Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Privilege to be abl to truncate another user's table

RE: Privilege to be abl to truncate another user's table

From: John Flack <JohnF_at_smdi.com>
Date: Tue, 17 Feb 2004 11:09:39 -0500
Message-ID: <91AFBA9B76078B4E8340A383EADEF1DBBC4F12@syn2kex1.smdi.com> 





I like your implementation - find out if the user has delete privilege =
by trying to do a delete.  Mine does a SELECT on ALL_TAB_PRIVS for this =
and so is less straightforward.



-----Original Message-----


From: Jacques Kilchoer [mailto:Jacques.Kilchoer_at_quest.com]
Sent: Friday, February 13, 2004 9:16 PM


To: oracle-l_at_freelists.org


Subject: RE: Privilege to be abl to truncate another user's table




I hate to steal someone else's thunder, but I wrote something a while =
ago that does exactly the same thing, so I will take the liberty of =
posting it here.


Create two procedures owned by USERA. USERA has DROP ANY TABLE =
privilege.


grant execute on TRUNCATE_TABLE to USERB ;



USERB has DELETE privilege on USERC.TABLENAME ;



then USERB can say


execute usera.truncate_table ('USERC', 'TABLENAME')



create or replace procedure do_truncate (table_owner_in varchar2, =
table_name_in varchar2)


is


begin


   execute immediate 'truncate table "' || table_owner_in || '"."'


      || table_name_in || '"' ;


end do_truncate ;


/


create or replace procedure truncate_table


   (table_owner_in varchar2, table_name_in varchar2)
   authid current_user


is


begin


   execute immediate 'delete from "' || table_owner_in || '"."' || =
table_name_in


      || '" where rownum < 2' ;


   rollback ;


   do_truncate (table_owner_in, table_name_in) ;
end truncate_table ;


/



> -----Original Message-----

> Bobak, Mark

>

> Sounds like a nice implementation.  If you have the=3D20

> code handy, I'd be interested.

>

> -----Original Message-----

> From: John Flack [ mailto:JohnF_at_smdi.com]

>

>

> Yes, you could grant "drop any table" and it would work, but

> I hate to =3D

> =3D3D

> grant that much power to do this.  So, I create a truncate

> procedure in =3D

> =3D3D

> a COMMON schema that has the drop any table privilege.  It

> does the =3D3D

> truncate with an EXECUTE IMMEDIATE, only if the user has the

> DELETE =3D3D


> privilege on the table.  If you're interested, I'll go find

> the code for =3D

> =3D3D

> the procedure.








Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.

--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Tue Feb 17 2004 - 10:09:39 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US