Solved

oracle prividlges 10g Dynamic SQL issue

Posted on 2014-03-07
4
644 Views
Last Modified: 2014-03-07
I am trying to create a procedure that will allow me to create a table on the fly using dynamic SQL. but I get a prividiges issue. I don't want to grant everything I want to know what is the minimum grants I need

here is the example of when I can get the code to work :

declare

  procedure s  (sql_string varchar2) is
  begin
      execute immediate sql_string;
  end;
begin
  s('create table JAY22 (c1 number(9))');
  s('drop table JAY22');

end;  

-- everything works fine.

so now I want to place the procedure out of the declare block


create or procedure s  (sql_string varchar2) is
  begin
      execute immediate sql_string;
  end;

and this compiles;

I now try to run version 2 of my code:

declare

begin
  s('create table JAY22 (c1 number(9))');
  s('drop table JAY22');

end;  

-- this time it fails with

ORA-01031: insufficient privileges
ORA-06512: at "ACME_STG.S", line 4
ORA-06512: at line 5
01031. 00000 -  "insufficient privileges"
*Cause:    An attempt was made to change the current username or password
           without the appropriate privilege. This error also occurs if
           attempting to install a database without the necessary operating
           system privileges.


-- I run a second test just to make sure the procedure works

declare

begin
  s('select sysdate from dual');
end;  

-- no issues
Granted roles
DEFAULT ROLE "RESOURCE","CONNECT"

Only un-limited table space is specifically granted


so what is the minimum grants I need to allow this schema to run the procedure s

?
0
Comment
Question by:jhacharya
  • 2
4 Comments
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 39913987
What user are you connecting as when you run the procedure?

I assume ACME_STG.  

Does ACME_STG have the grants you mention?
Does ACME_STG own procedure 's'?
0
 
LVL 22

Accepted Solution

by:
Steve Wales earned 500 total points
ID: 39914059
The problem is that when you are trying to create the table via a procedure, you only have the create table system privilege granted through the RESOURCE role.

Permissions like that can't be granted via roles.  They must be specifically granted when the call is coming via a procedure.

I created a user called u1, granted him unlimited tablespace, resource and connect.

Ran through your test scenario as u1 - same error.

Specifically granted u1 the CREATE TABLE privilege and reran your scenario and the create and drop worked just fine.

Could not find the documentation reference by I did find an article at AskTom to refer to (which is almost as good :) )

http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:245614733592
0
 
LVL 76

Expert Comment

by:slightwv (䄆 Netminder)
ID: 39914072
>>granted through the RESOURCE role.

Ah, yes!  That is 100% correct.  I also forget where that is stated in the documentation but I will agree that is the issue!
0
 
LVL 2

Author Closing Comment

by:jhacharya
ID: 39914089
Great this was driving me crazy
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
querying by the sum of a column in decimal 7 56
PAYER_ID has both atributes 4 31
Need a replacement data type in Oracle 6 65
Oracle and DateTime math 6 26
Note: this article covers simple compression. Oracle introduced in version 11g release 2 a new feature called Advanced Compression which is not covered here. General principle of Oracle compression Oracle compression is a way of reducing the d…
I remember the day when someone asked me to create a user for an application developement. The user should be able to create views and materialized views and, so, I used the following syntax: (CODE) This way, I guessed, I would ensure that use…
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
This video shows how to recover a database from a user managed backup

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now