• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 673
  • Last Modified:

oracle prividlges 10g Dynamic SQL issue

I am trying to create a procedure that will allow me to create a table on the fly using dynamic SQL. but I get a prividiges issue. I don't want to grant everything I want to know what is the minimum grants I need

here is the example of when I can get the code to work :

declare

  procedure s  (sql_string varchar2) is
  begin
      execute immediate sql_string;
  end;
begin
  s('create table JAY22 (c1 number(9))');
  s('drop table JAY22');

end;  

-- everything works fine.

so now I want to place the procedure out of the declare block


create or procedure s  (sql_string varchar2) is
  begin
      execute immediate sql_string;
  end;

and this compiles;

I now try to run version 2 of my code:

declare

begin
  s('create table JAY22 (c1 number(9))');
  s('drop table JAY22');

end;  

-- this time it fails with

ORA-01031: insufficient privileges
ORA-06512: at "ACME_STG.S", line 4
ORA-06512: at line 5
01031. 00000 -  "insufficient privileges"
*Cause:    An attempt was made to change the current username or password
           without the appropriate privilege. This error also occurs if
           attempting to install a database without the necessary operating
           system privileges.


-- I run a second test just to make sure the procedure works

declare

begin
  s('select sysdate from dual');
end;  

-- no issues
Granted roles
DEFAULT ROLE "RESOURCE","CONNECT"

Only un-limited table space is specifically granted


so what is the minimum grants I need to allow this schema to run the procedure s

?
0
Jayesh Acharya
Asked:
Jayesh Acharya
  • 2
1 Solution
 
slightwv (䄆 Netminder) Commented:
What user are you connecting as when you run the procedure?

I assume ACME_STG.  

Does ACME_STG have the grants you mention?
Does ACME_STG own procedure 's'?
0
 
Steve WalesSenior Database AdministratorCommented:
The problem is that when you are trying to create the table via a procedure, you only have the create table system privilege granted through the RESOURCE role.

Permissions like that can't be granted via roles.  They must be specifically granted when the call is coming via a procedure.

I created a user called u1, granted him unlimited tablespace, resource and connect.

Ran through your test scenario as u1 - same error.

Specifically granted u1 the CREATE TABLE privilege and reran your scenario and the create and drop worked just fine.

Could not find the documentation reference by I did find an article at AskTom to refer to (which is almost as good :) )

http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:245614733592
0
 
slightwv (䄆 Netminder) Commented:
>>granted through the RESOURCE role.

Ah, yes!  That is 100% correct.  I also forget where that is stated in the documentation but I will agree that is the issue!
0
 
Jayesh AcharyaTechnichal ConsultantAuthor Commented:
Great this was driving me crazy
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now