I have a view V1 in schema A. And want to select it from schema B.
view V1 include system dictionaries (dba_objects, sys.$views and others).
Now, I granted privileges by request to my admin.
grant select on dba_objects to A
grant select on sys.$views to A
grant select on dba_objects to B
grant select on sys.$views to B
grant select on A.V1 to B
But have error: insufficient privileges
I understand, that need option: with grant option
grant select on dba_objects to A with grant option
grant select on sys.$views to A with grant option
But my administrator can't give with grant option.
Have any ideas, how to do select to view from another schema without with admin option?
Thanks!
For dictionary objects use create view & public synonym combination in sys, and then you may use it in any ordinary schema :
SQL> create or replace view v_objects as select * from dba_objects;
SQL> create or replace synonym v_objects2 for v_objects;
SQL> grant select on v_objects2 to A with grant option;
SQL> conn A/pwdA
SQL> create or replace view v_objectsA as select * from sys.v_objects2;
SQL> conn B/pwdB
SQL> create or replace view v_objectsB as select * from sys.v_objects2;
Related
I've got such case.
I've got 3 users on 2 DBs:
A#DBDEV
A#DBPROD
B#DBPROD - read only user for busines user to get some data.
User A#DBPROD has SYNONYM:
CREATE SYNONYM S_TAB FOR TAB#DBLINK_2_DEV; --(DBLINK_2_DEV created using A#DBDEV password)
Now I want to:
GRANT SELECT ON S_TAB TO B#DBPROD;
but getting ORA-02021...
What is the best solution for that?
You can't use a DB link in a grant statement.
grant select on s_tab to b;
Considering the following information from the Oracle data dictionary
When the following command is executed, to obtain the information
SELECT grantee,owner,table_name,grantor, privilege, grantable
FROM user_tabs_privs;
What is the SQL statements that have been issued to cause these grants to exist in the
dictionary? Also for each statement which user has executed the statement?
Review this example and compare it to your output; you'll see which command leads to which result.
User mike:
SQL> show user
USER is "MIKE"
SQL> SELECT grantee,owner,table_name,grantor, privilege, grantable
2 FROM user_tab_privs;
no rows selected
User scott will grant a few things to mike:
SQL> connect scott/tiger
Connected.
SQL> grant select on test to mike;
Grant succeeded.
SQL> grant delete on dept to mike with grant option;
Grant succeeded.
Back to mike, see what has happened:
SQL> connect mike/lion
Connected.
SQL> SELECT grantee,owner,table_name,grantor, privilege, grantable
2 FROM user_tab_privs;
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE
------- ------ ---------- ---------- ---------- ----------
MIKE SCOTT DEPT SCOTT DELETE YES
MIKE SCOTT TEST SCOTT SELECT NO
SQL>
after you run the following steps, you can get the result you want
(1) firstly login as Ann,run the SQL statement:
grant select on project to Billy with grant option;
(2) still as Ann, runt the SQL statement:
grant delete on employee to marlam ;
(3) login as Billy, run the SQL statement:
grant select on project to leah ;
I have a QUEUE_OWNER schema that has some queues. When I connect the application to that data source everything works fine and the app can read the from the queues.
I want to create a _USER schema that has access to the queues so I can connect the app to it and not directly to the _OWNER schema.
This is what I tried:
BEGIN
FOR Q IN (SELECT * FROM ALL_QUEUES WHERE owner = 'AQ_OWNER') LOOP
DBMS_OUTPUT.PUT_LINE('queue = ' ||Q.NAME);
DBMS_AQADM.GRANT_QUEUE_PRIVILEGE('ALL','AQ_OWNER.'||Q.NAME ,'AQ_USER',FALSE);
END LOOP;
END;
but when I put a message in the queue nothing happens in the app.
How about a little help of your DBA?
This is what my user SCOTT sees in all_queues:
SQL> select owner, name from all_queues;
OWNER NAME
------------------------------ ------------------------------
SYS SRVQUEUE
SYS SCHEDULER_FILEWATCHER_Q
SYS SCHEDULER$_EVENT_QUEUE
However, I'd like to see some other data. SYS almighty sees it all:
SQL> show user
USER is "SYS"
SQL> select owner, name from dba_queues;
OWNER NAME
------------------------------ ------------------------------
SYS SYS$SERVICE_METRICS
SYS AQ$_SYS$SERVICE_METRICS_TAB_E
SYSTEM DEF$_AQERROR
SYSTEM AQ$_DEF$_AQERROR_E
SYSTEM DEF$_AQCALL
SYSTEM AQ$_DEF$_AQCALL_E
SYS AQ$_KUPC$DATAPUMP_QUETAB_E
<snip>
Still connected as SYS, I'll create a view which show data only for owner I choose (there's nothing much to choose in my XE database so I'll use SYSTEM-owned values). Then grant select privilege to SCOTT:
SQL> create or replace view v_dba_queues as
2 select name
3 from dba_queues
4 where owner = 'SYSTEM';
View created.
SQL> grant select on v_dba_queues to scott;
Grant succeeded.
Back to SCOTT: to make my life simpler, I'll create a synonym first:
SQL> connect scott/tiger
Connected.
SQL> create synonym v_dba_queues for sys.v_dba_queues;
Synonym created.
Finally:
SQL> select * from v_dba_queues;
NAME
------------------------------
DEF$_AQERROR
AQ$_DEF$_AQERROR_E
DEF$_AQCALL
AQ$_DEF$_AQCALL_E
SQL>
Basically, you'd do the same; it's just that your view would contain data for owner = 'QUEUE_OWNER'. See if it helps.
This question already has an answer here:
Allowing a users to select from a table
(1 answer)
Closed 8 years ago.
I am trying to grant a role to another user in Oracle. although I got : grant succeeded, it doesn't appear that the user got the role, can anyone help ?
SQL> select * from students;
no rows selected
SQL> Grant select on students to C##reine;
Grant succeeded.
SQL> disconnect
Disconnected from Oracle Database 12c Release 12.1.0.1.0 - 64bit Production
SQL> connect
Enter user-name: C##reine
Enter password:
Connected.
SQL> select * from students;
select * from students
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL>
I'm sure user C##reine has the role. If you log in as C##reine and try the following query you should see it:
SELECT * FROM User_Tab_Privs
WHERE Table_Name = 'STUDENTS';
The problem is that the table is in another schema, so C##reine needs to alias the table when querying (note that a comment posted after this answer provided the actual schema name):
SELECT * FROM C##jad.students;
To make the table visible to the user without aliasing, try this:
-- As user C##reine
CREATE SYNONYM STUDENTS FOR C##jad.STUDENTS;
User C##reine will need to have the CREATE SYNONYM system privilege.
The user needs to qualify the table with its owner schema:
select * from xyz.students
I want to know the list of all users who have root (administrative) privilege in Oracle.
I would like it in a script or C++ application. Script is preferred.
Exactly what do you mean by "root" or "adminstrative" privileges in Oracle? Do you want the users granted SYSDBA? Or, in the older Oracle releases, there was the DBA role, which had an extensive set of privileges that gave the user the ability to do most anything. It has a reduced set of capabilities in 11g. The answer given by #client09 is valuable for identifying exactly what each user can do.
To me, the root user in Oracle is the SYSDBA account, by default the SYS user. Anyone granted this privilege can log in "AS SYSDBA", which gives that user complete control of the database. You can list the users granted this privilege via this select:
SELECT * FROM v$pwfile_users;
Interestingly enough, if I'm granted the SYSDBA role, and I log in as sysdba, the actual user in the Oracle session is SYS:
SQL> create user test identified by test;
User created.
SQL> grant create session to test;
Grant succeeded.
SQL> grant sysdba to test;
Grant succeeded.
SQL> connect test/test as sysdba
Connected.
SQL> select user from dual;
USER
------------------------------
SYS
SQL> select * from v$pwfile_users;
USERNAME SYSDB SYSOP SYSAS
------------------------------ ----- ----- -----
SYS TRUE TRUE FALSE
TEST TRUE FALSE FALSE
Here is how you find privileges of your users:
select
lpad(' ', 2*level) || granted_role "User, his roles and privileges"
from
(
/* THE USERS */
select
null grantee,
username granted_role
from
dba_users
/* THE ROLES TO ROLES RELATIONS */
union
select
grantee,
granted_role
from
dba_role_privs
/* THE ROLES TO PRIVILEGE RELATIONS */
union
select
grantee,
privilege
from
dba_sys_privs
)
start with grantee is null
connect by grantee = prior granted_role;
This will show you which users have inflated privileges. You can execute this in a shell script by typing
sqlplus / as sysdba --(if you are root on the box)
spool user_privileges.txt
#whos_a_root.sql --(if that's what you call your script)
spool off
exit;