Solved

Creating Roles in Oracle 8i

Posted on 2003-12-05
7
1,153 Views
Last Modified: 2012-08-13
I am having problems creating a Role. I am new to all this DB stuff so please be patient.
I want to create a Role type in Oracle and restrict this role to only be able to do SELECTS on certain Schema. Following is some Script that I wrote :

CREATE ROLE "APP_USER"  NOT IDENTIFIED;
GRANT SELECT ON "APP"."CUSTOMER" TO "APP_USER"
GRANT SELECT ON "APP"."SHIPMENT" TO "APP_USER"
GRANT SELECT ON "APP"."V_INVLIST" TO "APP_USER"
GRANT "CONNECT" TO "APP_USER";

Where APP is another User and the tables are the User Schema Tables.
Where I run this script from SQLPLUS I get :
ERROR at line 1:
ORA-01031: insufficient privileges
I tried logging in as SYS, SYSTEM, and Internal with SYSDBA privl.
 
Can anyone help.

Thanks
Adil
0
Comment
Question by:AdilK
  • 3
  • 3
7 Comments
 

Expert Comment

by:kp397
ID: 9884146
I donot understand why you are giving Connect previlege to a role here.

GRANT "CONNECT" TO "APP_USER";
This is assigns connect previleges to a database user.
You don't need this stmt for your purpose.
0
 

Author Comment

by:AdilK
ID: 9884257
Ok My fault. Also, can anyone tell me how can I restrict a user from selecting from the SYS or SYSTEM tables (Data Dictionary)
0
 

Expert Comment

by:kp397
ID: 9884392
Do you have any specific tables.Normally thought it will show table, basic your cannot be able to select data from some of the tables.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:AdilK
ID: 9884634
Well for example I dont want to the user to select from view SYS.ALL_USER  

Adil
0
 

Expert Comment

by:kp397
ID: 9884688
Connect to SYS and Revoke permissions from user.
0
 

Author Comment

by:AdilK
ID: 9884780
Revoke what Permissions...!!! Please explain !
0
 
LVL 23

Accepted Solution

by:
seazodiac earned 100 total points
ID: 9885559
by default,

A user account created has not a single sys or object privileges, not to mention to select sys tables.

For example, when you issue
SQL>create user test identified by test;

up to this point , you cannot even connect to the database using 'test' account,

but once you assign "CONNECT" to it, it can see a certain number of tables, like tables starting with "ALL_" and "USER_" ...because these tables when created, are granted SELECT to PUBLIC

so if you want to revoke all the select on ALL_USERS table, you have to do:

log in as sys

SQL>revoke SELECT on ALL_USERS from PUBLIC;

then user account "test" lost the select privilege on SYS.ALL_USERS...

Hope this helps a bit
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Configuring and using Oracle Database Gateway for ODBC Introduction First, a brief summary of what a Database Gateway is.  A Gateway is a set of driver agents and configurations that allow an Oracle database to communicate with other platforms…
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
Via a live example show how to connect to RMAN, make basic configuration settings changes and then take a backup of a demo database
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question