I am using oracle 10g. I have a database user TDM_DD which executes a procedure in which it creates a schema/user and tables in it. While doing so I have to grant 'UNLIMITED TABLESPACE' privilege to the newly created schema. However I am getting error "ORA-01031: insufficient privileges" Need help!!
You can only grant the UNLIMITED TABLESPACE privilege as a user that is allowed to grant it, such as the SYSTEM user. You will need to give your TDM_DD user the privileges to be able to have it grant the UNLIMITED TABLESPACE privilege to someone else.
Related
Is there an easy way to create a user and grant all privileges to all databases except a specific one?
I've tried this
CREATE USER 'demo'#'%' IDENTIFIED BY 'QbSv9qUj2EJ8mxm2';
GRANT ALL PRIVILEGES ON *.* TO 'demo'#'%';
REVOKE ALL ON id8694160_sqless.* FROM 'demo'#'%'; -- this is the DB I don't want the user to have access to
SHOW GRANTS FOR 'demo'#'%';
But I get the following error:
Error Code: 1141. There is no such grant defined for user 'demo' on host '%'
Is this even possible?
According to the documentation:
Global privileges are granted using *.* for priv_level. Global privileges include privileges to administer the database and manage user accounts, as well as privileges for all tables, functions, and procedures. Global privileges are stored in the mysql.user table.
Database privileges are granted using db_name.* for priv_level, or using just * to use default database. Database privileges include privileges to create tables and functions, as well as privileges for all tables, functions, and procedures in the database. Database privileges are stored in the mysql.db table.
It means that the privileges you grant with GRANT ALL PRIVILEGES ON *.* TO 'demo'#'%'; is represented by one row in the mysql.user table. Revoking privileges for only one database from these global privileges means removing the global privileges from the mysql.user table and add one database privilege for each database except the id8694160_sqless database, in the mysql.db table.
I'm quite sure the REVOKE statement does not do this but you can manually give privileges to all databases except one with a request such as :
INSERT INTO mysql.db
SELECT '%',schema_name,'demo','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y'
FROM information_schema.schemata
WHERE NOT schema_name = 'mysql'
AND NOT schema_name = 'information_schema'
AND NOT schema_name = 'performance_schema'
AND NOT schema_name = 'id8694160_sqless';
FLUSH PRIVILEGES;
I am trying to change the tablespace on my user and what i am getting is insufficien privileges.Does anybody know how to solve this problem?
Example:
SQL> alter user test_
2 default tablespace users temporary tablespace temp
3 quota 800M on users
4 /
alter user test_
*
ERROR at line 1:
ORA-01031: insufficient privileges
As Documentation says:
You must have the ALTER USER system privilege. However, you can change your own password without this privilege.
So, if you connect as a privileged user (such as SYS) and grant it to, for example, SCOTT, then SCOTT will be able to do that:
SQL> connect sys/syspwd#xe as sysdba
Connected.
SQL> grant alter user to scott;
Grant succeeded.
SQL> connect scott/tiger#xe
Connected.
SQL> alter user scott default tablespace users temporary tablespace temp quota unlimited on users;
User altered.
SQL>
While trying to remap schema in impdp i am getting this error.
ORA-31631: privileges are required
ORA-39122: Unprivileged users may not perform REMAP_SCHEMA remappings.
Priviledges are granted to users inside sql shell.
I am executing as oracle user how to grant priviledge to it.I am executing impdp after doing su - oracle
Grant imp_full_database role to the database user and then import
I want to create an application about one user select other users and define there privileges, but this user don't be a Administrator or "dba". A sentence as:
GRANT GRANT TO BIG_USER;
The "Big User" have many privileges, another users the same or less.
Thanks
If you want to grant all grant that have been given to a user to some other users at first you should get that user grants then for each user write a script to give that grant. the following tables show the grant for each user
USER_SYS_PRIVS, USER_TAB_PRIVS, USER_ROLE_PRIVS tables
write a query to get privileges and then give them to other users
Oracle's permission system allows a bit of granularity regarding what you can allow this user to grant.
For objects (tables, etc) you have to either be a dba, the object owner, or have permissions granted with the grant option. So the following should work:
GRANT ALL PRIVILEGES ON mytable TO WITH GRANT OPTION;
You would have to repeat this on every table the user needs to be able to manage permissions on.
This answer is assuming you are looking at permissions on objects (tables etc) rather than system privileges.
I am transitioning an application from Dev to QA. I have created an sql file to populate the database in the QA environment. In the QA environment I am using windows authentication on the db. My user has minimal permissions. I am comin up with the error
EXECUTE permission denied on object 'aspnet_CheckSchemaVersion', database 'QADB', schema 'dbo'.
when I try an log in. I noticed my db creation script has:
"CREATE ROLE [aspnet_Membership_BasicAccess] AUTHORIZATION [dbo]"
When I change the permissions of my user to dbo, the problem goes away.
I do not wish for my user to be dbo. Does anybody know what I can do to remedy this?
Grant the user the execute permission on the stored procedure, or better still, make sure the user is a member of the role and grant execute permissions to the role.
GRANT EXECUTE ON aspnet_checkscemaversion TO aspnet_membership_basicaccess