|
|
 |
 |
 |
 |
EXECUTE ANY PROCEDURE
I'm a bit confused here. I had a schema grant EXECUTE ANY PROCEDURE to a user. But that user could not access procedures in a package.. they got an ORA-04043 (object xxx does not exist). Can someone tell me the proper way to grant to a user the rights to execute
procedures and functions in and outside of packages in a given schema?
this seems to work, but I don't know if it is the proper way, and further, I
don't know why EXECUTE ANY PROCEDURE didn't do it.
thanks
Jeff
Jeff Kish
Comments embedded. On May 14, 11:55 am, Jeff Kish <jeff.k @mro.com> wrote: > I'm a bit confused here.
> I had a schema grant EXECUTE ANY PROCEDURE to a user.
A schema can't grant anything to anyone. The schema owner can. > But that user could not access procedures in a package.. they got an ORA-04043
> (object xxx does not exist).
Providing the EXACT error message, instead of your condensed version, would help tremendously. > Can someone tell me the proper way to grant to a user the rights to execute
> procedures and functions in and outside of packages in a given schema?
Usually it's granting EXECUTE ANY PROCEDURE to the desired user (provided the schema owner granting such a privilege can do so). > this seems to work,
To what, exactly, does 'this' refer? > but I don't know if it is the proper way,
Neither do we, as you haven't explained what 'this' is. > and further, I
> don't know why EXECUTE ANY PROCEDURE didn't do it.
Neither do we, and we won't until you provide exactly what you did, with which user account, and what privileges said user account has been granted. > thanks
> Jeff
> Jeff Kish
David Fitzjarrell -----------------------------------------------Reply-----------------------------------------------
<snip> sorry. obviously my message was sloppy, and I'm assuming the problem is being caused by my own sloppiness. Let me step back as I'm trying to replicate a reported problem and am having
other issues getting in the way now.. btw thanks for your previous reply(ies).
overall I'm trying to recreate a problem.
basically a user is trying to access a table using the dot notation and I'm
getting:
ORA-00903: invalid table name
if I log in as the owner/creator of the schema and tables I can do:
select * from table ok
but logging in as another user (joe) I can't execute select * from
myuser.table;
Can someone tell me what I have left out that will allow using dot notation to
access the tables?
ugly details
I created a user myuser.
I granted myuser these rights:
these roles
.. CONNECT
.. RESOURCE
.. SELECT_CATALOG_ROLE
these system privileges
.. CREATE ANY INDEX
.. CREATE PROCEDURE
.. CREATE SEQUENCE
.. CREATE SESSION
.. CREATE TABLE
.. CREATE TRIGGER
.. EXECUTE ANY PROCEDURE
.. UNLIMITED TABLESPACE
I logged in as myuser and
-created a bunch of tables.
-created a few packages
-put data into the tables
I created a user "JOE"
I logged in as system and ran this to give JOE basic rights:
GRANT "CONNECT" TO "JOE";
GRANT "RESOURCE" TO "JOE";
GRANT "SELECT_CATALOG_ROLE" TO "JOE";
ALTER USER "JOE" DEFAULT ROLE ALL;
GRANT CREATE ANY INDEX TO "JOE";
GRANT CREATE ANY PROCEDURE TO "JOE";
GRANT CREATE ANY SEQUENCE TO "JOE";
GRANT DROP ANY SEQUENCE TO "JOE";
GRANT ALTER ANY SEQUENCE TO "JOE";
GRANT CREATE SESSION TO "JOE";
GRANT CREATE TABLE TO "JOE";
GRANT CREATE TRIGGER TO "JOE";
GRANT CREATE VIEW TO "JOE";
GRANT CREATE SEQUENCE TO "JOE";
GRANT EXECUTE ANY PROCEDURE TO "JOE";
GRANT UNLIMITED TABLESPACE TO "JOE";
I logged in as myuser and ran this to give JOE access to the schema data:
begin
for tab in (select view_name from all_views where owner = 'MYUSER') loop
execute immediate 'grant select,insert,update, delete on ' || tab.view_name
|| ' to JOE';
commit;
end loop;
for tab in (select table_name from all_tables where owner = 'MYUSER') loop
execute immediate 'grant select,insert,update, delete on ' || tab.table_name
|| ' to JOE';
commit;
end loop;
for tab in (select sequence_name from all_sequences where sequence_owner =
'MYUSER') loop
execute immediate 'grant select on ' || tab.sequence_name || ' to JOE';
commit;
end loop;
end;
/
Now when I log in and try things like this:
select * from myuser.table
I get this error message:
ORA-00903: invalid table name
But if I log in as myuser I can do this:
select * from table;
Jeff Kish
-----------------------------------------------Reply-----------------------------------------------
On Mon, 14 May 2007 14:19:40 -0400, Jeff Kish <jeff.k @mro.com> wrote: >I get this error message: >ORA-00903: invalid table name
>But if I log in as myuser I can do this:
>select * from table;
>Jeff Kish
These aren't the *real* user and table names, are they? Because in that case you wouldn't receive ora-903. Did you look up ora-903 at tahiti, or do you expect people here know all the error numbers or they will look all errors up on your behalf? --
Sybrand Bakker
Senior Oracle DBA
-----------------------------------------------Reply-----------------------------------------------
On Mon, 14 May 2007 20:46:51 +0200, sybra @hccnet.nl wrote: >On Mon, 14 May 2007 14:19:40 -0400, Jeff Kish <jeff.k @mro.com> >wrote: >>I get this error message:
>>ORA-00903: invalid table name
>>But if I log in as myuser I can do this:
>>select * from table;
>>Jeff Kish
>These aren't the *real* user and table names, are they?
>Because in that case you wouldn't receive ora-903.
>Did you look up ora-903 at tahiti, or do you expect people here know
>all the error numbers or they will look all errors up on your behalf?
mmmm.. that isn't helpful at all. I'm really not trying to get along with no effort here. I've looked at this for hours with out luck. I change the table name to 'table' for the question..
actually the name was 'asset'...
If anyone still feels helpful after this dialog I appreciate it..
Redoing from scratch, I entered:
CREATE TABLE assetnew
(
assnumber varchar2(60)
CONSTRAINT number_nn NOT NULL,
assdesc varchar2(100),
CONSTRAINT assnumber_pk PRIMARY KEY (assnumber));
insert into assetnew(assnumber,assdesc) values ('123','123desc');
commit;
select * from assetnew; (gives me a row)
select * from 22a.assetnew (gives me error ORA-00903: invalid table name)
but I can select using the qualifier from schemas that appear to have the
same tables and data.
look up the error? Well yeah, but it didn't help.
ORA-00903 invalid table name
Cause: A table or cluster name is invalid or does not exist. This message
is also issued if an invalid cluster name or no cluster name is specified in
an ALTER CLUSTER or DROP CLUSTER statement.
Action: Check spelling. A valid table name or cluster name must begin with
a letter and may contain only alphanumeric characters and the special
characters $, _, and #. The name must be less than or equal to 30 characters
and cannot be a reserved word.
Jeff Kish
-----------------------------------------------Reply-----------------------------------------------
On May 14, 3:11 pm, Jeff Kish <jeff.k @mro.com> wrote:
> On Mon, 14 May 2007 20:46:51 +0200, sybra @hccnet.nl wrote: > >On Mon, 14 May 2007 14:19:40 -0400, Jeff Kish <jeff.k @mro.com> > >wrote: > >>I get this error message:
> >>ORA-00903: invalid table name
> >>But if I log in as myuser I can do this:
> >>select * from table;
> >>Jeff Kish
> >These aren't the *real* user and table names, are they?
> >Because in that case you wouldn't receive ora-903.
> >Did you look up ora-903 at tahiti, or do you expect people here know
> >all the error numbers or they will look all errors up on your behalf?
> mmmm.. that isn't helpful at all.
> I'm really not trying to get along with no effort here.
> I've looked at this for hours with out luck.
> I change the table name to 'table' for the question..
> actually the name was 'asset'...
> If anyone still feels helpful after this dialog I appreciate it..
> Redoing from scratch, I entered:
> CREATE TABLE assetnew
> (
> assnumber varchar2(60)
> CONSTRAINT number_nn NOT NULL,
> assdesc varchar2(100),
> CONSTRAINT assnumber_pk PRIMARY KEY (assnumber));
> insert into assetnew(assnumber,assdesc) values ('123','123desc');
> commit;
> select * from assetnew; (gives me a row)
> select * from 22a.assetnew (gives me error ORA-00903: invalid table name)
> but I can select using the qualifier from schemas that appear to have the
> same tables and data.
> look up the error? Well yeah, but it didn't help.
> ORA-00903 invalid table name
> Cause: A table or cluster name is invalid or does not exist. This message
> is also issued if an invalid cluster name or no cluster name is specified in
> an ALTER CLUSTER or DROP CLUSTER statement.
> Action: Check spelling. A valid table name or cluster name must begin with
> a letter and may contain only alphanumeric characters and the special
> characters $, _, and #. The name must be less than or equal to 30 characters
> and cannot be a reserved word.
> Jeff Kish- Hide quoted text -
>
The problem lies in the user name; you cannot simply start usernames with a number. You might try this: select * from "22a".assetnew;
The user account was obviously created using double quotes; you need
to continue using them to access objects owned by that user.
David Fitzjarrell
-----------------------------------------------Reply-----------------------------------------------
On May 14, 11:19 am, Jeff Kish <jeff.k @mro.com> wrote:
> I logged in as myuser and ran this to give JOE access to the schema data:
> begin
> for tab in (select view_name from all_views where owner = 'MYUSER') loop
> execute immediate 'grant select,insert,update, delete on ' || tab.view_name
> || ' to JOE';
> commit;
> end loop;
> for tab in (select table_name from all_tables where owner = 'MYUSER') loop
> execute immediate 'grant select,insert,update, delete on ' || tab.table_name
> || ' to JOE';
> commit;
> end loop;
> for tab in (select sequence_name from all_sequences where sequence_owner =
> 'MYUSER') loop
> execute immediate 'grant select on ' || tab.sequence_name || ' to JOE';
> commit;
> end loop;
> end;
> /
I'm thinking you might be trying to grant from schemata that are the names of the tables or sequences with this code. What happens when you remove the tab. from tab.table_name? jg
--
@home.com is bogus.
http://stupidest.com/
-----------------------------------------------Reply-----------------------------------------------
On 14 May 2007 13:21:51 -0700, fitzjarr @cox.net wrote:
>On May 14, 3:11 pm, Jeff Kish <jeff.k @mro.com> wrote: >> On Mon, 14 May 2007 20:46:51 +0200, sybra @hccnet.nl wrote: >> >On Mon, 14 May 2007 14:19:40 -0400, Jeff Kish <jeff.k @mro.com> >> >wrote: >> >>I get this error message:
>> >>ORA-00903: invalid table name
>> >>But if I log in as myuser I can do this:
>> >>select * from table;
>> >>Jeff Kish
>> >These aren't the *real* user and table names, are they?
>> >Because in that case you wouldn't receive ora-903.
>> >Did you look up ora-903 at tahiti, or do you expect people here know
>> >all the error numbers or they will look all errors up on your behalf?
>> mmmm.. that isn't helpful at all.
>> I'm really not trying to get along with no effort here.
>> I've looked at this for hours with out luck.
>> I change the table name to 'table' for the question..
>> actually the name was 'asset'...
>> If anyone still feels helpful after this dialog I appreciate it..
>> Redoing from scratch, I entered:
>> CREATE TABLE assetnew
>> (
>> assnumber varchar2(60)
>> CONSTRAINT number_nn NOT NULL,
>> assdesc varchar2(100),
>> CONSTRAINT assnumber_pk PRIMARY KEY (assnumber));
>> insert into assetnew(assnumber,assdesc) values ('123','123desc');
>> commit;
>> select * from assetnew; (gives me a row)
>> select * from 22a.assetnew (gives me error ORA-00903: invalid table name)
>> but I can select using the qualifier from schemas that appear to have the
>> same tables and data.
>> look up the error? Well yeah, but it didn't help.
>> ORA-00903 invalid table name
>> Cause: A table or cluster name is invalid or does not exist. This message
>> is also issued if an invalid cluster name or no cluster name is specified in
>> an ALTER CLUSTER or DROP CLUSTER statement.
>> Action: Check spelling. A valid table name or cluster name must begin with
>> a letter and may contain only alphanumeric characters and the special
>> characters $, _, and #. The name must be less than or equal to 30 characters
>> and cannot be a reserved word.
>> Jeff Kish- Hide quoted text -
>>
>The problem lies in the user name; you cannot simply start usernames
>with a number. You might try this:
>select * from "22a".assetnew;
>The user account was obviously created using double quotes; you need
>to continue using them to access objects owned by that user.
>David Fitzjarrell
Thanks .. this turned out to explain the problem. I had tried the following with only the indicated success: select * from 22a.assetnew; unsuccessful
select * from "22a".assetnew; unsuccessful
select * from 22A.assetnew; unsuccessful
select * from "22A".assetnew; successful
So it was a combination of quotes and I guess the quotes lead to case
sensitivity.
I didn't realize there was a problem or restriction or consequence of using a
username beginning with a number.
Thanks much for returning my sanity to me, and thanks everyone else for your
comments/suggestions etc.
Jeff
Jeff Kish
-----------------------------------------------Reply-----------------------------------------------
On 14 May 2007 13:25:15 -0700, joel garry <joel-ga @home.com> wrote:
>On May 14, 11:19 am, Jeff Kish <jeff.k @mro.com> wrote: >> I logged in as myuser and ran this to give JOE access to the schema data:
>> begin
>> for tab in (select view_name from all_views where owner = 'MYUSER') loop
>> execute immediate 'grant select,insert,update, delete on ' || tab.view_name
>> || ' to JOE';
>> commit;
>> end loop;
>> for tab in (select table_name from all_tables where owner = 'MYUSER') loop
>> execute immediate 'grant select,insert,update, delete on ' || tab.table_name
>> || ' to JOE';
>> commit;
>> end loop;
>> for tab in (select sequence_name from all_sequences where sequence_owner =
>> 'MYUSER') loop
>> execute immediate 'grant select on ' || tab.sequence_name || ' to JOE';
>> commit;
>> end loop;
>> end;
>> /
>I'm thinking you might be trying to grant from schemata that are the
>names of the tables or sequences with this code. What happens when
>you remove the tab. from tab.table_name?
>jg
yeah, it turned ot to be a combination of wierdness using numbers as usernames, and case sensitivity as you probably saw. when I removed tab. and just queried on table_name it worked fine. thanks
Jeff Kish
-----------------------------------------------Reply-----------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff Kish schreef:
> On 14 May 2007 13:21:51 -0700, fitzjarr @cox.net wrote: >> The problem lies in the user name; you cannot simply start usernames >> with a number. You might try this: >> select * from "22a".assetnew;
>> The user account was obviously created using double quotes; you need
>> to continue using them to access objects owned by that user.
>> David Fitzjarrell
> Thanks .. this turned out to explain the problem.
> I had tried the following with only the indicated success:
> select * from 22a.assetnew; unsuccessful
> select * from "22a".assetnew; unsuccessful
> select * from 22A.assetnew; unsuccessful
> select * from "22A".assetnew; successful
> So it was a combination of quotes and I guess the quotes lead to case
> sensitivity.
Yes - as documented > I didn't realize there was a problem or restriction or consequence of using a
> username beginning with a number.
Documented, too, of course. > Thanks much for returning my sanity to me, and thanks everyone else for your
> comments/suggestions etc.
> Jeff Kish
Which just shows not to simplify the issue at hand: there was absolutely no indication why the 903 would occur from the initial postings. Sybrand was correct (once again) in his assumption these were not the real names. Once you posted the user (22A) it became quite obvious what
the issue was.
- --
Regards,
Frank van Bortel
Top-posting is one way to shut me up...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFGSfU6Lw8L4IAs830RAvGuAJ9oVrTJ75LOAF4YFEhczrMkI0RFPACfcAuN
8rXoxjJ49GX6CHyXdybB8cM=
=iqFc
-----END PGP SIGNATURE-----
|
 |
 |
 |
 |
|
Add to del.icio.us |
Digg this |
Stumble it |
Powered by Megasolutions Inc