Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> AQ and Privs: Picky Picky

AQ and Privs: Picky Picky

From: Koivu, Lisa <lkoivu_at_qode.com>
Date: Mon, 11 Dec 2000 15:21:10 -0500
Message-Id: <10707.124239@fatcity.com> 





This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.



------_=_NextPart_001_01C063AF.E6CAB0E6


Content-Type: text/plain;


        charset="iso-8859-1"



Hello everyone, 



As a routine exercise during install of a third-party product, I checked
privileges and (suprise) the schema owner has every single darn privilege
granted to it.  I asked the vendor for a specific list of necessary
privileges in order for the app to execute and got the standard "I don't
know, let me ask support" and no answer.  So being the picky person I am, I
revoked all privs and granted connect & resource.  However there are a few
system privs that I just can't revoke:



ADMINISTER RESOURCE MANAGER



DEQUEUE ANY QUEUE



ENQUEUE ANY QUEUE



MANAGE ANY QUEUE


When I try to revoke them I get the errors below.  I looked around in the
documentation and it doesn't say anything about granting and revoking these
privileges directly - all the AQ privs are part of a role and I found
nothing specific about "resource manager". 



Any suggestions are appreciated.  Thanks



SQL> revoke dequeue any queue from imed;
revoke dequeue any queue from imed


       *


ERROR at line 1:


ORA-00990: missing or invalid privilege




SQL> revoke administer resource manager from imed;
revoke administer resource manager from imed


       *


ERROR at line 1:


ORA-00990: missing or invalid privilege




SQL> 




Lisa Rutland Koivu


Oracle Database Administrator


Qode.com


4850 North State Road 7


Suite G104


Fort Lauderdale, FL  33319


V: 954.484.3191, x174
F: 954.484.2933 
C: 954.658.5849




http://www.qode.com



"The information contained herein does not express the opinion or position
of Qode.com and cannot be attributed to or made binding upon Qode.com."




------_=_NextPart_001_01C063AF.E6CAB0E6


Content-Type: text/html;


        charset="iso-8859-1"


Content-Transfer-Encoding: quoted-printable



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

<HTML>

<HEAD>

<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =

charset=3Diso-8859-1">


<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =

5.5.2650.12">


<TITLE>AQ and Privs:  Picky Picky</TITLE>

</HEAD>

<BODY>




<P><FONT SIZE=3D2 FACE=3D"Arial">Hello everyone, </FONT>

</P>




<P><FONT SIZE=3D2 FACE=3D"Arial">As a routine exercise during install =

of a third-party product, I checked privileges and (suprise) the schema =
owner has every single darn privilege granted to it.&nbsp; I asked the =
vendor for a specific list of necessary privileges in order for the app =
to execute and got the standard &quot;I don't know, let me ask =
support&quot; and no answer.&nbsp; So being the picky person I am, I =
revoked all privs and granted connect &amp; resource.&nbsp; However =
there are a few system privs that I just can't revoke:</FONT></P>



<P><FONT SIZE=3D1 FACE=3D"Courier New">ADMINISTER RESOURCE =

MANAGER</FONT>


<BR><FONT SIZE=3D1 FACE=3D"Courier New">DEQUEUE ANY QUEUE</FONT>

<BR><FONT SIZE=3D1 FACE=3D"Courier New">ENQUEUE ANY QUEUE</FONT>

<BR><FONT SIZE=3D1 FACE=3D"Courier New">MANAGE ANY QUEUE</FONT>

</P>




<P><FONT SIZE=3D2 FACE=3D"Arial">When I try to revoke them I get the =

errors below.&nbsp; I looked around in the documentation and it doesn't =
say anything about granting and revoking these privileges directly - =
all the AQ privs are part of a role and I found nothing specific about =
&quot;resource manager&quot;. </FONT></P>



<P><FONT SIZE=3D2 FACE=3D"Arial">Any suggestions are appreciated.&nbsp; =

Thanks</FONT>


</P>




<P><FONT SIZE=3D1 FACE=3D"Courier New">SQL&gt; revoke dequeue any queue =

from imed;</FONT>


<BR><FONT SIZE=3D1 FACE=3D"Courier New">revoke dequeue any queue from =

imed</FONT>


<BR><FONT SIZE=3D1 FACE=3D"Courier =



New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *</FONT>


<BR><FONT SIZE=3D1 FACE=3D"Courier New">ERROR at line 1:</FONT>

<BR><FONT SIZE=3D1 FACE=3D"Courier New">ORA-00990: missing or invalid =

privilege</FONT>


</P>

<BR>




<P><FONT SIZE=3D1 FACE=3D"Courier New">SQL&gt; revoke administer =

resource manager from imed;</FONT>


<BR><FONT SIZE=3D1 FACE=3D"Courier New">revoke administer resource =

manager from imed</FONT>


<BR><FONT SIZE=3D1 FACE=3D"Courier =



New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *</FONT>


<BR><FONT SIZE=3D1 FACE=3D"Courier New">ERROR at line 1:</FONT>

<BR><FONT SIZE=3D1 FACE=3D"Courier New">ORA-00990: missing or invalid =

privilege</FONT>


</P>

<BR>




<P><FONT SIZE=3D1 FACE=3D"Courier New">SQL&gt; </FONT>

</P>

<BR>

<BR>




<P><B><FONT SIZE=3D1 FACE=3D"Arial">Lisa Rutland Koivu</FONT></B>

<BR><FONT SIZE=3D1 FACE=3D"Arial">Oracle Database Administrator</FONT>

<BR><FONT SIZE=3D1 FACE=3D"Arial">Qode.com</FONT>

<BR><FONT SIZE=3D1 FACE=3D"Arial">4850 North State Road 7</FONT>

<BR><FONT SIZE=3D1 FACE=3D"Arial">Suite G104</FONT>

<BR><FONT SIZE=3D1 FACE=3D"Arial">Fort Lauderdale, FL&nbsp; =

33319</FONT>


</P>




<P><FONT SIZE=3D1 FACE=3D"Arial">V: 954.484.3191, x174</FONT>

<BR><FONT SIZE=3D1 FACE=3D"Arial">F: 954.484.2933 </FONT>

<BR><FONT SIZE=3D1 FACE=3D"Arial">C: 954.658.5849</FONT>

<BR><FONT SIZE=3D1 FACE=3D"Arial"><A HREF=3D"http://www.qode.com" =

TARGET=3D"_blank">http://www.qode.com</A></FONT>


</P>




<P><I><FONT COLOR=3D"#000000" SIZE=3D1 FACE=3D"Arial">&quot;The =

information contained herein does not express the opinion or position =
of Qode.com and cannot be attributed to or made binding upon =
Received on Mon Dec 11 2000 - 14:21:10 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US