I use SQL*Plus for school and I use the username Scott. I cannot create views because it says:
ORA-01031: insufficient privileges;
I've searched and searched, but nothing seems to get it right. Any help?
As the error states - your privileges are insufficient to create view - you will have to ask database administrator to grant you this privilege.
If you can log in as database administrator you will have to execute statement(I can't guarantee correctness, no oracle database at hand)
GRANT CREATE ANY VIEW TO Scott;
or
GRANT CREATE VIEW TO Scott;
You need to GRANT the CREATE VIEW privilege to the USER which is creating the view.
For example, I create a new user to let it create a session, a table and a view:
SQL> create user test identified by test;
User created.
SQL> grant create session, create table, create view to test;
Grant succeeded.
SQL> conn test/test#pdborcl;
Connected.
SQL> Create Table advanced
2 (Id varchar(15),
3 Name varchar(20),
4 Dept varchar(15),
5 Cgpa float,
6 Birth_date date,
7 Mob_no int,
8 Dist varchar(20),
9 Salary number(8));
Table created.
SQL> Create View advanced_data as
2 (
3 select name,dept,dist,salary from advanced
4 );
View created.
If I revoke the privilege, you will recieve ORA-01031: insufficient privileges:
SQL> revoke create view from test;
Revoke succeeded.
SQL> conn test/test#pdborcl;
Connected.
SQL> Create or replace View advanced_data as
2 (
3 select name,dept,dist,salary from advanced
4 );
Create or replace View advanced_data as
*
ERROR at line 1:
ORA-01031: insufficient privileges
step 1-conn ss/ss as sysdba;
step 2- GRANT CREATE ANY VIEW TO Scott;
step 3- conn scott/tiger
step 4-create or replace view v as select *from emp;
To log-in as DBA (database administrator) you can use:
sqlplus / as sysdba
or
sqlplus sys as sysdba
Related
I have a read-only user that has to have the execute privileges to specific packages.
These packages sometimes use execute immediate to insert values into tables.
I can see why it was built this way, however I need the package to throw an Insufficient Privileges error instead of just executing the modifying statements.
Is it possible to change the behaviour or build a workaround without changing the executed packages?
So read only user has:
GRANT SELECT ON table to READ_ONLY_USER;
GRANT EXECUTE, DEBUG ON package to READ_ONLY_USER;
Package contains:
query = 'INSERT INTO table VALUES (value)';
execute immediate query;
And I need an error when the user executes the package.
Check the following example. Shortly, keyword is AUTHID CURRENT_USER while creating that PL/SQL program unit.
Connected as MIKE (who owns table and procedure and grant SCOTT privileges to use them):
SQL> show user
USER is "MIKE"
SQL>
SQL> create table test (id number);
Table created.
SQL> create or replace procedure p_test
2 authid current_user
3 is
4 begin
5 execute immediate 'insert into mike.test values (1)';
6 end;
7 /
Procedure created.
SQL> exec p_test;
PL/SQL procedure successfully completed.
SQL> select * from test;
ID
----------
1
SQL> grant select on test to scott;
Grant succeeded.
SQL> grant execute on p_test to scott;
Grant succeeded.
SQL>
Connected as SCOTT:
SQL> show user
USER is "SCOTT"
SQL>
SQL> select * From mike.test;
ID
----------
1
SQL> exec mike.p_test;
BEGIN mike.p_test; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "MIKE.P_TEST", line 5
ORA-06512: at line 1
SQL>
Without it, SCOTT is able to insert values into MIKE's table:
SQL> connect mike/lion#orcl
Connected.
SQL> create or replace procedure p_test
2 is --> no more authid current_user
3 begin
4 execute immediate 'insert into mike.test values (2)';
5 end;
6 /
Procedure created.
SQL> connect scott/tiger#orcl
Connected.
SQL> exec mike.p_test;
PL/SQL procedure successfully completed.
SQL> select * From mike.test;
ID
----------
1
2
SQL>
I'm trying to do a test to prove the privileges of the users. I have one user with just one privilege (execute programs) but when I try this, this user can alter table:
SHOW USER;
CONNECT USER1/USER1;
CREATE TABLE TEST_TABLE (colum int); //Insufficient privileges
SHOW USER;
ALTER TABLE TABLE_TESTING ADD TESTING varchar(255);
So, I'm getting insufficient privileges on create table but when I do ALTER TABLE the user can do it and I don't know why because I select only the privilege of execute programs
This is how I see it: follow the example.
As a privileged user (SYS in my XE database), I'll create user and grant only two privileges: create session (so that user could connect to the database) and create table (so that it can create tables):
SQL> show user
USER is "SYS"
SQL>
SQL> create user timer identified by timer
2 default tablespace users
3 temporary tablespace temp
4 quota unlimited on users;
User created.
SQL> grant create session, create table to timer;
Grant succeeded.
Connecting as newly created user and creating a simple table:
SQL> connect timer/timer
Connected.
SQL> create table test (id number);
Table created.
Back to SYS: this time, revoking create table privilege:
SQL> connect sys as sysdba
Enter password:
Connected.
SQL> revoke create table from timer;
Revoke succeeded.
Back to timer: creating table won't succeed (as I don't have that privilege any more):
SQL> connect timer/timer
Connected.
SQL> create table test_table (colum int);
create table test_table (colum int)
*
ERROR at line 1:
ORA-01031: insufficient privileges
But, I can still alter previously created tables. Why? Because I own them and I can do whatever I want with them:
SQL> alter table test add testing varchar2(20);
Table altered.
I suggest you talk to your DBA to see what's really going on.
That might be because the user has the rights to execute which means he's able to alter tables by executing code, but he is not allowed to create new tables explicitly. See: https://docs.oracle.com/cd/B19306_01/network.102/b14266/authoriz.htm#DBSEG5000
I use the query CTAS to create a new table, however, when CTAS has finished, other users canĀ“t select the new table, but they had access to the old, Is it a way to pass all the users and groups to the new table? because the old table will be deleted.
"A way" is to grant (at least) select privileges to all those users.
If you used a role and granted select privilege to that role, and then granted role to those users, things would be quite simpler - just grant select privilege on the new table to the same role, and everyone will "see" it.
Otherwise, you can write query to create those grant statements for you.
For example, in Scott's schema there's the EMP table. I've previously granted privileges on it to other users in my database, and now I'm going to create a "new" CTAS table and grant privileges to the same set of users.
SQL> create table my_new_table as select * from emp;
Table created.
SQL> select 'grant select on my_new_table to ' || grantee ||';' run_me
2 from all_tab_privs_made
3 where owner = 'SCOTT'
4 and table_name = 'EMP';
RUN_ME
---------------------------------------------------------------
grant select on my_new_table to SYS;
grant select on my_new_table to SUPERUSER;
grant select on my_new_table to MY_ROLE;
grant select on my_new_table to MIKE;
Now simply copy/paste the above bunch of grant statements:
SQL> grant select on my_new_table to SYS;
Grant succeeded.
SQL> grant select on my_new_table to SUPERUSER;
Grant succeeded.
SQL> grant select on my_new_table to MY_ROLE;
Grant succeeded.
SQL> grant select on my_new_table to MIKE;
Grant succeeded.
SQL>
If there's zillion of users, PL/SQL option would be simpler as it would do everything for you (i.e. no copy/pasting):
SQL> begin
2 for cur_r in (select grantee
3 from all_tab_privs_made
4 where owner = 'SCOTT'
5 and table_name = 'EMP'
6 )
7 loop
8 execute immediate 'grant select on my_new_table to ' || cur_r.grantee;
9 end loop;
10 end;
11 /
PL/SQL procedure successfully completed.
SQL>
If you create a table using CTAS from an existing one, the new one is a new segment, therefore it lacks of privileges. You need to recover the permissions granted to the old table and granting to the new one. For that you can use several alternatives ( dbms_metadata, dynamic sql ).
For the purposes , I'd do it like this
SQL> CREATE TABLE T2 AS SELECT * FROM T1 ;
SQL> begin
dbms_metadata.set_transform_param (dbms_metadata.session_transform,
'SQLTERMINATOR', true);
dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'PRETTY',
true);
end;
/
select replace(dbms_metadata.get_dependent_ddl('OBJECT_GRANT', 'T1', 'OWNER_OF_T1' ),'T1','T2') AS ddl
from dual;
The first part is for creating in a nice format the list of necessary grants. The second part retrieves all the privileges granted to T1 and generates the list of grants statements for running to the T2 table. Then you only need to run the list of grants
As I said, there are several alternatives to do this.
Regards
BBMA.SALES_BKP TABLE IS THERE IN BBMP SCHEMA(user)
I WANT TO ACCESS "SALES_BKP TABLE" through DUMMY(its different user)
Here's how.
SQL> create user dummy identified by dummy
2 default tablespace user_data
3 temporary tablespace temp
4 quota unlimited on user_data;
User created.
SQL> grant create session, create table to dummy;
Grant succeeded.
SQL> create user bbma identified by bbma
2 default tablespace user_data
3 temporary tablespace temp
4 quota unlimited on user_data;
User created.
SQL> grant create session to bbma;
Grant succeeded.
Now, create table and let another user select from it.
SQL> connect dummy/dummy#orcl
Connected.
SQL> create table sales_bkp(id number, value number);
Table created.
SQL> insert into sales_bkp values (1, 100);
1 row created.
SQL> grant select on sales_bkp to bbma; --> this
Grant succeeded.
SQL> connect bbma/bbma#orcl
Connected.
SQL> select * from dummy.sales_bkp; --> note owner name
ID VALUE
---------- ----------
1 100
SQL>
I am using oracle database 11g Release 2
I am able to create user and give it create session privileges, but I am unable to give it select privilege.
create user user1 identified by pass;
User created.
grant create session to user1;
Grant succeeded.
grant select on emp to user1;
Grant succeeded.
After this I connect as user1
Now when I run this statement it say
select * from emp;
oracle reply=
ERROR at line 1:
ORA-00942: table or view does not exist
Than I checked privileges to user1 using
select * from session_privs;
PRIVILEGE
---------------------------------
CREATE SESSION
Which means only create session privilege is available to user1. How can I give select privileges to user1?
Giving a use the SELECT privilege (or any other privilege for that matter) does not create a synonym. As user1, who is not the table's owner, you should still reference the table by its fully qualified name, with the owner.
Assuming the owner is called owner1, user1's query should be:
SELECT * FROM owner1.emp
As for the data dictionary query, this is also to be expected. These privileges are recorded in the [DBA|ALL|USER]_TAB_PRIVS views:
SELECT * FROM all_tab_privs WHERE grantee = 'USER1'