Specify schema for doing liquibase diff in Oracle? - oracle

I'm trying to do a liquibase diff in Oracle using an ant script.
Here's the snippet that preforms the diff
<target name="diff-database">
<diffDatabaseToChangeLog
driver=${db.driver}"
url="${db.url}"
username="${db.username}"
password="${db.password}"
referenceUrl="jdbc:oracle:thin#hostname:port:sid"
referenceUsername="user1"
referencePassword="password1"
outputFile="changelog.xml"
classpathref="tools.class.path"
</diffDatabaseToChangeLog>
</target>
Here's the issue.
The two databases I need to compare are both Oracle.
For the referenceDB I need access to the tables under a certain user, call it user2, but login for user2 is disabled on the server I need to run this from.
Luckily I have access to the referenceDB under another user, call it user1, and that user has the privilege "SELECT ANY TABLE". So I should be able to access the tables for user2 with user1.
So given all of that information, how do I specify that I want to use user2's tables as the reference DB?
I've look at this page, but haven't found anything that solves my problem.

It should be referenceDefaultSchemaName parameter (http://www.liquibase.org/documentation/maven/maven_diff.html), but according to https://liquibase.jira.com/browse/CORE-2364 there could be some issues (I've not triedit myself).

Related

database privileges limited or plsql preferences issue

If I have already connected to database, and can not see the tablenames, functions, or procedures ...does it mean that I have been granted only Connect By session privilege?
When I use column names #database links it gives me an error that does not describe in details that do I have Select privilage or not. But when I write my function and want to compile it it gives you have not been granted a privilege to create a function.
I cannot see in navBar any buttons of related database that my user has been created in. I tried to do smth from Preferences, then relaunched SQL Developer although the result is the same. Just pure empty colons on the left side of my navbar

Oracle 12c import dump with user profiles & roles

I'm trying to import dump file I received from customer.
The customer defined the schema on user with Profile and Role which obviously do not exist in my Database and are not required by me.
Whenever I do impdp I get multiple errors:
ORA-02380: profile APPL_PROFILE does not exist
ORA-01919: role 'APP_ROLE' does not exist
Is there a way to exclude the roles and profile from the import?
The only way I find to handle it is creating this Profile and role in my Database - which is not required and would like to avoid.
Managed to do that with exclude:user exclude:grant
as suggested here
https://www.cnblogs.com/chendian0/p/10867504.html

Why error "ORA-01720: grant option does not exist for 'SYS.DUAL'" when there is a Public.Dual?

I'm on Oracle 11g, and I do understand the issue of a 3rd-party grant.
But, given that have user1 creating a view "view1" as Select 'foo' from dual.
Then I grant Select on view1 to user2 and I get this error.
But note the "dual" in the view is not qualified as sys.dual, it's just dual. I would think with a synonym public.dual that the actual "dual" used would be public.dual, not sys.dual, so no 3rd party issue should exist because it's public.
And if sys.dual is the one Oracle assumes in this view, one would think that given the use of dual is common in views, and that granting privs on views to other users is also common--wouldn't thousands of users be reporting this issue?
I do see sporadic posts about this but no real solution except to create another copy of dual for the user creating the view, but this doesn't make sense to me.
Thanks for any help.
After consulting our dbas, the issue is an Oracle "Feature" in 11.2.0.4:
TL;DR verison:
As of v 11.0.4, if your View uses Dual, then you can't grant that View anything but SELECT.
Why would we want to grant a view more than Select? In our case the app vendor packaged their updates in such a way that the database portion of the updates automatically scripted full CRUD grants to the master app-schema on every new object, and this included views, because it was simply easier to script that way. This all worked fine until 11.0.4, when Oracle said/enforced "Hey, you can't do that".
Full version:
(Quoted from Oracle site https://support.oracle.com/epmos/faces/BugDisplay?parent=DOCUMENT&sourceId=1628033.1&id=17994036)
Oracle Database - Enterprise Edition - Version 11.2.0.4 to 11.2.0.4 [Release 11.2]
Information in this document applies to any platform.
SYMPTOMS
After upgrading from 11.2.0.3 to 11.2.0.4, you encounter the following error while executing the "create or replace view" statement:
ORA-01720: grant option does not exist
Views were created before the upgrade and "CREATE OR REPLACE VIEW" had worked fine.
CAUSE
The observed behavior is correct. You will get this ORA-1720 error when REPLACING a view that selects from some other user's tables and both of the following conditions are true:
you have already granted select or other privileges on the VIEW to some other user
the view owner does not have the GRANT option on the tables being selected from (or view owner may have some privilege with grant option but not others)
Development has explained it as follows:
The code was changed in 11.2.0.4 so that create view behavior is similar to grant. If you try to make a GRANT on an existing view and the view owner does not have the grant option, then ORA-1720 is the expected result (even in 11.2.0.3). In 11.2.0.4, we have simply made CREATE VIEW consistent with the GRANT behavior, i.e. if an incompatible grant exists, then the new view definition must not be allowed (even with FORCE). In other words, we do not allow incompatible grants to coexist with the view definition and so an error must be thrown. The behavior in release 11.2.0.3 (and earlier) was incorrect; the new behavior in 11.2.0.4 is intentional and correct.
SOLUTION
To avoid this issue, you can do either of the following:
Remove all grants on the view before REPLACING the view. This will ensure that no incompatible grants exist.
Drop and recreate the view. Dropping the view will automatically remove all grants.
REFERENCES
BUG:17994036 - POST UPGRADE TO 11.2.0.4 CREATE OR REPLACE FAILS WITH ORA-01720
BUG:18024486 - ORA-1720 WHEN CREATING VIEW AFTER TO HAVE UPGRADE FROM 11.2.0.3.0 TO 11.2.0.4.0
With sys (as sysdba ) database user grant the necessary privileges, and after that try yo recreate the view with sys (as sysdba ) database user. This was helpful for me.
Regards,
Vase Tusevski

why permissions section for Database user is empty in MS Sql server 2008R2

NOTE: I am note DB Admin and I am not that much in sql server security
I am using MS SQL SERVER 2008R2
What I want to do is to give a user a minimal permissions or just what he required
I have a local user in my windows and I add this user in the logins of the database after that I went to this user in my specific database and try to change his set of permissions but the section is coming empty
why it is coming empty?
and how to do this, I mean giving him the permissions that he just need nothing more?
Please I want to do this from the user interface without T-sql
EDIT
I Just want to give the user read, write, execute nothing more
and also I need to know more about how to control users permissions in more details
A. Set up Read/Write
Go to Security/Logins and find your login, double click it
Go to user mapping, and click on the database that you have access to
In the bottom pane under 'Database Role Membership', tick db_datareader and db_datawriter
This gives the user Login SELECT, INSERT, UPDATE, DELETE
B. Revoke DELETE and grant EXECUTE
Create a role that does this:
Go to your database / Security / Roles
Right click, New / Database Role
Give the role a name, I will use executor for this example and press OK
I don't know how to do the next steps in SSMS, You'll need to do it in T-SQL:
Start a new query in your database
Type this and press F5:
GRANT EXECUTE TO executor;
DENY DELETE TO executor;
Now repeat A3 but select your newly created role, 'executor'
Every new user (or group) that you create needs to be a member of these three roles. The best practice is to add a windows group to SQL Server once, and add users to that windows group.
Lastly test this - I don't know for sure that it works.
With regards to the database user securables:
You have to explicitly populate this list to see what it contains. It doesn't populate automatically. Press Search and search for some objects (i.e. all objects belonging to the schema dbo). Now you have a list of objects in the top. Click on an object and click the 'Effecttive' tab on the bottom. This is the users effective (final) permissions for this object. If you want to override this at the object level you can assign something on the explicit tab
Had similar problem after our MSSQL Server was restored on a new server and wanted to set explicit permissions for a user in a DB.
Not sure how to make it default (as it appears to have been previously), but basically just hit the search button in the Securables tab you show to search for "All objects of the types..." and choose the Databases object and click ok / search. You should now see securables for that specific database and can set explicit permissions as well as view existing "effective" permissions.

Crystal Report Dynamic parameter prompting user name and password

I am using CR 2008. That version allows the use dynamic parameters instead of static parameter. Using that type of parameter will direct CR to go inside the table/view and display what is resided inside the database for us to select the data/information for filtering. That is nice and convenient feature but each time I run the report, I was prompted with server name, user name and password. The user name is the name of the schema and its related password. Those credentials are not supposed to be disclosed to users.
Have anyone come across the same issue and how do you stop CR report from asking for these credentials? It did not ask when I switch to static parameters... the prompt only shows up when dynamic parameters are used.
Thanks!
I finally found a way to get around this issue. In my Crystal report, I used SQL statement in the command for easy future maintenance. I think using command triggers the prompt for user name and password when dynamic parameters is used. I switched to use views for my reports and CR stopped asking me for the credentials. I still favor using commands instead of views though and still curious if there is a way to stop CR from prompting for credential in dynamic parameters when command is used.
Are facing this issue in CR tool or in any other environment which is used to view the report.

Resources