Solved

Oracle read only user

Posted on 2016-10-17
7
37 Views
Last Modified: 2016-11-05
I need to create database user that should be able to view all the database objects - tables, procedures, packages, functions and triggers.

I can say - grant select any table to user. How do I go about doing this for the other objects.
0
Comment
Question by:happylife1234
  • 4
7 Comments
 
LVL 73

Accepted Solution

by:
sdstuber earned 250 total points (awarded by participants)
ID: 41847210
select any table  -  this will apply to non-sys owned  tables and views

select any dictionary - this will apply to sys owned tables and views.  

For 12c it does NOT include SYS.USER$ (and others), you will need to grant select on that directly, but there is usually no need to do that and is not recommended.


for procedures, pacakges, functions and triggers I assume you mean you want to view the source.
with select any dictionary you can read dba_source for all of those


if you are trying to read the code by behind wrapped objects, you can't.  There is no privilege that allows that, not even SYS has that authority.
0
 

Author Comment

by:happylife1234
ID: 41847212
Thanks LVL73. If you grant select any dictionary, can I go and view the package body from Packagaes in sql developer or can I only view them from the dba_source table .
0
 
LVL 73

Assisted Solution

by:sdstuber
sdstuber earned 250 total points (awarded by participants)
ID: 41847218
lvl73 isn't a name, it's a counter (sort of)   indicating the amount of time spent on EE answering questions.

but, I assume you meant me,  sdstuber

sql developer uses the ALL_* views,  but if you have select any dictionary, that should make ALL_* act pretty much like DBA_* (except a little heavier because the ALL_* views are doing extra work to confirm permissions)
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 76

Assisted Solution

by:slightwv (䄆 Netminder)
slightwv (䄆 Netminder) earned 250 total points (awarded by participants)
ID: 41847227
Yes, "select ANY" will get you what you need but it will probably also get you a whole lot more.

You should really follow good security practices:
https://en.wikipedia.org/wiki/Principle_of_least_privilege

Select any dictionary and table can be a security issue.  It doesn't limit what the user can see.

If you want them to see absolutely everything in the database in every schema, even the sys and system schemas, then grant them.
0
 
LVL 73

Assisted Solution

by:sdstuber
sdstuber earned 250 total points (awarded by participants)
ID: 41847232
what is your db version?

if it's 12.1.0.2 or higher you should probably use "read any table"  instead of "select any table"

the select privilege implicitly allows you to lock objects even if you can't update/insert/delete on them.

It's as simple as "select * from some_table for update"

even if you don't have update privilege, the select grant allows you to do that and that query would lock every row in the table.

if you have "read any table" privilege, you can't do that
1
 
LVL 73

Expert Comment

by:sdstuber
ID: 41847234
you can also explicitly issue LOCK TABLE statements with the select privilege, the READ privilege does not allow that.

again, the READ privilge for tables and views only applies to 12.1.0.2 and higher.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EXECUTE IMMEDIATE 5 67
How to return an OUT parameter from and ORACLE 3 66
Extract Currency data from a string and put them in a new field 3 36
Help on model clause 5 29
Article by: Swadhin
From the Oracle SQL Reference (http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/queries006.htm) we are told that a join is a query that combines rows from two or more tables, views, or materialized views. This article provides a glimps…
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
This video shows how to recover a database from a user managed backup

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question