I need to validate if my owner has permissions to execute a store procedure, but i have to do it searching on a sys table. In which table i can find it.
Thank you!!
Contrary to its name, DBA_TAB_PRIVS allows us to see granted privileges on all objects, not just table.
select * from DBA_TAB_PRIVS
where type='PROCEDURE'
and privilege='EXECUTE'
and OWNER='SCHEMANAME'
AND TABLE_NAME='PROCEDURENAME';
Related
I have created table it's sequence on owner .
Also granted permission of insert update delete select on table from owner to user.
Also granted select on sequence from owner to user.
Finally I logged in user and created synonym for owner table and sequence.
Now when I access table in user it throws insufficient permission.the same table can be accessible in owner..
Any idea what I'm missing here..
You should execute these queries and verify grantor and grant:
select * from all_tab_privs where table_name ='YOUR_NAME_SEQUENCE';
select * from all_tab_privs where table_name ='YOUR_NAME_TABLE';
select * from all_synonyms where synonym_name ='YOUR_NAME_TABLE';
Certainly Grantor not equal to your user or some grant is missed.
Thank you.
issue got resolved as issue with grant statement I gave incorrect user id
I have an issue where I (as sysdba) granted a privilege to perform a select on any table to a user. I used the following query:
GRANT SELECT ANY TABLE TO BARTSIMPSON
I get the message that grant succeeded. But I don't see a record of this privilege in the dba_tab_privs. Why? Thanks in advance
You are looking in the wrong view. dba_tab_privs shows table privileges. select any table is a system privilege. You should look for it in dba_sys_privs.
Is it possible in oracle dbms for a user to have the permission to create a table but not have the permission to insert in it although the same user just created it?
Thank you in advance!
Short answer:
No, it's not.
Longer answer:
You can do pretty much anything you want. If you want to restrict insert access the usual method would be to create the table in a different schema. Assuming you have a table emp in the schema hr, which you wanted to access from the schema 'users`:
You would grant users permission to SELECT from the table emp when connected as hr:
grant select on emp to users
or, if you also want users to be able to UPDATE emp:
grant select, update on emp to users
Lastly, when connected as users, you prefix the table name with the schema it is located in:
select * from hr.emps
You can now select from the table but not insert into it.
I'm trying to create a view, and have distilled the problem down to the inability to create a view that references tables from a different schema.
For example, I can do:
select count(*) from otherschema.othertable;
and I can do:
create view foo as select count(*) as bar from oneofmytables;
But if I try:
create view foo as select count(*) as bar from otherschema.othertable;
I get an "insufficient privileges" error. What additional privileges do I need?
Do you have the grant to the other user's table directly? Or is it via a role? You will need the privilege to be granted directly in order to create an object (view, procedure, etc.) that references the other table. As a quick test, in SQL*Plus
SQL> set role none;
SQL> select count(*) from otherschema.othertable;
If that fails, then the problem is that you have been granted privileges on the table via a role.
I guess you have been given select right on otherschema.othertable via a role not via a direct grant.
If this is the case, you should connect as otheruser and then do a grant select on othertable to <your-schema>.
I believe that your DBA will need to grant you
create any view
privilege. Depending on the security restrictions at your site they may or not allow this. I typically do not
One of the pitfalls in Oracle is the fact that sometimes you can select from a table if you run a query in SQLplus but that you can't when running the query from a stored procedure. In order to run a query from a stored procedure you need a direct grant for the object and not a grant obtained through a role.
If I see a table in the all_tables view, how can I know if I can see this table because of a direct grant or because of a role grant?
Look at ALL_TAB_PRIVS:
select grantee from all_tab_privs
where table_schema = 'SCOTT' and table_name='EMP'
and privilege = 'SELECT';
This shows all grantees, whether roles or users.
One method to see exactly what a procedure would see is to issue the command:
SET ROLE none
It disables all roles for your current session.