Solved

grant drop table to a specific table

Posted on 2011-09-13
8
1,377 Views
Last Modified: 2012-05-12
I want to grant drop table on a particular table to a particular user but I am gettting error. invalid privs.

grant drop on table_name to user_name;

can soneone help me.
0
Comment
Question by:nirvairghuman
  • 4
  • 3
8 Comments
 
LVL 73

Accepted Solution

by:
sdstuber earned 100 total points
ID: 36529343
there is no such privilege.

you could instead create a procedure owned by the object owner that does the drop and grant execute on that procedure

or grant "drop any table",  but use a ddl trigger to block all drops except that one table


however,  why do you want to allow the drop?  Is it really necessary?
0
 

Author Comment

by:nirvairghuman
ID: 36529356
I want to grant tuncate table but thet comes with drop table. Is there any other solution.
0
 
LVL 73

Assisted Solution

by:sdstuber
sdstuber earned 100 total points
ID: 36529387
there is no truncate table privilege either.

I recommend going with the procedure that you allow access to


create or replace truncate_my_table
is
begin
     execute immediate 'truncate table MY_TABLE';
end;

then grant execute on that procedure
0
 
LVL 6

Assisted Solution

by:Javier Morales
Javier Morales earned 25 total points
ID: 36530521
you have to grant DROP ANY TABLE to allow this user to truncate a table out of its schema.
ALTER ANY TABLE isn't enough for that (raises "insufficient privileges" instead of "Table or view doesn't exists")


Here's an example:


SQL> create user test identified by test;

User created.

SQL> grant connect to test;

Grant succeeded.

SQL> show user    
USER is "GESTION_USUARIOS"
SQL> create table drop_test_table  (id number);

Table created.

SQL> insert into drop_test_table values (1);

1 row created.

SQL> commit;

Commit complete.

SQL> connect test/test
Connected.

SQL> truncate table gestion_usuarios.drop_test_table;
truncate table gestion_usuarios.drop_test_table
                                *
ERROR at line 1:
ORA-00942: table or view does not exist


SQL> connect gestion_usuarios
Enter password: 
Connected.
SQL> grant alter any table to test;

Grant succeeded.

SQL> connect test/test
Connected.
SQL> truncate table gestion_usuarios.drop_test_table;
truncate table gestion_usuarios.drop_test_table
                                *
ERROR at line 1:
ORA-01031: insufficient privileges


SQL> connect gestion_usuarios
Enter password: 
Connected.

SQL> grant drop any table to test;

Grant succeeded.

SQL> connect test/test
Connected.
SQL> truncate table gestion_usuarios.drop_test_table;

Table truncated.

SQL> connect gestion_usuarios
Enter password: 
Connected.
SQL> revoke alter any table from test;

Revoke succeeded.

SQL> connect test/test
Connected.
SQL> truncate table gestion_usuarios.drop_test_table;

Table truncated.

Open in new window



Tables can be truncated only with DROP ANY TABLE privilege for tables out of the ownership.

Please, keep in mind that "DROP ANY TABLE" allows to "drop any of the tables" in the database...

As sdstuber recommends, the best way is to create a procedure to truncate the table (under our own privileges) and grant execution privileges... then, the privilege DROP ANY TABLE is not needed.

SQL> create or replace procedure truncate_my_table
  2  is
  3  begin
  4   execute immediate 'truncate table drop_test_table';
  5  end;
  6  /

Procedure created.

SQL> grant execute on truncate_my_table to test;

Grant succeeded.

SQL> revoke drop any table from test;

Revoke succeeded.

SQL> connect test/test
Connected.
SQL> exec gestion_usuarios.truncate_my_table;

PL/SQL procedure successfully completed.

Open in new window


If you don't need to allow "exactly" truncate table comand, the securest way is using the procedure. If you need to allow the user execute "truncate table schema.table_name" then, the only solution is granting DROP ANY TABLE.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:nirvairghuman
ID: 36531376
Hi,
I tried with stored procedure, but now the problem is Some users have execute any stored procedure, Now what would be the solution.
0
 
LVL 73

Assisted Solution

by:sdstuber
sdstuber earned 100 total points
ID: 36531387
check the user name inside the procedure or check the role, or some other rule to make sure only the people you authorize can use it


create or replace truncate_my_table
is
begin
    if USER = 'ALLOWED_USER' then
     execute immediate 'truncate table MY_TABLE';
    end if;
end;
0
 

Author Comment

by:nirvairghuman
ID: 36531808
Hi sdstuber,

I tried the stored procedure and It went fine.

 Can you please tell about more the below option means syntax for the trigger

or grant "drop any table",  but use a ddl trigger to block all drops except that one table

0
 
LVL 73

Assisted Solution

by:sdstuber
sdstuber earned 100 total points
ID: 36531860
I can tell you about it but I'll also tell you not to use this method.

If what you want is to allow truncate of a single table,  then use the procedure suggested above.

rather than black listing,  use the procedure a white list.


CREATE OR REPLACE TRIGGER check_ddl
    BEFORE DDL
    ON YOUR_USER.schema
BEGIN  
    IF ora_dict_obj_owner  != 'YOUR_SCHEMA' or ora_dict_obj_name != 'YOUR_TABLE'
    THEN
        raise_application_error(-20001, 'YOUR_SER can only modify the YOUR_SCHEMA.YOUR_TABLE table');
    END IF;
END;


alternately, you could create a database wide DDL trigger of similar design.

CREATE OR REPLACE TRIGGER check_ddl
    BEFORE DDL
    ON DATABASE

but, again, using the procedure is a simpler and better design.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Cursors in Oracle: A cursor is used to process individual rows returned by database system for a query. In oracle every SQL statement executed by the oracle server has a private area. This area contains information about the SQL statement and the…
How to Unravel a Tricky Query Introduction If you browse through the Oracle zones or any of the other database-related zones you'll come across some complicated solutions and sometimes you'll just have to wonder how anyone came up with them.  …
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Via a live example, show how to take different types of Oracle backups using RMAN.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now