How can I check a permission granted for particular sequence and assign permission to particular sequence from SQL*Plus?
To grant a permission:
grant select on schema_name.sequence_name to user_or_role_name;
To check which permissions have been granted
select * from all_tab_privs where TABLE_NAME = 'sequence_name'
Just another bit. in some case i found no result on all_tab_privs! i found it indeed on dba_tab_privs. I think so that this last table is better to check for any grant available on an object (in case of impact analysis). The statement becomes:
select * from dba_tab_privs where table_name = 'sequence_name';
Related
I want to know which table level privileges are granted to me in oracle. how to check it?
Is there any query that displays me list of privileges which are granted to me?
Yes you can check it using following query :
SELECT * FROM USER_TAB_PRIVS_RECD;
You can try these below views.
SELECT * FROM USER_SYS_PRIVS;
SELECT * FROM USER_TAB_PRIVS;
SELECT * FROM USER_ROLE_PRIVS;
That's it:
How to know if I can delete with my oracle user? Without actually deleting anything?
I'm using a database that I don't own, nor have full access.
This information is available in the data-dictionary.
You can check for direct grants to you via:
SELECT OWNER, TABLE_NAME
FROM USER_TAB_PRIVS
WHERE PRIVILEGE = 'DELETE';
You can also check for privileges accessible through a ROLE by:
SELECT ROLE, TABLE_SCHEMA, TABLE_NAME
FROM SESSION_ROLES
INNER JOIN ALL_TAB_PRIVS
ON SESSION_ROLES.ROLE = ALL_TAB_PRIVS.GRANTEE
AND PRIVILEGE = 'DELETE';
In Oracle, when I run:
GRANT SELECT on MYSCHEMA.ORDERS to APP_USER;
What query can I run in Oracle to check if this grant exists? I would like to validate that this grant is correctly created in our development, QA, and production databases.
You can get that from the all_tab_privs performance view, or the user_ or dba_ equivalents depending on your situation and privileges:
select *
from all_tab_privs
where table_schema = 'MYSCHEMA'
and table_name = 'ORDERS'
and grantee = 'APP_USER';
To see everyone who has access, leave off the grantee filter. Note though that the grantee may be (and quite probably should be) a role, not an individual user. In that case you'd need to see who has that role granted to get the full picture, and roles can be granted to roles, so that can get a bit recursive.
Execute the following (if you are logged in as app_user) :-
select owner from user_tab_privs where table_name='Order' and grantee='App_user' and owner='MySchema';
If you are logged in as dba, then execute following :-
select owner from dba_tab_privs where table_name='Order' and grantee='App_user' and owner='MySchema';
If the grant was successful, then the above sql statements should have non-null output.
In my oracle DB, i have a user named test this user has DML_ROLE in the DB. And, i have provided insert/update/delete/select access to DML_ROLE on a table named hdr_detail.
But, when user test execute an update query on hdr_detail table its getting error message as Returned error: ORA-01031: insufficient privileges. It works fine when i provide the access directly to the user.
I'm confused why this error shows up only when i provide the access through role.
Table structure:
COLUMN NAME DATA TYPE
PERIOD NUMBER
HDR_ID VARCHAR2(50)
Query i use to update:
update test_sch.hdr_detail set period=201108 where hdr_id = 'check';
Statement i use to grant:
grant insert,select,update,delete on test_sch.hdr_detail to dml_role;
select * from dba_role_privs where grantee like 'TEST' returns the following result
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
TEST DML_ROLE NO NO
select * from dba_tab_privs where table_name like 'HDR_DETAIL' returns the following result
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH DELETE NO NO
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH INSERT NO NO
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH SELECT NO NO
DML_ROLE TEST_SCH HDR_DETAIL TEST_SCH UPDATE NO NO
Please help me in resolving this issue. Reply in comment if any more information is needed about this issue.
Try setting the role as the users default role:
ALTER USER test DEFAULT ROLE dml_role;
It could be an issue with how you are accessing the databse object HDR_DETAIL.
From Don burleson (http://www.dba-oracle.com/concepts/roles_security.htm):
Oracle roles have some limitations. In particular object privileges are granted through Oracle roles can not be used when writing PL/SQL code. When writing PL/SQL code, you must have direct grants to the objects in the database that your code is accessing.
If your user is issuing the UPDATE through an application or PL/SQL block then it will not use the role-based permissions. If this is the case you will have to grant the permissions directly.
That seems impossible.
Are you sure that your user connect to correct DB, schema, and query the right table?
I'm stunned.
Pls try
select * from test_sch.hdr_detail
wiht test user.
What query can I run to simply see whether a user has privelege to execute a stored procedure.
lets say user is UserA and stored procedure name is my_stored_proc
I want to know whether UserA has execute permission on my_stored_proc
UserA is not the owner of the storedproc. Some other owner grants him the permission.
To account for grants through a role:
select grantee, table_name, privilege
from dba_tab_privs
where
table_name = 'my_stored_proc'
and
owner = 'ownerOfObject'
and
(grantee = 'userA'
or
grantee in
(select granted_role
from dba_role_privs
where grantee = 'userA'
)
)
You could try
select ap.*
from All_Procedures ap
where ap.owner = 'UserA'
This only tells you if UserA is the owner. I suppose UserA could still have permission even if not the owner. Not sure how to check for that.
EDIT:
Other tables to check are
USER_SYS_PRIVS
USER_TAB_PRIVS
USER_ROLE_PRIVS
ROLE_SYS_PRIVS
ROLE_TAB_PRIVS
I've rarely queried these so I'm not exactly sure how to find what you're looking for, but I would start with these.
Got it...
SELECT * FROM DBA_TAB_PRIVS A WHERE GRANTEE = 'UserA' AND GRANTOR = 'someoneelse' and privilege = 'EXECUTE'
This is what worked for me, I wanted to find all SPs that I have access to:
select * from USER_TAB_PRIVS where GRANTEE='______' and PRIVILEGE='EXECUTE'
Columns in USER_TAB_PRIVS include GRANTEE, OWNER, GRANTOR, TABLE_NAME (in this case, the SP name) and PRIVILEGE, so in my opinion, this is perfect.
My understanding is that dpbradley and Omnipresent's answers won't work for a normal user because they can't access DBA_* tables.