| Creating Users ? [message #60895] |
Fri, 12 March 2004 04:36  |
Andrew
Messages: 144
Registered: March 1999
|
Senior Member |
|
|
Hi,
This might be a stupid question?, but here goes...
I use a an application which uses Oracle as it's backend. When we instal the application it creates a user in Oracle and runs a script that creates all the tables, sequences etc.
The application then connects to it's database within Oracle using the user that was created during the instal i.e. 'user / password @ database'.
The user created and used by the application has as far as my knowledge goes full rights to everything contained with in that user i.e. the applications database.
I've been asked by a customer if I can give them access to the applications database, but with only read-only rights.
My question(s) is: -
<OL>
[*]Can I create another user and allow that user read-only access to the other users tables?
[*]If not how can I have the customer connect using the original user details but with read-only access?</OL>
Is the above possible, or is my understanding of users miles off the mark?
Regards,
Andrew
|
|
|
|
| Re: Creating Users ? [message #60898 is a reply to message #60895] |
Fri, 12 March 2004 05:04  |
Thiru
Messages: 1089
Registered: May 2002
|
Senior Member |
|
|
Yes,you certainly can create another user for your customer with read only access on the applications database.
eg)
Let's say 'THIRU' is your application database schema.
SQL> connect thiru/****
Connected.
-- these are the tables in this schema
SQL> select table_name from user_tables;
TABLE_NAME
------------------------------
DEPT
EMP
GTT
T1
T2
T3
TC
TIMESTAMP_T
T_TEMP
-- create 'customer' user for read only access. This needs to be done as a user with DBA privileges.
SQL> create user customer identified by customer default tablespace users temporary tablespace temp;
User created.
-- Grant him privileges to connect to Oracle and create private synonyms
SQL> grant create session,create synonym to customer;
Grant succeeded.
-- Grant him Select access on a couple of tables. You can also create a role , grant privileges to the role and then grant the role to the customer user, for easier privilege management.
SQL> grant select on thiru.dept to customer;
Grant succeeded.
SQL> grant select on thiru.emp to customer;
Grant succeeded.
-- Login as your Customer user
SQL> connect customer/customer;
Connected.
-- Select one of application tables
SQL> select count(*) from thiru.dept;
COUNT(*)
----------
4
-- For transparency, you can create synonym for this table, in customer's schema
SQL> create synonym dept for thiru.dept;
Synonym created.
-- Query Thiru's dept table ,using the synonym
SQL> select * from dept;
DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON
-- but customer cannot delete from the table
SQL> delete from dept;
delete from dept
*
ERROR at line 1:
ORA-01031: insufficient privileges
-Thiru
|
|
|
|
| Re: Creating Users ? [message #60901 is a reply to message #60898] |
Fri, 12 March 2004 05:57 |
Andrew
Messages: 144
Registered: March 1999
|
Senior Member |
|
|
Hi Thiru,
Many thanks for the reply.
I tried creating the user 'customer' using the line you posted but had the following error: -
create user customer identified by customer default tablespace users temporary tablespace temp
*
ERROR at line 1:
ORA-00959: tablespace 'USERS' does not exist
Do I need to make applicable changes to the above line for it to work?
Regards,
Andrew
|
|
|
|
| Re: Creating Users ? [message #60902 is a reply to message #60901] |
Fri, 12 March 2004 06:00 |
Andrew
Messages: 144
Registered: March 1999
|
Senior Member |
|
|
Thiru,
I changed the line you posted as follows and it worked: -
create user customer identified by customer default tablespace tbs_data temporary tablespace tb_temp
Andrew
|
|
|
|
|
|
| Re: Creating Users ? [message #60904 is a reply to message #60903] |
Fri, 12 March 2004 06:24 |
Andrew
Messages: 144
Registered: March 1999
|
Senior Member |
|
|
Hi,
I'm now getting an error when trying to grant the select to the user.
I'm logged in with a user that has DBA priviliges, or so I've been told.
Error: -
grant select on tcpos.tb_articles to test
*
ERROR at line 1:
ORA-01031: insufficient privileges
Can I check that the user I'm using has DBA priviliges?
Regards,
Andrew
|
|
|
|
| Re: Creating Users ? [message #60905 is a reply to message #60904] |
Fri, 12 March 2004 06:58 |
Andrew
Messages: 144
Registered: March 1999
|
Senior Member |
|
|
Further to my last post.
Is the error regarding the insufficient privileges refering to the DBA user, or the user I've created?
Regards,
Andrew
|
|
|
|
| Re: Creating Users ? [message #60906 is a reply to message #60904] |
Fri, 12 March 2004 07:18 |
Thiru
Messages: 1089
Registered: May 2002
|
Senior Member |
|
|
the example I provided was tested in 9i.The dba role has 'grant any object privilege' privilege in 9i,which allows to grant privileges on tables owned by other users.
If you are on 8i and lower, you may need to login as the schema owner(ie the database user who owns the tables) and grant the slect privilege to the customer user.
To check the privileges/roles of the user whom you are logged in as :
select * from user_role_privs;
select * from user_sys_privs;
and so on.
-Thiru
|
|
|
|
| Re: Creating Users ? [message #60907 is a reply to message #60905] |
Fri, 12 March 2004 07:21 |
Thiru
Messages: 1089
Registered: May 2002
|
Senior Member |
|
|
It refers to the user whom you are logged in as ..
Optionally, you can grant all the privileges from the 'application database schema user' to the DBA user and then as DBA user,grant the select privileges on those tables to your customer user. It may be just easier to login as the schema owner and grant the select access to the customer user, unless you are in 9i, where you can do such grants as the DBA user.
-Thiru
|
|
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
