I have a role in Oracle and I would like to know the user who created it.
select * from DBA_ROLES ;
select * from sys.user$ ;
The queries were not of much help for me.
Any ideas ?
If you have auditing turned on then you should be able to see this information in DBA_AUDIT_TRAIL:
SELECT
username
,extended_timestamp
,owner
,obj_name
,action_name
FROM dba_audit_trail
WHERE action = 52 --CREATE ROLE
ORDER BY timestamp;
Check the value of audit_trail to see if it is on:
SELECT value
FROM v$parameter
WHERE NAME = 'audit_trail'
;
This article explains auditing a bit more.
You can get help from below query.
SQL> SELECT rp.grantee, rp.granted_role, rp.admin_option
FROM dba_role_privs rp
JOIN dba_users u
ON rp.grantee = u.username
WHERE admin_option = 'YES'
ORDER BY grantee, granted_role; 2 3 4 5 6
GRANTEE GRANTED_ROLE ADM
------------------------------ ---------------------------------------- ---
ADMIN1 DBA YES
CTXSYS CTXAPP YES
LBACSYS LBAC_DBA YES
SPATIAL_CSW_ADMIN_USR SPATIAL_CSW_ADMIN YES
SYS ADM_PARALLEL_EXECUTE_TASK YES
SYS APPLICATION_TRACE_VIEWER YES
SYS AQ_ADMINISTRATOR_ROLE YES
Related
I am looking for help towards - How to write a select statement (Oracle) to print a column from a table checking against specific value? For value that do not exist it should print a record saying 'value' does not exist.
E.g.
select username from dba_users where username in ('a','b','c').
Expected output -
username
========
a
b does not exist
c
If you're on a recent version of Oracle you could use outer apply, with a collection to hold the values you're looking for:
select coalesce (u.username, t.column_value || ' does not exist') as username
from table(sys.odcivarchar2list('SYS', 'XYZ', 'OUTLN')) t
outer apply (select username from all_users u where u.username = t.column_value) u;
USERNAME
------------------------------
SYS
XYZ does not exist
OUTLN
or just an outer join, which would work on earlier versions too:
select coalesce (u.username, t.column_value || ' does not exist') as username
from table(sys.odcivarchar2list('SYS', 'XYZ', 'OUTLN')) t
left join all_users u on u.username = t.column_value;
USERNAME
------------------------------
SYS
XYZ does not exist
OUTLN
db<>fiddle
I am trying to export a schema/user in Oracle with its roles and system privileges. I don't want to export any data or any table. I have tried to export users using the following command.
expdp system/system#gisdblocal include=user DIRECTORY = TestBack
logfile=test12.log DUMPFILE=test12.dmp SCHEMAS=test_replication
When I import this in other database or in the same database with a different name i.e
impdp system/system#gisdblocal DIRECTORY = TestBack DUMPFILE = test12.dmp
SCHEMAS = test_replication REMAP_SCHEMA =
test_replication:test_replication_copy
the user or schema is created but it has not been granted any role or system privileges.
I am doing this because I have created a backup of a schema using the user that did not have the required rights DATAPUMP_IMP_FULL_DATABASE or DATAPUMP_EXP_FULL_DATABASE. When I restore that backup in another database, it says the user does not exist. Therefore, I am thinking to create a user with the same privileges first and then restore the backup.
Using SQL...
SELECT dbms_metadata.get_ddl('USER', :name)
FROM dual
UNION ALL
SELECT dbms_metadata.get_granted_ddl('ROLE_GRANT', grantee)
FROM dba_role_privs
WHERE grantee = :name
AND ROWNUM = 1
UNION ALL
SELECT dbms_metadata.get_granted_ddl('DEFAULT_ROLE', grantee)
FROM dba_role_privs
WHERE grantee = :name
AND ROWNUM = 1
UNION ALL
SELECT dbms_metadata.get_granted_ddl('SYSTEM_GRANT', grantee)
FROM dba_sys_privs sp,
system_privilege_map spm
WHERE sp.grantee = :name
AND sp.privilege = spm.name
AND spm.property <> 1
AND ROWNUM = 1
UNION ALL
SELECT dbms_metadata.get_granted_ddl('OBJECT_GRANT', grantee)
FROM dba_tab_privs
WHERE grantee = :name
AND ROWNUM = 1
UNION ALL
SELECT dbms_metadata.get_granted_ddl('TABLESPACE_QUOTA', username)
FROM dba_ts_quotas
WHERE username = :name
AND ROWNUM = 1
:name being...a bind variable for the USER you want to re-create.
I have a role in oracle database. The role was created by some user (unknown), but currently no user has admin option on the role.
I know that the role exists:
SELECT * FROM DBA_ROLES WHERE ROLE = 'roleName';
The query returns the role.
No user has admin option
SELECT rp.grantee, rp.granted_role, rp.admin_option
FROM dba_role_privs rp
JOIN dba_users u
ON rp.grantee = u.username
WHERE admin_option = 'YES'
AND rp.granted_role = 'roleName'
ORDER BY grantee, granted_role;
The query returns nothing
I need drop the role.
I don't know, how this situation appeared, because for all other roles, some user with admin option exists. Could someone help me?
Thanks
Problem: I am working on a query that will produce a list of all Oracle users. I wish to determine in the query if they have the specific grant permissions for CONNECT and APPUSER and show them in a single table.
What I have tried: I am using one table, DBA_ROLE_PRIVS. This table shows all the information I need, but am failing to query it correctly. I can show all users who have permission to Connect with:
SELECT GRANTEE as "User Name", granted_role as "Connect"
FROM DBA_ROLE_PRIVS
WHERE GRANTED_ROLE='CONNECT';
I can also show users who have permission to APPUSER, simply by replacing CONNECT with APPUSER.
My problem is showing both permissions in one query. I have tried using different JOINs. However, using that seems to require two tables or more. I have researched a "self-join", but do not understand how to use two WHERE clauses. I have tried things like:
SELECT grantee as "User Name", t1.granted_role as "Connect", t2.granted_role as "APPUSER"
FROM t1.DBA_ROLE_PRIVS join t2.DBA_ROLE_PRIVS on t1.GRANTEE = t2.GRANTEE
WHERE t1.GRANTED_ROLE='CONNECT' and t2.GRANTED_ROLE='APP_USER';
I want my final query to show something like:
User Name Connect App User
---------- ---------- ----------
Bob CONNECT APPUSER
Sue APPUSER
Nick CONNECT APPUSER
Rob CONNECT
SELECT GRANTEE as "User Name", granted_role from DBA_ROLE_PRIVS where GRANTED_ROLE in ('CONNECT','APPUSER');
if you need one row for each user and two column for each access, you can use this
select c.GRANTEE as "User Name", a.granted_role as "Connect", c.granted_role as "APPUSER"
FROM
(SELECT GRANTEE, granted_role from DBA_ROLE_PRIVS where GRANTED_ROLE = 'CONNECT') a,
FULL OUTER JOIN
(SELECT GRANTEE, granted_role from DBA_ROLE_PRIVS where GRANTED_ROLE = 'APPUSER') c
on a.GRANTEE = c.GRANTEE;
This question already has answers here:
How to show all privileges from a user in oracle?
(7 answers)
Closed 2 years ago.
I am using Linux, Oracle10g.
I have created one user called test. and granted create session and select any dictionary permission to the same user.
i also granted sysdba and sysoper roles to the same users.
Now i want to display all the privileges and roles granted to the user.
I found following query but it shows only create session and select dictionary privileges.
select privilege
from dba_sys_privs
where grantee='SAMPLE'
order by 1;
please help to resolve the issue.
Thanks
In addition to VAV's answer, The first one was most useful in my environment
select * from USER_ROLE_PRIVS where USERNAME='SAMPLE';
select * from USER_TAB_PRIVS where Grantee = 'SAMPLE';
select * from USER_SYS_PRIVS where USERNAME = 'SAMPLE';
Look at http://docs.oracle.com/cd/B10501_01/server.920/a96521/privs.htm#15665
Check USER_SYS_PRIVS, USER_TAB_PRIVS, USER_ROLE_PRIVS tables with these select statements
SELECT * FROM USER_SYS_PRIVS;
SELECT * FROM USER_TAB_PRIVS;
SELECT * FROM USER_ROLE_PRIVS;
None of the other answers worked for me so I wrote my own solution:
As of Oracle 11g.
Replace USER with the desired username
Granted Roles:
SELECT *
FROM DBA_ROLE_PRIVS
WHERE GRANTEE = 'USER';
Privileges Granted Directly To User:
SELECT *
FROM DBA_TAB_PRIVS
WHERE GRANTEE = 'USER';
Privileges Granted to Role Granted to User:
SELECT *
FROM DBA_TAB_PRIVS
WHERE GRANTEE IN (SELECT granted_role
FROM DBA_ROLE_PRIVS
WHERE GRANTEE = 'USER');
Granted System Privileges:
SELECT *
FROM DBA_SYS_PRIVS
WHERE GRANTEE = 'USER';
If you want to lookup for the user you are currently connected as, you can replace DBA in the table name with USER and remove the WHERE clause.
Combining the earlier suggestions to determine your personal permissions (ie 'USER' permissions), then use this:
-- your permissions
select * from USER_ROLE_PRIVS where USERNAME= USER;
select * from USER_TAB_PRIVS where Grantee = USER;
select * from USER_SYS_PRIVS where USERNAME = USER;
-- granted role permissions
select * from ROLE_ROLE_PRIVS where ROLE IN (select granted_role from USER_ROLE_PRIVS where USERNAME= USER);
select * from ROLE_TAB_PRIVS where ROLE IN (select granted_role from USER_ROLE_PRIVS where USERNAME= USER);
select * from ROLE_SYS_PRIVS where ROLE IN (select granted_role from USER_ROLE_PRIVS where USERNAME= USER);
IF privileges are given to a user through some roles, then below SQL can be used
select * from ROLE_ROLE_PRIVS where ROLE = 'ROLE_NAME';
select * from ROLE_TAB_PRIVS where ROLE = 'ROLE_NAME';
select * from ROLE_SYS_PRIVS where ROLE = 'ROLE_NAME';
SELECT *
FROM DBA_ROLE_PRIVS
WHERE UPPER(GRANTEE) LIKE '%XYZ%';
select *
from ROLE_TAB_PRIVS
where role in (
select granted_role
from dba_role_privs
where granted_role in ('ROLE1','ROLE2')
)
always make SQL re-usuable: -:)
-- ===================================================
-- &role_name will be "enter value for 'role_name'".
-- Date: 2015 NOV 11.
-- sample code: define role_name=&role_name
-- sample code: where role like '%&&role_name%'
-- ===================================================
define role_name=&role_name
select * from ROLE_ROLE_PRIVS where ROLE = '&&role_name';
select * from ROLE_SYS_PRIVS where ROLE = '&&role_name';
select role, privilege,count(*)
from ROLE_TAB_PRIVS
where ROLE = '&&role_name'
group by role, privilege
order by role, privilege asc
;
The only visible result I was able to understand was first to connect with the user I wanted to get the rights, then with the following query:
SELECT GRANTEE, PRIVILEGE, TABLE_NAME FROM USER_TAB_PRIVS;