Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

oracle prividlges 10g Dynamic SQL issue

Posted on 2014-03-07
4
Medium Priority
?
669 Views
Last Modified: 2014-03-07
I am trying to create a procedure that will allow me to create a table on the fly using dynamic SQL. but I get a prividiges issue. I don't want to grant everything I want to know what is the minimum grants I need

here is the example of when I can get the code to work :

declare

  procedure s  (sql_string varchar2) is
  begin
      execute immediate sql_string;
  end;
begin
  s('create table JAY22 (c1 number(9))');
  s('drop table JAY22');

end;  

-- everything works fine.

so now I want to place the procedure out of the declare block


create or procedure s  (sql_string varchar2) is
  begin
      execute immediate sql_string;
  end;

and this compiles;

I now try to run version 2 of my code:

declare

begin
  s('create table JAY22 (c1 number(9))');
  s('drop table JAY22');

end;  

-- this time it fails with

ORA-01031: insufficient privileges
ORA-06512: at "ACME_STG.S", line 4
ORA-06512: at line 5
01031. 00000 -  "insufficient privileges"
*Cause:    An attempt was made to change the current username or password
           without the appropriate privilege. This error also occurs if
           attempting to install a database without the necessary operating
           system privileges.


-- I run a second test just to make sure the procedure works

declare

begin
  s('select sysdate from dual');
end;  

-- no issues
Granted roles
DEFAULT ROLE "RESOURCE","CONNECT"

Only un-limited table space is specifically granted


so what is the minimum grants I need to allow this schema to run the procedure s

?
0
Comment
Question by:jhacharya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 39913987
What user are you connecting as when you run the procedure?

I assume ACME_STG.  

Does ACME_STG have the grants you mention?
Does ACME_STG own procedure 's'?
0
 
LVL 23

Accepted Solution

by:
Steve Wales earned 2000 total points
ID: 39914059
The problem is that when you are trying to create the table via a procedure, you only have the create table system privilege granted through the RESOURCE role.

Permissions like that can't be granted via roles.  They must be specifically granted when the call is coming via a procedure.

I created a user called u1, granted him unlimited tablespace, resource and connect.

Ran through your test scenario as u1 - same error.

Specifically granted u1 the CREATE TABLE privilege and reran your scenario and the create and drop worked just fine.

Could not find the documentation reference by I did find an article at AskTom to refer to (which is almost as good :) )

http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:245614733592
0
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 39914072
>>granted through the RESOURCE role.

Ah, yes!  That is 100% correct.  I also forget where that is stated in the documentation but I will agree that is the issue!
0
 
LVL 2

Author Closing Comment

by:jhacharya
ID: 39914089
Great this was driving me crazy
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Truncate is a DDL Command where as Delete is a DML Command. Both will delete data from table, but what is the difference between these below statements truncate table <table_name> ?? delete from <table_name> ?? The first command cannot be …
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
Via a live example show how to connect to RMAN, make basic configuration settings changes and then take a backup of a demo database
This video explains what a user managed backup is and shows how to take one, providing a couple of simple example scripts.

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question