?
Solved

Creating Roles in Oracle 8i

Posted on 2003-12-05
7
Medium Priority
?
1,189 Views
Last Modified: 2012-08-13
I am having problems creating a Role. I am new to all this DB stuff so please be patient.
I want to create a Role type in Oracle and restrict this role to only be able to do SELECTS on certain Schema. Following is some Script that I wrote :

CREATE ROLE "APP_USER"  NOT IDENTIFIED;
GRANT SELECT ON "APP"."CUSTOMER" TO "APP_USER"
GRANT SELECT ON "APP"."SHIPMENT" TO "APP_USER"
GRANT SELECT ON "APP"."V_INVLIST" TO "APP_USER"
GRANT "CONNECT" TO "APP_USER";

Where APP is another User and the tables are the User Schema Tables.
Where I run this script from SQLPLUS I get :
ERROR at line 1:
ORA-01031: insufficient privileges
I tried logging in as SYS, SYSTEM, and Internal with SYSDBA privl.
 
Can anyone help.

Thanks
Adil
0
Comment
Question by:AdilK
  • 3
  • 3
7 Comments
 

Expert Comment

by:kp397
ID: 9884146
I donot understand why you are giving Connect previlege to a role here.

GRANT "CONNECT" TO "APP_USER";
This is assigns connect previleges to a database user.
You don't need this stmt for your purpose.
0
 

Author Comment

by:AdilK
ID: 9884257
Ok My fault. Also, can anyone tell me how can I restrict a user from selecting from the SYS or SYSTEM tables (Data Dictionary)
0
 

Expert Comment

by:kp397
ID: 9884392
Do you have any specific tables.Normally thought it will show table, basic your cannot be able to select data from some of the tables.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:AdilK
ID: 9884634
Well for example I dont want to the user to select from view SYS.ALL_USER  

Adil
0
 

Expert Comment

by:kp397
ID: 9884688
Connect to SYS and Revoke permissions from user.
0
 

Author Comment

by:AdilK
ID: 9884780
Revoke what Permissions...!!! Please explain !
0
 
LVL 23

Accepted Solution

by:
seazodiac earned 400 total points
ID: 9885559
by default,

A user account created has not a single sys or object privileges, not to mention to select sys tables.

For example, when you issue
SQL>create user test identified by test;

up to this point , you cannot even connect to the database using 'test' account,

but once you assign "CONNECT" to it, it can see a certain number of tables, like tables starting with "ALL_" and "USER_" ...because these tables when created, are granted SELECT to PUBLIC

so if you want to revoke all the select on ALL_USERS table, you have to do:

log in as sys

SQL>revoke SELECT on ALL_USERS from PUBLIC;

then user account "test" lost the select privilege on SYS.ALL_USERS...

Hope this helps a bit
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why doesn't the Oracle optimizer use my index? Querying too much data Most Oracle developers know that an index is useful when you can use it to restrict your result set to a small number of the total rows in a table. So, the obvious side…
How to Unravel a Tricky Query Introduction If you browse through the Oracle zones or any of the other database-related zones you'll come across some complicated solutions and sometimes you'll just have to wonder how anyone came up with them.  …
This video shows how to Export data from an Oracle database using the Datapump Export Utility.  The corresponding Datapump Import utility is also discussed and demonstrated.
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question