In Ora11g I used to grant all privileges to a user as follows.
create user xx identified by psw;
grant create session, grant any privilege to xx;
grant all privileges to xx;
But in Ora 12c when I execute grant privileges, I'm getting the below ERROR.
Error starting at line : 2 in command - grant create session, grant
any privilege to xx Error report - ORA-00604: error occurred at
recursive SQL level 1 ORA-20997: "GRANT ANY PRIVILEGE" grants not
allowed ORA-06512: at "RDSADMIN.RDSADMIN", line 79 ORA-06512: at line
2
00604. 00000 - "error occurred at recursive SQL level %s"
*Cause: An error occurred while processing a recursive SQL statement
(a statement applying to internal dictionary tables).
*Action: If the situation described in the next error on the stack
can be corrected, do so; otherwise contact Oracle Support.
I have tried the answer suggested in 1 and it does not seems work.
1. Regarding Users in Oracle 12c
It is getting the below ERROR.
GRANT All PRIVILEGE TO name Error report - ORA-00922: missing or
invalid option
00922. 00000 - "missing or invalid option"
*Cause:
*Action
Your help on "grant all privileges to a user in ora12c this is much appreciated.
Thanks!
Yes. I was able to grant privileges with a namespace.
Create user xx identified by psw account unlock;
grant connect to xx;
grant create session, create table, create sequence, create trigger to
xx;
alter user xx quota 5M on USERS;
commit;
if you need to give unlimited quota, you use this.
ALTER USER xx quota unlimited on USERS;
commit;
Related
We are running Oracle database 19c and we have got a strange error for ORA-01031: insufficient privileges
There are two users/schemas, for short, I call them mgr and user here.
So on mgr, I have created this view:
CREATE OR REPLACE FORCE EDITIONABLE VIEW "MGR"."EVENT" (...) AS
SELECT ... FROM c_interfaces.c_event et
LEFT JOIN event_module em ON (...)
LEFT JOIN event_location cl ON (...)
LEFT JOIN users u ON (...)
WHERE ... ORDER BY ...;
GRANT SELECT ON "MGR"."EVENT" TO "USER" WITH GRANT OPTION;
Using mgr, I can SELECT this view without problem.
Then when I used user to call:
select * from "MGR"."EVENT";
I got this error:
ORA-01031: insufficient privileges
01031. 00000 - "insufficient privileges"
*Cause: An attempt was made to perform a database operation without
the necessary privileges.
*Action: Ask your database administrator or designated security
administrator to grant you the necessary privileges
I don't know what went wrong.
When I used user for debugging and I tried to cut out the select part and run:
SELECT ... FROM c_interfaces.c_event et
LEFT JOIN event_module em ON (...)
LEFT JOIN event_location cl ON (...)
LEFT JOIN users u ON (...)
WHERE ... ORDER BY ...;
I got no error at all. Data is displayed correctly on my screen.
So what could be wrong?
I have a problem.
CREATE TABLE accounts(
id INTEGER,
name VARCHAR2(100)
)
/
CREATE OR REPLACE FUNCTION account_balance(account_id_in IN accounts.id%TYPE)
RETURN NUMBER
IS
BEGIN
RETURN 0;
END;
/
Error:
Error starting at line : 1 in command -
CREATE OR REPLACE FUNCTION account_balance(account_id_in IN accounts.id%TYPE)
RETURN NUMBER
IS
BEGIN
RETURN 0;
END;
Error report -
ORA-01031: insufficient privileges
01031. 00000 - "insufficient privileges"
*Cause: An attempt was made to perform a database operation without
the necessary privileges.
*Action: Ask your database administrator or designated security
administrator to grant you the necessary privileges
Please help me resolve above error, thank you!
As pointed out in the comments, you are missing the required permissions to create the function from whatever user account you are currently using.
Let's assume your less privileged login is called some_user. To fix your problem, login as your more privileged account, and apply the following GRANT statement:
grant create procedure to some_user;
Documentation: GRANT
CREATE PROCEDURE: Create stored procedures, functions, and packages in the grantee's schema.
Login as
sys as sysdba
then execute the following command after changing username to your username
GRANT CREATE PROCEDURE TO username;
Do like this
sqlplus /nolog
connect sys/"123456a#"#xe as sysdba
SQl> alter session set "_ORACLE_SCRIPT"=true;
SQL>grant create table to donhuvy;
I'd like to get ddls of all roles in the database using dbms_metadata package. Unfortunately dbms_metadata.get_granted_ddl fails with error when there are no grant (object, system or role type) for the role. That's why I have to check the presence of privileges in dba_tab_privs, dba_sys_privs and dba_role_privs views.
However AQ_ADMINISTRATOR_ROLE role has system privileges the following statement fails. Checked on two databases.
sqlplus system/pass#db1
select dbms_metadata.get_granted_ddl('SYSTEM_GRANT', 'AQ_ADMINISTRATOR_ROLE')
from dual
where exists (select 1 from dba_sys_privs where grantee = 'AQ_ADMINISTRATOR_ROLE')
/
ORA-31608: specified object of type SYSTEM_GRANT not found ORA-06512:
at "SYS.DBMS_METADATA", line 4018 ORA-06512: at "SYS.DBMS_METADATA",
line 5991 ORA-06512: at line 1
select * from v$version
/
Oracle Database 11g Release 11.2.0.2.0 - 64bit Production PL/SQL
Release 11.2.0.2.0 - Production CORE 11.2.0.2.0 Production
Oracle returns that exception if there are no rows that match your parameters. There must be no SYSTEM_GRANT objects for QA_ADMINISTRATOR_ROLE
This will return what you are looking for:
select dbms_metadata.GET_GRANTED_DDL('SYSTEM_GRANT') from dual;
This will return something like:
GRANT CREATE JOB TO "SCOTT"
GRANT SELECT ANY DICTIONARY TO "SCOTT"
GRANT EXECUTE ANY TYPE TO "SCOTT"
I assume, you want to extract DDL for all privileges (roles/permissions) given to current schema user (when you say 'database').
If one wants to extract for a given user, use the following:
select dbms_metadata.GET_GRANTED_DDL('SYSTEM_GRANT', 'SCOTT') from dual;
If one wants to extract privileges given on a OBJECT from current user to another schema user, use the following:-
select DBMS_METADATA.GET_DEPENDENT_DDL('OBJECT_GRANT','TEST_TABLE') from dual;
I have a package that compiles fine in another 11g environment.
When I try to compile it in my XE 10g environment w/ a DBA User, I get the ORA-00942 error.
FOR r IN (SELECT DISTINCT job_name jname
FROM dba_scheduler_jobs
^
WHERE job_name LIKE p_job_prefix || '%')
LOOP
...
When I execute a direct select on the table there is no issue.
Select * from dba_scheduler_jobs;
Error Text:
Line: 34 Column: 34 Error: PL/SQL: ORA-00942: table or view does not exist
In order to reference an object in a definer's rights stored procedure (the default), the owner of the procedure has to have direct access to the object. The privilege cannot be granted through a role, even a very powerful role like SYSDBA.
You probably want to grant the owner of this procedure the SELECT ANY DICTIONARY privilege
GRANT select any dictionary
TO <<owner of procedure>>
You could also grant the privileges on each object (i.e. DBA_SCHEDULER_JOBS) individually but if you've already granted this user the SYSDBA privilege, you're probably not overly concerned with restricting grants.
I'm running this SQL:
CREATE VIEW
showMembersInfo(MemberID,Fname,Lname,Address,DOB,Telephone,NIC,Email,WorkplaceID,WorkName,WorkAddress,WorkTelephone,StartingDate,ExpiryDate,Amount,WitnessID,WitName,WitAddress,WitNIC,WitEmail,WitTelephone)
AS SELECT
mem.MemberID,mem.FirstName,mem.LastName,mem.Address,mem.DOB,mem.Telephone,mem.NIC,mem.Email,
wrk.WorkPlaceID,wrk.Name,wrk.Address,wrk.Telephone,
anl.StartingDate,anl.ExpiryDate,anl.Amount,
wit.WitnessID,wit.Name,wit.Address,wit.NIC,wit.Email,wit.Telephone
FROM Member mem, WorkPlace wrk, AnnualFees anl, Witness wit
WHERE mem.MemberID = anl.MemberID AND mem.WorkPlaceID = work.WorkPlaceID AND mem.WitnessID = wit.WitnessID
When I try to create the view I get this error:
ERROR at line 1:
ORA-01031: insufficient privileges
Why is that? I'm logged in to sqlplus using sysman
Make sure that SYSMAN is granted SELECT privileges on each of the tables in the FROM clause directly, not through a role. See CREATE VIEW prerequisites.
Try logging as sys or sysadm
See on oracle users here