Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!
Solved
Oracle read only user
Posted on 2016-10-17
I need to create database user that should be able to view all the database objects - tables, procedures, packages, functions and triggers.
I can say - grant select any table to user. How do I go about doing this for the other objects.
I can say - grant select any table to user. How do I go about doing this for the other objects.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4
7 Comments
Active 2 days ago
select any table - this will apply to non-sys owned tables and views
select any dictionary - this will apply to sys owned tables and views.
For 12c it does NOT include SYS.USER$ (and others), you will need to grant select on that directly, but there is usually no need to do that and is not recommended.
for procedures, pacakges, functions and triggers I assume you mean you want to view the source.
with select any dictionary you can read dba_source for all of those
if you are trying to read the code by behind wrapped objects, you can't. There is no privilege that allows that, not even SYS has that authority.
select any dictionary - this will apply to sys owned tables and views.
For 12c it does NOT include SYS.USER$ (and others), you will need to grant select on that directly, but there is usually no need to do that and is not recommended.
for procedures, pacakges, functions and triggers I assume you mean you want to view the source.
with select any dictionary you can read dba_source for all of those
if you are trying to read the code by behind wrapped objects, you can't. There is no privilege that allows that, not even SYS has that authority.
Thanks LVL73. If you grant select any dictionary, can I go and view the package body from Packagaes in sql developer or can I only view them from the dba_source table .
Active 2 days ago
lvl73 isn't a name, it's a counter (sort of) indicating the amount of time spent on EE answering questions.
but, I assume you meant me, sdstuber
sql developer uses the ALL_* views, but if you have select any dictionary, that should make ALL_* act pretty much like DBA_* (except a little heavier because the ALL_* views are doing extra work to confirm permissions)
but, I assume you meant me, sdstuber
sql developer uses the ALL_* views, but if you have select any dictionary, that should make ALL_* act pretty much like DBA_* (except a little heavier because the ALL_* views are doing extra work to confirm permissions)
Active today
Yes, "select ANY" will get you what you need but it will probably also get you a whole lot more.
You should really follow good security practices:
https://en.wikipedia.org/wiki/Principle_of_least_privilege
Select any dictionary and table can be a security issue. It doesn't limit what the user can see.
If you want them to see absolutely everything in the database in every schema, even the sys and system schemas, then grant them.
You should really follow good security practices:
https://en.wikipedia.org/wiki/Principle_of_least_privilege
Select any dictionary and table can be a security issue. It doesn't limit what the user can see.
If you want them to see absolutely everything in the database in every schema, even the sys and system schemas, then grant them.
Active 2 days ago
what is your db version?
if it's 12.1.0.2 or higher you should probably use "read any table" instead of "select any table"
the select privilege implicitly allows you to lock objects even if you can't update/insert/delete on them.
It's as simple as "select * from some_table for update"
even if you don't have update privilege, the select grant allows you to do that and that query would lock every row in the table.
if you have "read any table" privilege, you can't do that
if it's 12.1.0.2 or higher you should probably use "read any table" instead of "select any table"
the select privilege implicitly allows you to lock objects even if you can't update/insert/delete on them.
It's as simple as "select * from some_table for update"
even if you don't have update privilege, the select grant allows you to do that and that query would lock every row in the table.
if you have "read any table" privilege, you can't do that
Featured Post
Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Cursors in Oracle:
A cursor is used to process individual rows returned by database system for a query.
In oracle every SQL statement executed by the oracle server has a private area. This area contains information about the SQL statement and the…
Shell script to create broker configuration file using current broker Configuration, solely for purpose of backup on Linux.
Script may need to be modified depending on OS-installation.
Please deploy and verify the script in a test environment.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
This video shows how to recover a database from a user managed backup
Suggested Courses
Course of the Month11 days, 8 hours left to enroll
718 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.