| How to extract privilege report from Oracle? [message #418041] |
Wed, 12 August 2009 12:32  |
Smith_X
Messages: 56
Registered: January 2007
|
Member |
|
|
Hello
I want to extract privilege from Oracle Database. As far as I understand, privilege in Oracle keep in DBA_something_PRIVS view
- SYS.DBA_ROLE_PRIVS
- SYS.DBA_SYS_PRIVS
- SYS.DBA_TAB_PRIVS
- SYS.DBA_COL_PRIVS
My assignment is to makesure that any privilege assign to any user is commensurate to their job function. (i.e. only DBA should have SELECT ANY TABLE privilge while programmer can select only some table. ==> set at DBA_TAB_PRIVS instead of granted ANY TABLE in DBA_SYS_PRIVS)
First, I query all privilege from DBA_SYS_PRIVS. It shows like 20~ roles.
Next step, I cross check with DBA_ROLE_PRIVS and found that some role is a member of another role and so on. This happen because Oracle allow to group privilege as role. and allow to assign role to another role.
I spend about 2 hour to mapping it in Excel and it seems very far to finish. There are 2 more view I did not touch it yet. Are there any better way to do that, please?
|
|
|
|
|
|
| Re: How to extract privilege report from Oracle? [message #418462 is a reply to message #418042] |
Sat, 15 August 2009 16:16  |
Smith_X
Messages: 56
Registered: January 2007
|
Member |
|
|
Anybody have SQL script to extract Role/Privilege in report format please?
I found this one from http://www.psoug.org/reference/system_privs.html
Determine User Privs
This query will list the system privileges assigned to a user SELECT LPAD(' ', 2*level) || granted_role "USER PRIVS"
FROM (
SELECT NULL grantee, username granted_role
FROM dba_users
WHERE username LIKE UPPER('%&uname%')
UNION
SELECT grantee, granted_role
FROM dba_role_privs
UNION
SELECT grantee, privilege
FROM dba_sys_privs)
START WITH grantee IS NULL
CONNECT BY grantee = prior granted_role;
or
SELECT path
FROM (
SELECT grantee,
sys_connect_by_path(privilege, ':')||':'||grantee path
FROM (
SELECT grantee, privilege, 0 role
FROM dba_sys_privs
UNION ALL
SELECT grantee, granted_role, 1 role
FROM dba_role_privs)
CONNECT BY privilege=prior grantee
START WITH role = 0)
WHERE grantee IN (
SELECT username
FROM dba_users
WHERE lock_date IS NULL
AND password != 'EXTERNAL'
AND username != 'SYS')
OR grantee='PUBLIC'
/
If anyone have SQL script which extract Role / Privilege from Oracle in simplify format please help. Thanks in advance.
[Updated on: Sat, 15 August 2009 16:23] Report message to a moderator |
|
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
