Solved

oracle prividlges 10g Dynamic SQL issue

Posted on 2014-03-07
4
647 Views
Last Modified: 2014-03-07
I am trying to create a procedure that will allow me to create a table on the fly using dynamic SQL. but I get a prividiges issue. I don't want to grant everything I want to know what is the minimum grants I need

here is the example of when I can get the code to work :

declare

  procedure s  (sql_string varchar2) is
  begin
      execute immediate sql_string;
  end;
begin
  s('create table JAY22 (c1 number(9))');
  s('drop table JAY22');

end;  

-- everything works fine.

so now I want to place the procedure out of the declare block


create or procedure s  (sql_string varchar2) is
  begin
      execute immediate sql_string;
  end;

and this compiles;

I now try to run version 2 of my code:

declare

begin
  s('create table JAY22 (c1 number(9))');
  s('drop table JAY22');

end;  

-- this time it fails with

ORA-01031: insufficient privileges
ORA-06512: at "ACME_STG.S", line 4
ORA-06512: at line 5
01031. 00000 -  "insufficient privileges"
*Cause:    An attempt was made to change the current username or password
           without the appropriate privilege. This error also occurs if
           attempting to install a database without the necessary operating
           system privileges.


-- I run a second test just to make sure the procedure works

declare

begin
  s('select sysdate from dual');
end;  

-- no issues
Granted roles
DEFAULT ROLE "RESOURCE","CONNECT"

Only un-limited table space is specifically granted


so what is the minimum grants I need to allow this schema to run the procedure s

?
0
Comment
Question by:jhacharya
  • 2
4 Comments
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 39913987
What user are you connecting as when you run the procedure?

I assume ACME_STG.  

Does ACME_STG have the grants you mention?
Does ACME_STG own procedure 's'?
0
 
LVL 22

Accepted Solution

by:
Steve Wales earned 500 total points
ID: 39914059
The problem is that when you are trying to create the table via a procedure, you only have the create table system privilege granted through the RESOURCE role.

Permissions like that can't be granted via roles.  They must be specifically granted when the call is coming via a procedure.

I created a user called u1, granted him unlimited tablespace, resource and connect.

Ran through your test scenario as u1 - same error.

Specifically granted u1 the CREATE TABLE privilege and reran your scenario and the create and drop worked just fine.

Could not find the documentation reference by I did find an article at AskTom to refer to (which is almost as good :) )

http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:245614733592
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 39914072
>>granted through the RESOURCE role.

Ah, yes!  That is 100% correct.  I also forget where that is stated in the documentation but I will agree that is the issue!
0
 
LVL 2

Author Closing Comment

by:jhacharya
ID: 39914089
Great this was driving me crazy
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Subquery in Oracle: Sub queries are one of advance queries in oracle. Types of advance queries: •      Sub Queries •      Hierarchical Queries •      Set Operators Sub queries are know as the query called from another query or another subquery. It can …
How to Create User-Defined Aggregates in Oracle Before we begin creating these things, what are user-defined aggregates?  They are a feature introduced in Oracle 9i that allows a developer to create his or her own functions like "SUM", "AVG", and…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question