This question already has an answer here:
Allowing a users to select from a table
(1 answer)
Closed 8 years ago.
I am trying to grant a role to another user in Oracle. although I got : grant succeeded, it doesn't appear that the user got the role, can anyone help ?
SQL> select * from students;
no rows selected
SQL> Grant select on students to C##reine;
Grant succeeded.
SQL> disconnect
Disconnected from Oracle Database 12c Release 12.1.0.1.0 - 64bit Production
SQL> connect
Enter user-name: C##reine
Enter password:
Connected.
SQL> select * from students;
select * from students
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL>
I'm sure user C##reine has the role. If you log in as C##reine and try the following query you should see it:
SELECT * FROM User_Tab_Privs
WHERE Table_Name = 'STUDENTS';
The problem is that the table is in another schema, so C##reine needs to alias the table when querying (note that a comment posted after this answer provided the actual schema name):
SELECT * FROM C##jad.students;
To make the table visible to the user without aliasing, try this:
-- As user C##reine
CREATE SYNONYM STUDENTS FOR C##jad.STUDENTS;
User C##reine will need to have the CREATE SYNONYM system privilege.
The user needs to qualify the table with its owner schema:
select * from xyz.students
Related
I have a QUEUE_OWNER schema that has some queues. When I connect the application to that data source everything works fine and the app can read the from the queues.
I want to create a _USER schema that has access to the queues so I can connect the app to it and not directly to the _OWNER schema.
This is what I tried:
BEGIN
FOR Q IN (SELECT * FROM ALL_QUEUES WHERE owner = 'AQ_OWNER') LOOP
DBMS_OUTPUT.PUT_LINE('queue = ' ||Q.NAME);
DBMS_AQADM.GRANT_QUEUE_PRIVILEGE('ALL','AQ_OWNER.'||Q.NAME ,'AQ_USER',FALSE);
END LOOP;
END;
but when I put a message in the queue nothing happens in the app.
How about a little help of your DBA?
This is what my user SCOTT sees in all_queues:
SQL> select owner, name from all_queues;
OWNER NAME
------------------------------ ------------------------------
SYS SRVQUEUE
SYS SCHEDULER_FILEWATCHER_Q
SYS SCHEDULER$_EVENT_QUEUE
However, I'd like to see some other data. SYS almighty sees it all:
SQL> show user
USER is "SYS"
SQL> select owner, name from dba_queues;
OWNER NAME
------------------------------ ------------------------------
SYS SYS$SERVICE_METRICS
SYS AQ$_SYS$SERVICE_METRICS_TAB_E
SYSTEM DEF$_AQERROR
SYSTEM AQ$_DEF$_AQERROR_E
SYSTEM DEF$_AQCALL
SYSTEM AQ$_DEF$_AQCALL_E
SYS AQ$_KUPC$DATAPUMP_QUETAB_E
<snip>
Still connected as SYS, I'll create a view which show data only for owner I choose (there's nothing much to choose in my XE database so I'll use SYSTEM-owned values). Then grant select privilege to SCOTT:
SQL> create or replace view v_dba_queues as
2 select name
3 from dba_queues
4 where owner = 'SYSTEM';
View created.
SQL> grant select on v_dba_queues to scott;
Grant succeeded.
Back to SCOTT: to make my life simpler, I'll create a synonym first:
SQL> connect scott/tiger
Connected.
SQL> create synonym v_dba_queues for sys.v_dba_queues;
Synonym created.
Finally:
SQL> select * from v_dba_queues;
NAME
------------------------------
DEF$_AQERROR
AQ$_DEF$_AQERROR_E
DEF$_AQCALL
AQ$_DEF$_AQCALL_E
SQL>
Basically, you'd do the same; it's just that your view would contain data for owner = 'QUEUE_OWNER'. See if it helps.
I am trying to run below query from SOME_USER
SELECT * FROM V$Locked_Object; -- Public Synonym
also tried
SELECT * FROM "SYS"."V_$LOCKED_OBJECT";
and getting.
ORA-01435: user does not exist
01435. 00000 - "user does not exist"
*Cause:
*Action:
I have given these grants from SYS to SOME_USER
grant select on "SYS"."V_$LOCKED_OBJECT" to SOME_USER; still getting the same error.
I noticed that I am able to access other public synonyms in SOME_USER like V$LOCK_ACTIVITY, v$lock_type etc. getting this error when trying V$Locked_Object and V$LOCK only. Please suggest maybe I am missing some basics.
Oracle Version - Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production
I'd suggest you to check against metadata.
First, check whether the object exists in the DB at all (I'm sure it exists, but still for double checking).
I hope you have access to dba_% objects
select * from dba_objects where object_name like 'V%LOCKED%OBJ%';
Then, check if you have the permissions to access that object
select * from all_objects where object_name like 'V%LOCKED%OBJ%';
If the object exists in the dba_ table and can not be found in all_ it means you don't have the permissions for that. Execute the following for double checking
select *
from user_tab_privs
where table_name like 'V%LOCKED%OBJ%';
You'll get probably nothing here as you can't find the object, so the next thing I'd check is the role name that has access to that particular object
select *
from role_tab_privs
where table_name like 'V%LOCKED%OBJ%';
Then, check if you have that role assigned to your user
select * from session_roles
I hope this will help
use
select * from "SYS"."V$locked_objects"
while installing sap on 3 tiered architecture, I need to install database instance (oracle) and central instance(sap) and two different machines.
after completing database install and proceeding with central instance installation, the setup is trying to access a table and fails with following error
SELECT USERID, PASSWD FROM
SAPUSER WHERE USERID IN (:A0, :A1)
OCI-call failed with
-1=OCI_ERROR SQL error 942: 'ORA-00942: table or view does not exist'
*** ERROR => ORA-942 when
accessing table SAPUSER
so I checked and found out that two cases are possible
Table does not exist or
User has no access rights to this Table
next I checked for table, and found an entry in dba_tables,
SQL> select owner from dba_tables where table_name='SAPUSER';
OWNER
------------------------------
OPS$E64ADM
but when trying to fetch data from it using select query
SQL> select * from SAPUSER;
select * from SAPUSER
*
ERROR at line 1:
ORA-00942: table or view does not exist
now I am confused, whether the table is available or not. what is the reason for this and how can it be resolved?
It depends on where you are accesing the object from,
check to see which user you are logged in as
SQL> SHOW USER
This will show which user you are logged in as,
if you are in OPS$E64ADM, the directly query using
SQL> select * from SAPUSER;
if show user show anyother user you need privilege to access it from other users, can ask dba or if you have access then run,
SQL> grant select on OPS$E64ADM.SAPUSER to username; -- the username from which you want to access the table;
then, you can acces from the other user , using,
SQL> select * from OPS$E64ADM.SAPUSER
who are you signed in as? unless it's the owner of the table you will need to change your code to include the owner ie.
select * from OPS$E64ADM.SAPUSER
I'd like to get ddls of all roles in the database using dbms_metadata package. Unfortunately dbms_metadata.get_granted_ddl fails with error when there are no grant (object, system or role type) for the role. That's why I have to check the presence of privileges in dba_tab_privs, dba_sys_privs and dba_role_privs views.
However AQ_ADMINISTRATOR_ROLE role has system privileges the following statement fails. Checked on two databases.
sqlplus system/pass#db1
select dbms_metadata.get_granted_ddl('SYSTEM_GRANT', 'AQ_ADMINISTRATOR_ROLE')
from dual
where exists (select 1 from dba_sys_privs where grantee = 'AQ_ADMINISTRATOR_ROLE')
/
ORA-31608: specified object of type SYSTEM_GRANT not found ORA-06512:
at "SYS.DBMS_METADATA", line 4018 ORA-06512: at "SYS.DBMS_METADATA",
line 5991 ORA-06512: at line 1
select * from v$version
/
Oracle Database 11g Release 11.2.0.2.0 - 64bit Production PL/SQL
Release 11.2.0.2.0 - Production CORE 11.2.0.2.0 Production
Oracle returns that exception if there are no rows that match your parameters. There must be no SYSTEM_GRANT objects for QA_ADMINISTRATOR_ROLE
This will return what you are looking for:
select dbms_metadata.GET_GRANTED_DDL('SYSTEM_GRANT') from dual;
This will return something like:
GRANT CREATE JOB TO "SCOTT"
GRANT SELECT ANY DICTIONARY TO "SCOTT"
GRANT EXECUTE ANY TYPE TO "SCOTT"
I assume, you want to extract DDL for all privileges (roles/permissions) given to current schema user (when you say 'database').
If one wants to extract for a given user, use the following:
select dbms_metadata.GET_GRANTED_DDL('SYSTEM_GRANT', 'SCOTT') from dual;
If one wants to extract privileges given on a OBJECT from current user to another schema user, use the following:-
select DBMS_METADATA.GET_DEPENDENT_DDL('OBJECT_GRANT','TEST_TABLE') from dual;
In my oracle DB, i have a user named test this user has DML_ROLE in the DB. And, i have provided insert/update/delete/select access to DML_ROLE on a table named hdr_detail.
But, when user test execute an update query on hdr_detail table its getting error message as Returned error: ORA-01031: insufficient privileges. It works fine when i provide the access directly to the user.
I'm confused why this error shows up only when i provide the access through role.
Table structure:
COLUMN NAME DATA TYPE
PERIOD NUMBER
HDR_ID VARCHAR2(50)
Query i use to update:
update test_sch.hdr_detail set period=201108 where hdr_id = 'check';
Statement i use to grant:
grant insert,select,update,delete on test_sch.hdr_detail to dml_role;
select * from dba_role_privs where grantee like 'TEST' returns the following result
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
TEST DML_ROLE NO NO
select * from dba_tab_privs where table_name like 'HDR_DETAIL' returns the following result
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH DELETE NO NO
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH INSERT NO NO
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH SELECT NO NO
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH UPDATE NO NO
Please help me in resolving this issue. Reply in comment if any more information is needed about this issue.
Try setting the role as the users default role:
ALTER USER test DEFAULT ROLE dml_role;
It could be an issue with how you are accessing the databse object HDR_DETAIL.
From Don burleson (http://www.dba-oracle.com/concepts/roles_security.htm):
Oracle roles have some limitations. In particular object privileges are granted through Oracle roles can not be used when writing PL/SQL code. When writing PL/SQL code, you must have direct grants to the objects in the database that your code is accessing.
If your user is issuing the UPDATE through an application or PL/SQL block then it will not use the role-based permissions. If this is the case you will have to grant the permissions directly.
That seems impossible.
Are you sure that your user connect to correct DB, schema, and query the right table?
I'm stunned.
Pls try
select * from test_sch.hdr_detail
wiht test user.