I've added an index to my table with the command:
CREATE INDEX patient_index ON radiology_record(patient_name) INDEXTYPE IS CTXSYS.CONTEXT;
And I'm trying to add a DBMS_JOB which will keep it up to date.
The way I've been running this script is by calling "#myscript.sql" from SQLPLUS
set serveroutput on
declare
job number;
begin
dbms_job.submit(job, 'ctx_ddl.sync_index(''patient_index'');',
interval=>'SYSDATE+1/1440');
commit;
dbms_output.put_line('job '||job||'has been submitted.');
end;
/
The resulting error is PLS-00201: identifier 'CTX_DDL' must be declared
Through my searching I've found someone with a similar problem and his solution was
I spent enough time
debugging this that I thought it
merited sharing what i learned. It
turns out that dbms_jobs only inherit
your schema user's default privileges,
not any privileges it might inherit
from roles granted to that user. This
means that the job will not run with
the ctxsys privilege that you should
have granted to your schema user. So
what does this mean? It means that you
have to run the job as the ctxsys user
I unfortunately cannot use this to grant myself privileges since yes, this is homework, and I don't have permissions to grant execute on ctx_ddl to myself.
Does anyone have clues as to how I can resolve this issue? Otherwise I will wait until later this week and consult the TA's.
Thanks
I don't think there's a workaround since the documentation of DBMS_JOB explicitly specifies this restriction:
You can execute procedures that are owned by the user or for which the user is explicitly granted EXECUTE. However, procedures for which the user is granted the execute privilege through roles cannot be executed.
Related
I've been trying to insert data from a materialized view into a table that belongs to a different scheme using a procedure, but when I compile the procedure I get the error of: table or view doesn't exist. I have checked and I have selection and insertion privileges on that table. create or replace PROCEDURE PROCEDURE_MYPROCEDURE AS
BEGIN
INSERT INTO SCHEME.TABLE
(COLUMN1,COLUM2)
SELECT COLUMN1,COLUMN2
FROM MATERIALIZED_VIEW;
END PROCEDURE_MYPROCEDURE;
this line SCHEME.TABLEshows the message "PL/SQL: STATEMENT IGNORED", "TABLE OR VIEW DOES NOT EXIST"
The most likely cause is that you have access via a role not directly, which means you can run it in SQL but for a PLSQL procedure you need a direct privilege granted.
As per the Application Developer guide:
Privileges Required to Create Procedures and Functions
To create a stand-alone procedure or function, or package specification or
body, you must meet the following prerequisites:
You must have the CREATE PROCEDURE system privilege to create a
procedure or package in your schema, or the CREATE ANY
PROCEDURE system privilege to create a procedure or package in
another user’s schema.
Attention: To create without errors, that is, to compile the procedure
or package successfully, requires the following additional privileges:
The owner of the procedure or package must have been explicitly
granted the necessary object privileges for all objects referenced within
the body of the code; the owner cannot have obtained required
privileges through roles.
If the privileges of a procedure’s or package’s owner change, the procedure
must be reauthenticated before it is executed. If a necessary privilege to a
referenced object is revoked from the owner of the procedure (or package), the
procedure cannot be executed.
An easy way to test things is:
SQL> set role none;
SQL> "statement you want to test to see if it'll work in a procedure"
So you might just be missing some direct grants on those objects.
If the procedure is compiled on user a and the MATERIALIZED_VIEW is owned by user b. When you execute the procedure it will look for the materialized view on user a.
Put the user/schema in front of the MATERIALIZED_VIEW.
You would also need to grant select on MATERIALIZED_VIEW to user a.
I'm currently trying to grant a couple of simple privileges to an Oracle database user.
I have tried the following queries:
grant all privileges to <username>
grant alter session to <username>
The second privilege is the one I actually need, but I decided simply to try and give the user all privileges to see if that would work. When I check the user's permissions using
select * from user_sys_privs;
everything seems to say NO.
I've even tried to grant the user dba privileges and that still fails. My end goal is to run scripts that require these permissions to be turned on.
Any help is greatly appreciated.
everything seems to say NO
You're looking at the wrong thing. If the user_sys_privs view lists ALTER SESSION:
select * from user_sys_privs where privilege = 'ALTER SESSION';
USERNAME PRIVILEGE ADM COM
-------------------- ------------- --- ---
MY_USER ALTER SESSION NO NO
then the user does have that privilege.
The NO entries don't mean the privilege is not granted. The columns that is showing you are:
desc user_sys_privs
Name Null? Type
----------------------------------------------------------------- -------- --------------------------------------------
USERNAME VARCHAR2(128)
PRIVILEGE VARCHAR2(40)
ADMIN_OPTION VARCHAR2(3)
COMMON VARCHAR2(3)
and they are described in the documentation:
ADMIN_OPTION - Indicates whether the grant was with the ADMIN option (YES) or not (NO)
COMMON - Indicates how the grant was made. Possible values:
YES if the privilege was granted commonly (CONTAINER=ALL was used)
NO if the privilege was granted locally (CONTAINER=ALL was not used)
As you didn't specify the admin option or any other modifiers, it's correct that both of those flags are set to NO.
What's probably confusing you is that all privileges are listed when you query for your user, because you did grant all privileges to <username>. You probably want to revoke all of those privileges, and only grant the specific ones the user actually needs. You'll then see a much shorter list when you query user_sys_privs - possibly only that single entry, depending on what else you need to retain for the user.
You might also want to consider using roles, though you sometimes need to have privileges granted directly anyway - if a stored procedure relies on them.
I'm performing cleanup operations from PL/SQL which tend to fill up my redo log, causing the database to freeze on the "Cannot allocate new log" condition.
Splitting up the work into smaller chunks didn't solve the problem, because the redo-log files stay at status=ACTIVE and ARCHIVED=YES for too long. Only after "alter system checkpoint" the dirty logs are written to disk and become available again for the next chunk.
Now, how can I do this from PL/SQL. I tried
create procedure cp as begin execute immediate 'alter system checkpoint'; end;
but it gave me ORA-01031: insufficient privileges
I've got the DBA role but that's not effective in PL/SQL procedures. What is the privilege I need to grant?
I know there are parameters to control checkpointing, but I don't want to change these. I only want to manually checkpoint during the cleanup.
Make sure the procedure is owned by a privileged user, and alter its permissions to run with owner privileges.
That's kind-of like a setuid program in Unix.
The syntax is CREATE PROCEDURE ... AUTHID DEFINER ....
The alternative, as commented above by #a_horse_with_no_name and #tbone is to grant ALTER SYSTEM privilege to the user running the procedure.
Oracle 10g. I'm new to procedures, so maybe I'm missing something obvious.
Schema owner ABC has table T2001_WRITEOFF. First I had granted SIUD to some_update_role, and granted that role to developer user IJK. User IJK then created synonym T2001_WRITEOFF for ABC.T2001_WRITEOFF; This worked with normal SQL DML commands.
However, I read elsewhere on here that grants via a role do not work in stored procedures. I dropped the synonym from IJK; then from ABC, granted SIUD directly to IJK. From IJK, normal SQL DML works.
When I try to create a simple procedure as follows, it throws PLS-00201 identifier 'T2001_WRITEOFF' must be declared, and points to the 2nd line. This error is the same whether I use the role grants or not.
create or replace procedure woof1(
fooname in T2001_WRITEOFF.territory%TYPE, <=== error points here
bardesc IN T2001_WRITEOFF.ind_batch_submit%TYPE) IS
BEGIN
INSERT into T2001_WRITEOFF
VALUES ( fooname, bardesc);
END woof1;
/
Thanks in advance for help
JimR
In order to make role right applicable in stored procedures you might want to look at authid current_user in the oracle documentation. Also helpful: http://docs.oracle.com/cd/E11882_01/appdev.112/e25519/subprograms.htm#LNPLS682
There are two schemas in a Oracle database.
MYSCHEMA that is controlled by me.
OTHERSCHEMA that is not controlled by me.
I just know I can get result from select * from OTHERSCHEMA.OTHEROBJECT. However, OTHEROBJECT is a synonym.
In my package, I have a statement like
insert into MYSCHEMA.MYTABLE(COL1) select COL1 from OTHERSCHEMA.OTHEROBJECT;
But it gave me Table or view does not exist.
How can I solve or bypass this problem? Thanks!
I assume you received the privilege to select from otherschema.otherobject by means of a role as opposted to a direct grant (such as grant all on otherschema.otherobject to myschema). If this is the case, the privileges within this role will not be used to determine what rights you have within a PL/SQL block.
See also How Roles Work in PL/SQL Blocks (Oracle Docu, where it says under Roles Used in Named Blocks with Definer's Rights:
All roles are disabled in any named PL/SQL block (stored procedure, function, or trigger) that executes with definer's rights. Roles are not used for privilege checking and you cannot set roles within a definer's rights procedure.)