Solved

Creating Roles in Oracle 8i

Posted on 2003-12-05
7
1,146 Views
Last Modified: 2012-08-13
I am having problems creating a Role. I am new to all this DB stuff so please be patient.
I want to create a Role type in Oracle and restrict this role to only be able to do SELECTS on certain Schema. Following is some Script that I wrote :

CREATE ROLE "APP_USER"  NOT IDENTIFIED;
GRANT SELECT ON "APP"."CUSTOMER" TO "APP_USER"
GRANT SELECT ON "APP"."SHIPMENT" TO "APP_USER"
GRANT SELECT ON "APP"."V_INVLIST" TO "APP_USER"
GRANT "CONNECT" TO "APP_USER";

Where APP is another User and the tables are the User Schema Tables.
Where I run this script from SQLPLUS I get :
ERROR at line 1:
ORA-01031: insufficient privileges
I tried logging in as SYS, SYSTEM, and Internal with SYSDBA privl.
 
Can anyone help.

Thanks
Adil
0
Comment
Question by:AdilK
  • 3
  • 3
7 Comments
 

Expert Comment

by:kp397
ID: 9884146
I donot understand why you are giving Connect previlege to a role here.

GRANT "CONNECT" TO "APP_USER";
This is assigns connect previleges to a database user.
You don't need this stmt for your purpose.
0
 

Author Comment

by:AdilK
ID: 9884257
Ok My fault. Also, can anyone tell me how can I restrict a user from selecting from the SYS or SYSTEM tables (Data Dictionary)
0
 

Expert Comment

by:kp397
ID: 9884392
Do you have any specific tables.Normally thought it will show table, basic your cannot be able to select data from some of the tables.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:AdilK
ID: 9884634
Well for example I dont want to the user to select from view SYS.ALL_USER  

Adil
0
 

Expert Comment

by:kp397
ID: 9884688
Connect to SYS and Revoke permissions from user.
0
 

Author Comment

by:AdilK
ID: 9884780
Revoke what Permissions...!!! Please explain !
0
 
LVL 23

Accepted Solution

by:
seazodiac earned 100 total points
ID: 9885559
by default,

A user account created has not a single sys or object privileges, not to mention to select sys tables.

For example, when you issue
SQL>create user test identified by test;

up to this point , you cannot even connect to the database using 'test' account,

but once you assign "CONNECT" to it, it can see a certain number of tables, like tables starting with "ALL_" and "USER_" ...because these tables when created, are granted SELECT to PUBLIC

so if you want to revoke all the select on ALL_USERS table, you have to do:

log in as sys

SQL>revoke SELECT on ALL_USERS from PUBLIC;

then user account "test" lost the select privilege on SYS.ALL_USERS...

Hope this helps a bit
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Pl/SQL Query 31 76
Error when running a simple alter statement in Aqua studio for Oracle 6 44
Oracle - Query Insert and Update multiple tables 5 58
SQL query question 8 40
Background In several of the companies I have worked for, I noticed that corporate reporting is off loaded from the production database and done mainly on a clone database which needs to be kept up to date daily by various means, be it a logical…
Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
This video shows how to recover a database from a user managed backup

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now