I am triyng to run this script on schema 1:
GRANT CREATE ANY TABLE TO schema2;
GRANT INSERT ANY TABLE TO schema2;
but I get this error :
GRANT CREATE ANY TABLE TO schema2
Error at line 1
ORA-01031: Nicht ausreichende Berechtigungen
what should I do now?
ORA-01031: insufficient privileges means that the user you are connected as doesn't have privileges to perform the action you are attempting to do. So in this case SCHEMA1 doesn't have the privileges to GRANT CREATE ANY TABLE to any schema.
If you connect as SYS, SYSTEM, or another privileged user, you can then run the grant GRANT CREATE ANY TABLE TO SCHEMA1 WITH ADMIN OPTION;. Then if you connect to SCHEMA1, you should then be able to run GRANT CREATE ANY TABLE TO schema2;. The same procedure will need to be done for the INSERT ANY TABLE privilege.
Related
There is an option for configuring ASP.NET application to store session info into SQL Server: https://learn.microsoft.com/en-us/previous-versions/ms178586(v=vs.140)
However it requires creating a new database(ASPState) with some script
I'm wondering is there an option for using the application database itself for providing session storage or are there any hardcoded requirements that db name should be ASPState and the only option is creating another database.
I'll first mention it's not a good idea to mix aspstate and user objects in the same database. The aspstate data is used quite heavily and can require significant SQL Server transaction log space for ephemeral data that never needs to be recovered. It would be better to have a dedicated database in the SIMPLE recovery model for session state instead of co-mingling data with different recovery requirements.
The name of the aspstate database is configurable. Specify the Aspnet_regsql -sstype c argument for a custom database and the database name with -d. For example:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_regsql.exe" -ssadd -sstype c -d YourUserDatabase -S YourSqlInstance -E
Below is an aspstate connection string example given the example above for Windows authentication. This can be identical to your normal user database connection string but here I added an explict application name to uniqueify the connection string so that session state uses a separate connection pool.
Data Source=YourSqlInstance;Initial Catalog=YourUserDatabase;Integrated Security=SSPI;Application Name=aspstate
You'll also need to grant permissions on the stored procedures used by session state unless you use a privileged account (a bad practice). Below is a script to do that via role membership:
USE YourUserDatabase;
GO
CREATE Role APSStateRole;
ALTER ROLE APSStateRole
ADD MEMBER [YourUserAccount]; --assuming user already exists
GRANT EXECUTE ON dbo.TempReleaseStateItemExclusive TO ASPStateRole;
GRANT EXECUTE ON dbo.TempInsertUninitializedItem TO ASPStateRole;
GRANT EXECUTE ON dbo.TempInsertStateItemShort TO ASPStateRole;
GRANT EXECUTE ON dbo.TempInsertStateItemLong TO ASPStateRole;
GRANT EXECUTE ON dbo.TempUpdateStateItemShort TO ASPStateRole;
GRANT EXECUTE ON dbo.TempUpdateStateItemShortNullLong TO ASPStateRole;
GRANT EXECUTE ON dbo.TempUpdateStateItemLong TO ASPStateRole;
GRANT EXECUTE ON dbo.TempUpdateStateItemLongNullShort TO ASPStateRole;
GRANT EXECUTE ON dbo.TempRemoveStateItem TO ASPStateRole;
GRANT EXECUTE ON dbo.TempResetTimeout TO ASPStateRole;
GRANT EXECUTE ON dbo.GetMajorVersion TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetVersion TO ASPStateRole;
GRANT EXECUTE ON dbo.GetHashCode TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetAppID TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItem TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItem2 TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItem3 TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItemExclusive TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItemExclusive2 TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItemExclusive3 TO ASPStateRole;
GO
Is there an easy way to create a user and grant all privileges to all databases except a specific one?
I've tried this
CREATE USER 'demo'#'%' IDENTIFIED BY 'QbSv9qUj2EJ8mxm2';
GRANT ALL PRIVILEGES ON *.* TO 'demo'#'%';
REVOKE ALL ON id8694160_sqless.* FROM 'demo'#'%'; -- this is the DB I don't want the user to have access to
SHOW GRANTS FOR 'demo'#'%';
But I get the following error:
Error Code: 1141. There is no such grant defined for user 'demo' on host '%'
Is this even possible?
According to the documentation:
Global privileges are granted using *.* for priv_level. Global privileges include privileges to administer the database and manage user accounts, as well as privileges for all tables, functions, and procedures. Global privileges are stored in the mysql.user table.
Database privileges are granted using db_name.* for priv_level, or using just * to use default database. Database privileges include privileges to create tables and functions, as well as privileges for all tables, functions, and procedures in the database. Database privileges are stored in the mysql.db table.
It means that the privileges you grant with GRANT ALL PRIVILEGES ON *.* TO 'demo'#'%'; is represented by one row in the mysql.user table. Revoking privileges for only one database from these global privileges means removing the global privileges from the mysql.user table and add one database privilege for each database except the id8694160_sqless database, in the mysql.db table.
I'm quite sure the REVOKE statement does not do this but you can manually give privileges to all databases except one with a request such as :
INSERT INTO mysql.db
SELECT '%',schema_name,'demo','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y'
FROM information_schema.schemata
WHERE NOT schema_name = 'mysql'
AND NOT schema_name = 'information_schema'
AND NOT schema_name = 'performance_schema'
AND NOT schema_name = 'id8694160_sqless';
FLUSH PRIVILEGES;
While trying to remap schema in impdp i am getting this error.
ORA-31631: privileges are required
ORA-39122: Unprivileged users may not perform REMAP_SCHEMA remappings.
Priviledges are granted to users inside sql shell.
I am executing as oracle user how to grant priviledge to it.I am executing impdp after doing su - oracle
Grant imp_full_database role to the database user and then import
I want to create a user/schema in oracle 11g and grant all privileges to the user. How can I do this with a simple script. I looked at the following links but I am not sure which one to use or if these statements are the best way.
http://ss64.com/ora/grant.html
Can you suggest how I may do this in the simplest possible way and securely ?
To create a new user you use the "create user" command. So a typical create user command would be :
create user test identified by test default tablespace mytbsp.
Of course you need to replace the values for the user, password and tablespace with different values. However I'd recommend that you have a look at Oracle's documentation http://docs.oracle.com/cd/B19306_01/server.102/b14200/statements_8003.htm.
The next step is to grant the user the corresponding rights. To give a user all the rights is a very bad approach as you would also give him dba privileges. What you instead is to give him connect privileges and the permissions to his default tablespace. Also it is better to use roles instead of granting the rights directly. So if you have to grant the rights again you only need to grant the role. First step is to create the role:
GRANT CREATE session, CREATE table, CREATE view,
CREATE procedure,CREATE synonym,
ALTER table, ALTER view, ALTER procedure,ALTER synonym,
DROP table, DROP view, DROP procedure,DROP synonym
TO MyRole;
This statement is not complete you might require additional rights (index maintenance for instance), but have a look at the online oracle documentation.
After that you grant the role to the newly created user.
GRANT myrole to test;
Create the user:
create user user_name identified by password ;
Grant the privileges:
grant all privilege to user_name;
If you want to view the number of privileges:
select * from system_privilege_map where neme like '%PRIV%';
If you want to view privileges assigned to the users:
select count (*) , grantee
from dba_sys_privs
where grantee in ('user1','user2')
group by grantee ;
I am using oracle 10g. I have a database user TDM_DD which executes a procedure in which it creates a schema/user and tables in it. While doing so I have to grant 'UNLIMITED TABLESPACE' privilege to the newly created schema. However I am getting error "ORA-01031: insufficient privileges" Need help!!
You can only grant the UNLIMITED TABLESPACE privilege as a user that is allowed to grant it, such as the SYSTEM user. You will need to give your TDM_DD user the privileges to be able to have it grant the UNLIMITED TABLESPACE privilege to someone else.