I want to know once you create a user role and add some privileges as:
CREATE ROLE usern NOT IDENTIFIED ;
GRANT SELECT ANY DICTIONARY TO usern ;
GRANT SELECT ON t90022.temptable TO usern ;
Can you edit the user role and just state the privilege as follows?
GRANT SELECT ON 90888.temptable2 TO usern ;
Will the user role be updated or do you need to drop and create the user role again?
PS: I don't have privileges to try this out. So please help
Granting privileges in Oracle is cumulative. You do not have to re-grant privileges already granted, and in fact must revoke them explicitly to remove them.
Related
im using oracle db v21c , after trying to create a role student with privs 'create session , create table , create view ' a granted that role to a user 'user3' but when trying to connect with that user i got ora-01045. i checked that privs granted to that role and everything seems normal , i have tried using granting the role the privileges with admin option and nothing happens . I used select * from dba_sys_privs where grantee='student' and all seems good . The role is created with system and so the user because at first i was trying to create the role with scott , but get an error insufficient privileges, but scott have the privilege to create role.
Roles are not active by default. You must either alter the user to set a default role (and then login again), or alter the user's current session to set a current role:
alter user user3 default role all;
or
set role student;
I've created a user with a default tablespace. I've granted create session to that user and then added them to a role GRANT xxxx_role TO myuser;
However when I run SELECT * FROM USER_ROLE_PRIVS, there are no rows of data, meaning the user isn't assigned to any roles. It says that the grant succeeded. What am I doing wrong? I've done this as a SYSTEM user which should have carte blanche permissions.
user_role_privs shows roles granted to the current user. dba_role_privs shows roles granted to all users. You probably want to be querying dba_role_privs.
If you are logged in as system and do the grant, you should see a row in dba_role_privs for myuser. You won't see rows in user_role_privs for any user other than system. If you log in as myuser after the grant is done, you will see a row in user_role_privs.
How to grant read and create Views privilege to a role?
Here are the steps I've done:
Grant statement to the role "CUSTOM_ROLE":
GRANT SELECT ON MY_VIEW_1 to CUSTOM_ROLE;
Assign the role to a user id:
GRANT CUSTOM_ROLE TO USERID_123;
Error:
01924. 00000 - "role '%s' not granted or does not exist"
*Cause: Either the role was not granted to the user, or the role did not exist.
*Action: Create the role or grant the role to the user and retry
the operation.
Please kindly help. Thank you.
Create the role prior granting to it. The message says the role doesn't exist.
I would suggest You to check existence of the role using:
select role from dba_roles where role = 'CUSTOM_ROLE';
If this query won't return any rows then use
CREATE ROLE custom_role;
to create it.
See this:
https://www.techonthenet.com/oracle/roles.php
For details
How to grant the privilege of giving the privilege of creating a session to a user or role in Oracle?
You would use the WITH ADMIN OPTION option in the GRANT statement
GRANT CREATE SESSION TO <<username>> WITH ADMIN OPTION
You can grant system privileges with or without the admin option. The default being without admin option.
GRANT CREATE SESSION TO username
or with admin option:
GRANT CREATE SESSION TO username WITH ADMIN OPTION
The Grantee with the ADMIN OPTION can grant and revoke privileges to other users
grant CREATE SESSION
Ref.. http://ss64.com/ora/grant.html
HTH,
Kent
I have created a new user using the below in sql developer (Oracle 11g). I have only two tables titled FEED_DATA_A and FEED_DATA_B that I want this user to be able to select, update and insert into. Can someone help me understand the SQL to create the proper privileges to accomplish that? I'm currently logged in as the system user.
CREATE USER "USER_A" IDENTIFIED BY "test123";
If you want to grant the privileges directly to the user
GRANT select, update, insert
ON table_owner.feed_data_a
TO user_a;
GRANT select, update, insert
ON table_owner.feed_data_b
TO user_a;
More commonly, though, you would create a role, grant the role to the user, and grant the privileges to the role. That makes it easier in the future when there is a new user created that you want to have the same privileges as USER_A to just grant a couple of roles rather than figuring out all the privileges that potentially need to be granted. It also makes it easier as new tables are created and new privileges are granted to ensure that users that should have the same privileges continue to have the same privileges.
CREATE ROLE feed_data_role;
GRANT select, update, insert
ON table_owner.feed_data_a
TO feed_data_role;
GRANT select, update, insert
ON table_owner.feed_data_b
TO feed_data_role;
GRANT feed_data_role
TO user_a