DB: Oracle 10g
I can grant DML commands to a user for some tables:
GRANT SELECT, UPDATE, DELETE, INSERT ON USER_A.TABLE_1 TO USER_B;
How to list all grants (about select, update, insert, delete) that USER_B has received, and for what tables?
I checked table "all_tab_privs_recd", but doesn't have what I'm looking for.
Pete Finnegan, Oracle security expert extrordinaire, has several different tools available that will help you answer these types of questions.
See:
http://www.petefinnigan.com/tools.htm
In particular, for the question above, see find_all_privs.sql
Hope that helps.
I can't figure out how to use those views that you suggest for listing all grants that USER_B received.
GRANT SELECT, UPDATE, DELETE, INSERT ON USER_A.TABLE_1 TO USER_B;
I query:
select * from all_tables where owner='USER_A'
shows 16 rows
Select * from all_tab_privs_recd where grantor = 'USER_A'
shows 0 rows
Select * from all_tab_privs_recd where grantee = 'USER_A'
shows 0 rows
Select * from all_tab_privs_recd where grantee = 'USER_B'
shows 0 rows
Select * from all_tab_privs_recd where grantor = 'USER_B'
shows 129 rows, but USER_A is not in grantee, nor in grantor nor in owner
The all_tab_privs_recd (and the all_tab_privs) views only show the tables that have explicit grants on them, they don't show the tables that are owned by USER_B. (Unless grants have been given to other users. That is, where the GRANTEE and OWNER are the same.) For that you'd have to look at all_tables to see what tables they own and therefore have full access to.
Related
I have created table it's sequence on owner .
Also granted permission of insert update delete select on table from owner to user.
Also granted select on sequence from owner to user.
Finally I logged in user and created synonym for owner table and sequence.
Now when I access table in user it throws insufficient permission.the same table can be accessible in owner..
Any idea what I'm missing here..
You should execute these queries and verify grantor and grant:
select * from all_tab_privs where table_name ='YOUR_NAME_SEQUENCE';
select * from all_tab_privs where table_name ='YOUR_NAME_TABLE';
select * from all_synonyms where synonym_name ='YOUR_NAME_TABLE';
Certainly Grantor not equal to your user or some grant is missed.
Thank you.
issue got resolved as issue with grant statement I gave incorrect user id
In Oracle, I granted select on a table to a user by giving the following command:
GRANT SELECT ON DEPT TO HOMERSIMPSON;
Once I granted a select on the dept table to homersimpson, I queried the dba_sys_privs, there's no record of the privilege granted. I used the following query:
Select * from dba_sys_privs where grantee = 'HOMERSIMPSON';
Why is the privilege not reported on this table?
Thanks in advance.
You are granting a SELECT on a specific table. That's not a system priv. It is an object prv. Try looking at DBA_TAB_PRIVS.
I have an issue where I (as sysdba) granted a privilege to perform a select on any table to a user. I used the following query:
GRANT SELECT ANY TABLE TO BARTSIMPSON
I get the message that grant succeeded. But I don't see a record of this privilege in the dba_tab_privs. Why? Thanks in advance
You are looking in the wrong view. dba_tab_privs shows table privileges. select any table is a system privilege. You should look for it in dba_sys_privs.
What is the query to get all objects with privileges under a specific role.
ROLE_NAME TABLE SELECT INSERT DELETE UPDATE EXECUTE
SELECT *
FROM DBA_TAB_PRIVS
WHERE GRANTEE='ROLE_NAME';
DBA_TAB_PRIVS describes all object grants in the database.
Or to get the grants for all the roles, you can use below query.
SELECT grantee role_name,table_name,privilege
FROM dba_tab_privs dtp,dba_roles dr
WHERE dtp.grantee=dr.role
ORDER BY role_name,table_name,privilege;
I have a table orders in OE schema. I don't have access to this table either from scott or hr schemas . But when I try to select from oe.orders from these 2 schemas I get different messages as below.Why is this so?
SQL> connect scott/test
Connected.
SQL> select count(*) from oe.orders;
select count(*) from oe.orders
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> connect hr/test
Connected.
SQL> select count(*) from oe.orders;
select count(*) from oe.orders
*
ERROR at line 1:
ORA-00942: table or view does not exist
SCOTT may have INSERT, UPDATE, and/or DELETE privileges on the table oe.orders, but not SELECT, while HR clearly has no privileges granted at all on oe.orders. SCOTT could also have INSERT ANY TABLE, DELETE ANY TABLE, and/or UPDATE ANY TABLE as well.
Be sure to look in dba_sys_privs for granted system privileges that might confer the ability to know an object such as a table exists, without granting the right to select from it. For example, CREATE ANY INDEX or ANALYZE ANY privileges result in the insufficient privileges message for a table I don't have DML rights on. Compare the privileges granted to SCOTT with those granted to HR.