I need to grant privileges to all users, I can do:
GRANT select on table TO user1;
GRANT select on table TO user2;
But there are many users. How can I grant this privilege to all users at once?
I tried:
GRANT select on table TO ALL;
But that doesn't work.
grant select on table to public;
But be careful when you do that -- make sure it's what you really want to do.
You should use roles.
Grant permission to roles.
grant roles to users.
I have created a user, let's call him C##USER from sysdba. Now, I'm trying to create another user from C##USER. Problem is I keep getting the following error:
ORA-01031: insufficient privileges
I have granted C##USER all privileges and have set the default role to ALL. Nothing works yet...
Any ideas? Thanks in advance.
You just need a CREATE USER system privilege BUT don't forget to use CONTAINERclause which should be set to ALL, if you omit this clause then the grantee will have CREATE USER system privilege on the current container.
Specify CONTAINER = ALL to commonly grant a system privilege, object privilege on a common object, or role, to a common user or common role
When a common user account is created, the account is created in all of the open pluggable databases. So the user who is creating this new user must have CREATE USER system privilege on all containers.
SQL> grant create user to c##user container=all;
Grant succeeded.
SQL> conn c##user
Enter password:
SQL> create user c##user2 identified by user2;
User created.
I want to grant to a role the CREATE USER privilege, such they can create new users. Moreover, I want to grant them the privilege to grant these new users the CREATE SESSION privilege.
Is it possible without granting them ALL PRIVILEGES or ADMIN OPTION or something too general?
Query to grant session privilege,
I granted CREATE ANY TABLE privilege to allow another user to create tables for my user. Ok. That worked. I want to allow this same user, after they created the table, to grant select privilege to public. But the Oracle says: insufficient privileges.
How can I grant select privileges to a table I have just created?
I've created two users using the below statements using the System user. I want the ADMIN_USER to have all privileges and this user will create a set of tables. I have an external process that is pumping in data for two of my tables created by the ADMIN_USER. The question I have is if the ADMIN_USER creates all the table structures, how do I give EXTERNAL_USER the capability to read, update and insert into TABLE_A and TABLE_B only? Would I run the grant statements when I'm logged in as ADMIN_USER or the SYSTEM user? I'm using Oracle 11g.
Created both while logged in as SYSTEM User:
create user "ADMIN_USER" identified by "p#ssword123";
grant create session, grant any privilege to ADMIN_USER;
create user "EXTERNAL_USER" identified by "p#ssword321";
Logged in as ADMIN_USER:
GRANT create session, select, update, insert
GRANT create session, select, update, insert
First off, it is terribly unlikely that you want to grant ADMIN_USER the GRANT ANY PRIVILEGE privilege. The user doesn't require any privileges in order to grant object-level privileges on tables that the user owns. The ANY privileges are terribly powerful. A user that can grant any privilege to another user can make any user (including the user itself) a DBA. That is not what you want.
Realistically, as SYSTEM, you want to grant the system privileges that you want the users to have. As the object owner, you would then grant the object-level privileges.
CREATE USER admin_user
IDENTIFIED BY "p#ssword123"
DEFAULT TABLESPACE tablespace_name
QUOTA 10M ON tablespace_name;
CREATE USER external_user IDENTIFIED BY "p#ssword321";
<<create the tables>>
GRANT select, insert, update
ON table_a
TO external_user;
GRANT select, insert, update
ON table_b
TO external_user;
A DBA should also be able to grant object-level privileges. It's generally preferable to use the object owner account for that.
In Oracle, a table, 'MyTable' is owned by 'User1', how can I grant table access permission to another user, say 'User2' ?
In SQL server, we have some application access permission, does Oracle has something ?
You can grant SELECT privileges (or INSERT, UPDATE, DELETE, and a few others like REFERENCES) to a user
ON user1.MyTable
TO user2
It would be more common, though, to create a role, grant the privileges to the role, and then grant the role to whatever users need it, i.e.
CREATE ROLE user1_select;
ON user1.MyTable
TO user1_select;
GRANT user1_select
TO user2;
That makes it easier in the future to grant a single role to more users and to ensure that all the users with a specific job function have the same set of roles rather than trying to make sure that you've granted everyone access to exactly the same set of objects.