This question already has answers here:
How to find the privileges and roles granted to a user in Oracle? [duplicate]
(9 answers)
Closed 3 years ago.
I need a query which contains Oracle users with roles and privileges in one query
I Am using Oracle 11G
Of course roles can be granted to roles, granted to roles .... So if your intent is, as it seems, to see everything a given user has, regardless of directly granted or inherited through a role, through a role, through a role ... Then the definitive script is found at Pete Finnigan's site. See http://www.petefinnigan.com/find_all_privs.sql
Related
This question already has answers here:
How to replicate schema with the same privileges of an existing account in oracle?
(2 answers)
Closed 10 months ago.
I have a user named A having some privileges. How can I grant all privileges which A is having and grant to user B?
Thanks in advance
Get all privileges from user A
SELECT DBMS_METADATA.GET_GRANTED_DDL('ROLE_GRANT','A') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('SYSTEM_GRANT','A') FROM DUAL;
SELECT DBMS_METADATA.GET_GRANTED_DDL('OBJECT_GRANT','A') FROM DUAL;
Change the DDL commands with the user 'B' and execute.
With reference to CDB$ROOT in Oracle 18c Express Edition
How to complete the following task using a Recursive WITH SQL statement?
For each user who is granted the “CREATE SESSION" (directly, granted roles with the
permission, or granted role(s) which is assigned roles with permission, and so on), display the
USERNAME and the ACCOUNT_STATUS of that user. The output should be sorted by
username.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 3 years ago.
Improve this question
I have to know which user have developer's roles and privileges, how to connect him to my pluggable database and allow him to create, delete, drop, insert into tables ,create and drop procedures/functions/views .
and in my connection in my app jdbc which user can i use.
Is this your database, and by that I mean, did YOU create it?
Then the answer is, you need to create at least one schema for your application, and maybe perhaps as many as three.
Is this someone else's database? If so, they should give you credentials for the account you are meant to use.
Assuming this is a database you yourself just created, it's very important that you do NOT use these default admin accounts for you to do your application work in:
SYSTEM
SYS
Instead, use these accounts to create a user for your application.
Note that this USER will be able to do anything it wants to any object it owns (the SCHEMA).
For this reason, you often find this sort of layout for applications in an Oracle Database:
a schema for the application data (tables, views, materialized views)
a schema for the application code (PL/SQL and maybe stored Java procedures)
a schema for the application user
NO ONE gets to login as the application schema.
The stored procedures in the second schema are only given the privs absolutely necessary to do their job - READ/SELECT on a table perhaps, but not INSERT or UPDATE if it's just a proc to get data back.
The 3rd schema is only given execute privs on the 2nd schema.
If you create a user, they can do any/all of the things you mention -
create, delete, drop, insert into tables ,create and drop
procedures/functions/views
But they won't be able to do anything to objects/data in another schema unless you grant them the ability to do so. And in most cases, you would NOT do so. You'd write a PL/SQL API that does this work, and then grant execute privs on this API to your APP user.
Our DBA team created a role (standardRole) to easily managed the minimum system privileges in our organization, this role is having one system privilege currently which is the 'Create Session' privilege.
I created a user and grant him this role (standardRole), the user try to connect using Toad but he failed and this error message appeared - ORA-01045: user user1 lacks CREATE SESSION privilege; logon denied.
Then, I granted him the 'Create Session' Privilege directly this time in addition to the role that he is having already and he successfully connected to the database.
So, I am a little confused, why the 'Create Session' granted through the role in not working, but if its granted directly its working fine??!!
I tried to search about this topic in google, and I found some interesting information in Oracle Help Center, but to be honest I didn't understand it 100%.
We must to specify the role when granted to be Default, if the role is default the database will set the role automatically when the user create his session.
The user can also make the role enabled by using this command:
set role (role name)
You need to make the role as default.
To do this, run
ALTER USER DEFAULT ROLE CONNECT;
If there are several roles, then you need to execute
ALTER USER DEFAULT ROLE ALL;
So, I need to implement SSO in our Oracle databases (using Standard Edition only) and I'm nearly there but I have one annoying problem.
Here's the basic run down of how the user is created. This all works beautifully and I can connect without usernames or passwords. No error are thrown when I GRANT the role of assign it as default
CREATE USER "OPS$DOMAIN\USER" IDENTIFIED EXTERNALLY;
GRANT create session TO "OPS$DOMAIN\USER";
GRANT my_awesome_role TO "OPS$DOMAIN\USER";
ALTER USER "OPS$DOMAIN\USER" DEFAULT ROLE my_awesome_role;
But when i log in, the role doesn't appear when running
SELECT * FROM session_roles
and I need to specifically run the SET ROLE command to bring it to life
SET ROLE my_awesome_role
So my question is, do I need to do something different with roles when using external authentication in Oracle? The documentation is a little vague, or at least my reading of it is ;-)