| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: AQ and Privs: Picky Picky
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C063DE.8B051E2A
Content-Type: text/plain;
charset="iso-8859-1"
ADMINISTER_RESOURCE_MANAGER is NOT a standard system privilege, nor it is a role. its a privilege that exists only within the context of resource management. the SYSTEM user and the DBA role each hold the ADMINISTER_RESOURCE_MANAGER privilege by default. the SYSTEM user and or a user with DBA role can grant/revoke the ADMINISTER_RESOURCE_MANAGER to other users by making a call to the GRANT_SYSTEM_PRIVILEGE procedure(or REVOKE_SYSTEM_PRIVILEGE) in the DBMS_RESOURCE_MANAGER_PRIVS package. you can't use the standard GRANT and REVOKE commands to manage it.
Yoyong Cabansay
Oracle Apps. Systems Administrator
TMX Philippines Inc., MEPZ,
Lapu-Lapu City, 6015, Philippines
*: (6332) 3400-379 loc. 174 *: (6332) 3400-381 *: lbcabansay_at_timex.com
-----Original Message-----
From: Koivu, Lisa [mailto:lkoivu_at_qode.com]
Sent: Tuesday, December 12, 2000 4:22 AM
To: Multiple recipients of list ORACLE-L
Subject: AQ and Privs: Picky Picky
Hello everyone,
As a routine exercise during install of a third-party product, I checked privileges and (suprise) the schema owner has every single darn privilege granted to it. I asked the vendor for a specific list of necessary privileges in order for the app to execute and got the standard "I don't know, let me ask support" and no answer. So being the picky person I am, I revoked all privs and granted connect & resource. However there are a few system privs that I just can't revoke:
ADMINISTER RESOURCE MANAGER
DEQUEUE ANY QUEUE
ENQUEUE ANY QUEUE
MANAGE ANY QUEUE
When I try to revoke them I get the errors below. I looked around in the
documentation and it doesn't say anything about granting and revoking these
privileges directly - all the AQ privs are part of a role and I found
nothing specific about "resource manager".
Any suggestions are appreciated. Thanks
SQL> revoke dequeue any queue from imed; revoke dequeue any queue from imed
*
ERROR at line 1:
ORA-00990: missing or invalid privilege
SQL> revoke administer resource manager from imed; revoke administer resource manager from imed
*
ERROR at line 1:
ORA-00990: missing or invalid privilege
SQL>
Lisa Rutland Koivu
Oracle Database Administrator
Qode.com
4850 North State Road 7
Suite G104
Fort Lauderdale, FL 33319
V: 954.484.3191, x174 F: 954.484.2933 C: 954.658.5849
"The information contained herein does not express the opinion or position of Qode.com and cannot be attributed to or made binding upon Qode.com."
------_=_NextPart_001_01C063DE.8B051E2A
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<TITLE>AQ and Privs: Picky Picky</TITLE>
<META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D265305701-12122000><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>ADMINISTER_RESOURCE_MANAGER is NOT a standard system =
privilege, nor it is=20
a role. its a privilege that exists only within the context of resource =
management. the SYSTEM user and the DBA role each hold the=20
ADMINISTER_RESOURCE_MANAGER privilege by default. the SYSTEM user and =
or a user=20
with DBA role can grant/revoke the ADMINISTER_RESOURCE_MANAGER to =
other=20
users by making a call to the GRANT_SYSTEM_PRIVILEGE procedure(or=20
REVOKE_SYSTEM_PRIVILEGE) in the DBMS_RESOURCE_MANAGER_PRIVS =
package. you=20
can't use the standard GRANT and REVOKE commands to manage=20
it.</FONT></SPAN></DIV>
<DIV> </DIV>
<P><B><FONT face=3D"Comic Sans MS" size=3D1>Yoyong Cabansay</FONT></B> =
<BR><B><FONT=20
face=3D"Comic Sans MS" size=3D1>Oracle Apps. Systems =
Administrator</FONT></B>=20
<BR><B><FONT face=3D"Comic Sans MS" size=3D1>TMX Philippines Inc., =
MEPZ,</FONT></B>=20
<BR><B><FONT face=3D"Comic Sans MS" size=3D1>Lapu-Lapu City, 6015,=20
Philippines</FONT></B> <BR><FONT face=3DWingdings color=3D#ff0000=20
size=3D2>(</FONT><FONT face=3DArial size=3D2>:</FONT><B></B><B></B><B> =
<FONT=20
face=3D"Comic Sans MS" color=3D#0000ff size=3D1>(6332) 3400-379 loc.=20
174</FONT><BR></B><FONT face=3DWebdings color=3D#ff0000 =
size=3D2>=CA</FONT><FONT=20
face=3DArial color=3D#ff0000 size=3D2>:</FONT><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT><B></B><B></B><B> <FONT face=3D"Comic Sans MS" =
color=3D#0000ff=20
size=3D1>(6332) 3400-381</FONT></B> <BR><FONT face=3DWingdings =
color=3D#008000=20
size=3D2>*</FONT><FONT face=3DArial size=3D2>:</FONT><B></B><B></B><B> =
<FONT=20
face=3D"Comic Sans MS" size=3D1>lbcabansay_at_timex.com</FONT></B> </P>
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Koivu, Lisa=20
[mailto:lkoivu_at_qode.com]<BR><B>Sent:</B> Tuesday, December 12, 2000 =
4:22=20
AM<BR><B>To:</B> Multiple recipients of list =
ORACLE-L<BR><B>Subject:</B> AQ and=20
Privs: Picky Picky<BR><BR></FONT></DIV>
<P><FONT face=3DArial size=3D2>Hello everyone, </FONT></P>
<P><FONT face=3DArial size=3D2>As a routine exercise during install of =
a third-party=20
product, I checked privileges and (suprise) the schema owner has every =
single=20
darn privilege granted to it. I asked the vendor for a specific =
list of=20
necessary privileges in order for the app to execute and got the =
standard "I=20
don't know, let me ask support" and no answer. So being the picky =
person I=20
am, I revoked all privs and granted connect & resource. =
However there=20
are a few system privs that I just can't revoke:</FONT></P>
<P><FONT face=3D"Courier New" size=3D1>ADMINISTER RESOURCE =
MANAGER</FONT> <BR><FONT=20
face=3D"Courier New" size=3D1>DEQUEUE ANY QUEUE</FONT> <BR><FONT = face=3D"Courier New"=20 size=3D1>ENQUEUE ANY QUEUE</FONT> <BR><FONT face=3D"Courier New" = size=3D1>MANAGE ANY=20
size=3D1> *</FONT> <BR><FONT=20 face=3D"Courier New" size=3D1>ERROR at line 1:</FONT> <BR><FONT = face=3D"Courier New"=20 size=3D1>ORA-00990: missing or invalid privilege</FONT> </P><BR>
size=3D1> *</FONT> <BR><FONT=20 face=3D"Courier New" size=3D1>ERROR at line 1:</FONT> <BR><FONT = face=3D"Courier New"=20 size=3D1>ORA-00990: missing or invalid privilege</FONT> </P><BR>
 |
 |