How can Oracle restrict certain data on a table to different users? - oracle

Searched the site and doesn't seem to find anyone had asked this question.
We have two accounts accessing the same table on the same schema/database. User_1 account was able to pull back all the records while User_2 account were only able to pull back certain data.
I am aware that Oracle has the ability to restrict table access for different users but I am not aware it can do something like this on the data level.
My question is can Oracle do this and how?
Thanks

You can work with a view.
CREATE OR REPLACE VIEW V_TABLE_FOR_USER_2 AS
SELECT *
FROM THE_TABLE
WHERE {data} = {certain data};
GRANT SELECT, INSERT, DELETE, UPDATE ON THE_TABLE TO USER_1;
GRANT SELECT, INSERT, DELETE, UPDATE ON V_TABLE_FOR_USER_2 TO USER_2;

Related

How to create a user in Oracle that could only view the source code without changing them and view table fields?

How to create a user in Oracle that could only view the source code of packages and procedures without changing them and view table fields but not the data in tables?
I know that you could grant a view to specific user, but how to deny access to tables data without hiding fields?
I appreciate any help.
There is a role to view data dictionary info. So the user will be able to view the definition of the tables, view, packages, system objects, etc.
grant select_catalog_role to user;
Or the Select Any Dictionary grant.
But with this grants the user will be able to see many more data than he needs.
An alternative is to grant select on DBA_SOURCE, DBA_TABLES views.
See a discution on dba.stackexchange.com here.
I've found a solution.
You need to create a view on DBA_SOURCE and grant a user SELECT on this view. In that case user will be able to see the code of packages and procedures and table structures, but not execute them.

Allow another user to access my Oracle table

I would simply like to allow a colleague to view and edit the Database I've created.
I've tried:
GRANT ALL on FISHTABLE to CDEMARES;
and it returned Grant succeeded but nothing changed for him and he still wasn't able to view my table.
I also tried
GRANT SELECT smahala.fishtable to cdemares#sole.nefsc.noaa.gov;
but that failed with SQL Error: ORA_00990: missing or invalid privilege.
Is my issue that I don't have the administrative authority to allow someone else to view my Oracle table? Any advice is appreciated, thanks.
Your colleague needs to prefix your table with your schema name, otherwise Oracle doesn't know where to look for it, e.g.:
select * from smahala.fishtable
If they don't do that, and simply try to use:
select * from fishtable
then Oracle will look for the table in their own schema, and then look for a view, or a private synonym, or a public synonym. Your colleague could create a synonym if they'll be accessing this table a lot (and they don't have their own table with the same name). It's also possible to change their session's current schema, but that will make it harder to see their own objects.
You can read more about object naming and how to refer to objects in the documentation.
SQL Developer allows you to browse objects in other schemas. If your colleague was connected when you granted the permissions, they can refresh the object list, or disconnect and reconnect. Either way they should then be abke to see your table under your schema.
(Your second grant statement is missing an on, and you can't grant permissions across a database link, if that's what you're trying to do.)

:APP_USER usage in SQL query. Oracle Application Express (Apex) 5.0.4

I want to use session variable :APP_USER in query in selection database statement like this:
select * from :APP_USER.data
I have users john.doe and johny.b.
I have table john.doe.data and i want to get all data from this table. Also i have table johny.b.data and when johny.b will login in, I want to get data from table johny.b.data.
I hope you understand my plan, so it is like every user have own data table and I want to display table according to logged in user. What will be the right way to do this?
I would say this would be possible but shouldn't be done. You'd be better off doing select * from apex_user.table (prefix not needed) where column = :APP_USER and having them all in one big table or having a different table (but same apex_schema) per user. How you'd go about creating this table is up to you - you could select a pseudo-table from dual and then only create it when necessary to prefent any table not found issues.
You'll no doubt run into tablespace permission issues down the line or worse - give the apex user more security permissions than it requires if you go down your intended route which will make exporting and importing a nightmare.

List of usernames in oracle

I need to get a list of all users and their tables and details.
For Example : https://www.google.com/search?q=oracle+user&source=lnms&tbm=isch&sa=X&ved=0ahUKEwi-td2pjcPMAhXEFh4KHdMAAVcQ_AUIBygB&biw=1175&bih=621#tbm=isch&q=oracle+user++sql+developer&imgrc=Qvmfp57HchgwgM%3A
In the above screen towards left there is red color symbol (User) , SO i need the username, associated tables(under that user) and atrributes in that table. Is this possible. for all users.
Thanks
Addy
ALL USERS, ALL TABLES, 'and details'
So do you really want ALL the users? Because many users are system users - users that own objects that the database itself uses, SYS being the biggest example. You could have dozens of these accounts. I'm guessing you don't want them.
All tables, tables in the recycle bin, tables there for materialized views, do you want those too?
And 'details'. Do you want their created date, their columns, their storage parameters? The more you want, the bigger and uglier your query is going to get.
All that being said, you pointed to a screenshot of Oracle SQL Developer. It contains a data modeling feature. Use it. Reverse engineer the users you really want into a data model. And then use the data dictionary reports it offers to give you the info you want.
You have to figure out what you REALLY want first though.
I talk about how to do the RE in the data modeler here.
You can start from this:
select *
from dba_tables t
inner join dba_tab_columns
using(owner, table_name)
This will give all the tables and columns, with some informations about tablespace, the type of the columns, and so on
This shows all the users and all their tables except for SYS and SYSTEM
SELECT owner, table_name
FROM All_All_Tables
WHERE owner NOT IN ('SYS','SYSTEM')
ORDER BY 1,2
Runs on Oracle 10, 11

Oracle 10g Express - Let Another User View Tables from another user

I am a huge noob with Oracle right now. I was asked to import two databases into Oracle. I succeeded...sort of...I think. So these databases were exported with the user and when I imported the databases it created the user and all of the tables were attached to that user. Same thing for the second database. Lets just call the user for the first import USER1 and for the second db import USER2. USER1 has its own tables and USER2 has its own tables.
I want to create a user that can see all of those tables. so I don't have to login to one to access and manipulate its data and the other to do the same. I would like to create a USER3 that can see and manipulate USER1 and USER2's tables associated with each. I have tried a number of ways and just cannot seem to get this to work. Any help would be greatly appreciated.
Thanks
To allow USER3 to query a table owned by USER1:
GRANT SELECT ON USER1.tablename TO USER3;
You must run this for each table individually.
Other grants that you may need are INSERT, UPDATE and DELETE, e.g. to grant full control:
GRANT SELECT, INSERT, UPDATE, DELETE ON USER1.tablename TO USER3;
When you login as USER3, to query the table you normally need to specify the schema, e.g.:
SELECT * FROM USER1.tablename;
If you want to avoid having to specify the schema each time, you can use synonyms, e.g.:
(login as USER3)
CREATE SYNONYM tablename FOR USER1.tablename;
Now you can login as USER3 and run this:
SELECT * FROM tablename;
"I just don't understand why I have to do all that."
Users - or schemas - are the means Oracle uses for organising applications and enforcing governance. In a well-design application it is extremely unlikely that one schema would need to grant every privilege on all its objects to another user. Oracle recommends a policy of granting the minimum necessary set of privileges to other users. Doing this requires us to make choices and write discrete statements to grant specific privileges on particular objects.

Resources