I have below requirement in oracle database
Create User and grant to all objects in schema "abc"
If i add any tables to schema "abc", then the user should have access by default without executing individual Grant
Current we are executing Grant statements for every objects created in schema, is there any onetime configuration available? Please help
Note: Here user is not a schema owner, for ex. some one who having access to read-only access.
In current versions of Oracle, you could create a DDL Trigger and have this automatically execute a grant on the newly created object to your other user.
See the excellent PSOUG site for an overview: http://psoug.org/reference/ddl_trigger.html
Related
I am trying to create a read-only user for an Oracle 11g Database that will be used by SQLAlchemy to query the database.
I was using an existing DBA user with SQLAlchemy and wasn't having any problems, but now with the new user, I am unable to reflect database tables.
Could not reflect: requested table(s) not available in Engine
Note that I can SELECT the tables, just not reflect them.
I am wondering what kind of permissions I need to give to the new user for it to able to reflect through SQLALchemy.
I tried copying all roles from the existing DBA to the new user, but still get the same error
I even tried some advanced roles that weren't used before (I plan on deleting and adding the user correctly again later.
DBACONSULTA is the new user I am creating.
GRANT DBA TO DBACONSULTA
GRANT EXECUTE ANY EVALUATION CONTEXT TO DBACONSULTA
GRANT ANALYZE ANY TO DBACONSULTA
GRANT SELECT ANY TABLE TO DBACONSULTA
GRANT EXECUTE ANY PROGRAM TO DBACONSULTA
With Python I use the following code:
engine=create_engine('oracle+cx_oracle://...')
metadata = MetaData()
metadata.reflect(engine, only=['tablename'])
Get the error:
Could not reflect: requested table(s) not available in Engine
I want to be able to reflect tables, without using the Declarative form from SQLAlchemy
Thanks in advance.
I believe I have found the answers.
Two things that are important:
the table name had to be in lowercase (didn't work using uppercase)
the schema was not defined (turn out it was working because the user I was using was the owner of the schema of the tables)
So, when i declare the schema and use lowercase for the tablename the reflection works.
I want to import schema to my new host. First I had created new user account:
CREATE USER test IDENTIFIED BY test;
What kind of privileges I need to grant to have super role?
(create schema, tables, packages, triggers...etc)
It's one privilege to grant me access to all of them?
You should grant only those privileges that are required for a newly created user to work. One by one.
CREATE SESSION is the first one; without it, user can't even connect to the database.
CREATE TABLE is most probably also required, if user TEST is going to create his own tables.
That's enough to get it started. Once it appears that user needs to create a procedure, you'll grant CREATE PROCEDURE. And so forth.
There are/were roles named CONNECT and RESOURCE which contained the "most frequent" privileges one needed, but their use is - as far as I can tell & in my opinion - discouraged.
I'm using Oracle's 10g version.
In the database, I would like to create a configuration table and fill it with data.
Then the other users can not change anything in it, and even better that it was not at all visible to other users. Is it possible to somehow hide the table?
Regards
Create a separate schema for that table. Create a package that provides an API to your configuration data (e.g. to get a value that is needed by another program).
Revoke CREATE SESSION privilege from that schema (i.e. just don't grant any privileges to the schema at all). Don't grant any privileges on the table. The only users who will be able to see the table are those with DBA privileges.
The only thing that database sessions will be able to do is execute the package, IF they have been granted EXECUTE privilege on it.
If you do not grant enough privileges to other users, they could not see your objects.
I'm not a DBA, but I have some basic understanding about how SQL Server is supposed to work. I'm having trouble translating this knowledge into getting a working Oracle XE database, so my girlfriend can play around with her bookstore coursework.
So, I installed Oracle XE database, and downloaded Oracle SQL Developer. I supplied a password, during installation, and using this password in conjunction with sys login in sysdba-mode, I'm able to connect and browse the database, which I can only assume is the master database, since there are numerous tables that have nothing to do with future bookstores.
I want to create a new - empty database, and I don't much care about how it's configured. It's a playpen for coursework. So I happily stab with:
create database bookstore
and recieve an error to the effect of:
ORA-01100: database already mounted
I just want to create a new database, so that if something goes wrong i can do a drop database bookstore instead of manually deleting tables and such. In SQL Server Management Studio you execute these statements on the master database, and then connect to the specific database you want to play with.
A SQL Server database is roughly equivalent to a schema in Oracle. And a schema in Oracle is a collection of objects owned by a particular user.
Given that, it appears that you want to do something like
Create a user
CREATE USER bookstore IDENTIFIED BY bookstore;
Grant privileges to the user
GRANT CREATE SESSION TO bookstore;
GRANT UNLIMITED TABLESPACE TO bookstore;
GRANT CREATE TABLE TO bookstore;
GRANT CREATE VIEW TO bookstore;
GRANT CREATE TYPE TO bookstore;
GRANT CREATE SYNONYM TO bookstore;
GRANT CREATE PROCEDURE TO bookstore;
GRANT CREATE SEQUENCE TO bookstore;
GRANT CREATE MATERIALIZED VIEW TO bookstore;
Now, you should be able to connect to the bookstore schema in the XE database and create whatever tables, views, triggers, etc. you want.
You just need to create a schema in the database you already have. A schema in Oracle is sort of roughly equivalent to database in SQL Server, in some ways. Your girlfriend would use that schema as her playpen and you could drop it and recreate it easily. You should also create a user for her, which I think automatically creates a schema with same name as the user. But I would still create a dedicated coursework schema.
Oracle has extensive online documentation. Here's the master index for 10g. It's a bit daunting but you'll get to know your way around it.
I'm using Oracle XE but I would like to log in as a user than can create tables, contraints etc., but who cannot view all of the other system tables and stuff that you see when you log in with the system account.
How can I achieve this?
You need to create a new user with:
CREATE USER xxx IDENTIFIED BY yyyy;
From there, issue GRANT for the privileges you want to give the user:
GRANT CREATE SESSION TO xxx;
GRANT CREATE TABLE TO xxx;
GRANT CREATE VIEW TO xxx;
etc.
See the SQL Reference documentation for all the privileges you can grant. User xxx will only be able to see their own objects and objects they have been granted privileges on.