So i need to do a mapping from a Employee table (idEmployee, name, etc..) to a real user with a account created. I decided to add a table Mapping_Employee_User(idEmployee, userName) like below
CREATE TABLE Mapping_Employee_User(
idEmployee NUMBER(6)
CONSTRAINT FK_Mapping_Employee_User1 REFERENCES Employee (idEmployee),
userName VARCHAR2(30 BYTE)
CONSTRAINT FK_Mapping_Employee_User2 REFERENCES ALL_USERS(USERNAME),
CONSTRAINT PK_Mapping_Employee_User PRIMARY KEY (idEmployee, userName)
);
But i am getting a "ORA01031 insufficient privileges Cause: An attempt was made to change the current username or password..." But I am not actually doing that, I just want to make a reference.
As a note: I have full rights with this user
Logged as SYS I can see that the actual table is named "USER$", and I cant find table ALL_USERS...anyway how do I do this kind of reference??
ALL_USERS and USER$ are both system tables/views. They are maintained at a low level by Oracle itself. At a level too low to enforce those constraints. You simply can't do what you're trying to do.
(Think of it this way: what'd happen if you tried to DROP USER bob? Do you expect Oracle to enforce your foreign key constraint? What'd happen if your user tablespace is offline?)
edit: I suggest you just leave off the foreign key on userName. You may want to schedule some job to compare the users in Mapping_Employee_User vs. DBA_USERS to make sure they stay in sync. Alternatively, you may want to manage your Oracle users with, say, LDAP (which I hear is possible).
ALL_USERS is a view and not a table by itself.
grant select on all_users to USERNAME;
should suffice. if you are still getting ORA-01031 it's probably because the user doesn't have the CREATE TABLE privilege:
grant create table to USERNAME;
Related
I use SQL developer and i made a connection to my database with the system user, after I created a user and made a another connection with that user with all needed privileges.
But when I try to proceed following I get the SQL Error
ORA-00942 table or view does not exist.:
INSERT INTO customer (c_id,name,surname) VALUES ('1','Micheal','Jackson')
Because this post is the top one found on stackoverflow when searching for "ORA-00942: table or view does not exist insert", I want to mention another possible cause of this error (at least in Oracle 12c): a table uses a sequence to set a default value and the user executing the insert query does not have select privilege on the sequence. This was my problem and it took me an unnecessarily long time to figure it out.
To reproduce the problem, execute the following SQL as user1:
create sequence seq_customer_id;
create table customer (
c_id number(10) default seq_customer_id.nextval primary key,
name varchar(100) not null,
surname varchar(100) not null
);
grant select, insert, update, delete on customer to user2;
Then, execute this insert statement as user2:
insert into user1.customer (name,surname) values ('michael','jackson');
The result will be "ORA-00942: table or view does not exist" even though user2 does have insert and select privileges on user1.customer table and is correctly prefixing the table with the schema owner name. To avoid the problem, you must grant select privilege on the sequence:
grant select on seq_customer_id to user2;
Either the user doesn't have privileges needed to see the table, the table doesn't exist or you are running the query in the wrong schema
Does the table exist?
select owner,
object_name
from dba_objects
where object_name = any ('CUSTOMER','customer');
What privileges did you grant?
grant select, insert on customer to user;
Are you running the query against the owner from the first query?
Case sensitive Tables (table names created with double-quotes) can throw this same error as well. See this answer for more information.
Simply wrap the table in double quotes:
INSERT INTO "customer" (c_id,name,surname) VALUES ('1','Micheal','Jackson')
You cannot directly access the table with the name 'customer'. Either it should be 'user1.customer' or create a synonym 'customer' for user2 pointing to 'user1.customer'. hope this helps..
Here is an answer: http://www.dba-oracle.com/concepts/synonyms.htm
An Oracle synonym basically allows you to create a pointer to an object that exists somewhere else. You need Oracle synonyms because when you are logged into Oracle, it looks for all objects you are querying in your schema (account). If they are not there, it will give you an error telling you that they do not exist.
I am using Oracle Database and i had same problem. Eventually i found ORACLE DB is converting all the metadata (table/sp/view/trigger) in upper case.
And i was trying how i wrote table name (myTempTable) in sql whereas it expect how it store table name in databsae (MYTEMPTABLE). Also same applicable on column name.
It is quite common problem with developer whoever used sql and now jumped into ORACLE DB.
in my case when i used asp.net core app i had a mistake in my sql query. If your database contains many schemas, you have to write schema_name before table_name, like:
Select * from SCHEMA_NAME.TABLE_NAME...
i hope it will helpful.
in Oracle SQL developer I got error ORA-00942: Table or View not exist connecting with another user when I do the following:
CREATE USER marta IDENTIFIED BY 'marta';
GRANT SELECT, INSERT ON myTable TO marta;
so then, executing:
CONNECT marta/marta;
INSERT INTO myTable VALUES ('1', 'foo', bar');
got the ORA-00942...
Obviusly, If I use system user I can insert row with no issues.
I searched other answers but I couldnt solve this... what is wrong
Obviusly, If I use system user I can insert row with no issues.
Uh-oh. There's nothing obvious about that. The SYSTEM user should not own a table called MY_TABLE (or whatever application table that is actually named). The SYSTEM user is part of the Oracle database, its schema is governed by Oracle and using it for our own application objects is really bad practice.
But it seems you have created a table in that schema and user MARTA can't see it. That's standard. By default users can only see their own objects. They can only see objects in other schemas if the object's owner (or a power user) grants privileges on that object to the other user.
So, as SYSTEM
grant select on my_table to marta;
Then, as MARTA
select * from system.my_table;
To avoid prefixing the owning schema MARTA can create a synonym:
create or replace synonym my_table for system.my_table;
select * from my_table;
But really, you need to stop using SYSTEM for your own tables.
In the documentation for all_constraints table it says that the "owner" column gives us information about "Owner of the constraint definition". But when examining the living example I found that to be false.
select user from dual; --gives EXAMPLE_USER
create table example_user.example_table(id number);
Now I will change user to SYS.
select user from dual --gives SYS
alter table example_user.example_table add constraint ex_constrain check(id > 10);
Now the best part:
select owner from all_constraints where constraint_name = 'EX_CONSTRAINT';
--gives EXAMPLE_USER and not SYS.
My question is simple: why?
Tested on: Oracle Database 11g EE 11.2.0.4.0
Well, SYS is special, it owns the database and can do anything.
If you wanted to do the same with another user (for example, SCOTT, and let it try to create constraint for EXAMPLE_USER's table), you'd fail unless privileged user grants SCOTT ALTER ANY TABLE system privilege. Doing so, that user will be able to alter any table (which belongs to any user), and that includes creating constraints.
If you'd want to create a primary key constraint, that privilege won't be enough - you'll need CREATE ANY INDEX privilege as well (as primary key creates index as well).
Just like CREATE ANY TABLE system privilege, which allows you to create a table in any other user's schema, but that table will then belong to the schema owner, the same goes for a constraint - yes, you created it in behalf of another user, but the constraint is still owned by the table owner, not the creator.
Therefore, dictionary isn't lying, it is you who misunderstood how it goes.
I confused lot in oracle about schema, user and functional id. Let consider my two different cases
Case I :
Let us consider SCOTT#ORCL.If we think SCOTT is user. while creating user alone it ll create a schema. Correct me If i am wrong. In this case while we were creating SCOTT user alone SCOTT schema was created. Suppose If we create another schema say X . Is this possible to SCOTT user owns X schema ?
Case II :
Let us consider SCOTT#ORCL.If we think SCOTT is schema alone i-e which is created by schema command alone. If it is so then what is the use of schema w/o any user who is going to own it.
I heard oracle function ID is one which will connect several user/schema(i don't know whether I can put schema/user here ) in a data base. is there is difference b/w oracle functional ID with user/schema ?
Many people find this topic confusing, because we tend to bandy around USER and SCHEMA interchangeably, when they are in fact separate if related entities.
A schema is the collection of database objects owned by a user. When we create a user we create their schema at the same time. Initially their schema is empty.
It is easy to demonstrate that USER and SCHEMA are distinct, because we change the current schema in the session. This just means we can reference objects in another user's schema without prefixing them with the owner's name.
SQL> desc t1
Name Null? Type
----------------------------------------- -------- -------------
ID NUMBER
SQL> alter session set current_schema=APC
2 /
Session altered.
SQL> desc t1
ERROR:
ORA-04043: object t1 does not exist
SQL> sho user
USER is "X"
SQL>
In this case, either APC doesn't have a table called T1 or he hasn't granted it to X. The only way X can see her own table is to prefix it with her own name, or switch the current schema back to herself.
To answer your first question, the schema always has the same name as the user. So it is not possible for SCOTT to own schema X; schema X is owned by user X.
To answer your second question, it is impossible to create a schema without a user.
True, there is a CREATE SCHEMA command, but this requires the prior creation of the user. It is actually not creating a schema but creating several database objects. In effect it is more of a ADD OBJECTS TO SCHEMA command.
SQL> conn sys as sysdba
Enter password:
Connected.
SQL> create user x identified by x
2 default tablespace users quota 10m on users
3 /
User created.
SQL> grant create session, create table to x
2 /
Grant succeeded.
SQL> conn x/x
Connected.
SQL> create schema authorization x
2 create table t1 (id number)
3 create table t2 (id number)
4 /
Schema created.
SQL> select table_name from user_tables
2 /
TABLE_NAME
------------------------------
T1
T2
SQL>
The CREATE SCHEMA command is pretty limited: we can create tables, views and indexes, and grant privileges on objects. The advantage of it is simply that we can create several objects in a single transaction, so that all the creates are rolled back if one fails. This is not possible when we run each create statement separately.
Not sure what you're thinking off when you mention "function ID". It's not a standard piece of Oracle functionality.
This does not define the difference between an owner and schema.
But I have always struggled with the idea that I create N number of users....when I want each of these users to "consume" (aka, use) a single schema.
This guy shows how to do this (have N number of users...get "redirected" to a single schema.
I will paste his code as well, on the off-chance the URL link dies in the future.
http://www.oracle-base.com/articles/misc/schema-owners-and-application-users.php
He has a second "synonym" approach. But I am only pasting the CURRENT_SCHEMA version.
AGAIN, I take NO credit for this. I just hate when someone says "your answer is at this link" and BOOM, the link is dead. :<
......................................................
(from http://www.oracle-base.com/articles/misc/schema-owners-and-application-users.php)
CURRENT_SCHEMA Approach
This method uses the CURRENT_SCHEMA session attribute to automatically point application users to the correct schema.
First, we create the schema owner and an application user.
CONN sys/password AS SYSDBA
-- Remove existing users and roles with the same names.
DROP USER schema_owner CASCADE;
DROP USER app_user CASCADE;
DROP ROLE schema_rw_role;
DROP ROLE schema_ro_role;
-- Schema owner.
CREATE USER schema_owner IDENTIFIED BY password
DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp
QUOTA UNLIMITED ON users;
GRANT CONNECT, CREATE TABLE TO schema_owner;
-- Application user.
CREATE USER app_user IDENTIFIED BY password
DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp;
GRANT CONNECT TO app_user;
Notice that the application user can connect, but does not have any tablespace quotas or privileges to create objects.
Next, we create some roles to allow read-write and read-only access.
CREATE ROLE schema_rw_role;
CREATE ROLE schema_ro_role;
We want to give our application user read-write access to the schema objects, so we grant the relevant role.
GRANT schema_rw_role TO app_user;
We need to make sure the application user has its default schema pointing to the schema owner, so we create an AFTER LOGON trigger to do this for us.
CREATE OR REPLACE TRIGGER app_user.after_logon_trg
AFTER LOGON ON app_user.SCHEMA
BEGIN
DBMS_APPLICATION_INFO.set_module(USER, 'Initialized');
EXECUTE IMMEDIATE 'ALTER SESSION SET current_schema=SCHEMA_OWNER';
END;
/
Now we are ready to create an object in the schema owner.
CONN schema_owner/password
CREATE TABLE test_tab (
id NUMBER,
description VARCHAR2(50),
CONSTRAINT test_tab_pk PRIMARY KEY (id)
);
GRANT SELECT ON test_tab TO schema_ro_role;
GRANT SELECT, INSERT, UPDATE, DELETE ON test_tab TO schema_rw_role;
Notice how the privileges are granted to the relevant roles. Without this, the objects would not be visible to the application user. We now have a functioning schema owner and application user.
SQL> CONN app_user/password
Connected.
SQL> DESC test_tab
Name Null? Type
----------------------------------------------------- -------- ------------------------------------
ID NOT NULL NUMBER
DESCRIPTION VARCHAR2(50)
SQL>
This method is ideal where the application user is simply an alternative entry point to the main schema, requiring no objects of its own.
Is it possible to force all create table statements to use a specific database.tablespace by passing a parameter to the JDBC URL? For example instead of manually specifying it as follows
CREATE TABLE Message (id INTEGER NOT NULL, created TIMESTAMP, message VARCHAR(255),PRIMARY KEY (id)) in DATABASE.TABLESPACE
I'd like to specify "database.tablespace" in the connection URL and execute
CREATE TABLE Message (id INTEGER NOT NULL, created TIMESTAMP, message VARCHAR(255), PRIMARY KEY (id))
DB2 lacks entirely the concept you require. It handles the first tablespace the user has access rights to as "the default":
IF table space IBMDEFAULTGROUP (over which the user
has USE privilege) exists with sufficient page size
THEN choose it
ELSE IF a table space (over which the user has USE privilege)
exists with sufficient page size (see below when
multiple table spaces qualify)
THEN choose it
ELSE return an error (SQLSTATE 42727)
Thus the way to achieve what you require is to remove access privileges from all but one tablespace, ie.
-- repeat for all tablespaces
revoke use of tablespace myspace1 from public
revoke use of tablespace myspace1 from user/group xxx
-- and make sure the ones you really need have access rights
grant use of tablespace myspace1 to user creatoruser
Naturally this requires that you plan your actions well, but the approach works.