I'm using Oracle 12c on my localhost. I wanted to create trigger for the tables.
It gives me an error:
"ORA-04089: cannot create triggers on objects owned by SYS"
I tried it by creating another user and granted it to create a trigger as it mentioned in this this post.
But it gives me a same error.
Here is my USER's scritp that created
CREATE USER DEVELOPER
IDENTIFIED BY <password>
DEFAULT TABLESPACE USERS
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
ACCOUNT UNLOCK;
-- 2 Roles for DEVELOPER
GRANT CONNECT TO DEVELOPER CONTAINER=ALL;
GRANT RESOURCE TO DEVELOPER CONTAINER=ALL;
ALTER USER DEVELOPER DEFAULT ROLE NONE;
-- 3 System Privileges for DEVELOPER
GRANT CREATE SESSION TO DEVELOPER;
GRANT CREATE TABLE TO DEVELOPER;
GRANT CREATE TRIGGER TO DEVELOPER;
-- 2 Tablespace Quotas for DEVELOPER
ALTER USER DEVELOPER QUOTA UNLIMITED ON SYSAUX;
ALTER USER DEVELOPER QUOTA UNLIMITED ON USERS;
Related
Is there a way I can grant truncate permission to a user without altering privileges in SQL Server?
The minimum permission required is ALTER on table_name. TRUNCATE TABLE permissions default to the table owner, members of the sysadmin fixed server role, and the db_owner and db_ddladmin fixed database roles, and are not transferable. However, you can incorporate the TRUNCATE TABLE statement within a module, such as a stored procedure, and grant appropriate permissions to the module using the EXECUTE AS clause.
CREATE PROCEDURE dbo.usp_Demo
WITH EXECUTE AS 'CompanyDomain\SqlUser1'
AS
SELECT user_name();
Source
You can go through this official documentation.
Create a test Login and User id then grant it execute permission on the stored procedure Truncate_Table_Loner. This id will be used to perform the truncate.
-- Grant Execute Permission
-- Setup ID on Database with Connect permission
USE master
GO
CREATE LOGIN [test_user_id] WITH PASSWORD = 'JustConnect123';
GO
USE TestSQL
GO
CREATE USER [test_user_id] FOR LOGIN [test_user_id];
GO
-- Grant Permission
GRANT EXECUTE ON dbo.Truncate_Table_Loner TO [test_user_id];
GO
I am trying to grant data access rights to a DB/2 database and its tables to a user. I have DB/2 10.5 installed on a CentOS 7 server.
I created a database, schema & table:
create database mydb1
connect to mydb1
create schema myschema
create table myschema.mytab1 (empid int, empname varchar(50))
grant connect, dataaccess on database on database to user osuser2
grant select,insert,update,delete on myschema.mytab1 to user osuser2
When I login as OS user: osuser2 and give the command: db2 select * from myschema.tab1, I get the error:
SQL5193N The current session user does not have usage privilege on any enabled workloads. SQLSTATE=425
What am I doing wrong?
This error is given in many questions such as SQL5193N The current session user does not have usage privilege on any enabled workloads
This error goes away and everything works if I use the command:
grant dbadm on database to user osuser2
Of course, by doing that, the user gets administrative rights can can create / drop tables.
I'm testing database permissions on PostgreSQL and i'm trying to prevent a common user (readuser) from executing an 'ALTER DEFAULT PRIVILEGES' statement. However i cannot find a way to revoke this specific permission, and couldn't find anything about it on documentation.
I started a local PostgreSQL 11.2 instance, removed connect permisssions, created a database testdb and revoked table creation on the public schema.
revoke connect on database postgres from public;
create database testdb with template template0 --lc_collate "pt_BR.utf8" lc_ctype "pt_BR.utf8";
revoke connect on database testdb from public;
\c :database
revoke all on schema public from public;
grant all on schema public to postgres;
create schema private;
After that, I created a user with read permissions only:
create user readuser
with nosuperuser
nocreatedb
nocreaterole
noreplication
login
encrypted password 'testpassword';
grant connect
on database testdb
to readuser;
Then create a schema testschema and granted read permissions on it's tables:
grant usage
on schema testschema
to readuser;
grant select
on all tables
in schema testschema
to readuser;
Even though i only set read permissions on all schemas and tables, the 'readuser' user can still perform 'alter default privileges' query without a permission error:
alter default privileges in schema testschema grant select on tables to readuser;
ALTER DEFAULT PRIVILEGES
I would like some help on preventing a user from altering it's default privileges, so that it cannot mess up permissions for tables created in the future.
Try this by revoking the EXECUTE from the role postgres that granted the default privilege of execute to readuser
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA testschema REVOKE EXECUTE ON FUNCTIONS FROM readuser;
I am the first user of Oracle Database.
Now, I want to create a DB schema called ERDB.
I need to create the ERDB user and granting appropriate privileges to the ERDB user on SQL script file.
CREATE USER dmuser IDENTIFIED BY password
DEFAULT TABLESPACE USERS
TEMPORARY
TABLESPACE TEMP
QUOTA UNLIMITED ON USERS;
GRANT CREATE JOB TO dmuser;
GRANT CREATE MINING MODEL TO dmuser;
GRANT CREATE PROCEDURE TO dmuser;
GRANT CREATE SEQUENCE TO dmuser;
GRANT CREATE SESSION TO dmuser;
GRANT CREATE SYNONYM TO dmuser;
GRANT CREATE TABLE TO dmuser;
GRANT CREATE TYPE TO dmuser;
GRANT CREATE VIEW TO dmuser;
GRANT EXECUTE ON ctxsys.ctx_ddl TO dmuser;
but the error happens, SQL Error: ORA 01031 insufficient privileges;
please help me.
The Oracle documentation clearly states the following:
Prerequisites
You must have the CREATE USER system privilege.
Connect as SYSTEM, no need of SYSDBA and then execute:
CREATE USER user IDENTIFIED BY password
Similarly, execute other command to create the tablespaces and required grants etc.
On a side note, regarding SYSDBA:
Never ever use SYS (or SYSDBA) but for maintenance purpose (startup, shutdown, backup, recover)
SYS/SYSDBA is special
SYS/SYSDBA is Oracle proprietary (try to open a SR/TAR starting with "i did that with SYS/SYSDBA" and you'll see the immediate answer)
SYS/SYSDBA does not act like any other user
When you use SYS/SYSDBA Oracle deactivates some code path and activates others
Whatever you do with SYS/SYSDBA will neither validate nor invalidate the same thing with any other user.
NEVER EVER use SYS/SYSDBA for anything that can be done by another
user. Use SYS/SYSDBA ONLY for something that can't be done by someone
else.
What role should I give a sql login if I need the login to be able to create a database, and create additional logins and add users based on those logins to the database i created? This is sql 2005.
There is no fixed database role that includes these permissions. You'll have to create a role and assign the permissions individually.
CREATE ROLE db_creator
GRANT CREATE DATABASE TO db_creator
GRANT ALTER ANY LOGIN TO db_creator
GRANT ALTER ANY USER TO db_creator