I want to add partitions to an existing table. Therefore I followed this example.
When trying to:
grant execute on dbms_redefinition to USER
Oracle returns the following error:
Error starting at line 13 in command:
grant execute on dbms_redefinition to USER
Error report:
SQL Error: ORA-00942: table or view does not exist
00942. 00000 - "table or view does not exist"
*Cause:
*Action:
Why does this happen? Is there a workaround for it?
First, you need to be logged in as SYSDBA to grant a user execute rights on that package.
Second, be aware that for dbms_redefinition to work the user also requires the following rights:
ALTER ANY TABLE
CREATE ANY TABLE
DROP ANY TABLE
LOCK ANY TABLE
SELECT ANY TABLE
And, depending on the target table you might also need:
CREATE ANY INDEX
CREATE ANY TRIGGER
Those are VERY powerful rights to be granted to a user, so you might want to revoke them after doing what needs to be done. Another good example for using this package is here
Related
I'm using Oracle 11g(11.2.0.1.0). I created about 20 tablespaces and users. And the data came by [Tools] - [Database Copy] on Oracle SQL Developer.
Somehow I found that a user is using SELECT query on the table from another schema. I want to prevent it for security. How should I change my grant options?
I read "Oracle Database Security Guide 11g Release 2(11.2)", but couldn't find the solution clearly.
Here are my creating and granting queries.
create user [USER_NAME]
identified by [PASSWORD]
default tablespace [TABLESPACE_NAME]
temporary tablespace TEMP;
grant create session,
create database link,
create materialized view,
create procedure,
create public synonym,
create role,
create sequence,
create synonym,
create table,
drop any table,
create trigger,
create type,
create view to [USER_NAME];
alter user [USER_NAME] quota unlimited on [TABLESPACE_NAME];
And here is the SELECT result of session_privs on a user.
SQL> SELECT * FROM session_privs;
PRIVILEGE
--------------------------------------------------------------------------------
CREATE SESSION
CREATE TABLE
DROP ANY TABLE
CREATE SYNONYM
CREATE PUBLIC SYNONYM
CREATE VIEW
CREATE SEQUENCE
CREATE DATABASE LINK
CREATE ROLE
CREATE PROCEDURE
CREATE TRIGGER
PRIVILEGE
--------------------------------------------------------------------------------
CREATE MATERIALIZED VIEW
CREATE TYPE
13 rows selected.
I want to prevent a user from querying SELECT on other schemas.
For example, the following query
-- connected with USER1
SELECT *
FROM USER2.table1;
should make an error like:
ERROR: USER1 doesn't have SELECT privilege on USER2.
Edited:
Use appropriate terms (changed some words from tablespace to schema)
Add SELECT result of session_privs on a user
Add the method of how the data came by.
It was my fault. I missed that I had added some roles.
To copy data using Oracle SQL Developer, I added predefined roles to users. The roles were exp_full_database and imp_full_database.
According to Oracle Database Security Guide: Configuring Privilege and Role Authorization, exp_full_database contains these privileges:
SELECT ANY TABLE
BACKUP ANY TABLE
EXECUTE ANY PROCEDURE
EXECUTE ANY TYPE
ADMINISTER RESOURCE MANAGER
INSERT, DELETE, UPDATE ON SYS.INCVID, SYS.INCFIL AND SYS.INCEXP
and roles:
EXECUTE_CATALOG_ROLE
SELECT_CATALOG_ROLE
Those roles are not required now. So the answer is removing them from users.
REVOKE exp_full_database, imp_full_databsae FROM USER1;
And I get the result I wanted.
-- connected with USER1
SELECT * FROM USER2.TABLE1;
ERROR at line 1:
ORA-01031: insufficient privileges
I'm trying to create a temporary table in a procedure:
PROCEDURE pr_create_tmp_bp_table(fp_id NUMBER) IS
tbl_name CONSTANT VARCHAR2(20) := 'BP_TO_DELETE';
BEGIN
-- sanity checks removed for readablity
EXECUTE IMMEDIATE
'CREATE GLOBAL TEMPORARY TABLE ' || tbl_name || ' ' ||
'ON COMMIT PRESERVE ROWS AS ' ||
'SELECT * FROM infop_stammdaten.bp';
END;
If I copy the BEGIN.._END block to a SQL worksheet everything works fine. So I think the user has the right to create a temporary table. If I execute the procedure from the same SQL worksheet I get
Fehlerbericht -
ORA-01031: Nicht ausreichende Berechtigungen
ORA-06512: in "INFOP_STAMMDATEN.PA_DELETE_FP", Zeile 16
ORA-06512: in Zeile 6
01031. 00000 - "insufficient privileges"
*Cause: An attempt was made to perform a database operation without
the necessary privileges.
*Action: Ask your database administrator or designated security
administrator to grant you the necessary privileges
Line 16 (Zeile 16) point to the EXECUTE IMMEDIATE statment that creates the temporary table.
To me this look like the user does not have the same rights in the sql work sheet and when it executes a procedure, also the procedure is in it's own schema.
The answer to your immediate question is that you get ORA-01031: insufficient privileges because your user has the CREATE TABLE privilege granted through a role: the Oracle security model enforces a rule that we can't use privileges granted through roles in PL/SQL. So you need your DBA to grant the CREATE TABLE privilege to your user directly.
Or do you?
Because what you are trying to do does not make sense in Oracle. In Oracle global temporary tables are permanent structures; it's just the data in them which is temporary. So, the correct solution is to build the table once with a normal DDL script, like any other database object. Then you can just insert into the global temporary table as you need to.
You are not the first person on this site to make this mistake (read this pertinent thread). Often it's because people are coming from another database such as SQL Server which has a construct called "temporary table" which is actually different from Oracle's global temporary tables. If that's your scenario then you will be interested in an Oracle 18c new feature called Private Temporary Tables. These are exactly analogous to SQL Server temporary tables. Find out more.
I am new with Sql Developer and I got this problem. I make connection but when I try to create table it shows me error:
ORA-01031: Insufficient Privileges.
I try to find answer but I did not succeed.
Please help
you or your dba should logon sys, and issue :
SQL> grant create any table to anonymous;
OR
SQL> grant create table to anonymous;
OR
SQL> grant resource to anonymous;
to have creating table privilege.
the difference between create table and create any table is that
if you have create table privilege then you can create a table in your
own schema.but if you have create any table system privilege then you
can create table in any schema.also to create an external table the
valid privilege is create any table if you use create table then it
will show an error.
I tried the chosen answer and it didn't work.
When you ask questions just wait until you recieve at least 3 answers and then give it green thick.
Try this instead(run it with sys or system user):
'GRANT RESOURCE to my_user; '
Source & already answered link:
Insufficient Privileges when creating tables in Oracle SQL Developer
I have a select statement in a stored procedure that I'd like to pull out and put into a view. The select statement pulls from dba_tables, dba_tab_partitions, and dba_tab_subpartitions.
If I run the statement on its own, it works fine. If I wrap it in a create view statement:
CREATE OR REPLACE VIEW "MYSCHEMA"."V_XWMS_TEST"
(
"OWNER"
,"SEGMENT_NAME"
,"PARTITION_NAME"
,"SEGMENT_TYPE"
,"TABLESPACE_NAME"
)
AS
SELECT "OWNER"
,"SEGMENT_NAME"
,"PARTITION_NAME"
,"SEGMENT_TYPE"
,"TABLESPACE_NAME"
FROM
[Original query]
then depending on which user I'm logged in as, I get either ORA-01031: insufficient privileges or ORA-00942: table or view does not exist. Again, with both users I can create views and I can run this select statement, but I can't run the select statement in the context of creating a view.
This might be caused by the difference between the system privilege SELECT ANY DICTIONARY and the role SELECT_CATALOG_ROLE.
On the surface they do the same thing by granting users access to the data dictionary. Either one of them would enable a user to run a query against tables like DBA_TABLES.
The difference is that roles are not enabled when creating objects with definer's rights, and views are always definer's rights. So to make the view work the user will need the system privilege SELECT ANY DICTIONARY, or a similar direct grant on individual objects.
ORA-01031: insufficient privileges or ORA-00942: table or view does not exist.
This error means that the new table from which the view is created doesn't have synonyms and grants created to be accessed by the schema in which the view is created.
When I'm querying a table in schema C from schema A, I'm getting ORA-01031: insufficient privileges and when I'm querying the same table from schema B, I'm getting ORA-00942: table or view does not exist. On the table neither of the schemas are having any privileges. Why am I getting different error messages in this case?
You may get ORA-01031: insufficient privileges instead of ORA-00942: table or view does not exist when you have at least one privilege on the table, but not the necessary privilege.
Create schemas
SQL> create user schemaA identified by schemaA;
User created.
SQL> create user schemaB identified by schemaB;
User created.
SQL> create user test_user identified by test_user;
User created.
SQL> grant connect to test_user;
Grant succeeded.
Create objects and privileges
It is unusual, but possible, to grant a schema a privilege like DELETE without granting SELECT.
SQL> create table schemaA.table1(a number);
Table created.
SQL> create table schemaB.table2(a number);
Table created.
SQL> grant delete on schemaB.table2 to test_user;
Grant succeeded.
Connect as TEST_USER and try to query the tables
This shows that having some privilege on the table changes the error message.
SQL> select * from schemaA.table1;
select * from schemaA.table1
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> select * from schemaB.table2;
select * from schemaB.table2
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL>
ORA-01031: insufficient privileges happens when the object exists in the schema but do not have any access to that object.
ORA-00942: table or view does not exist happens when the object does not exist in the current schema. If the object exists in another schema, you need to access it using .. Still you can get insufficient privileges error if the owner has not given access to the calling schema.
for ORA-01031: insufficient privileges. Some of the more common causes are:
You tried to change an Oracle username or password without having the appropriate privileges.
You tried to perform an UPDATE to a table, but you only have SELECT access to the table.
You tried to start up an Oracle database using CONNECT INTERNAL.
You tried to install an Oracle database without having the appropriate privileges to the operating-system.
The option(s) to resolve this Oracle error are:
You can have the Oracle DBA grant you the appropriate privileges that you are missing.
You can have the Oracle DBA execute the operation for you.
If you are having trouble starting up Oracle, you may need to add the Oracle user to the dba group.
For ORA-00942: table or view does not exist. You tried to execute a SQL statement that references a table or view that either does not exist, that you do not have access to, or that belongs to another schema and you didn't reference the table by the schema name.
If this error occurred because the table or view does not exist, you will need to create the table or view.
You can check to see if the table exists in Oracle by executing the following SQL statement:
select *
from all_objects
where object_type in ('TABLE','VIEW')
and object_name = 'OBJECT_NAME';
For example, if you are looking for a suppliers table, you would execute:
select *
from all_objects
where object_type in ('TABLE','VIEW')
and object_name = 'SUPPLIERS';
OPTION #2
If this error occurred because you do not have access to the table or view, you will need to have the owner of the table/view, or a DBA grant you the appropriate privileges to this object.
OPTION #3
If this error occurred because the table/view belongs to another schema and you didn't reference the table by the schema name, you will need to rewrite your SQL to include the schema name.
For example, you may have executed the following SQL statement:
select *
from suppliers;
But the suppliers table is not owned by you, but rather, it is owned by a schema called app, you could fix your SQL as follows:
select *
from app.suppliers;
If you do not know what schema the suppliers table/view belongs to, you can execute the following SQL to find out:
select owner
from all_objects
where object_type in ('TABLE','VIEW')
and object_name = 'SUPPLIERS';
This will return the schema name who owns the suppliers table.
try to execute this on sql command line:
connect/ as sysdba;
create user b identified by "password";
grant all privileges to b;
and go create a new connection in SQL Developer;
do the same for schema 'c';
and grant privileges for schema 'a' too:
connect/ as sysdba;
grant all privileges to a;
this method fixed the problem for me.
In SQL Developer: Everything was working fine and I had all the permissions to login and there was no password change and I could click the table and see the data tab.
But when I run query (simple select statement) it was showing "ORA-01031: insufficient privileges" message.
The solution is simply disconnect the connection and reconnect.
Note: only doing Reconnect did not work for me.
SQL Developer Disconnect Snapshot
ORA-01031: insufficient privileges
Solution: Go to Your System User.
then Write This Code:
SQL> grant dba to UserName; //Put This username which user show this error message.
Grant succeeded.