How Grant Create Foreign Key on another schema? - oracle

I have two oracle users : User1 and User2.
User1 has a table Users_
User2 has a table TestTable
I'm trying to create a foreign key constraint between the two tables as follows :
ALTER TABLE "User2"."TESTTABLE" ADD CONSTRAINT "TESTTABLE_CREATEDBY"
FOREIGN KEY (CREATEDBY) REFERENCES "User1"."USERS_" (ID) ENABLE
User2 has the privilege to select on User1 table Users_ (Grant select to user2 on Users_)
When running the alter table statement I'm having an error : of insufficient privileges.
Does anyone know how to solve that please ?
Cheers,

To create a foreign key against a table in another schema we need to have the REFERENCES privilege on that table. This is a separate privilege because it imposes a burden on the table's owner: they can't delete records from their table if you're referencing them. Find out more

Related

How to create a table of a user?

How can I create a table of a user with sys? I want to give a table to an user but I want that this user can't alter the table.
I tried this:
CONNECT USER1/USER1;
CREATE TABLE Persons (
PersonID int,
LastName varchar(255),
FirstName varchar(255),
Address varchar(255),
City varchar(255)
);
But I want to create this table from sys user so user1 can't alter this table. How can I do that?
USER1 can alter a table in their schema, even if they don't have CREATE TABLE privilege.
As SYS:
grant create session to user1;
alter user user1 quota 100M on users ;
create table user1.t1 (id number);
Now connect as USER1. Both these statements will succeed:
insert into t1 values (1234);
alter table t1 add col1 varchar2(16);
In case it's not clear, USER1 cannot create tables. This statement will fail with ORA-01031: insufficient privileges...
create table t2(id number);
It's not clear exactly what you're trying to achieve, but the best way to control schemas is to separate schema owners from application users. Schema owners have objects but (usually) lack CREATE SESSION privilege, at least in production: their objects are deployed by power user accounts. Application users have CREATE SESSION and DML privileges on objects in the schema owner accounts but don't own any objects themselves, except maybe private synonyms and database links.

Creating foreign keys on a table fails in Oracle and 2 schemas

I have two schemas, and I am trying to create a table with two foreign key constraint. Creating the foreign key constraint does not work regardless of whether I add the constraint separately or in the table creation DDL. Also regardless of which of the two users I try to run it.
The oracle error is ORA-01031: insufficient privileges.
The table is created when I omit the foreign key constraints.
Intended result: create a table with two constraints.
CREATE TABLE "XXX_MONITORING"."COMPOSITE_STATUS"
( "COMPOSITE_STATUS_ID" NUMBER,
"COMPOSITE_ID" NUMBER,
"STATUS" CHAR(1),
CONSTRAINT "COMPOSITE_FK" FOREIGN KEY ("COMPOSITE_ID")
REFERENCES "XXX_MONITORING_CONFIGURATION"."COMPOSITE_KPI_COMPONENTS" ("COMPONENT_ID") ON DELETE CASCADE ENABLE,
CONSTRAINT "COMPOSITE_STATUS_FK" FOREIGN KEY ("STATUS")
REFERENCES "XXX_MONITORING_CONFIGURATION"."INDICATION_COLOR" ("INDICATION_COLOR_ID") ON DELETE CASCADE ENABLE
);
The table COMPOSITE_KPI_COMPONENTS and INDICATION_COLOR are in different schema i.e. XXX_MONITORING_CONFIGURATION.
That user must grant REFERENCES on COMPOSITE_KPI_COMPONENTS and INDICATION_COLOR to XXX_MONITORING.
-- Grant statement
grant REFERENCES on COMPOSITE_KPI_COMPONENTS to XXX_MONITORING;
grant REFERENCES on INDICATION_COLOR to XXX_MONITORING;

Difference between CREATE TABLE and CREATE ANY TABLE privileges

I don't understand the difference between these two privileges.
I found these two explanations but it's not helping me.
CREATE TABLE -> Enables a user to create a table owned by that user.
CREATE ANY TABLE -> Enables a user to create a table owned by any user in the database.
If a user creates a table it's going to be owned by the user that created it right? I don't get it.
The CREATE TABLE privilege lets you create a table in your own schema. So user scott can do:
create table scott.mytable ( id number );
The CREATE ANY TABLE privilege lets you create a table in any schema in the database. So again, user scott can do:
create table hr.employees ( id number );
That is, make a table that belongs to someone else.

Orace 11g : Create table in another schema with only select permission to schema owner

I have 2 users: User1 and User2
I am able to create table in schema of User2 from User1
create table user2.tmp_tab (
temp1 varchar2(20),
temp2 varchar2(20)
);
Table created Successfully
but I want User2 to have only select privileges on the table.
and also I don't want to create table in Schema User1.
Is it possible ? How can it be done ?
No, you can't. The schema owner automatically has all object privileges for his own schema.
From documentation,
A user automatically has all object privileges for schema objects
contained in his or her schema. A user can grant any object privilege
on any schema object he or she owns to any other user or role.

Insufficient privileges when adding FK constraint (Oracle)

ALTER TABLE LAB_ADMIN_USER.TEST_TEMPLATE_ABBR ADD (
CONSTRAINT TEST_TEMPLATE_ABBR_R01
FOREIGN KEY (test_template_id)
REFERENCES LAB_ADMIN.TEST_TEMPLATE (test_template_id)
ON DELETE CASCADE)
What is the most likely cause of 'ORA=01031: insufficient privileges' when executing the command above? In other words, what permission does LAB_ADMIN_USER most likely not have?
I already created the table successfully and attempted to add the FK constraint as LAB_ADMIN_USER.
The table with the primary key is owned by a different schema - LAB_ADMIN. That user must grant REFERENCES on TEST_TEMPLATE to LAB_ADMIN_USER.
From the owning schema execute GRANT REFERENCES ON OWNINGSCHEMA.TABLE TO OTHERSCHEMA;

Resources