Solved

roles, grants & Privileges Report

Posted on 2006-06-19
4
960 Views
Last Modified: 2012-06-21
I was trying to build a nice output table of the various roles, grants & Privileges
I wanted by output to look something like this:

ROLE1
      • Granted to
            o USER1
            o USER2
            o USER4
      • Roles Granted
            o ROLE2
            o ROLE3
            o ROLE4
            o ROLE5
      • Privileges
            o ALTER
                  - TABLE1
                  - TABLE2
                  - TABLE4
                  - TABLE5
                  - TABLE9
            o DELETE
                  - TABLE2
                  - TABLE4
                  - TABLE5
                  - TABLE9

ROLE2
      • Granted to
            o USER3
            o USER4
      • Roles Granted
            o ROLE5
      • Privileges
            o SELECT
                  - TABLE1
                  - TABLE2
                  - TABLE3
                  - TABLE4
                  - TABLE5


My main trick is getting the output to look some what nice (similar layout to the above example).

To select the role I have:
      SELECT DISTINCT r.granted_role
                 FROM dba_role_privs r

To get the 'Granted to' I have:
      SELECT DISTINCT r2.grantee
                 FROM dba_role_privs r2
                WHERE r2.granted_role = r.granted_role

To get the 'Roles Granted' I have:
      SELECT DISTINCT r3.granted_role
                 FROM dba_role_privs r3
                WHERE r3.grantee = r.granted_role

To get the 'Privileges' I have:
      SELECT DISTINCT r4.privilege
                 FROM dba_tab_privs r4
                WHERE r4.grantee = r.granted_role

To get the individual Privileges I have:
      SELECT DISTINCT r5.table_name
                 FROM dba_tab_privs r5
                WHERE r5.grantee = r.granted_role
                AND r5.privilege = r4.privilege

All my quires appear to be correct I just want to be able to bring it all up and indent each one so it looks nice with out repeating columns.

BTW: I am trying to run this on Oracle9i Release 9.2.0.1.0.

Does anyone have some good ways to format the out put from SQL to that I can get my output to look nice? Ideally I would like the query to display it as above.


0
Comment
Question by:jim_1234567890
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 19

Expert Comment

by:actonwang
ID: 16939137
>>Does anyone have some good ways to format
     If you are talking about sql*plus, it doesn't support much format. The furthest you can get is to use:

set markup HTML on
spool index.html
select * from tab;
spool off
set markup HTML off

you will get a table like html page.

0
 
LVL 19

Accepted Solution

by:
actonwang earned 125 total points
ID: 16939151
It would be hard to format it in just one query in sql*plus.

I would say that you can do it in one PL/SQL block. Use sth like:

for role in  (  SELECT DISTINCT granted_role  FROM dba_role_privs) loop
   -- for user granted
       --another loop then in loop you use DBMS_OUTPUT.PUT_LINE(' ...') to control your format
       
   --for roles granted

   --priviligets
end loop;
/

I belive that you will get my idea.
0
 

Author Comment

by:jim_1234567890
ID: 16943054
Thanks for the insight Actonwang.

I was able to build a little procedure that I still need to test.  But It is something like this:

CREATE OR REPLACE PROCEDURE oracle_roles IS
   CURSOR role_cur IS
      SELECT DISTINCT granted_role
                 FROM dba_role_privs
             ORDER BY granted_role;

   
-- To get the 'Granted to' I have:
   CURSOR grant2_cur (in_granted_role VARCHAR2) IS
      SELECT DISTINCT r2.grantee
                 FROM dba_role_privs r2
                WHERE r2.granted_role = in_granted_role;

   
-- To get the 'Roles Granted' I have:
   CURSOR rolegranted_cur (in_granted_role VARCHAR2) IS
      SELECT DISTINCT r3.granted_role
                 FROM dba_role_privs r3
                WHERE r3.grantee = in_granted_role;

   
-- To get the 'Privileges' I have:
   CURSOR privileges_cur (in_granted_role VARCHAR2) IS
      SELECT DISTINCT r4.privilege
                 FROM sys.dba_tab_privs r4
                WHERE r4.grantee = in_granted_role;

   
-- To get the individual Privileges I have:
   CURSOR iprivileges_cur (in_granted_role VARCHAR2, in_privilege VARCHAR2) IS
      SELECT DISTINCT r5.table_name
                 FROM dba_tab_privs r5
                WHERE r5.grantee = in_granted_role AND r5.privilege = in_privilege;

   role_rec          role_cur%ROWTYPE;
   grant2_rec        grant2_cur%ROWTYPE;
   rolegranted_rec   rolegranted_cur%ROWTYPE;
   privileges_rec    privileges_cur%ROWTYPE;
   iprivileges_rec   iprivileges_cur%ROWTYPE;
BEGIN
   
-- spool c:\temp\priviliges.txt;

   FOR role_rec IN role_cur LOOP
      DBMS_OUTPUT.put_line (role_rec.granted_role);
      DBMS_OUTPUT.put_line ('     '|| 'Granted to:');
      OPEN grant2_cur (role_rec.granted_role);
      FETCH grant2_cur INTO grant2_rec;

      IF grant2_cur%NOTFOUND THEN
         CLOSE grant2_cur;
         DBMS_OUTPUT.put_line ('       '|| 'None');
      ELSE
         CLOSE grant2_cur;

         FOR grant2_rec IN grant2_cur (role_rec.granted_role) LOOP
            DBMS_OUTPUT.put_line ('       '|| grant2_rec.grantee);
         END LOOP;
      END IF;

      DBMS_OUTPUT.put_line ('     '|| 'Roles Granted:');
      OPEN rolegranted_cur (role_rec.granted_role);
      FETCH rolegranted_cur INTO rolegranted_rec;

      IF rolegranted_cur%NOTFOUND THEN
         CLOSE rolegranted_cur;
         DBMS_OUTPUT.put_line ('       '|| 'None');
      ELSE
         CLOSE rolegranted_cur;

         FOR rolegranted_rec IN rolegranted_cur (role_rec.granted_role) LOOP
            DBMS_OUTPUT.put_line ('       '|| rolegranted_rec.granted_role);
         END LOOP;
      END IF;

      DBMS_OUTPUT.put_line ('     '|| 'Privileges:');
      OPEN privileges_cur (role_rec.granted_role);
      FETCH privileges_cur INTO privileges_rec;

      IF privileges_cur%NOTFOUND THEN
         CLOSE privileges_cur;
         DBMS_OUTPUT.put_line ('       '|| 'None');
      ELSE
         CLOSE privileges_cur;

         FOR privileges_rec IN privileges_cur (role_rec.granted_role) LOOP
            DBMS_OUTPUT.put_line ('       '|| privileges_rec.privilege);
            OPEN iprivileges_cur (role_rec.granted_role, privileges_rec.privilege);
            FETCH iprivileges_rec INTO iprivileges_cur;

            IF iprivileges_cur%NOTFOUND THEN
               CLOSE iprivileges_cur;
               DBMS_OUTPUT.put_line ('         '|| 'None');
            ELSE
               CLOSE iprivileges_cur;

               FOR iprivileges_rec IN iprivileges_cur (role_rec.granted_role, privileges_rec.privilege) LOOP
                  DBMS_OUTPUT.put_line ('       '|| iprivileges_rec.table_name);
               END LOOP;
            END IF;
         END LOOP;
      END IF;
   END LOOP;
END;
0
 
LVL 19

Expert Comment

by:actonwang
ID: 16943342
yes, sth like this would work.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction A previously published article on Experts Exchange ("Joins in Oracle", http://www.experts-exchange.com/Database/Oracle/A_8249-Joins-in-Oracle.html) makes a statement about "Oracle proprietary" joins and mixes the join syntax with gen…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
This video shows how to Export data from an Oracle database using the Datapump Export Utility.  The corresponding Datapump Import utility is also discussed and demonstrated.
Via a live example, show how to restore a database from backup after a simulated disk failure using RMAN.

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question