I have a workspace created, in APEX and has a user associated with it (say, USER). I also have an ADMIN user. I want the USER to be able to just select the data from the schema tables and not update/delete tables or create a package etc. How can I achieve this?
I logged in as ADMIN and was tweaking some settings of the workspace. I saw an option called SQL Workshop. Enabling or disabling it doesn't serve my purpose. I want the user to be able to write queries (only select) but he must not be able to update the data or create packages or stuff like that.
There isn't a way to accomplish this within the same workspace. Anyone who can develop or administer a workspace can parse SQL as any database user (schema) mapped to that workspace. You could achieve this using another workspace and normal database object privileges.
Create a second workspace, which USER can login to.
Selectively grant object privileges from objects owned by the database user of the
first workspace to the database user of the second workspace. E.g.,
GRANT READ ON dbuser1.table TO dbuser2;
Related
I have access to that user in SQL Developer. How can I access this same user in Apex, to make any query?
Talk to your Apex admin. They should map that schema (i.e. user with all its objects) to your workspace.
Alternatively, you could create a database link from your current user (the one you already use in Apex) to the one that contains data you're interested in. Then you could access data over that database link, perhaps create synonyms in your schema (to make it simpler). Though, I'd probably go for the 1st option I suggested.
But, if you don't use Apex yet, then - back to Apex admin again; they should create a workspace for you, let you use schema you're talking about, create an Apex developer for you and - that should do it.
I am trying to create a read-only user for an Oracle 11g Database that will be used by SQLAlchemy to query the database.
I was using an existing DBA user with SQLAlchemy and wasn't having any problems, but now with the new user, I am unable to reflect database tables.
Could not reflect: requested table(s) not available in Engine
Note that I can SELECT the tables, just not reflect them.
I am wondering what kind of permissions I need to give to the new user for it to able to reflect through SQLALchemy.
I tried copying all roles from the existing DBA to the new user, but still get the same error
I even tried some advanced roles that weren't used before (I plan on deleting and adding the user correctly again later.
DBACONSULTA is the new user I am creating.
GRANT DBA TO DBACONSULTA
GRANT EXECUTE ANY EVALUATION CONTEXT TO DBACONSULTA
GRANT ANALYZE ANY TO DBACONSULTA
GRANT SELECT ANY TABLE TO DBACONSULTA
GRANT EXECUTE ANY PROGRAM TO DBACONSULTA
With Python I use the following code:
engine=create_engine('oracle+cx_oracle://...')
metadata = MetaData()
metadata.reflect(engine, only=['tablename'])
Get the error:
Could not reflect: requested table(s) not available in Engine
I want to be able to reflect tables, without using the Declarative form from SQLAlchemy
Thanks in advance.
I believe I have found the answers.
Two things that are important:
the table name had to be in lowercase (didn't work using uppercase)
the schema was not defined (turn out it was working because the user I was using was the owner of the schema of the tables)
So, when i declare the schema and use lowercase for the tablename the reflection works.
I want to import schema to my new host. First I had created new user account:
CREATE USER test IDENTIFIED BY test;
What kind of privileges I need to grant to have super role?
(create schema, tables, packages, triggers...etc)
It's one privilege to grant me access to all of them?
You should grant only those privileges that are required for a newly created user to work. One by one.
CREATE SESSION is the first one; without it, user can't even connect to the database.
CREATE TABLE is most probably also required, if user TEST is going to create his own tables.
That's enough to get it started. Once it appears that user needs to create a procedure, you'll grant CREATE PROCEDURE. And so forth.
There are/were roles named CONNECT and RESOURCE which contained the "most frequent" privileges one needed, but their use is - as far as I can tell & in my opinion - discouraged.
I'm using Oracle's 10g version.
In the database, I would like to create a configuration table and fill it with data.
Then the other users can not change anything in it, and even better that it was not at all visible to other users. Is it possible to somehow hide the table?
Regards
Create a separate schema for that table. Create a package that provides an API to your configuration data (e.g. to get a value that is needed by another program).
Revoke CREATE SESSION privilege from that schema (i.e. just don't grant any privileges to the schema at all). Don't grant any privileges on the table. The only users who will be able to see the table are those with DBA privileges.
The only thing that database sessions will be able to do is execute the package, IF they have been granted EXECUTE privilege on it.
If you do not grant enough privileges to other users, they could not see your objects.
I want to create the user and the database within that user. But when I tried to create database its giving the warning message as
ERROR at line 1:
ORA-01501: CREATE DATABASE failed
ORA-01100: database already mounted
Then I tried
STARTUP NOMOUNT;
Its giving the warning message for insufficient privileges even I have given all the permission to that particular user.
Can any one please help in finding the solution for this?
You don't create a database under a user in Oracle; I believe you're using terminology from another database poduct. The equivalent is a schema, which is a logical container for a group of objects. User and schema are essenentially synonymous in Oracle - when you create a user is automatically has its own schema.
You create the database once (which you already seem to have done, or had done for you), then create as many schemas/users as your application needs. You don't ever rerun the create database under normal circumstances - you certainly wouldn't as a normal user.
If you connect as that user you will be able to create tables, views, packages etc., assuming it has really been granted all the necessary privileges.