I granted CREATE ANY TABLE privilege to allow another user to create tables for my user. Ok. That worked. I want to allow this same user, after they created the table, to grant select privilege to public. But the Oracle says: insufficient privileges.
How can I grant select privileges to a table I have just created?
Related
I have created a user, let's call him C##USER from sysdba. Now, I'm trying to create another user from C##USER. Problem is I keep getting the following error:
ORA-01031: insufficient privileges
I have granted C##USER all privileges and have set the default role to ALL. Nothing works yet...
Any ideas? Thanks in advance.
You just need a CREATE USER system privilege BUT don't forget to use CONTAINERclause which should be set to ALL, if you omit this clause then the grantee will have CREATE USER system privilege on the current container.
Specify CONTAINER = ALL to commonly grant a system privilege, object privilege on a common object, or role, to a common user or common role
GRANT
When a common user account is created, the account is created in all of the open pluggable databases. So the user who is creating this new user must have CREATE USER system privilege on all containers.
SQL> grant create user to c##user container=all;
Grant succeeded.
SQL> conn c##user
Enter password:
Connected.
SQL> create user c##user2 identified by user2;
User created.
Whenever I give a user "all privileges" in ORACLE (example below), what does this actually do?
My understanding is that it gives a user any privilege, e.g inserting, deleting etc within that schema but not to any schema in the DB?
grant all privileges to my_user;
You can grant all [privileges] on <some object>, but you aren't specifying an object; so you are granting system privileges:
The documentation for system privileges says:
Oracle Database provides the ALL PRIVILEGES shortcut for granting all the system privileges listed in Table 18-1, except the SELECT ANY DICTIONARY, ALTER DATABASE LINK, and ALTER PUBLIC DATABASE LINK privileges.
System privileges are not always restricted to a schema. That table includes a lot of ANY privileges, which are specifically not restricted to a schema. If you grant all privileges to a user they will be able to create or alter a table in any schema, for example. That probably isn't what you want.
There is no shortcut to grant only schema-restricted privileges. You'll need to grant CREATE TABLE, CREATE INDEX, etc. explicitly.
It's common practice to create a role to which you grant the necessary privileges, and then you just have to grant that role to your users. (Although you sometimes still need to grant privileges directly to users, e.g. if they are required in a stored procedure).
I create user(schema) in oracle. like this
create user EMP_DB identified by netsolpk account unlock;
But when i tried login through schema name and password, login failed. Below is the error message.
user EMP_DB lacks create session privilage; login denied.
I've not created any tablespaces.
For this, do I need to create any tablespace? If needed, how to create a tablespace?
And what more things are required for creating a schema in oracle 11g.
Please help me and give me step by step procedure.
The error user EMP_DB lacks create session privilage; login denied indicates that you need privilege to create a session. So you need to grant the appropriate privilege like,
GRANT CREATE SESSION TO emp_db;
Or You can go with granting the roles(group of privileges), CONNECT and RESOURCE.
CONNECT role has only CREATE SESSION privilege.
RESOURCE has the following privilges,
CREATE TRIGGER
CREATE SEQUENCE
CREATE TYPE
CREATE PROCEDURE
CREATE CLUSTER
CREATE OPERATOR
CREATE INDEXTYPE
CREATE TABLE
To find these PRIVILEGES of a ROLE, You can query the DBA_SYS_PRIVS table with a query like this:
SELECT grantee, privilege, admin_option
FROM DBA_SYS_PRIVS
WHERE grantee='RESOURCE';
Also to use the existing tablespace USERS, You can create a user with QUOTA UNLIMITED statement like,
CREATE USER emp_db IDENTIFIED BY netsolpk QUOTA UNLIMITED on USERS;
the fastest, quickest way to create a new user with privileges is
grant connect, resource to NewUser_name identified by NewUser_password;
by this command you will be sure that errors like above will not displayed.
I've created two users using the below statements using the System user. I want the ADMIN_USER to have all privileges and this user will create a set of tables. I have an external process that is pumping in data for two of my tables created by the ADMIN_USER. The question I have is if the ADMIN_USER creates all the table structures, how do I give EXTERNAL_USER the capability to read, update and insert into TABLE_A and TABLE_B only? Would I run the grant statements when I'm logged in as ADMIN_USER or the SYSTEM user? I'm using Oracle 11g.
Created both while logged in as SYSTEM User:
create user "ADMIN_USER" identified by "p#ssword123";
grant create session, grant any privilege to ADMIN_USER;
create user "EXTERNAL_USER" identified by "p#ssword321";
Logged in as ADMIN_USER:
GRANT create session, select, update, insert
ON TABLE_A
TO EXTERNAL_USER;
GRANT create session, select, update, insert
ON TABLE_B
TO EXTERNAL_USER;
First off, it is terribly unlikely that you want to grant ADMIN_USER the GRANT ANY PRIVILEGE privilege. The user doesn't require any privileges in order to grant object-level privileges on tables that the user owns. The ANY privileges are terribly powerful. A user that can grant any privilege to another user can make any user (including the user itself) a DBA. That is not what you want.
Realistically, as SYSTEM, you want to grant the system privileges that you want the users to have. As the object owner, you would then grant the object-level privileges.
As SYSTEM
CREATE USER admin_user
IDENTIFIED BY "p#ssword123"
DEFAULT TABLESPACE tablespace_name
QUOTA 10M ON tablespace_name;
CREATE USER external_user IDENTIFIED BY "p#ssword321";
GRANT CREATE SESSION, CREATE TABLE TO admin_user;
GRANT CREATE SESSION TO external_user;
As ADMIN_USER
<<create the tables>>
GRANT select, insert, update
ON table_a
TO external_user;
GRANT select, insert, update
ON table_b
TO external_user;
A DBA should also be able to grant object-level privileges. It's generally preferable to use the object owner account for that.
In Oracle, a table, 'MyTable' is owned by 'User1', how can I grant table access permission to another user, say 'User2' ?
In SQL server, we have some application access permission, does Oracle has something ?
You can grant SELECT privileges (or INSERT, UPDATE, DELETE, and a few others like REFERENCES) to a user
GRANT SELECT
ON user1.MyTable
TO user2
It would be more common, though, to create a role, grant the privileges to the role, and then grant the role to whatever users need it, i.e.
CREATE ROLE user1_select;
GRANT SELECT
ON user1.MyTable
TO user1_select;
GRANT user1_select
TO user2;
That makes it easier in the future to grant a single role to more users and to ensure that all the users with a specific job function have the same set of roles rather than trying to make sure that you've granted everyone access to exactly the same set of objects.