLES.