tags:

views:

5290

answers:

4
+1  Q: 

Correct way to give users access to additional schemas in Oracle

I have two users Bob and Alice in Oracle, both created by running the following commands as sysdba from sqlplus:

   create user $blah identified by $password;
   grant resource, connect, create view to $blah;

I want Bob to have complete access to Alice's schema (that is, all tables), but I'm not sure what grant to run, and whether to run it as sysdba or as Alice.

Happy to hear about any good pointers to reference material as well -- don't seem to be able to get a good answer to this from either the Internet or "Oracle Database 10g The Complete Reference", which is sitting on my desk.

+2  A: 

AFAIK you need to do the grants object one at a time.

Typically you'd use a script to do this, something along the lines of:

SELECT 'GRANT ALL ON '||table_name||' TO BOB;'
FROM   ALL_TABLES
WHERE  OWNER = 'ALICE';

And similar for other db objects.

You could put a package in each schema that you need to issue the grant from which will go through all call each GRANT statement via an EXECUTE IMMEDIATE.

e.g.

   PROCEDURE GRANT_TABLES
   IS
   BEGIN

      FOR tab IN (SELECT table_name
                  FROM   all_tables
                  WHERE  owner = this_user) LOOP
         EXECUTE IMMEDIATE 'GRANT SELECT, INSERT, UPDATE, DELETE ON '||tab.table_name||' TO other_user';
      END LOOP;
   END;
cagcowboy  2008-10-13 20:41:59
+2  A: 

There are many things to consider. When you say access, do you want to prefix the tables with the other users name? You can use public synonyms so that you can hide the original owner, if that is an issue. And then grant privs on the synonym.

You also want to plan ahead as best you can. Later, will you want Frank to be able to access Alice's schema as well? You don't want to have to regrant privileges on N number of tables. Using a database role would be a better solution. Grant the select to role "ALICE_TABLES" for example and when another user needs access, just grant them privilege to the role. This helps to organize the grants you make inside the DB.

Brett McCann  2008-10-13 20:49:14
A: 

thanks, it is working as per a requirement

 2009-08-05 07:38:00
A: 

Another solution if you have different owner:

BEGIN

  FOR x IN (SELECT owner||'.'||table_name ownertab
            FROM   all_tables
            WHERE  owner IN ('A', 'B', 'C', 'D'))
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON '||x.ownertab||' TO other_user';
  END LOOP;
END;
arnep  2010-05-07 14:05:02

related questions

Is there a Way to use Linq to Oracle
NHibernate and Oracle connect through Windows Authenication
Boolean Field in Oracle
How do you manage schema upgrades to a production database?
How do I deal with quotes ' in SQL
When do you use table clusters?
Oracle write to file
MS SQL Server 2008 "linked server" to Oracle : schema not showing
Develop on local Oracle instance
Resources for an Oracle beginner
What strategies have you employed to improve web application performance?
Automate Syncing Oracle Tables With MySQL Tables
Best way to encapsulate complex Oracle PL/SQL cursor logic as a view?
What Content Management does your workplace use?
What is the difference between oracle's 'yy' and 'rr' date mask?
SQL/Query tools?
How to make Pro*C cope with #warning directives?
Oracle SQL Developer not responsive when trying to view tables (or suggest an Oracle Mac client)
How big would such a database be?
Oracle - What TNS Names file am I using?
What is a good way to open large files across a WAN?
How do I find the high water mark (for sessions) on Oracle 9i
SQL Case Statement Syntax?
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?