Solved

grant drop table to a specific table

Posted on 2011-09-13
8
2,387 Views
Last Modified: 2012-05-12
I want to grant drop table on a particular table to a particular user but I am gettting error. invalid privs.

grant drop on table_name to user_name;

can soneone help me.
0
Comment
Question by:nirvairghuman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 74

Accepted Solution

by:
sdstuber earned 100 total points
ID: 36529343
there is no such privilege.

you could instead create a procedure owned by the object owner that does the drop and grant execute on that procedure

or grant "drop any table",  but use a ddl trigger to block all drops except that one table


however,  why do you want to allow the drop?  Is it really necessary?
0
 

Author Comment

by:nirvairghuman
ID: 36529356
I want to grant tuncate table but thet comes with drop table. Is there any other solution.
0
 
LVL 74

Assisted Solution

by:sdstuber
sdstuber earned 100 total points
ID: 36529387
there is no truncate table privilege either.

I recommend going with the procedure that you allow access to


create or replace truncate_my_table
is
begin
     execute immediate 'truncate table MY_TABLE';
end;

then grant execute on that procedure
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Assisted Solution

by:Javier Morales
Javier Morales earned 25 total points
ID: 36530521
you have to grant DROP ANY TABLE to allow this user to truncate a table out of its schema.
ALTER ANY TABLE isn't enough for that (raises "insufficient privileges" instead of "Table or view doesn't exists")


Here's an example:


SQL> create user test identified by test;

User created.

SQL> grant connect to test;

Grant succeeded.

SQL> show user    
USER is "GESTION_USUARIOS"
SQL> create table drop_test_table  (id number);

Table created.

SQL> insert into drop_test_table values (1);

1 row created.

SQL> commit;

Commit complete.

SQL> connect test/test
Connected.

SQL> truncate table gestion_usuarios.drop_test_table;
truncate table gestion_usuarios.drop_test_table
                                *
ERROR at line 1:
ORA-00942: table or view does not exist


SQL> connect gestion_usuarios
Enter password: 
Connected.
SQL> grant alter any table to test;

Grant succeeded.

SQL> connect test/test
Connected.
SQL> truncate table gestion_usuarios.drop_test_table;
truncate table gestion_usuarios.drop_test_table
                                *
ERROR at line 1:
ORA-01031: insufficient privileges


SQL> connect gestion_usuarios
Enter password: 
Connected.

SQL> grant drop any table to test;

Grant succeeded.

SQL> connect test/test
Connected.
SQL> truncate table gestion_usuarios.drop_test_table;

Table truncated.

SQL> connect gestion_usuarios
Enter password: 
Connected.
SQL> revoke alter any table from test;

Revoke succeeded.

SQL> connect test/test
Connected.
SQL> truncate table gestion_usuarios.drop_test_table;

Table truncated.

Open in new window



Tables can be truncated only with DROP ANY TABLE privilege for tables out of the ownership.

Please, keep in mind that "DROP ANY TABLE" allows to "drop any of the tables" in the database...

As sdstuber recommends, the best way is to create a procedure to truncate the table (under our own privileges) and grant execution privileges... then, the privilege DROP ANY TABLE is not needed.

SQL> create or replace procedure truncate_my_table
  2  is
  3  begin
  4   execute immediate 'truncate table drop_test_table';
  5  end;
  6  /

Procedure created.

SQL> grant execute on truncate_my_table to test;

Grant succeeded.

SQL> revoke drop any table from test;

Revoke succeeded.

SQL> connect test/test
Connected.
SQL> exec gestion_usuarios.truncate_my_table;

PL/SQL procedure successfully completed.

Open in new window


If you don't need to allow "exactly" truncate table comand, the securest way is using the procedure. If you need to allow the user execute "truncate table schema.table_name" then, the only solution is granting DROP ANY TABLE.
0
 

Author Comment

by:nirvairghuman
ID: 36531376
Hi,
I tried with stored procedure, but now the problem is Some users have execute any stored procedure, Now what would be the solution.
0
 
LVL 74

Assisted Solution

by:sdstuber
sdstuber earned 100 total points
ID: 36531387
check the user name inside the procedure or check the role, or some other rule to make sure only the people you authorize can use it


create or replace truncate_my_table
is
begin
    if USER = 'ALLOWED_USER' then
     execute immediate 'truncate table MY_TABLE';
    end if;
end;
0
 

Author Comment

by:nirvairghuman
ID: 36531808
Hi sdstuber,

I tried the stored procedure and It went fine.

 Can you please tell about more the below option means syntax for the trigger

or grant "drop any table",  but use a ddl trigger to block all drops except that one table

0
 
LVL 74

Assisted Solution

by:sdstuber
sdstuber earned 100 total points
ID: 36531860
I can tell you about it but I'll also tell you not to use this method.

If what you want is to allow truncate of a single table,  then use the procedure suggested above.

rather than black listing,  use the procedure a white list.


CREATE OR REPLACE TRIGGER check_ddl
    BEFORE DDL
    ON YOUR_USER.schema
BEGIN  
    IF ora_dict_obj_owner  != 'YOUR_SCHEMA' or ora_dict_obj_name != 'YOUR_TABLE'
    THEN
        raise_application_error(-20001, 'YOUR_SER can only modify the YOUR_SCHEMA.YOUR_TABLE table');
    END IF;
END;


alternately, you could create a database wide DDL trigger of similar design.

CREATE OR REPLACE TRIGGER check_ddl
    BEFORE DDL
    ON DATABASE

but, again, using the procedure is a simpler and better design.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Note: this article covers simple compression. Oracle introduced in version 11g release 2 a new feature called Advanced Compression which is not covered here. General principle of Oracle compression Oracle compression is a way of reducing the d…
Introduction A previously published article on Experts Exchange ("Joins in Oracle", http://www.experts-exchange.com/Database/Oracle/A_8249-Joins-in-Oracle.html) makes a statement about "Oracle proprietary" joins and mixes the join syntax with gen…
This video explains what a user managed backup is and shows how to take one, providing a couple of simple example scripts.
This video shows how to copy an entire tablespace from one database to another database using Transportable Tablespace functionality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question