Hi
I was trying to execute
grant all on Owner.table_name to APPS,ABC;
but it is giving an error that grant privileges not provided.
Please let me know how can i get and what is the reason.
You need Owner to: GRANT ANY PRIVILEGE TO You;
You will see that you do not have it by running:
select * from system_privilege_map
where name like '%PRIV%';
Related
Its a newbie question but still I am trying to grant create user permission to sysadmin role from the accountAdmin role so that I can create users in the sysadmin role.
The statement I am trying to execute is:
grant create user to role sysadmin;
Error
SQL compilation error: syntax error line 1 at position 18 unexpected 'to'.
What's the exact statement to achieve this?
I tried googling but haven't found any exact query statement in a long time, so posting it here.
Grant create user on account to role role_name ;
Please note that this statement has to be submitted as an ACCOUNTADMIN
https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html
You could also choose to use the WITH GRANT OPTION which allows the grantee to regrant the role to other users.
Grant create user on account to role role_name WITH GRANT OPTION;
I'm trying to create a role and grant select permissions on sys.dba_objects.
This is my sql:
grant select on sys.dba_objects to my_role
grant select on sys.dba_objects to my_role;
On RDS I get the following error:
Error: ORA-01031: insufficient privileges
I saw that RDS has a dedicated stored procedure for granting permissions on sys. I tried:
call rdsadmin.rdsadmin_util.grant_sys_object('SYS.REGISTRY$HISTORY', 'my_role', 'select')
Error I get:
ORA-44003: invalid SQL name
ORA-06512: at "RDSADMIN.RDSADMIN_UTIL", line 248
ORA-44003: invalid SQL name
ORA-06512: at line 1
This is how I made it work:
1. Removed the sys. prefix like suggested above
2. Used uppercase
Example:
call rdsadmin.rdsadmin_util.grant_sys_object('DBA_OBJECTS', 'ASSESSMENT_ROLE', 'SELECT');
I don't know AWS RDS, but ORA-01031 sounds like a known restriction: privileges granted via roles won't work in PL/SQL procedures - you'll have to grant them directly to user.
Try following...First you need to grant select to rdsadmin with grant option using SYS.
As SYS
grant select on DBA_objects to rdsadmin with grant option;
As rdsadmin
grant select on sys.dba_objects to my_role;
I'm trying to allow a stored procedure for a user, but struggling to get it right. Hopefully I'm on the right track, thanks for the help.
GO
Alter role ReportDeveloper
Add sp_GetActiveProductInfo
GRANT EXECUTE ON ReportDeveloper TO employee_usr;
Grant permission to database role not user.
USE DB_NAME;
GRANT EXECUTE ON sp_GetActiveProductInfo TO ReportDeveloper;
GO
It rather should be like below per Documentation
USE DB_NAME;
GRANT EXECUTE ON OBJECT::sp_GetActiveProductInfo
TO employee_usr;
GO
You can do it as ;
USE databse;
GRANT EXECUTE ON sp_GetActiveProductInfo TO employee_usr;
GO
If you add this user to a Role you will Grant the permission to the Role where your user is member in :
USE databse;
GRANT EXECUTE ON sp_GetActiveProductInfo TO ReportDeveloper;
GO
I have SQL Server 2008 R2.
I have denied SELECT on all [sys] schema, and INFOMRATION_SCHEMA objects for a user.
But the user has to be able SELECT from INFOMRATION_SCHEMA.PARAMETERS,
but despite the REVOKE:
REVOKE SELECT ON OBJECT::[INFORMATION_SCHEMA].[PARAMETERS] to myUser;
the user still cannot select from that table/view.
I guess I have to REVOKE more, previously DENIED permissions on those system views/tables, but not sure which.
Any thought?
Have you tried:
REVOKE SELECT ON OBJECT::[INFORMATION_SCHEMA].[PARAMETERS] FROM myUser;
Note the change with keyword FROM. Examples are shown on Microsoft's website here.
Its not another [sys] table, but DENY VIEW DEFINITION permission which blocked me.
I'm trying to export data from a query into a csv file from Oracle Enterprise Express installed on a Windows Server 2008 machine.
I've found this solution:
http://asktom.oracle.com/pls/asktom/f?p=100:11:::::P11_QUESTION_ID:235814350980
which basically writes a function and uses the UTIL_FILE object to create and write to a file and add delimiters.
I receive the follow error when I try and create the function in Oracle SQL Developer:
PLS-00201: identifier UTIL_FILE must be declared.
When I run the following command:
select owner, object_type from all_objects where object_name = 'UTL_FILE'
The result is:
OWNER Object Type
--------- -----------
PUBLIC SYNONYM
EDIT:
Running:
GRANT EXECUTE ON UTL_FILE TO PUBLIC
Gives:
Error starting at line 2 in command:
GRANT EXECUTE ON UTL_FILE TO PUBLIC
Error report:
SQL Error: ORA-00942: table or view does not exist
00942. 00000 - "table or view does not exist"
*Cause:
*Action:
What is the problem?
Seems like lack of privileges to me. Often PUBLIC user has EXECUTE privilege granted on that package, but the privilege may be revoked.
You can check if PUBLIC has that privilege by issuing the following query:
SELECT * FROM all_tab_privs WHERE grantee = 'PUBLIC' AND table_name = 'UTL_FILE';
If there are no rows returned, try granting the execute privilege to either the user you are logged as, or to PUBLIC, as some privileged user, for example SYS:
GRANT EXECUTE ON SYS.utl_file TO user_name;
Edit
You must grant the privilege while being logged as, for example, SYS user.
Users do not have execute permission on UTL_FILE by default. To use UTL_FILE, an ADMIN user or instance administrator must explicitly GRANT EXECUTE permission on it, such as in the following example:
GRANT EXECUTE ON SYS.UTL_FILE TO scott;
Aside from the possible lack of permissions that other answers have covered, your question says the error you get is:
PLS-00201: identifier UTIL_FILE must be declared
That suggests you've referenced UTIL_FILE, rather than the built-in package UTL_FILE, in your function. It might be an error you've introduced writing the question, of course, but you used it in the text too so maybe you have got the package name wrong in your code, if you didn't just copy-and-paste Tom's code.
You'll still need execute privileges on UTL_FILE anyway, if you don't have them already.
As user: h_djebli pointed out in his comment you need to be connected as SYS user in the first place.
To do that, you have to be in your oracle home directory :
cd $ORACLE_HOME
Then execute :
sqlplus / as sysdba
sqlplus will start in your terminal and you'll be connected as the SYS user.
You can finally write the GRANT command in your sqlplus console :
GRANT EXECUTE ON SYS.utl_file TO your_db_username;
We can do this via cmd, with these steps:
Login as sysdba (connect sys as sysdba + enter password as sys_password)
grant execute on utl_file to <user_name>.
now we can check by query :'SELECT * FROM all_tab_privs WHERE grantee = 'PUBLIC' AND table_name = 'UTL_FILE';'