--I'm using a view named V_AREA and it's SYNONYM: AREA
However, when I try to grant select permissions to my role, I get the following error:
GRANT SELECT ON AREA TO MY_ROLE
ERROR at line 1: ORA-02225: only EXECUTE and DEBUG privileges are valid for procedures
I'm not using a procedure, what can I do?
I've tryed to use the following grants:
Grant select on area to my_role; --this one gives the above error
Grant select on 'area' to my_role; --this gives other error
Grant select on "area" to my_role; --this gives the same error as 'area'
EDIT:
I have 2 synonyms created named AREA: one to my view V_AREA and other to OGC_AREA. No procedures involved
grant references to the user on all the base tables used in the view using this
Grant references on your_schema.tablename to target_schema or user;
Related
I've got such case.
I've got 3 users on 2 DBs:
A#DBDEV
A#DBPROD
B#DBPROD - read only user for busines user to get some data.
User A#DBPROD has SYNONYM:
CREATE SYNONYM S_TAB FOR TAB#DBLINK_2_DEV; --(DBLINK_2_DEV created using A#DBDEV password)
Now I want to:
GRANT SELECT ON S_TAB TO B#DBPROD;
but getting ORA-02021...
What is the best solution for that?
You can't use a DB link in a grant statement.
grant select on s_tab to b;
I try to create user and grant for them some privileges. I try to create without using procedure:
CREATE USER User1 IDENTIFIED BY password;
It works fine.
But for example, i have thousands of users. So I created a procedure to do it:
CREATE OR REPLACE PROCEDURE CreateUser AS
BEGIN
FOR u IN ( SELECT id FROM User )
LOOP
EXECUTE IMMEDIATE 'CREATE USER User_'||d.id || ' IDENTIFIED BY password';
EXECUTE IMMEDIATE 'GRANT SELECT ON UserInfo_'||d.id||' TO User_'||d.id;
END LOOP;
END
But it throws an error:
ORA-01031: insufficient privileges
How can I handle this problem? Thanks for helping in advance
You need to make sure the user running the procedure has the privileges to create users.
Assuming the user that will run the procedure is MyUser, you need to run :
GRANT CREATE USER to MyUser;
if your SQL is directly (i.e not in a procedure ) but not working from a procedure/function it means that you have the Grants through a role. For a statement to work in a procedure or a function we need direct Grants and not through the role.
You can check that you have the Create user by a role by doing the following and trying your SQL, if it fails it means you have access through a role.
SET role none;
CREATE USER User1 IDENTIFIED BY password;
As system user, I created a new user and grant him dba privileges : GRANT dba TO user_bdda_adminProjet
I'm trying to look into the DBA_ROLE_PRIVS table into a trigger (I didn't paste all my code, feel free to tell me if it's necessary) :
CREATE OR REPLACE TRIGGER my_trigger
INSTEAD OF
INSERT ON vueEnquete
FOR EACH ROW
DECLARE
tmp int;
BEGIN
SELECT COUNT(*) INTO tmp FROM DBA_ROLE_PRIVS;
...
...
END;
/
But when I try to execute this script, I got the following errors :
Erreur(6,3): PL/SQL: SQL Statement ignored
Erreur(6,39): PL/SQL: ORA-00942: table or view does not exist
Looking at different forums, I found that the problem is in general that the user don't have rights to the table.
But when I execute, as my user user_bdda_adminProjet the following line alone (out of a trigger), it works perfectly
SELECT COUNT(*) FROM DBA_ROLE_PRIVS;
Moreover, if I just comment the line in my trigger, it executes without any errors, so I guess the error is specifically at this line.
Thanks in advance for your help and feel free to tell me if you need any further info.
dba is a role, not a privilege.
Privileges obtained through a role are not "active" in PL/SQL. You need to grant the select privilege on the DBA_ROLE_PRIVS directly to the user.
I have a package that compiles fine in another 11g environment.
When I try to compile it in my XE 10g environment w/ a DBA User, I get the ORA-00942 error.
FOR r IN (SELECT DISTINCT job_name jname
FROM dba_scheduler_jobs
^
WHERE job_name LIKE p_job_prefix || '%')
LOOP
...
When I execute a direct select on the table there is no issue.
Select * from dba_scheduler_jobs;
Error Text:
Line: 34 Column: 34 Error: PL/SQL: ORA-00942: table or view does not exist
In order to reference an object in a definer's rights stored procedure (the default), the owner of the procedure has to have direct access to the object. The privilege cannot be granted through a role, even a very powerful role like SYSDBA.
You probably want to grant the owner of this procedure the SELECT ANY DICTIONARY privilege
GRANT select any dictionary
TO <<owner of procedure>>
You could also grant the privileges on each object (i.e. DBA_SCHEDULER_JOBS) individually but if you've already granted this user the SYSDBA privilege, you're probably not overly concerned with restricting grants.
In my oracle DB, i have a user named test this user has DML_ROLE in the DB. And, i have provided insert/update/delete/select access to DML_ROLE on a table named hdr_detail.
But, when user test execute an update query on hdr_detail table its getting error message as Returned error: ORA-01031: insufficient privileges. It works fine when i provide the access directly to the user.
I'm confused why this error shows up only when i provide the access through role.
Table structure:
COLUMN NAME DATA TYPE
PERIOD NUMBER
HDR_ID VARCHAR2(50)
Query i use to update:
update test_sch.hdr_detail set period=201108 where hdr_id = 'check';
Statement i use to grant:
grant insert,select,update,delete on test_sch.hdr_detail to dml_role;
select * from dba_role_privs where grantee like 'TEST' returns the following result
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
TEST DML_ROLE NO NO
select * from dba_tab_privs where table_name like 'HDR_DETAIL' returns the following result
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH DELETE NO NO
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH INSERT NO NO
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH SELECT NO NO
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH UPDATE NO NO
Please help me in resolving this issue. Reply in comment if any more information is needed about this issue.
Try setting the role as the users default role:
ALTER USER test DEFAULT ROLE dml_role;
It could be an issue with how you are accessing the databse object HDR_DETAIL.
From Don burleson (http://www.dba-oracle.com/concepts/roles_security.htm):
Oracle roles have some limitations. In particular object privileges are granted through Oracle roles can not be used when writing PL/SQL code. When writing PL/SQL code, you must have direct grants to the objects in the database that your code is accessing.
If your user is issuing the UPDATE through an application or PL/SQL block then it will not use the role-based permissions. If this is the case you will have to grant the permissions directly.
That seems impossible.
Are you sure that your user connect to correct DB, schema, and query the right table?
I'm stunned.
Pls try
select * from test_sch.hdr_detail
wiht test user.