Solved

Creating Roles in Oracle 8i

Posted on 2003-12-05
7
1,148 Views
Last Modified: 2012-08-13
I am having problems creating a Role. I am new to all this DB stuff so please be patient.
I want to create a Role type in Oracle and restrict this role to only be able to do SELECTS on certain Schema. Following is some Script that I wrote :

CREATE ROLE "APP_USER"  NOT IDENTIFIED;
GRANT SELECT ON "APP"."CUSTOMER" TO "APP_USER"
GRANT SELECT ON "APP"."SHIPMENT" TO "APP_USER"
GRANT SELECT ON "APP"."V_INVLIST" TO "APP_USER"
GRANT "CONNECT" TO "APP_USER";

Where APP is another User and the tables are the User Schema Tables.
Where I run this script from SQLPLUS I get :
ERROR at line 1:
ORA-01031: insufficient privileges
I tried logging in as SYS, SYSTEM, and Internal with SYSDBA privl.
 
Can anyone help.

Thanks
Adil
0
Comment
Question by:AdilK
  • 3
  • 3
7 Comments
 

Expert Comment

by:kp397
ID: 9884146
I donot understand why you are giving Connect previlege to a role here.

GRANT "CONNECT" TO "APP_USER";
This is assigns connect previleges to a database user.
You don't need this stmt for your purpose.
0
 

Author Comment

by:AdilK
ID: 9884257
Ok My fault. Also, can anyone tell me how can I restrict a user from selecting from the SYS or SYSTEM tables (Data Dictionary)
0
 

Expert Comment

by:kp397
ID: 9884392
Do you have any specific tables.Normally thought it will show table, basic your cannot be able to select data from some of the tables.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:AdilK
ID: 9884634
Well for example I dont want to the user to select from view SYS.ALL_USER  

Adil
0
 

Expert Comment

by:kp397
ID: 9884688
Connect to SYS and Revoke permissions from user.
0
 

Author Comment

by:AdilK
ID: 9884780
Revoke what Permissions...!!! Please explain !
0
 
LVL 23

Accepted Solution

by:
seazodiac earned 100 total points
ID: 9885559
by default,

A user account created has not a single sys or object privileges, not to mention to select sys tables.

For example, when you issue
SQL>create user test identified by test;

up to this point , you cannot even connect to the database using 'test' account,

but once you assign "CONNECT" to it, it can see a certain number of tables, like tables starting with "ALL_" and "USER_" ...because these tables when created, are granted SELECT to PUBLIC

so if you want to revoke all the select on ALL_USERS table, you have to do:

log in as sys

SQL>revoke SELECT on ALL_USERS from PUBLIC;

then user account "test" lost the select privilege on SYS.ALL_USERS...

Hope this helps a bit
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Best RAID for a BDD Oracle 4 67
Queries 15 38
help on oracle query 5 43
form builder not starting 3 34
Working with Network Access Control Lists in Oracle 11g (part 1) Part 2: http://www.e-e.com/A_9074.html So, you upgraded to a shiny new 11g database and all of a sudden every program that used UTL_MAIL, UTL_SMTP, UTL_TCP, UTL_HTTP or any oth…
Introduction A previously published article on Experts Exchange ("Joins in Oracle", http://www.experts-exchange.com/Database/Oracle/A_8249-Joins-in-Oracle.html) makes a statement about "Oracle proprietary" joins and mixes the join syntax with gen…
Via a live example, show how to take different types of Oracle backups using RMAN.
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now