soetseun
asked on
Deleting data from another user's schema
The challenge that we have is to grant users update, insert and delete permissions on a table in another user's (USRALL) schema.
Here is what I've done:
1. Log in as the user USERALL and create an Oracle role through which the permissions will be given:
create role ROL_EH_COREP identified using pack_authentication;
Role created.
grant select, insert, update, delete on EH_BII_REP_EXPECTED_DIM to ROL_EH_COREP;
Grant succeeded.
2. Assign this role to users:
grant ROL_EH_COREP to johannes, soraya;
Grant succeeded.
3. Log in to the database as user JOHANNES and do a select from the table in the schema USRALL:
alter session set current_schema=USRALL;
Session altered.
4. Now select data from the table just to show that there are data and that is selectable:
select partition_key, underlying_table, unique_row_id from eh_bii_rep_expected_dims;
(lots of rows are displayed, but removed from this question)
5. Now delete data from it:
delete eh_bii_rep_expected_dims;
0 rows deleted.
There is no error message and it states that nothing is deleted.
What do I need to do to enable another schema's user to delete data in another schema?
Thanks
Jacques
Here is what I've done:
1. Log in as the user USERALL and create an Oracle role through which the permissions will be given:
create role ROL_EH_COREP identified using pack_authentication;
Role created.
grant select, insert, update, delete on EH_BII_REP_EXPECTED_DIM to ROL_EH_COREP;
Grant succeeded.
2. Assign this role to users:
grant ROL_EH_COREP to johannes, soraya;
Grant succeeded.
3. Log in to the database as user JOHANNES and do a select from the table in the schema USRALL:
alter session set current_schema=USRALL;
Session altered.
4. Now select data from the table just to show that there are data and that is selectable:
select partition_key, underlying_table, unique_row_id from eh_bii_rep_expected_dims;
(lots of rows are displayed, but removed from this question)
5. Now delete data from it:
delete eh_bii_rep_expected_dims;
0 rows deleted.
There is no error message and it states that nothing is deleted.
What do I need to do to enable another schema's user to delete data in another schema?
Thanks
Jacques
ASKER
Hallo DLyall,
I have issued your create command and Oracle responded with:
ORA-00955: name is already used by an existing object
I don't really think that Oracle is looking for this table in the user's own schema, as I did change the 'current_schema' variable before issuing this command.
Any ideas on what this is, or other ideas perhaps?
Thanks
Jacques
I have issued your create command and Oracle responded with:
ORA-00955: name is already used by an existing object
I don't really think that Oracle is looking for this table in the user's own schema, as I did change the 'current_schema' variable before issuing this command.
Any ideas on what this is, or other ideas perhaps?
Thanks
Jacques
Looks like a weird error..
Can u try truncating the table?
May be it will give insufficient priveleges error..
In that case please try the below steps..
create or replace procedure do_truncate
as
begin
execute immediate 'truncate table t1';
end;
/
grant execute on do_truncate to 'user';
Now, as the JOHANNES user..
exec do_truncate;
Can u try truncating the table?
May be it will give insufficient priveleges error..
In that case please try the below steps..
create or replace procedure do_truncate
as
begin
execute immediate 'truncate table t1';
end;
/
grant execute on do_truncate to 'user';
Now, as the JOHANNES user..
exec do_truncate;
just login as johannes and then try
delete from USRALL.EH_BII_REP_EXPECTED _DIM where rownum < 2;
Can you tell me what is the output for this.
Also do you have records in 'ALL_POLICIES'
select * from all_policies
where table_name ='EH_BII_REP_EXPECTED_DIM' ;
Thanks
delete from USRALL.EH_BII_REP_EXPECTED
Can you tell me what is the output for this.
Also do you have records in 'ALL_POLICIES'
select * from all_policies
where table_name ='EH_BII_REP_EXPECTED_DIM'
Thanks
ASKER
Hallo all,
I will be at the client sight tomorrow, and post my findings to all your suggestions.
Thank you so far for the help and within 24 hours I will have proper feedback to all of you.
Thanks
Jacques
I will be at the client sight tomorrow, and post my findings to all your suggestions.
Thank you so far for the help and within 24 hours I will have proper feedback to all of you.
Thanks
Jacques
ASKER
Both questions answered here in one post for all:
######################
Hallo ravindran_eee,
I have done as you requested with a bit of modification and here are the results:
1. Created the do_truncate procedure:
create or replace procedure do_truncate
as
begin
execute immediate 'delete table USRALL.EH_BII_REP_EXPECTED _DIMS where rownum < 2';
end;
2. Granted execute permission to the user JOHANNES:
grant execute on do_truncate to JOHANNES;
3. Login in as the user JOHANNES and execute this procedure:
SQL> exec usrall.do_truncate;
BEGIN usrall.do_truncate; END;
*
ERROR at line 1:
ORA-00903: invalid table name
ORA-06512: at "USRALL.DO_TRUNCATE", line 4
ORA-06512: at line 1
This error message does not make sense, because when I copy and paste the table name from the creation command of the procedure, then I can select the data from this table as the user JOHANNES. Why would it complain that the table does not exist?
######################
Hallo nav_kum_v,
Here is the output as requested:
1. I logged in as the user JOHANNES and then immediately executed the following command:
delete from USRALL.EH_BII_REP_EXPECTED _DIMS where rownum < 2;
0 rows deleted.
2. I then immediately executed the following command to show that there is data in the table and that the user JOHANNES can select it:
select count(*) from USRALL.EH_BII_REP_EXPECTED _DIMS ;
COUNT(*)
----------
162
3. I then selected, modified your SQL for correct syntax, from ALL_POLICIES (apologies for the eye-sore format of the output):
select * from all_policies where object_name = 'EH_BII_REP_EXPECTED_DIMS' ;
OBJECT_OWNER OBJECT_NAME POLICY_GROUP POLICY_NAME PF_OWNER PACKAGE FUNCTION SEL INS UPD DEL CHK ENA STA
-------------------------- ---- -------------------------- ---- -------------------------- ---- -------------------------- ---- -------------------------- ---- -------------------------- ---- -------------------------- ---- --- --- --- --- --- --- ---
USRALL EH_BII_REP_EXPECTED_DIMS SYS_DEFAULT EH_BII_REP_EXPECTED_DIMS USRALL PACK_POLICY GET_PK_RD_WS_PREDICATE YES NO YES YES NO YES NO
USRALL EH_BII_REP_EXPECTED_DIMS SYS_DEFAULT EH_BII_REP_EXPECTED_DIMS_A USRALL PACK_POLICY GET_CTX_ACCESS_PREDICATE_R D_WS NO YES YES YES YES YES NO
This really baffles me. The user JOHANNES has permissions to do anything with this table (select, insert, update and delete), so what is the missing piece here?
Please help me, I am getting bolder by the day.
Thanks
Jacques
######################
Hallo ravindran_eee,
I have done as you requested with a bit of modification and here are the results:
1. Created the do_truncate procedure:
create or replace procedure do_truncate
as
begin
execute immediate 'delete table USRALL.EH_BII_REP_EXPECTED
end;
2. Granted execute permission to the user JOHANNES:
grant execute on do_truncate to JOHANNES;
3. Login in as the user JOHANNES and execute this procedure:
SQL> exec usrall.do_truncate;
BEGIN usrall.do_truncate; END;
*
ERROR at line 1:
ORA-00903: invalid table name
ORA-06512: at "USRALL.DO_TRUNCATE", line 4
ORA-06512: at line 1
This error message does not make sense, because when I copy and paste the table name from the creation command of the procedure, then I can select the data from this table as the user JOHANNES. Why would it complain that the table does not exist?
######################
Hallo nav_kum_v,
Here is the output as requested:
1. I logged in as the user JOHANNES and then immediately executed the following command:
delete from USRALL.EH_BII_REP_EXPECTED
0 rows deleted.
2. I then immediately executed the following command to show that there is data in the table and that the user JOHANNES can select it:
select count(*) from USRALL.EH_BII_REP_EXPECTED
COUNT(*)
----------
162
3. I then selected, modified your SQL for correct syntax, from ALL_POLICIES (apologies for the eye-sore format of the output):
select * from all_policies where object_name = 'EH_BII_REP_EXPECTED_DIMS'
OBJECT_OWNER OBJECT_NAME POLICY_GROUP POLICY_NAME PF_OWNER PACKAGE FUNCTION SEL INS UPD DEL CHK ENA STA
--------------------------
USRALL EH_BII_REP_EXPECTED_DIMS SYS_DEFAULT EH_BII_REP_EXPECTED_DIMS USRALL PACK_POLICY GET_PK_RD_WS_PREDICATE YES NO YES YES NO YES NO
USRALL EH_BII_REP_EXPECTED_DIMS SYS_DEFAULT EH_BII_REP_EXPECTED_DIMS_A
This really baffles me. The user JOHANNES has permissions to do anything with this table (select, insert, update and delete), so what is the missing piece here?
Please help me, I am getting bolder by the day.
Thanks
Jacques
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for the quick response; I appreciate it.
The solution was thus:
exec dbms_rls.enable_policy('US RALL', 'EH_BII_REP_EXPECTED_DIMS' , 'EH_BII_REP_EXPECTED_DIMS_ A', FALSE);
After I disabled (or dropped) the policy, I could delete the rows in the table.
Thanks again.
Regards
Jacques
The solution was thus:
exec dbms_rls.enable_policy('US
After I disabled (or dropped) the policy, I could delete the rows in the table.
Thanks again.
Regards
Jacques
Log on as USRALL and issue "create synonym USRALL.eh_bii_rep_expected
Then log on as user JOHANNES and try the delete again.