What is a SQL statement to find out which Schema owns an Oracle table?
To see information about any object in the database, in your case USER_TABLES use:
select * from all_objects where object_name = 'USER_TABLES';
OWNER OBJECT_NAME OBJECT_ID OBJECT_TYPE CREATED LAST_DDL_TIME
SYS USER_TABLES 3922 VIEW 24-MAY-13 24-MAY-13
USER_TABLES is a dictionary view. All dictionary views are owned by SYS.
SELECT OWNER FROM DBA_TABLES WHERE TABLE_NAME = '<your table>'
If you don't have privilege to DBA_TABLES use ALL_TABLES.
Here are the queries:
SELECT TABLE_NAME FROM USER_TABLES WHERE TABLE_NAME='<TABLE_NAME>'; -- There is no owner column in this view
SELECT OWNER, TABLE_NAME FROM ALL_TABLES WHERE OWNER='<OWNER_NAME>' AND TABLE_NAME='<TABLE_NAME>';
SELECT OWNER, TABLE_NAME FROM DBA_TABLES WHERE OWNER='<OWNER_NAME>' AND TABLE_NAME='<TABLE_NAME>';
Also you can query USER_OBJECTS, ALL_OBJECTS, DBA_OBJECTS using OBJECT_TYPE='TABLE' and OWNER= '<OWNER_NAME>' and OBJECT_NAME='<TABLE_NAME>'
There are 3 views, which can give that information:
USER_TABLES, if the login schema is the owner of the table
ALL_TABLES, if the login schema have permission on the table or owner of the table or have SELECT_CATALOG role
DBA_TABLES, if the login schema have SELECT_CATALOG role or any other role which have SELECT_CATALOG role
Related
I have a schema of tables myschema with different owners in postgres - owner 'foo' and owner 'bar'
After granting all privileges on the database to owner 'bar', and then re-logging in as user 'bar', I try to change the ownership of all bar-owned tables to 'foo' with the following command:
SELECT format(
'ALTER TABLE %I.%I.%I OWNER TO %I;',
table_catalog,
table_schema,
table_name,
'foo'
)
FROM information_schema.tables
WHERE table_schema = 'myschema'
This then returns:
ALTER TABLE my_db.my_schema.my_tableA OWNER TO foo;
ALTER TABLE my_db.my_schema.my_tableB OWNER TO foo;
ALTER TABLE my_db.my_schema.my_tableC OWNER TO foo;
successfully
Then, when I run select * from pg_tables;, I see that none of the tableowners have changed. How is this possible and what could be happening?
To change ownership of tables from bar to foo, a user must be a member of both roles. So if bar should be able to do that, it must be a superuser or a member of foo:
GRANT foo TO bar;
I guess your statements caused an error that you somehow failed to see and didn't do anything.
I've created some TABLES in 1 DB with the user name DEVICE.
Querying the tables I see that they belong to the user DEVICE
SELECT owner, table_name FROM dba_tables
Then I created a user named CAR, I logged in the DB with that user and create some tables, I've tried to query the other tables with
SELECT * FROM DEVICE.table_name;
with the result
00942. 00000 - "table or view does not exist"
and logged with the user CAR and don't see the user DEVICE in others users from SQL Developer
This error comes up because CAR doesn't have privileges to query the DEVICE's table.
You need to grant access to this table to CAR.
1- login as DEVICE
2- Issue the following grant:
GRANT SELECT ON TABLE_NAME TO CAR;
If you want to do it for all the tables of the DEVICE user, create a script like that:
select 'GRANT SELECT ON ' || table_name || ' TO CAR;' FROM USER_TABLES;
My advice would be to create a ROLE if you do that:
CREATE ROLE DEVICE_READ_ROLE;
select 'GRANT SELECT ON ' || table_name || ' TO DEVICE_READ_ROLE;' FROM USER_TABLES;
GRANT DEVICE_READ_ROLE TO CAR;
Note that if you create new tables in the DEVICE schema you will need to grant select on the new table to the ROLE for CAR to have access to it.
Here the script to generate grant select on all the tables.
select 'grant select on Admin.' || object_name || ' to User;'
from user_objects
where object_type in('TABLE');
Then you have to create a script to run these grant statements at once or you can use PL/SQL as well. Type the following in the SQL prompt.
SQL> spool grant_statements.sql
SQL> set pagesize 0
SQL> set feedback off
SQL> set linesize 300
SQL> set trimout on
SQL> set trimspool on
SQL> select 'grant select on Admin.' || object_name || ' to User;' from user_objects where object_type in('TABLE','SYNONYM')
/
SQL> spool off
And you have got the script file you can run it.
OR
You can run the following PL/SQL block (Run as admin user).
BEGIN
FOR s IN (SELECT *
FROM user_objects where object_type in('TABLE','SYNONYM'))
LOOP
EXECUTE IMMEDIATE 'grant select on admin.' || s.object_name || ' to user';
END LOOP;
END;
you need to grant access to user CAR for the tables created by DEVICE . login using DEVICE user and grant access to the tables CAR should be able to access using sql like below
GRANT SELECT , UPDATE , INSERT ON TABLE_NAME TO CAR;
I have list of object names from which i have to find out whether the object is a table or view. For this reason i have to query and check in all_tables and all_views and confirm whether the object is table or view. I am using below queries and its working. But as i have huge list of object names I want to perform this in single query and check whether the object is table or view and also the owner of the object.
select * from ALL_views where view_name like '%INSTANCE%'
select * from all_tables where table_name like '%INSTANCE%'
select *
from all_objects
where object_name like '%INSTANCE%'
There is an OBJECT_TYPE column in there.
How about using all_objects instead?
E.g.:
select owner,
object_name,
object_type
from all_objects
where object_type in ('TABLE', 'VIEW')
and object_name in (....);
I've come up with a query that displays all tables and views of a specific owner. What I would like to do now, but am having an issue with, is that I would like to have a second column which line by line will indicate whether the field is a "table" or "view". Is this possible? if so, how might I go about this?
select table_name
from all_tables
where owner = '<owner>'
UNION
select view_name
from all_views
where owner = '<owner>'
order by table_name;
I'd prefer the xxx_objects views myself for this purpose (as Justin says), but if you specifically need other data from the table and view views, you can add extra info thus:
select 'Table' AS object_type, table_name
from all_tables
where owner = '<owner>'
UNION ALL
select 'View' AS object_type, view_name
from all_views
where owner = '<owner>'
order by table_name;
Note I've changed it to use UNION ALL because there will be no collisions between the two result sets.
I'd use all_objects instead
select object_name, object_type
from all_objects
where object_type in ('TABLE', 'VIEW')
and owner = <<schema name>>
order by object_name
Is it normal for an oracle view to loose all its grants when modifying the source SQL?
I am using SQL Developer if that has anything to do with it.
First of all, you don't have "grants" - "grant" is an operation. You have "roles" and "privileges".
Second, views have neither roles nor privileges themselves - schemas do have. Basically, a self-descriptive command is: grant select on view_1 to schema_1.
Third, schemas do not lose their privileges if you create or replace your view. Here's a quick sample:
11:03:07 #> conn system/sys#oars_sandbox
Connected.
11:03:15 SYSTEM#oars_sandbox> create user test1 identified by test1;
User created.
11:03:39 SYSTEM#oars_sandbox> create user test2 identified by test2;
User created.
11:03:48 SYSTEM#oars_sandbox> create view test1.view1 as select * from dual;
View created.
11:04:03 SYSTEM#oars_sandbox> grant select on test1.view1 to test2;
Grant succeeded.
11:04:15 SYSTEM#oars_sandbox> select grantee, owner, table_name, privilege, grantor from dba_tab_privs where grantee = 'TEST2';
GRANTEE OWNER TABLE_NAME PRIVILEGE GRANTOR
------------------------------ ------------------------------ ------------------------------ ---------------------------------------- ------------------------------
TEST2 TEST1 VIEW1 SELECT TEST1
11:05:13 SYSTEM#oars_sandbox> create or replace view test1.view1 as select * from dual;
View created.
11:05:24 SYSTEM#oars_sandbox> select grantee, owner, table_name, privilege, grantor from dba_tab_privs where grantee = 'TEST2';
GRANTEE OWNER TABLE_NAME PRIVILEGE GRANTOR
------------------------------ ------------------------------ ------------------------------ ---------------------------------------- ------------------------------
TEST2 TEST1 VIEW1 SELECT TEST1
However, it is quite possible that SQL developer invokes drop view first instead of create or replace. In this case, your privileges are automatically removed.
11:05:26 SYSTEM#oars_sandbox> drop view test1.view1;
View dropped.
11:10:21 SYSTEM#oars_sandbox> select grantee, owner, table_name, privilege, grantor from dba_tab_privs where grantee = 'TEST2';
no rows selected
11:10:24 SYSTEM#oars_sandbox> create or replace view test1.view1 as select * from dual;
View created.
11:10:26 SYSTEM#oars_sandbox> select grantee, owner, table_name, privilege, grantor from dba_tab_privs where grantee = 'TEST2';
no rows selected