I've created a new user, but I want to add some privileges to only allow the user to view or query some tables I've created with my admin user. I've seen that you can apply and create a VIEW, but will I have to create a VIEW for each table and apply it to my user or is there an easier way.
CREATE VIEW new_view AS SELECT * FROM TABLE_NAME;
GRANT ALL ON new_view to user;
hi you only have to grant him the select any table system privilege
Select any table to user
Related
so I want to grant an update to a user account like this
grant update on stuff to admin1;
but after I select * from admin1.stuff, an error "table or view does not exist". how can I see the data table in the user account
Presume you're currently connected as user nanatua and ran
grant update on stuff to admin1;
It lets user admin1 to update values in table stuff you own. Nothing else.
If you want to let it query (select) data from that table, you have to grant it:
grant select on stuff to admin1;
Then connect as admin1 and run
select * from nanatua.stuff;
Not vice versa! as you tried to; command you used (select * from admin1.stuff) means that user admin1 owns the table, but it is not.
I'm using Oracle 11g(11.2.0.1.0). I created about 20 tablespaces and users. And the data came by [Tools] - [Database Copy] on Oracle SQL Developer.
Somehow I found that a user is using SELECT query on the table from another schema. I want to prevent it for security. How should I change my grant options?
I read "Oracle Database Security Guide 11g Release 2(11.2)", but couldn't find the solution clearly.
Here are my creating and granting queries.
create user [USER_NAME]
identified by [PASSWORD]
default tablespace [TABLESPACE_NAME]
temporary tablespace TEMP;
grant create session,
create database link,
create materialized view,
create procedure,
create public synonym,
create role,
create sequence,
create synonym,
create table,
drop any table,
create trigger,
create type,
create view to [USER_NAME];
alter user [USER_NAME] quota unlimited on [TABLESPACE_NAME];
And here is the SELECT result of session_privs on a user.
SQL> SELECT * FROM session_privs;
PRIVILEGE
--------------------------------------------------------------------------------
CREATE SESSION
CREATE TABLE
DROP ANY TABLE
CREATE SYNONYM
CREATE PUBLIC SYNONYM
CREATE VIEW
CREATE SEQUENCE
CREATE DATABASE LINK
CREATE ROLE
CREATE PROCEDURE
CREATE TRIGGER
PRIVILEGE
--------------------------------------------------------------------------------
CREATE MATERIALIZED VIEW
CREATE TYPE
13 rows selected.
I want to prevent a user from querying SELECT on other schemas.
For example, the following query
-- connected with USER1
SELECT *
FROM USER2.table1;
should make an error like:
ERROR: USER1 doesn't have SELECT privilege on USER2.
Edited:
Use appropriate terms (changed some words from tablespace to schema)
Add SELECT result of session_privs on a user
Add the method of how the data came by.
It was my fault. I missed that I had added some roles.
To copy data using Oracle SQL Developer, I added predefined roles to users. The roles were exp_full_database and imp_full_database.
According to Oracle Database Security Guide: Configuring Privilege and Role Authorization, exp_full_database contains these privileges:
SELECT ANY TABLE
BACKUP ANY TABLE
EXECUTE ANY PROCEDURE
EXECUTE ANY TYPE
ADMINISTER RESOURCE MANAGER
INSERT, DELETE, UPDATE ON SYS.INCVID, SYS.INCFIL AND SYS.INCEXP
and roles:
EXECUTE_CATALOG_ROLE
SELECT_CATALOG_ROLE
Those roles are not required now. So the answer is removing them from users.
REVOKE exp_full_database, imp_full_databsae FROM USER1;
And I get the result I wanted.
-- connected with USER1
SELECT * FROM USER2.TABLE1;
ERROR at line 1:
ORA-01031: insufficient privileges
I'm wondering if there's a way to set up a user with dba-like read-only privileges.
In my use-case, I'm trying to fetch some data from of schema from SYS.ALL_ARGUMENTS table.
I'm using this statements to create my user:
CREATE USER bbb IDENTIFIED BY bbb;
/
GRANT CREATE SESSION TO bbb;
/
grant select any table to bbb WITH ADMIN OPTION;
/
grant select on SYS.ALL_ARGUMENTS to bbb;
when I try to run the following statement to fetch data of HR schema:
SELECT * FROM SYS.ALL_ARGUMENTS a WHERE a.OWNER = 'HR' ORDER BY SEQUENCE;
I get nothing. If I set my user with DBA role or IMP_FULL_DATABASE role, i manage to get this data but then my user has privileges I don't want him to have.
Privilege SELECT ANY TABLE does not include dictionary views. Run
GRANT SELECT ANY DICTIONARY TO bbb;
in order to grant full read access.
How to create database link to access dba tables from another user (which has no dba rights)? I want to take back up of sys.aud$ table in another tablespace which belongs to a user, but I am unable to access it.
you dont need to create a link. You my just grant select on this table/view to any user or create view and grant select on view. eg:
connect sys/<pass> as sysdba
grant select on sys.aud$ to NON_DBA_USER;
or create view with some restrictions:
create view view_to_grant_with_rest as select * from sys.aud$ where rownum < 11;
grant select on view_to_grant_with_rest to NON_DBA_USER;
I have a schema A with a view VIEW. (A.VIEW)
This view reads the data from a table TABLE in schema B (B.TABLE).
I have to allow an user (C user) to select data from view A.VIEW:
select * from A.VIEW;
When the user makes this query, receive the message "ORA-01031 insufficient privileges".
I have already given the grant:
GRANT select on B.TABLE to A (with user sys);
GRANT select on B.TABLE to C;
GRANT select on A.VIEW to C;
So keep giving the same error.
I saw on the net that the problem is solved by assigning the grant:
GRANT select on B.TABLE to A WITH GRANT OPTION;
I don't want assign grant option: it's possible?
Thank you in advance