In Oracle, a table, 'MyTable' is owned by 'User1', how can I grant table access permission to another user, say 'User2' ?
In SQL server, we have some application access permission, does Oracle has something ?
You can grant SELECT privileges (or INSERT, UPDATE, DELETE, and a few others like REFERENCES) to a user
GRANT SELECT
ON user1.MyTable
TO user2
It would be more common, though, to create a role, grant the privileges to the role, and then grant the role to whatever users need it, i.e.
CREATE ROLE user1_select;
GRANT SELECT
ON user1.MyTable
TO user1_select;
GRANT user1_select
TO user2;
That makes it easier in the future to grant a single role to more users and to ensure that all the users with a specific job function have the same set of roles rather than trying to make sure that you've granted everyone access to exactly the same set of objects.
Related
Whenever I give a user "all privileges" in ORACLE (example below), what does this actually do?
My understanding is that it gives a user any privilege, e.g inserting, deleting etc within that schema but not to any schema in the DB?
grant all privileges to my_user;
You can grant all [privileges] on <some object>, but you aren't specifying an object; so you are granting system privileges:
The documentation for system privileges says:
Oracle Database provides the ALL PRIVILEGES shortcut for granting all the system privileges listed in Table 18-1, except the SELECT ANY DICTIONARY, ALTER DATABASE LINK, and ALTER PUBLIC DATABASE LINK privileges.
System privileges are not always restricted to a schema. That table includes a lot of ANY privileges, which are specifically not restricted to a schema. If you grant all privileges to a user they will be able to create or alter a table in any schema, for example. That probably isn't what you want.
There is no shortcut to grant only schema-restricted privileges. You'll need to grant CREATE TABLE, CREATE INDEX, etc. explicitly.
It's common practice to create a role to which you grant the necessary privileges, and then you just have to grant that role to your users. (Although you sometimes still need to grant privileges directly to users, e.g. if they are required in a stored procedure).
I granted CREATE ANY TABLE privilege to allow another user to create tables for my user. Ok. That worked. I want to allow this same user, after they created the table, to grant select privilege to public. But the Oracle says: insufficient privileges.
How can I grant select privileges to a table I have just created?
How can I grant permission to specific users in Hive?
When I try with different users and set the permission with the GRANT statement, then these users were able to change the permission on create, update and any kind of operation on the objects(database, tables etc).
So how can I configure Hive such that only the selected user is able to grant permission?
I've created two users using the below statements using the System user. I want the ADMIN_USER to have all privileges and this user will create a set of tables. I have an external process that is pumping in data for two of my tables created by the ADMIN_USER. The question I have is if the ADMIN_USER creates all the table structures, how do I give EXTERNAL_USER the capability to read, update and insert into TABLE_A and TABLE_B only? Would I run the grant statements when I'm logged in as ADMIN_USER or the SYSTEM user? I'm using Oracle 11g.
Created both while logged in as SYSTEM User:
create user "ADMIN_USER" identified by "p#ssword123";
grant create session, grant any privilege to ADMIN_USER;
create user "EXTERNAL_USER" identified by "p#ssword321";
Logged in as ADMIN_USER:
GRANT create session, select, update, insert
ON TABLE_A
TO EXTERNAL_USER;
GRANT create session, select, update, insert
ON TABLE_B
TO EXTERNAL_USER;
First off, it is terribly unlikely that you want to grant ADMIN_USER the GRANT ANY PRIVILEGE privilege. The user doesn't require any privileges in order to grant object-level privileges on tables that the user owns. The ANY privileges are terribly powerful. A user that can grant any privilege to another user can make any user (including the user itself) a DBA. That is not what you want.
Realistically, as SYSTEM, you want to grant the system privileges that you want the users to have. As the object owner, you would then grant the object-level privileges.
As SYSTEM
CREATE USER admin_user
IDENTIFIED BY "p#ssword123"
DEFAULT TABLESPACE tablespace_name
QUOTA 10M ON tablespace_name;
CREATE USER external_user IDENTIFIED BY "p#ssword321";
GRANT CREATE SESSION, CREATE TABLE TO admin_user;
GRANT CREATE SESSION TO external_user;
As ADMIN_USER
<<create the tables>>
GRANT select, insert, update
ON table_a
TO external_user;
GRANT select, insert, update
ON table_b
TO external_user;
A DBA should also be able to grant object-level privileges. It's generally preferable to use the object owner account for that.
I need to grant privileges to all users, I can do:
GRANT select on table TO user1;
GRANT select on table TO user2;
...
But there are many users. How can I grant this privilege to all users at once?
I tried:
GRANT select on table TO ALL;
But that doesn't work.
grant select on table to public;
But be careful when you do that -- make sure it's what you really want to do.
You should use roles.
Grant permission to roles.
grant roles to users.