I have two question about oracle export and import.
First of all,I want to export only user and their roles not tables,trigger and other object Later import user
How i can do?
Other question is while importing operation, can i get error?Because, which object importing early roles or user? Unless importing roles, user can't assign roles?
You must be using ddl statements, look How to clone user in Oracle and https://dba.stackexchange.com/questions/30337/duplicate-an-oracle-database-user ,and if you are using SQL Navigator, you can select user in the tree (press F12) and press Ctrl+D
Related
If I have already connected to database, and can not see the tablenames, functions, or procedures ...does it mean that I have been granted only Connect By session privilege?
When I use column names #database links it gives me an error that does not describe in details that do I have Select privilage or not. But when I write my function and want to compile it it gives you have not been granted a privilege to create a function.
I cannot see in navBar any buttons of related database that my user has been created in. I tried to do smth from Preferences, then relaunched SQL Developer although the result is the same. Just pure empty colons on the left side of my navbar
Step 1:
I went to the tools menu in origin oracle pl sql then choose export user object and select that file i need to convert to destination database like view and functions and packages etc...
Step 2 :
after that i went to destination database and open new command window and paste that file create in step1.
after that i get this error for many objects:
ora00900 : invalid sql statement
how can i import that file created with pl/sql export user object?
If you are using Oracle SQL Developer and trying to export DDL and Data, make sure that selected format is "insert". Other formats are not applicable to run as SQL statement.
If your goal is full export consider using Oracle DataPump: https://docs.oracle.com/en/database/oracle/oracle-database/19/sutil/oracle-data-pump-overview.html
I'm trying to import dump file I received from customer.
The customer defined the schema on user with Profile and Role which obviously do not exist in my Database and are not required by me.
Whenever I do impdp I get multiple errors:
ORA-02380: profile APPL_PROFILE does not exist
ORA-01919: role 'APP_ROLE' does not exist
Is there a way to exclude the roles and profile from the import?
The only way I find to handle it is creating this Profile and role in my Database - which is not required and would like to avoid.
Managed to do that with exclude:user exclude:grant
as suggested here
https://www.cnblogs.com/chendian0/p/10867504.html
I'm on Oracle 11g, and I do understand the issue of a 3rd-party grant.
But, given that have user1 creating a view "view1" as Select 'foo' from dual.
Then I grant Select on view1 to user2 and I get this error.
But note the "dual" in the view is not qualified as sys.dual, it's just dual. I would think with a synonym public.dual that the actual "dual" used would be public.dual, not sys.dual, so no 3rd party issue should exist because it's public.
And if sys.dual is the one Oracle assumes in this view, one would think that given the use of dual is common in views, and that granting privs on views to other users is also common--wouldn't thousands of users be reporting this issue?
I do see sporadic posts about this but no real solution except to create another copy of dual for the user creating the view, but this doesn't make sense to me.
Thanks for any help.
After consulting our dbas, the issue is an Oracle "Feature" in 11.2.0.4:
TL;DR verison:
As of v 11.0.4, if your View uses Dual, then you can't grant that View anything but SELECT.
Why would we want to grant a view more than Select? In our case the app vendor packaged their updates in such a way that the database portion of the updates automatically scripted full CRUD grants to the master app-schema on every new object, and this included views, because it was simply easier to script that way. This all worked fine until 11.0.4, when Oracle said/enforced "Hey, you can't do that".
Full version:
(Quoted from Oracle site https://support.oracle.com/epmos/faces/BugDisplay?parent=DOCUMENT&sourceId=1628033.1&id=17994036)
Oracle Database - Enterprise Edition - Version 11.2.0.4 to 11.2.0.4 [Release 11.2]
Information in this document applies to any platform.
SYMPTOMS
After upgrading from 11.2.0.3 to 11.2.0.4, you encounter the following error while executing the "create or replace view" statement:
ORA-01720: grant option does not exist
Views were created before the upgrade and "CREATE OR REPLACE VIEW" had worked fine.
CAUSE
The observed behavior is correct. You will get this ORA-1720 error when REPLACING a view that selects from some other user's tables and both of the following conditions are true:
you have already granted select or other privileges on the VIEW to some other user
the view owner does not have the GRANT option on the tables being selected from (or view owner may have some privilege with grant option but not others)
Development has explained it as follows:
The code was changed in 11.2.0.4 so that create view behavior is similar to grant. If you try to make a GRANT on an existing view and the view owner does not have the grant option, then ORA-1720 is the expected result (even in 11.2.0.3). In 11.2.0.4, we have simply made CREATE VIEW consistent with the GRANT behavior, i.e. if an incompatible grant exists, then the new view definition must not be allowed (even with FORCE). In other words, we do not allow incompatible grants to coexist with the view definition and so an error must be thrown. The behavior in release 11.2.0.3 (and earlier) was incorrect; the new behavior in 11.2.0.4 is intentional and correct.
SOLUTION
To avoid this issue, you can do either of the following:
Remove all grants on the view before REPLACING the view. This will ensure that no incompatible grants exist.
Drop and recreate the view. Dropping the view will automatically remove all grants.
REFERENCES
BUG:17994036 - POST UPGRADE TO 11.2.0.4 CREATE OR REPLACE FAILS WITH ORA-01720
BUG:18024486 - ORA-1720 WHEN CREATING VIEW AFTER TO HAVE UPGRADE FROM 11.2.0.3.0 TO 11.2.0.4.0
With sys (as sysdba ) database user grant the necessary privileges, and after that try yo recreate the view with sys (as sysdba ) database user. This was helpful for me.
Regards,
Vase Tusevski
NOTE: I am note DB Admin and I am not that much in sql server security
I am using MS SQL SERVER 2008R2
What I want to do is to give a user a minimal permissions or just what he required
I have a local user in my windows and I add this user in the logins of the database after that I went to this user in my specific database and try to change his set of permissions but the section is coming empty
why it is coming empty?
and how to do this, I mean giving him the permissions that he just need nothing more?
Please I want to do this from the user interface without T-sql
EDIT
I Just want to give the user read, write, execute nothing more
and also I need to know more about how to control users permissions in more details
A. Set up Read/Write
Go to Security/Logins and find your login, double click it
Go to user mapping, and click on the database that you have access to
In the bottom pane under 'Database Role Membership', tick db_datareader and db_datawriter
This gives the user Login SELECT, INSERT, UPDATE, DELETE
B. Revoke DELETE and grant EXECUTE
Create a role that does this:
Go to your database / Security / Roles
Right click, New / Database Role
Give the role a name, I will use executor for this example and press OK
I don't know how to do the next steps in SSMS, You'll need to do it in T-SQL:
Start a new query in your database
Type this and press F5:
GRANT EXECUTE TO executor;
DENY DELETE TO executor;
Now repeat A3 but select your newly created role, 'executor'
Every new user (or group) that you create needs to be a member of these three roles. The best practice is to add a windows group to SQL Server once, and add users to that windows group.
Lastly test this - I don't know for sure that it works.
With regards to the database user securables:
You have to explicitly populate this list to see what it contains. It doesn't populate automatically. Press Search and search for some objects (i.e. all objects belonging to the schema dbo). Now you have a list of objects in the top. Click on an object and click the 'Effecttive' tab on the bottom. This is the users effective (final) permissions for this object. If you want to override this at the object level you can assign something on the explicit tab
Had similar problem after our MSSQL Server was restored on a new server and wanted to set explicit permissions for a user in a DB.
Not sure how to make it default (as it appears to have been previously), but basically just hit the search button in the Securables tab you show to search for "All objects of the types..." and choose the Databases object and click ok / search. You should now see securables for that specific database and can set explicit permissions as well as view existing "effective" permissions.