Solved

oracle prividlges 10g Dynamic SQL issue

Posted on 2014-03-07
4
656 Views
Last Modified: 2014-03-07
I am trying to create a procedure that will allow me to create a table on the fly using dynamic SQL. but I get a prividiges issue. I don't want to grant everything I want to know what is the minimum grants I need

here is the example of when I can get the code to work :

declare

  procedure s  (sql_string varchar2) is
  begin
      execute immediate sql_string;
  end;
begin
  s('create table JAY22 (c1 number(9))');
  s('drop table JAY22');

end;  

-- everything works fine.

so now I want to place the procedure out of the declare block


create or procedure s  (sql_string varchar2) is
  begin
      execute immediate sql_string;
  end;

and this compiles;

I now try to run version 2 of my code:

declare

begin
  s('create table JAY22 (c1 number(9))');
  s('drop table JAY22');

end;  

-- this time it fails with

ORA-01031: insufficient privileges
ORA-06512: at "ACME_STG.S", line 4
ORA-06512: at line 5
01031. 00000 -  "insufficient privileges"
*Cause:    An attempt was made to change the current username or password
           without the appropriate privilege. This error also occurs if
           attempting to install a database without the necessary operating
           system privileges.


-- I run a second test just to make sure the procedure works

declare

begin
  s('select sysdate from dual');
end;  

-- no issues
Granted roles
DEFAULT ROLE "RESOURCE","CONNECT"

Only un-limited table space is specifically granted


so what is the minimum grants I need to allow this schema to run the procedure s

?
0
Comment
Question by:jhacharya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 39913987
What user are you connecting as when you run the procedure?

I assume ACME_STG.  

Does ACME_STG have the grants you mention?
Does ACME_STG own procedure 's'?
0
 
LVL 22

Accepted Solution

by:
Steve Wales earned 500 total points
ID: 39914059
The problem is that when you are trying to create the table via a procedure, you only have the create table system privilege granted through the RESOURCE role.

Permissions like that can't be granted via roles.  They must be specifically granted when the call is coming via a procedure.

I created a user called u1, granted him unlimited tablespace, resource and connect.

Ran through your test scenario as u1 - same error.

Specifically granted u1 the CREATE TABLE privilege and reran your scenario and the create and drop worked just fine.

Could not find the documentation reference by I did find an article at AskTom to refer to (which is almost as good :) )

http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:245614733592
0
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 39914072
>>granted through the RESOURCE role.

Ah, yes!  That is 100% correct.  I also forget where that is stated in the documentation but I will agree that is the issue!
0
 
LVL 2

Author Closing Comment

by:jhacharya
ID: 39914089
Great this was driving me crazy
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Row_number in SQL 6 56
Toad 12.10 Enterprise visual interface 4 46
Creating a are-you-sure condition prior to shutdown: what do you think of... 14 61
construct a query sql 11 43
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question