I have an oracle database shared by both an internal application and our website.
I know very little about oracle so will explain things how I understand it..
The database has two users APPUSER and WEBUSER when logged in (using Oracle SQL Developer) as APPUSER you can see all the tables in the database. When logged in as WEBUSER you cannot see anything but a couple of procedures, the APPUSER cannot see these procedures.
One procedure starts with:
create or replace PROCEDURE "UPDATE_DETAIL"
(v_ref IN APPUSER.DETAILS.REFERENCE%TYPE
,v_desc IN APPUSER.DETAILS.DESCRIPTION%TYPE
...
Line 2 has a red squiggly with "PLS-00201: identifier APPUSER is not declared"
I believe it has the "APPUSER.TABLE.COLUMN" because WEBUSER does not have direct access to the tables.
I have executed GRANT ALL ON UPDATE_DETAIL TO APPUSERlogged in as WEBUSER, but that did not fix the issue, WEBUSER is the owner of the procedure, but does not have anything listed in the Grants list (I assume because owner just has the rights be default?)
The Dependencies list for the procedure is also empty, but cannot find how to manually add one to it.
Not sure what else to try to fix this error.
Thanks.
If you want a procedure owned by WEBUSER (and I believe from your description that UPDATE_DETAIL is owned by WEBUSER) to reference objects owned by APPUSER, you would need to grant WEBUSER privileges on those objects. For example, as APPUSER
GRANT SELECT ON appuser.details
TO webuser;
This assumes that WEBUSER only needs to SELECT from the APPUSER.DETAILS table. If your procedure needs to INSERT, UPDATE, or DELETE data in that table, then WEBUSER would need to be granted additional privileges on the APPUSER.DETAILS table. You'd need to make similar grants for every table in APPUSER that the WEBUSER user needs to reference.
Related
I would simply like to allow a colleague to view and edit the Database I've created.
I've tried:
GRANT ALL on FISHTABLE to CDEMARES;
and it returned Grant succeeded but nothing changed for him and he still wasn't able to view my table.
I also tried
GRANT SELECT smahala.fishtable to cdemares#sole.nefsc.noaa.gov;
but that failed with SQL Error: ORA_00990: missing or invalid privilege.
Is my issue that I don't have the administrative authority to allow someone else to view my Oracle table? Any advice is appreciated, thanks.
Your colleague needs to prefix your table with your schema name, otherwise Oracle doesn't know where to look for it, e.g.:
select * from smahala.fishtable
If they don't do that, and simply try to use:
select * from fishtable
then Oracle will look for the table in their own schema, and then look for a view, or a private synonym, or a public synonym. Your colleague could create a synonym if they'll be accessing this table a lot (and they don't have their own table with the same name). It's also possible to change their session's current schema, but that will make it harder to see their own objects.
You can read more about object naming and how to refer to objects in the documentation.
SQL Developer allows you to browse objects in other schemas. If your colleague was connected when you granted the permissions, they can refresh the object list, or disconnect and reconnect. Either way they should then be abke to see your table under your schema.
(Your second grant statement is missing an on, and you can't grant permissions across a database link, if that's what you're trying to do.)
I am new to PL/SQL Developer, and I used the File->New->Table option to create a new table. After using the GUI to set up my table descriptions, when I click "apply" I get the error "no privileges on table space".
I tried googling a solution and I read that I need to give the owner of the schema privileges to modify this table. How do I determine who the owner of a schema is so that I can give them privileges?
Is there another solution to this issue that I do not know of?
You have created the table, so it belongs to you, there is no need to grant something on schema level.
A different story altogether is the tablespace in which the table is created. There, you need a quota. With a privileged user, you can give the quote like so:
alter user <your-username>
quota unlimited on <tablespace-name>;
You need someone with sysdba privileges on the database your schema belongs to (typically a DBA) to grant your schema the necessary privileges to create objects (tables, procedures etc), along with a quota on the tablespace in question.
I am a huge noob with Oracle right now. I was asked to import two databases into Oracle. I succeeded...sort of...I think. So these databases were exported with the user and when I imported the databases it created the user and all of the tables were attached to that user. Same thing for the second database. Lets just call the user for the first import USER1 and for the second db import USER2. USER1 has its own tables and USER2 has its own tables.
I want to create a user that can see all of those tables. so I don't have to login to one to access and manipulate its data and the other to do the same. I would like to create a USER3 that can see and manipulate USER1 and USER2's tables associated with each. I have tried a number of ways and just cannot seem to get this to work. Any help would be greatly appreciated.
Thanks
To allow USER3 to query a table owned by USER1:
GRANT SELECT ON USER1.tablename TO USER3;
You must run this for each table individually.
Other grants that you may need are INSERT, UPDATE and DELETE, e.g. to grant full control:
GRANT SELECT, INSERT, UPDATE, DELETE ON USER1.tablename TO USER3;
When you login as USER3, to query the table you normally need to specify the schema, e.g.:
SELECT * FROM USER1.tablename;
If you want to avoid having to specify the schema each time, you can use synonyms, e.g.:
(login as USER3)
CREATE SYNONYM tablename FOR USER1.tablename;
Now you can login as USER3 and run this:
SELECT * FROM tablename;
"I just don't understand why I have to do all that."
Users - or schemas - are the means Oracle uses for organising applications and enforcing governance. In a well-design application it is extremely unlikely that one schema would need to grant every privilege on all its objects to another user. Oracle recommends a policy of granting the minimum necessary set of privileges to other users. Doing this requires us to make choices and write discrete statements to grant specific privileges on particular objects.
here's a tricky case on which 5 peoples including a DBA have been struggling on for days... I offer lifetime consideration to the one which will identify the root cause of the issue.
here it is:
Oracle Client: 10g
Oracle Server: 11g
We have 2 schemas and 1 user:
SCHEMA1
SCHEMA2
USER
We have 1 table 'TOTO' which is defined in SCHEMA1 (SCHEMA1.TOTO)
We have a private synonym of table 'TOTO', called 'TOTO' defined in SCHEMA2, created like this:
CREATE SYNONYM SCHEMA2.TOTO FOR SCHEMA1.TABLE1;
We have granted SELECT,UPDATE,DELETE,INSERT priviledges on "SCHEMA2.TOTO " (so on the synonym) to SCHEMA2 (so that any session ran from SCHEMA2 has access to the synonym table)
GRANT SELECT, UPDATE, DELETE, INSERT ON SCHEMA2.TOTO TO SCHEMA2;
Our application connects to the DB with USER, then directly switches to SCHEMA2:
ALTER SESSION SET CURRENT_SCHEMA=SCHEMA2;
Then after that, it tries to perform a select query on the synonym table WITHOUT prefixing the synonym name by SCHEMA1 (this is a constrain of the framework we use):
SELECT COL FROM TOTO;
Most of the times this query works successfully, which is what we expect since we have altered our session to SCHEMA2, by default that where the objects are looked.
But sometimes it fails, with an ORA-00942: table or view does not exist error.
I insist on the fact that between the time when it works and when it fails, nothing has changed, we've just restarted the application (which is of course re-connecting to the DB the same way at each startup).
We've been investigated with a DBA monitoring all the events on USER,SCHEMA1,SCHEMA2 hoping to find an external process modifying the GRANTS on one of thoses, between a success and a failure, but nothing changes. Yet, at some point, randomnly we get the ORA-00942 error, then we restart the application several times and it's back again...
Would someone have an idea or any suggestion/hint that could lead us to identify what we're missing here?
Many thanks for your help!
The grant should go to USER, not to SCHEMA2:
GRANT SELECT, UPDATE, DELETE, INSERT ON schema1.toto TO userxy;
This should solve the problem. If it doesn't, can you please post the result of
SELECT * FROM all_objects WHERE object_name='TOTO';
I have to import a stored procedure from Oracle database into Informatica.
But when I try to use the Stored Procedure Transformation I cannot view the respective stored procedure.
I am using the correct oracle driver since I don't have any trouble in importing target database tables.
I tried viewing the stored procedures in the oracle database using
select * from all_objects where object_type='FUNCTION' but could not find the
function I am looking for.
Please advise me on these:
Can we view the list and code of Stored procedure(s)/function(s) in Oracle
What am I missing in Informatica stored procedure transformation?
If you don't get any results from this..
select * from all_objects where object_type='FUNCTION'
It either means you don't have any functions or the current user does not have the privileges to execute any functions. Find out which user owns the function and grant the following.
example :
grant execute on <owner>.<function_name> to ETL_USER;
To avoid confusion, make sure the username in the informatica connection and the one you are using when connecting to the database are the same.
While importing object into Informatica, listed objects are always owned by the "connecting" user. If your object is owned by some other user, you wont see it. To see objects not owned by connecting user, you'd have to choose "All" in the schema text box, while connecting.
You should be looking for object_type='PROCEDURE' and not "FUNCTION". Therefore, your query should read as select * from all_objects where object_type='PROCEDURE'
If all this is done and you still dont see the object, check privileges on that object to your connecting user. For this, the best course is
a. ask your dba to grant execute privileges on that object to your connecting user. OR
b. connect to database as the owner of that object and run the following command
grant execute on <object_name> to <connecting_user>