I am using Oracle 11g. I am successfully extracting DDL of database using userA account who created database tables, SP, Functions etc using getddl() method.
Now here is a case userA has shared / grant some action (ie. select) to userB account. and When I tried to get DDL details using same getDDL method, it is not including that shared tables.
To resolve it I used following.
SELECT * FROM USER_TAB_PRIVS;
Statement. Using this I can get list of all shared table with some unknow system tables details.
Now I am looking for the solution which either gives only shared tables or a way using that I can ignore (filter) that tables
FYI: When I am executing the above query it gives this output.
As expected it returns data related to all tables including system tables and all users created in the database including system generated users.
So can please anyone help me to create a query which will give me data related to privileges granted to all the users created manually and not by system?
To get the list of all privileges given to USER_2 from USER_1, you can use the following query.
SELECT * FROM SYS.USER_TAB_PRIVS T WHERE T.GRANTOR = 'USER_2';
Related
Using schemacrawler and trying to connect to an Oracle database. The resulting json file is only including about 10 tables, but we are expecting a much larger number of tables in the database.
This must be restricted by permissions of the user being used to access the Oracle database, but what permissions are required for that user for schemacrawler to be able to "see" the table/columns?
Presumably schemacrawler uses the data dictionary. So the user will be restricted to what tables and columns are visible in ALL_TAB_COLS view i.e. what tables they have at least SELECT privilege on.
Otherwise the user needs select on DBA_TAB_COLS, which shows all tables in all schemas. That requires DBA access to grant.
I would simply like to allow a colleague to view and edit the Database I've created.
I've tried:
GRANT ALL on FISHTABLE to CDEMARES;
and it returned Grant succeeded but nothing changed for him and he still wasn't able to view my table.
I also tried
GRANT SELECT smahala.fishtable to cdemares#sole.nefsc.noaa.gov;
but that failed with SQL Error: ORA_00990: missing or invalid privilege.
Is my issue that I don't have the administrative authority to allow someone else to view my Oracle table? Any advice is appreciated, thanks.
Your colleague needs to prefix your table with your schema name, otherwise Oracle doesn't know where to look for it, e.g.:
select * from smahala.fishtable
If they don't do that, and simply try to use:
select * from fishtable
then Oracle will look for the table in their own schema, and then look for a view, or a private synonym, or a public synonym. Your colleague could create a synonym if they'll be accessing this table a lot (and they don't have their own table with the same name). It's also possible to change their session's current schema, but that will make it harder to see their own objects.
You can read more about object naming and how to refer to objects in the documentation.
SQL Developer allows you to browse objects in other schemas. If your colleague was connected when you granted the permissions, they can refresh the object list, or disconnect and reconnect. Either way they should then be abke to see your table under your schema.
(Your second grant statement is missing an on, and you can't grant permissions across a database link, if that's what you're trying to do.)
I am a huge noob with Oracle right now. I was asked to import two databases into Oracle. I succeeded...sort of...I think. So these databases were exported with the user and when I imported the databases it created the user and all of the tables were attached to that user. Same thing for the second database. Lets just call the user for the first import USER1 and for the second db import USER2. USER1 has its own tables and USER2 has its own tables.
I want to create a user that can see all of those tables. so I don't have to login to one to access and manipulate its data and the other to do the same. I would like to create a USER3 that can see and manipulate USER1 and USER2's tables associated with each. I have tried a number of ways and just cannot seem to get this to work. Any help would be greatly appreciated.
Thanks
To allow USER3 to query a table owned by USER1:
GRANT SELECT ON USER1.tablename TO USER3;
You must run this for each table individually.
Other grants that you may need are INSERT, UPDATE and DELETE, e.g. to grant full control:
GRANT SELECT, INSERT, UPDATE, DELETE ON USER1.tablename TO USER3;
When you login as USER3, to query the table you normally need to specify the schema, e.g.:
SELECT * FROM USER1.tablename;
If you want to avoid having to specify the schema each time, you can use synonyms, e.g.:
(login as USER3)
CREATE SYNONYM tablename FOR USER1.tablename;
Now you can login as USER3 and run this:
SELECT * FROM tablename;
"I just don't understand why I have to do all that."
Users - or schemas - are the means Oracle uses for organising applications and enforcing governance. In a well-design application it is extremely unlikely that one schema would need to grant every privilege on all its objects to another user. Oracle recommends a policy of granting the minimum necessary set of privileges to other users. Doing this requires us to make choices and write discrete statements to grant specific privileges on particular objects.
I make a privileges to user on one schema at Oracle, when accessing oracle database using SSIS I saw all tables and schema. When I use SQL Plus show me only one schema.
What is the problem here?
What query are you running to see tables in SQL*Plus? If you are querying USER_TABLES, you will only see the tables that the current user owns. If you are querying ALL_TABLES, you will see all the tables that you have permission to query regardless of the owner. If you are querying DBA_TABLES, you will see all the tables in the database (though you need additional privileges to query the DBA% objects.
There is another question on how to get a list of all the tables in a database that goes into more detail about this.
A third party product we have at my company uses Oracle as a backend. I'm attempting to log into the Oracle database and look at the schema and data. I've logged in as sys/sysdba, created a user with a default tablespace of that created by the application, and granted the user all necessary permissions to query the structures. I've also set O7_DICTIONARY_ACCESSIBILITY to true to allow querying of the data dictionary objects.
After logging in as the user and querying User_Tables nothing is returned. But when I query DBA_Tables the tables I'd expect to find are returned. I'm new to Oracle so I'm not quite certain how a non-system table can be in the tablespace, but not a user_table.
More importantly, how do you query the data in these tables? Whenever I attempt a simple "Select *" from the tables I get a "table or view does not exist" error.
Thanks in advance.
The default tablespace you set for a user controls what tablespace objects owned by that user are created in. It has nothing to do with what objects they can query.
USER_TABLES returns information about the tables that a particular user owns. It does not sound like your user owns any tables, so you would expect that to be empty.
ALL_TABLES returns information about the tables that a particular user has access to. If you granted the appropriate privileges, your user should see the tables in this data dictionary view.
DBA_TABLES returns information about every table in the database even if you don't necessarily have access to the underlying table.
If you are trying to query data from one of the tables, are you specifying the schema name (the OWNER column in ALL_TABLES)? If you do not own an object, you generally need to use fully qualified names to reference it, i.e.
SELECT *
FROM schema_owner.table_name
You can avoid using fully qualified names if
You create a synonym (public or private) for the object
You change the CURRENT_SCHEMA for the session. This changes the default schema that a name is resolved under. It does not affect permissions and privileges. You can change the current schema with the command
ALTER SESSION SET current_schema = new_schema_name
You would have to do this for each session the user creates-- potentially in a login trigger.