Solved

User Privileges to Database

Posted on 2006-06-23
5
1,167 Views
Last Modified: 2008-02-01
I am new to oracle and this is a simple question. What command do I use to grant read only rights to a user and what commands do I use to verify the privileg has been granted?
0
Comment
Question by:efaah0
5 Comments
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 16972437
GRANT SELECT ON ALL TO USER;
0
 
LVL 25

Expert Comment

by:jrb1
ID: 16973270
Didn't work for me:

grant select on all to jbush
                *
ERROR at line 1:
ORA-00903: invalid table name

http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:1184235446570

"Well, there is no grant that allows a user or role access to all objects in a
schema like that"

However, this PL/SQL will work:

begin
   for x in ( select tname from tab )
   loop
      execute immediate 'grant select on ' || x.tname || ' to {username}';
   end loop;
end;
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 16974311
I stand corrected. Actually, I messed up with "GRANT ALL ON <table> ... etc"  :-(

here the link:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:1184235446570
0
 
LVL 3

Assisted Solution

by:JacekMycha
JacekMycha earned 125 total points
ID: 16975539
1. You can grant a privilege to an object or you can grant a system privilege. You cannot grant select to all your tables (i.e. tables in your schema).
2. If you are a DBA or you have 'SELECT ANY TABLE' system privilege granted 'WITH ADMIN OPTION' then you can grant 'SELECT ANY TABLE' system privilege to a user. The grantee will be able to select from any table in the database. If you have any sensitive information in your database then you shouldn't do that. If it's developement environment with some dummy data then it can be fine.
3. You can grant a SELECT privilege on a table in your schema to a user. The syntax is:
GRANT SELECT ON <tablename> TO <username> [WITH GRANT OPTION]. WITH GRANT OPTION means that your user can pass this grant to other users. You cannot grant a privilege to all your tables in one statement.
4. You create a role and grant SELECT on your tables to that role. Than you can grant that role to many users. If you have a new user later on than you simply grant him a role. If you have a new table then you simply grant select on this new table to the role. It is much simpler when you have many tables and many users.
5. You can examine following data dictionary views for information on granted privileges:
DBA_SYS_PRIVS, USER_SYS_PRIVS
DBA_TAB_PRIVS, ALL_TAB_PRIVS, USER_TAB_PRIVS
ALL_TAB_PRIVS_MADE, USER_TAB_PRIVS_MADE
ALL_TAB_PRIVS_RECD, USER_TAB_PRIVS_RECD
DBA_ROLE_PRIVS, USER_ROLE_PRIVS
ROLE_SYS_PRIVS, ROLE_TAB_PRIVS, ROLE_ROLE_PRIVS

Please refer to Oracle documentation for description of these views.
JacekMycha
0
 
LVL 16

Accepted Solution

by:
MohanKNair earned 125 total points
ID: 16977504
To provide read access for a user

1) execute "grant select on <table_name> to USER" for all tables and views
2) In the user schema create synonyms for the tables
3) Create roles for a set of table grants
4) Query DBA_SYS_PRIVS and DBA_TAB_PRIVS to query the privileges granted to the user
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Query 34 116
passing parameters to sql script oracle 4 61
PL/SQL Display based on value 4 39
oracle numeric condition check 4 27
Truncate is a DDL Command where as Delete is a DML Command. Both will delete data from table, but what is the difference between these below statements truncate table <table_name> ?? delete from <table_name> ?? The first command cannot be …
How to Unravel a Tricky Query Introduction If you browse through the Oracle zones or any of the other database-related zones you'll come across some complicated solutions and sometimes you'll just have to wonder how anyone came up with them.  …
This video shows how to Export data from an Oracle database using the Datapump Export Utility.  The corresponding Datapump Import utility is also discussed and demonstrated.
This video shows how to recover a database from a user managed backup

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question