I want to get list of all roles which are granted to a table.
From information_schema.table_privileges table, I could get only PUBLIC. But how do I get if any specific role is granted to a table? I tried using information_schema.role_table_grants table also. That is also giving only list of privileges (SELECT, UPDATE, INSERT, ...) which are granted on that table.
Below query may help you,
SELECT relname, relacl FROM pg_class where relname='table_name';
relacl column will display the access privileges assigned by GRANT and REVOKE.
Related
Accidently i have created the 2 rows for each DBA and AQ_ADMINISTRATOR_ROLE in table user_roles_privs, can you let me know how i can delete 1 row of each and also the query to delete.
This is the current state of the table:
Thanks
Nilesh
You are getting these records as you/someone must have given these roles to your user - C##234. You need to revoke the role from your user as follows:
REVOKE AQ_ADMINISTRATOR_ROLE FROM C##234; -- You can execute same for DBA
Please make sure that you are executing the command from user with DBA rights.
Read more about REVOKE from Oracle documentation here
I am trying to grant privileges in Oracle for a new user group to be able to 1. read, 2. update and 3. add records.
I think I have the SQL statement for that settled (see below) but I then want to make it so that this new user can in turn pass these privileges on to other users as well?
So far I have:
GRANT SELECT, INSERT, UPDATE, DELETE
ON Example_Table
TO New_User_Group;
Please help!
Use the with grant option clause
https://docs.oracle.com/en/database/oracle/oracle-database/19/sqlrf/GRANT.html#GUID-20B4E2C0-A7F8-4BC8-A5E8-BE61BDC41AC3
I'm granted SELECT on table NOTMYSCHEMA.XYZ but Oracle does not allow me to create VIEW that includes this table! What's the purpose of this ban? I assume if I can see the table content then I should be allowed to make a view showing this table content by default.
Privileges Required to Create Views
To create a view, you must meet the following requirements:
You must have been granted the CREATE VIEW (to create a view in your schema) or CREATE ANY VIEW (to create a view in another user's schema) system privilege, either explicitly or through a role.
You must have been explicitly granted the SELECT, INSERT, UPDATE, or DELETE object privileges on all base objects underlying the view or the SELECT ANY TABLE, INSERT ANY TABLE, UPDATE ANY TABLE, or DELETE ANY TABLE system privileges. You may not have obtained these privileges through roles.
Additionally, in order to grant other users access to your view, you must have received object privilege(s) to the base objects with the GRANT OPTION option or appropriate system privileges with the ADMIN OPTION option. If you have not, grantees cannot access your view."
In Oracle, I attempt to create a view like this
create view ddd as
select *
from myschema1.t1
join myschema2.t2
....
When I run this statement, I get an error ORA-01031 : insufficient privileges. If I just execute the query in Query Worksheet, however, it works.
Why does my CREATE VIEW statement fail and what privileges do I need in order to make the statement succeed?
In order to create a view that references myschema1.t1 and myschema2.t2, the user that owns the view has to be given access to those two tables directly, not via a role. My first guess is that you have been granted the privileges on the underlying table via a role. You can verify that in SQL*Plus by disabling roles and re-running the query. If you do
SQL> set role none;
SQL> select *
from myschema1.t1
join myschema2.t2 ...
does the query work? If not, then you only have the privileges granted via a role not directly. Note that if you want to be able to grant other users access to your view, you need to be granted privileges on the objects WITH GRANT OPTION.
GRANT SELECT ON myschema1.t1 TO <<user that will own the view>> WITH GRANT OPTION;
GRANT SELECT ON myschema2.t2 TO <<user that will own the view>> WITH GRANT OPTION;
If the problem is not with the privileges on the underlying objects, the problem is most likely that you have not been granted the CREATE VIEW privilege.
That sounds like you don't have the CREATE VIEW privilege. If you didn't have access to the tables, you should get ORA-00942: table or view does not exist.
I want to know if oracle uses index when user queries data from table and that user has been granted just: grant select on table to user
I want to know if it is needed some another grant to use index.
No, there is no requirement (or ability) to grant access to an index. If the user can access the table then their queries can use any available index.