I'm using Oracle XE but I would like to log in as a user than can create tables, contraints etc., but who cannot view all of the other system tables and stuff that you see when you log in with the system account.
How can I achieve this?
You need to create a new user with:
CREATE USER xxx IDENTIFIED BY yyyy;
From there, issue GRANT for the privileges you want to give the user:
GRANT CREATE SESSION TO xxx;
GRANT CREATE TABLE TO xxx;
GRANT CREATE VIEW TO xxx;
etc.
See the SQL Reference documentation for all the privileges you can grant. User xxx will only be able to see their own objects and objects they have been granted privileges on.
Related
I am working on adding liquibase in my spring boot app which connects to an oracle DB. I don't feel comfortable using the schema ID in my application. So I would like to create another user id that will be used to connect to the DB from my app. Since I am using liquibase this new user id will need to have create, drop, select, insert, update, delete on all table in that schema.
In Mysql I can ran the following command:
GRANT CREATE, DROP, SELECT, INSERT, UPDATE, DELETE ON SCHEMA_NAME.* TO 'liquidbase_local_usr'#'localhost';
is there a similar query in Oracle?
I did this with the Datical product that was built on Liquibase.
First I created a role called DATICAL_PACKAGER_ROLE and assigned it to the user $DaticalUser:
CREATE ROLE DATICAL_PACKAGER_ROLE NOT IDENTIFIED;
-- When using the tracefileLocation=REMOTE, you will need to setup the following permissions.
-- Note: These permissions are only required on schemas running the Convert SQL Scripts command. This is only needed on the packaging / reference database.
GRANT EXECUTE ANY PROCEDURE TO DATICAL_PACKAGER_ROLE;
GRANT ALTER SESSION TO DATICAL_PACKAGER_ROLE;
GRANT CREATE ANY DIRECTORY TO DATICAL_PACKAGER_ROLE;
GRANT DROP ANY DIRECTORY TO DATICAL_PACKAGER_ROLE;
-- The following permissions are needed for backing up and restoring the database. This is only needed on the packaging / reference database.
GRANT EXP_FULL_DATABASE TO DATICAL_PACKAGER_ROLE;
GRANT IMP_FULL_DATABASE TO DATICAL_PACKAGER_ROLE;
-- The following must be run as sysdba
-- SQL > conn / as sysdba
GRANT EXECUTE on SYS.UTL_FILE TO DATICAL_PACKAGER_ROLE;
-- Grant the new role to the Datical User
GRANT DATICAL_PACKAGER_ROLE to $DaticalUser;
Then I granted the role to the schema I wanted:
GRANT DATICAL_PACKAGER_ROLE to <yourschema>;
I create user(schema) in oracle. like this
create user EMP_DB identified by netsolpk account unlock;
But when i tried login through schema name and password, login failed. Below is the error message.
user EMP_DB lacks create session privilage; login denied.
I've not created any tablespaces.
For this, do I need to create any tablespace? If needed, how to create a tablespace?
And what more things are required for creating a schema in oracle 11g.
Please help me and give me step by step procedure.
The error user EMP_DB lacks create session privilage; login denied indicates that you need privilege to create a session. So you need to grant the appropriate privilege like,
GRANT CREATE SESSION TO emp_db;
Or You can go with granting the roles(group of privileges), CONNECT and RESOURCE.
CONNECT role has only CREATE SESSION privilege.
RESOURCE has the following privilges,
CREATE TRIGGER
CREATE SEQUENCE
CREATE TYPE
CREATE PROCEDURE
CREATE CLUSTER
CREATE OPERATOR
CREATE INDEXTYPE
CREATE TABLE
To find these PRIVILEGES of a ROLE, You can query the DBA_SYS_PRIVS table with a query like this:
SELECT grantee, privilege, admin_option
FROM DBA_SYS_PRIVS
WHERE grantee='RESOURCE';
Also to use the existing tablespace USERS, You can create a user with QUOTA UNLIMITED statement like,
CREATE USER emp_db IDENTIFIED BY netsolpk QUOTA UNLIMITED on USERS;
the fastest, quickest way to create a new user with privileges is
grant connect, resource to NewUser_name identified by NewUser_password;
by this command you will be sure that errors like above will not displayed.
I'm using Oracle's 10g version.
In the database, I would like to create a configuration table and fill it with data.
Then the other users can not change anything in it, and even better that it was not at all visible to other users. Is it possible to somehow hide the table?
Regards
Create a separate schema for that table. Create a package that provides an API to your configuration data (e.g. to get a value that is needed by another program).
Revoke CREATE SESSION privilege from that schema (i.e. just don't grant any privileges to the schema at all). Don't grant any privileges on the table. The only users who will be able to see the table are those with DBA privileges.
The only thing that database sessions will be able to do is execute the package, IF they have been granted EXECUTE privilege on it.
If you do not grant enough privileges to other users, they could not see your objects.
I have below requirement in oracle database
Create User and grant to all objects in schema "abc"
If i add any tables to schema "abc", then the user should have access by default without executing individual Grant
Current we are executing Grant statements for every objects created in schema, is there any onetime configuration available? Please help
Note: Here user is not a schema owner, for ex. some one who having access to read-only access.
In current versions of Oracle, you could create a DDL Trigger and have this automatically execute a grant on the newly created object to your other user.
See the excellent PSOUG site for an overview: http://psoug.org/reference/ddl_trigger.html
I have created a database in Oracle. Say "TEMP" is the name of the database created. I have created a user DWH. Now I would like to grant access to TEMP for the user DWH.
How shall i do?
. When you say you have created a user DWH do you mean at operating system level or database level ?If you have created a database user
Anyway the command for creating a user in database is
create user DWH identified by password;
Now if you want to be able to connect to database and create a table you need the following
grant create session to DWH;
alter user DWH default tablespace users quota 100m on users;
grant create table to DWH;
You can grant other permissions also.You can also group permissions into a role and grant the role.