An application needs to access various Oracle database. Some databases have tables in Schemas, some don't - there's no control over this.
If a database has a schema in use, the applicable won't work unless the user enters a schema. I'd like it to be able determine via a SQL query if a schema is required to access the tables so the user can be alerted to this.
I'm aware of the question - How do I obtain a list of schemas that an Oracle user has access to - but that only tells me what schema's can be accessed, not if use of the schema is required to access tables.
Is there an SQL query to one of the system tables that can do this with that user's rights?
Note: The application only has login credentials and doesn't know any table details.
Hope that's clear. Thanks.
Question is confusing. For most part in Oracle, you can consider LOGIN == USER == SCHEMA. When you login into your database with your user, you are able to see and access all objects in that user's schema.
Objects in other schemas (on same database server) can be accesed by SCHEMA2.TABLE1 if connected user has privileges to acces table (there are different privileges...). As already stated in some comments, you do not need to prefix table if synonym exists. Your user can access even tables on some remote server if exists appropriate database link.
Related
I'm trying to copy data from Oracle database table to MS SQL database using Azure Data Factory pipeline.
I have installed oracle locally and using the SYSTEM user, I have created couple of tables in oracle as seen in the screenshot below:
After connecting this local oracle instance with Azure Data Factory via Self Hosted Runtime, I am unable to see the names of these tables in the dropdown of Table names list while creating a dataset for one of these tables. Below are the screenshots of what I am trying to achieve:
But when I search for these tables SPENDREPORT and SPENDREPORTDETAILS, they are not found in this dropdown, as shown in the screenshot below. Any clues as to how I can solve this?
As commented by Justin Cave and also as per Oracle official documentation You must not create any tables in the SYS schema.
•SYS
This account can perform all administrative functions. All base (underlying) tables and views for the database data dictionary are stored in the SYS schema. These base tables and views are critical for the operation of Oracle Database. To maintain the integrity of the data dictionary, tables in the SYS schema are manipulated only by the database. They should never be modified by any user or database administrator. You must not create any tables in the SYS schema.
The SYS user is granted the SYSDBA privilege, which enables a user to perform high-level administrative tasks such as backup and recovery.
• SYSTEM
This account can perform all administrative functions except the following:
• Backup and recovery
• Database upgrade
You should also try to clear Data factory cache and then refresh Table name field.
From the documentation I understood that the schemas are related to one user. I want to create 6 schemas that each will have its tables, but I want just one user that can connect through php and insert some data in those tables (will hace access to the other schemas).
I know you can just assign the CONNECT and RESOURCE roles to those users, but from what i read its not the best option regarding security.
I thought about making 2 roles, one for the schema users and another for the php user.
For the php user: GRANT CREATE SESSION, UNLIMITED TABLESPACE to
For the schema users; but do i need some privileges for these users? Since they will not be accessed
Is this a correct way to do this?
In Oracle each schema is also a user. You can lock users that you do not want people to log in to and then give the user that you want to login privileges on the objects in the other schemas.
I have created a workspace with APEX, but the password is invalid now.
Then I logged in to the workspace and changed the password. However, the other password for login is not changed.
I am very confused with all these terms in oracle.
I have database username, workspace username, database password, workspace password. Also there is a user manager in the workspace, and these users are different from the other two mentioned. Some of the users can be seen in all_users table, some cannot.
What's the relation between all these kinds of users, and where does this information stored? I have read some material of Oracle, but none mentioned these basic terms.
It is confusing because there are two different (though complimentary) technologies being used here:
1) Oracle Database Server has the concept of database "users" which you can see by querying dba_users and all_users - these are owners of database objects and each automatically gets a schema of the same name. Each of these database users has a password, managed by the database. In the old days we used to provision a separate database user for each end user; nowadays we don't generally. These users are stored in the database data dictionary and are manipulated only using database commands such as CREATE USER and ALTER USER.
2) Oracle Application Express has the concept of "workspaces", each of which may have one or more "users". These users can be ordinary end users, developers or Apex administrators. Each of these users has a password, managed by Apex. These are not related to schemas on the database. These users are stored in the Apex data dictionary, and are manipulated using the Apex admin interface, or via calls to the Apex API (in PL/SQL).
Each apex Workspace is associated with a database schema (= database user) which holds the database objects (e.g. tables, views, etc) needed by the workspace. (Note: a workspace can be associated with more than one database schema).
To make things more confusing, in the default version of Apex that is pre-installed in OracleXE (the free version of the database), the Apex user SYSTEM has the same password as the database SYSTEM user.
By default, Apex applications use the Apex authentication scheme which authenticates users against the Apex data dictionary (as per (2) above). You can, however, use alternative authentication schemes which authenticate users against other repositories (such as LDAP, SSO, or custom schemes).
I am going to use a single LOGIN database (Sql forms authenication) to hold the user information, the user profile information, the available databases for a user (including all available databases for a particular client), and a user's settings/preferences. But I need to have seperate role tables in seperate databases so that when a user logs on to the first database and selects which database to connect to then the roles that user is assigned to is determined by the Database that they connect to. The roles may vary depending on the database and can vary from database to another. The database schemas will be identical for each connected database. What would be your suggestions?
Thanks!
The easiest way would be to implement a custom RoleProvider that internally uses a stock SqlRoleProvider initialized with the correct connection string for the user's current database.
The single login database to hold user information should have a table of roles for each database. I am not sure where you want to put the logic for which role has access to what in each database. If you wanted to put it in a database then they should go in their respective databases. The user information should contain which roles the user has access to in each table through a junction table.
User
----
UserId
Name
UserRoles
---------
UserRolesId
UserId
AllRolesId
AllRoles
--------
AllRolesId
DatabaseName
RoleName
In my project, I am using Oracle Database and SubSonic for DAL. I have a problem with SubSonic and Oracle Schema, that is:
When developing, I used a schema DEV in Oracle Database and generate DAL using SubSonic.
After that when release to customer, he used a new schema TEST in Oracle Database and changed the connection string in app.config to connect to Oracle. The error will appear, that is “Table or View does not exist”. I found this error and see that the schema of tables is still DEV.
I do not want re-generate DAL after change schema and when released to the customer. Please help me.
Firstly, your schema should not be DEV. DEV is a user or role.
Your schema name should be related to the data content (eg ACCOUNTS or SALES)
Secondly, consider whether you or the customer is going to decide the schema name. Say you have a product called FLINTSTONE. You may decide that the schema name should be FLINTSTONE. However your customer may want to run two instances of your product (eg one for local sales, the other for international) and use the same database. So they want FS_LOCAL and FS_INTER as the schema names. Is that option a feature of your product ?
Next, decide if your application should connect as the schema owner. There are good security reasons for NOT doing that. For example, the schema owner has privileges to drop tables, which is generally something the application doesn't do and thus, on the principle of least privilege, is something your application shouldn't have privileges to do.
Generally I would recommend some config parameter for the application for the schema name, and after connecting to the database, the app should do an "ALTER SESSION SET CURRENT_SCHEMA = 'whatever was it the config file'". The application database user would need the appropriate insert/update/delete/select/execute privileges on the objects in the application schema. If the application can't do that, you can have a LOGON trigger in the database.
Gary is correct in not using DEV as a schema on your own machine. In using Oracle we typically set up the schema as what the client is going to name their schema. This however does not fix your issue. What you need to do is create a global alias in Oracle that maps say DEV to CLIENTSCHEMA. You should still rename the schema on your machine but this will allow your schema to differ from your clients.