I have a directory in all_directories, but I need to find out what permissions are associated with it, i.e. what has been granted on it?
This should give you the roles, users and permissions granted on a directory:
SELECT *
FROM all_tab_privs
WHERE table_name = 'your_directory'; --> needs to be upper case
And yes, it IS in the all_TAB_privs view ;-) A better name for that view would be something like "ALL_OBJECT_PRIVS", since it also includes PL/SQL objects and their execute permissions as well.
You can see all the privileges for all directories wit the following
SELECT *
from all_tab_privs
where table_name in
(select directory_name
from dba_directories);
The following gives you the sql statements to grant the privileges should you need to backup what you've done or something
select 'Grant '||privilege||' on directory '||table_schema||'.'||table_name||' to '||grantee
from all_tab_privs
where table_name in (select directory_name from dba_directories);
Wasn't sure if you meant which Oracle users can read\write with the directory or the correlation of the permissions between Oracle Directory Object and the underlying Operating System Directory.
As DCookie has covered the Oracle side of the fence, the following is taken from the Oracle documentation found here.
Privileges granted for the directory
are created independently of the
permissions defined for the operating
system directory, and the two may or
may not correspond exactly. For
example, an error occurs if sample
user hr is granted READ privilege on
the directory object but the
corresponding operating system
directory does not have READ
permission defined for Oracle Database
processes.
With Oracle 11g R2 (at least with 11.2.02) there is a view named datapump_dir_objs.
SELECT * FROM datapump_dir_objs;
The view shows the NAME of the directory object, the PATH as well as READ and WRITE permissions for the currently connected user. It does not show any directory objects which the current user has no permission to read from or write to, though.
Expanding on this a bit, this script will allow you to see the privileges for any object type and name that appears in all_tab_privs.
/*
usage: #obj-privs <object-type> <object-name>
object-type can be any type of object; table, directory, index, etc.
case does not matter
object-name can be any legal name - case matters
Wild cards work for both object-type and object-name
#obj-privs dir% MYDIR
#obj-privs table INV%
#obj-privs synonym %
*/
set pagesize 100
set linesize 200 trimspool off
col grantor format a15
col grantee format a30
col table_schema format a30 head 'OWNER'
col table_name format a30 head 'OBJECT_NAME'
col privilege format a15
col v_object_name new_value v_object_name noprint
col v_object_type new_value v_object_type noprint
set feed off term off echo off pause off verify off
select upper('&1') v_object_type from dual;
select '&2' v_object_name from dual;
set feed on term on feed on
select
p.table_name
, p.table_schema
, p.privilege
, p.grantee
, p.grantor
, o.object_type
from all_tab_privs p
join all_objects o on o.owner = p.table_schema
and o.object_name = p.table_name
and p.table_name like '&v_object_name'
and o.object_type like '&v_object_type'
order by p.table_name, p.table_schema, p.grantee
/
Here is an example for directories:
SQL# #obj-privs dir% %
OBJECT_NAME OWNER PRIVILEGE GRANTEE GRANTOR OBJECT_TYPE
------------------------------ ------------------------------ --------------- ------------------------------ --------------- ---------------------------------------------------------------------
DATA_PUMP_DIR SYS WRITE EXP_FULL_DATABASE SYS DIRECTORY
DATA_PUMP_DIR SYS READ EXP_FULL_DATABASE SYS DIRECTORY
DATA_PUMP_DIR SYS WRITE IMP_FULL_DATABASE SYS DIRECTORY
DATA_PUMP_DIR SYS READ IMP_FULL_DATABASE SYS DIRECTORY
ORACLE_OCM_CONFIG_DIR SYS READ ORACLE_OCM SYS DIRECTORY
ORACLE_OCM_CONFIG_DIR SYS WRITE ORACLE_OCM SYS DIRECTORY
ORACLE_OCM_CONFIG_DIR2 SYS WRITE ORACLE_OCM SYS DIRECTORY
ORACLE_OCM_CONFIG_DIR2 SYS READ ORACLE_OCM SYS DIRECTORY
8 rows selected.
Here is another for tables with USER in the name:
SQL# #obj-privs tab% %USER%
OBJECT_NAME OWNER PRIVILEGE GRANTEE GRANTOR OBJECT_TYPE
------------------------------ ------------------------------ --------------- ------------------------------ --------------- ---------------------------------------------------------------------
BDSQL_USER_MAP SYS INSERT BDSQL_ADMIN SYS TABLE
BDSQL_USER_MAP SYS DELETE BDSQL_ADMIN SYS TABLE
BDSQL_USER_MAP SYS SELECT BDSQL_ADMIN SYS TABLE
BDSQL_USER_MAP SYS READ BDSQL_USER SYS TABLE
KU$_USER_MAPPING_VIEW_TBL SYS SELECT SELECT_CATALOG_ROLE SYS TABLE
SDO_PREFERRED_OPS_USER MDSYS UPDATE PUBLIC MDSYS TABLE
SDO_PREFERRED_OPS_USER MDSYS INSERT PUBLIC MDSYS TABLE
SDO_PREFERRED_OPS_USER MDSYS SELECT PUBLIC MDSYS TABLE
SDO_PREFERRED_OPS_USER MDSYS DELETE PUBLIC MDSYS TABLE
USER_PRIVILEGE_MAP SYS READ PUBLIC SYS TABLE
10 rows selected.
Related
I just upgraded to Oracle 18c XE from 11g. I have an external table that worked fine on 11g, but I keep getting the following errors on 18c.
ORA-29913: error in executing ODCIEXTTABLEOPEN callout
ORA-29400: data cartridge error
KUP-11604: no directory object specified for log file
The directory does exist and I have the correct grants.
SELECT *
FROM all_directories
WHERE directory_name = 'MYDIR';
OWNER DIRECTORY_NAME DIRECTORY_PATH ORIGIN_CON_ID
SYS MYDIR C:\Users\sneuf\OneDrive\PLSQL\OracleDirectory 1
I have the required privileges.
SELECT *
FROM all_tab_privs
WHERE table_name = 'MYDIR'
AND grantee = 'C##_SNEUF';
GRANTOR GRANTEE TABLE_SCHEMA TABLE_NAME PRIVILEGE GRANTABLE HIERARCHY COMMON TYPE INHERITED
SYS C##_SNEUF SYS MYDIR EXECUTE YES NO NO DIRECTORY NO
SYS C##_SNEUF SYS MYDIR READ YES NO NO DIRECTORY NO
SYS C##_SNEUF SYS MYDIR WRITE YES NO NO DIRECTORY NO
I'm pretty sure I'm missing a grant somewhere, but I can't figure out what. Can someone please help?
Here is my table:
CREATE TABLE C##_SNEUF.CHECKING_TBL_EXT2
(
DB_KEY NUMBER,
CHECK_NUM VARCHAR2(10),
TRANS_DATE TIMESTAMP (6),
DESCRIPTION VARCHAR2(100),
DEPOSIT_WITHDRAWAL VARCHAR2(1),
AMOUNT VARCHAR2(12),
MEMO VARCHAR2(200)
)
ORGANIZATION EXTERNAL
( TYPE ORACLE_LOADER
DEFAULT DIRECTORY MYDIR
ACCESS PARAMETERS
( RECORDS DELIMITED BY NEWLINE
BADFILE MYDIR: 'checking.bad'
FIELDS TERMINATED BY ","
OPTIONALLY ENCLOSED BY '"'
LDRTRIM
MISSING FIELD VALUES ARE NULL
(
DB_key CHAR,
check_num CHAR(10),
trans_date CHAR(21) DATE_FORMAT DATE MASK 'MM/DD/YYYY HH24:MI:SS',
description CHAR(100),
deposit_withdrawal CHAR(1),
amount CHAR(12),
memo CHAR(200)
)
)
LOCATION
( MYDIR: 'checking.csv'
)
)
REJECT LIMIT UNLIMITED ;
Thanks,
Steve
Logfile isn't specified, so - by default - it resides in the same directory as the data file.
However, as you write to log file, you require write privilege on the MYDIR directory. Info you posted suggests that you have only READ privilege so - grant WRITE as well.
I'm using sql plus. I need to know the difference between two commands.
SELECT * FROM cat
and
SELECT * FROM tab;
Any kind of help will be appreciated.
thanks
They are both part of data dictionary and are PUBLIC SYNONYMNS for corresponding SYS tables/views.
SELECT object_name,
owner,
object_type
FROM all_objects
WHERE object_name IN (
'CAT',
'TAB'
);
OBJECT_NAME OWNER OBJECT_TYPE
------------------- ----------------- -------------
TAB SYS VIEW
TAB PUBLIC SYNONYM
CAT PUBLIC SYNONYM
Which are themselves VIEWS by the name USER_CATALOG and TAB.
SELECT owner,
synonym_name,
table_name
FROM all_synonyms
WHERE synonym_name IN (
'TAB',
'CAT'
);
OWNER SYNONYM_NAME TABLE_NAME
---------------------- ----------------------- -------------
PUBLIC CAT USER_CATALOG
PUBLIC TAB TAB
SYSTEM TAB TAB
If you want to see what data dictionary tables/views those VIEWs are selecting from, you may run
SELECT view_name,text_vc
FROM all_views
WHERE view_name IN ('TAB', 'USER_CATALOG');
Note: Justin Cave here says that "tab is an ancient data dictionary table that should never be used. It exists solely to provide backwards compatibility for scripts that were written potentially decades ago."
I want to grant SELECT access to v$session to other users in an Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
but when I run this query:
SELECT owner, object_type FROM dba_objects WHERE object_name = 'V$SESSION';
I got this error:
00942. 00000 - "table or view does not exist"
Oracle v$ views are named V_$VIEWNAME and they have synonyms in format V$VIEWNAME and you can’t give privilege on a synonym. If you want to give permission to a V$ view you must give it like below
SQL> grant select on v_$session to hr;
We also needed a regular user without access to v$session to cleanup sessions. A function will execute with the privileges of the owning schema, so if you create a function as the user having access to V$SESSION you can execute it from the user not having the required privilege.
For example, IFH_OWNER has access to v$session, user id854812 doesn't:
As id854812:
select count(*) from v$session
ORA-00942: table or view does not exist
As IFH_OWNER:
select count(*) from v$session
56
create or replace function getSessionCount return int
as
vCnt int;
begin
select count(*) into vCnt from v$session;
return( vCnt);
end;
select getSessionCount from dual;
56
grant execute on getSessionCount to id854812;
As id854812:
select ifh_owner.getSessionCount from dual;
56
Is there any way to find out, whether is table partitioned by Hash, Range or List in Oracle?
I could not find such info in metadata tables.
Thanks for help.
You haven't searched metadata tables enough.
Connected to Oracle Database 12c Enterprise Edition Release 12.2.0.1.0
Connected as xxx#yyy
SQL> select owner, table_name, partitioning_type, subpartitioning_type
SQL> from all_part_tables
SQL> where owner = 'SYS'
SQL> and rownum <= 10
SQL> ;
OWNER TABLE_NAME PARTITIONING_TYPE SUBPARTITIONING_TYPE
-------------------------------------------------------------------------------- -------------------------------------------------------------------------------- ----------------- --------------------
SYS AQ$_SUBSCRIBER_LWM HASH NONE
SYS WRH$_FILESTATXS RANGE NONE
SYS WRH$_SQLSTAT RANGE NONE
SYS WRH$_SYSTEM_EVENT RANGE NONE
SYS WRH$_WAITSTAT RANGE NONE
SYS WRH$_LATCH RANGE NONE
SYS WRH$_LATCH_CHILDREN RANGE NONE
SYS WRH$_LATCH_PARENT RANGE NONE
SYS WRH$_LATCH_MISSES_SUMMARY RANGE NONE
SYS WRH$_EVENT_HISTOGRAM RANGE NONE
10 rows selected
SQL>
You should be better off with using the user_part_tables instead of all_part_tables, and then please omit the owner = 'SYS' predicate from the where clause.
I wanted to delete some unused schemas on our oracle DB.
How can I query for all schema names ?
Using sqlplus
sqlplus / as sysdba
run:
SELECT *
FROM dba_users
Should you only want the usernames do the following:
SELECT username
FROM dba_users
Most likely, you want
SELECT username
FROM dba_users
That will show you all the users in the system (and thus all the potential schemas). If your definition of "schema" allows for a schema to be empty, that's what you want. However, there can be a semantic distinction where people only want to call something a schema if it actually owns at least one object so that the hundreds of user accounts that will never own any objects are excluded. In that case
SELECT username
FROM dba_users u
WHERE EXISTS (
SELECT 1
FROM dba_objects o
WHERE o.owner = u.username )
Assuming that whoever created the schemas was sensible about assigning default tablespaces and assuming that you are not interested in schemas that Oracle has delivered, you can filter out those schemas by adding predicates on the default_tablespace, i.e.
SELECT username
FROM dba_users
WHERE default_tablespace not in ('SYSTEM','SYSAUX')
or
SELECT username
FROM dba_users u
WHERE EXISTS (
SELECT 1
FROM dba_objects o
WHERE o.owner = u.username )
AND default_tablespace not in ('SYSTEM','SYSAUX')
It is not terribly uncommon to come across a system where someone has incorrectly given a non-system user a default_tablespace of SYSTEM, though, so be certain that the assumptions hold before trying to filter out the Oracle-delivered schemas this way.
SELECT username FROM all_users ORDER BY username;
select distinct owner
from dba_segments
where owner in (select username from dba_users where default_tablespace not in ('SYSTEM','SYSAUX'));
Below sql lists all the schema in oracle that are created after installation
ORACLE_MAINTAINED='N' is the filter. This column is new in 12c.
select distinct username,ORACLE_MAINTAINED from dba_users where ORACLE_MAINTAINED='N';
How about :
SQL> select * from all_users;
it will return list of all users/schemas, their ID's and date created in DB :
USERNAME USER_ID CREATED
------------------------------ ---------- ---------
SCHEMA1 120 09-SEP-15
SCHEMA2 119 09-SEP-15
SCHEMA3 118 09-SEP-15
Either of the following SQL will return all schema in Oracle DB.
select owner FROM all_tables group by owner;
select distinct owner FROM all_tables;