What is the query to get all objects with privileges under a specific role.
ROLE_NAME TABLE SELECT INSERT DELETE UPDATE EXECUTE
SELECT *
FROM DBA_TAB_PRIVS
WHERE GRANTEE='ROLE_NAME';
DBA_TAB_PRIVS describes all object grants in the database.
Or to get the grants for all the roles, you can use below query.
SELECT grantee role_name,table_name,privilege
FROM dba_tab_privs dtp,dba_roles dr
WHERE dtp.grantee=dr.role
ORDER BY role_name,table_name,privilege;
Related
I have created table it's sequence on owner .
Also granted permission of insert update delete select on table from owner to user.
Also granted select on sequence from owner to user.
Finally I logged in user and created synonym for owner table and sequence.
Now when I access table in user it throws insufficient permission.the same table can be accessible in owner..
Any idea what I'm missing here..
You should execute these queries and verify grantor and grant:
select * from all_tab_privs where table_name ='YOUR_NAME_SEQUENCE';
select * from all_tab_privs where table_name ='YOUR_NAME_TABLE';
select * from all_synonyms where synonym_name ='YOUR_NAME_TABLE';
Certainly Grantor not equal to your user or some grant is missed.
Thank you.
issue got resolved as issue with grant statement I gave incorrect user id
In Oracle, I granted select on a table to a user by giving the following command:
GRANT SELECT ON DEPT TO HOMERSIMPSON;
Once I granted a select on the dept table to homersimpson, I queried the dba_sys_privs, there's no record of the privilege granted. I used the following query:
Select * from dba_sys_privs where grantee = 'HOMERSIMPSON';
Why is the privilege not reported on this table?
Thanks in advance.
You are granting a SELECT on a specific table. That's not a system priv. It is an object prv. Try looking at DBA_TAB_PRIVS.
DB: Oracle 10g
I can grant DML commands to a user for some tables:
GRANT SELECT, UPDATE, DELETE, INSERT ON USER_A.TABLE_1 TO USER_B;
How to list all grants (about select, update, insert, delete) that USER_B has received, and for what tables?
I checked table "all_tab_privs_recd", but doesn't have what I'm looking for.
Pete Finnegan, Oracle security expert extrordinaire, has several different tools available that will help you answer these types of questions.
See:
http://www.petefinnigan.com/tools.htm
In particular, for the question above, see find_all_privs.sql
Hope that helps.
I can't figure out how to use those views that you suggest for listing all grants that USER_B received.
GRANT SELECT, UPDATE, DELETE, INSERT ON USER_A.TABLE_1 TO USER_B;
I query:
select * from all_tables where owner='USER_A'
shows 16 rows
Select * from all_tab_privs_recd where grantor = 'USER_A'
shows 0 rows
Select * from all_tab_privs_recd where grantee = 'USER_A'
shows 0 rows
Select * from all_tab_privs_recd where grantee = 'USER_B'
shows 0 rows
Select * from all_tab_privs_recd where grantor = 'USER_B'
shows 129 rows, but USER_A is not in grantee, nor in grantor nor in owner
The all_tab_privs_recd (and the all_tab_privs) views only show the tables that have explicit grants on them, they don't show the tables that are owned by USER_B. (Unless grants have been given to other users. That is, where the GRANTEE and OWNER are the same.) For that you'd have to look at all_tables to see what tables they own and therefore have full access to.
I have a homegrown Oracle role that was created long ago:
create role MyRole;
It's been granted the ability to select, insert, update, and delete from some tables and views.
grant select on sometable to MyRole;
grant insert on sometable to MyRole;
grant select on someothertable to MyRole;
-- etc.
How can I now enumerate the specific list of privileges that were granted to the role? I am interested in discovering the specific tables and the rights this role has with respect to each table. How can I recover this information?
You can simply search from data dictionary ROLE_TAB_PRIVS. And do like this
SELECT * FROM ROLE_TAB_PRIVS WHERE ROLE = 'MyRole';
this works well:
SELECT DBA_TAB_PRIVS.GRANTEE, TABLE_NAME, PRIVILEGE,DBA_ROLE_PRIVS.GRANTEE
FROM DBA_TAB_PRIVS, DBA_ROLE_PRIVS
WHERE DBA_TAB_PRIVS.GRANTEE = DBA_ROLE_PRIVS.GRANTED_ROLE
AND DBA_TAB_PRIVS.GRANTEE='<ENTER GROUP ROLE HERE>'
AND DBA_ROLE_PRIVS.GRANTEE = '<ENTER ROLE HERE>'
ORDER BY DBA_ROLE_PRIVS.GRANTEE
One of the pitfalls in Oracle is the fact that sometimes you can select from a table if you run a query in SQLplus but that you can't when running the query from a stored procedure. In order to run a query from a stored procedure you need a direct grant for the object and not a grant obtained through a role.
If I see a table in the all_tables view, how can I know if I can see this table because of a direct grant or because of a role grant?
Look at ALL_TAB_PRIVS:
select grantee from all_tab_privs
where table_schema = 'SCOTT' and table_name='EMP'
and privilege = 'SELECT';
This shows all grantees, whether roles or users.
One method to see exactly what a procedure would see is to issue the command:
SET ROLE none
It disables all roles for your current session.