Discussions
Categories
- 197K All Categories
- 2.5K Data
- 546 Big Data Appliance
- 1.9K Data Science
- 450.8K Databases
- 221.9K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 31 Multilingual Engine
- 552 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 556 SQLcl
- 4K SQL Developer Data Modeler
- 187.2K SQL & PL/SQL
- 21.4K SQL Developer
- 296.3K Development
- 17 Developer Projects
- 139 Programming Languages
- 293K Development Tools
- 110 DevOps
- 3.1K QA/Testing
- 646.1K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 158 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.2K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 19 Java Essentials
- 162 Java 8 Questions
- 86K Java Programming
- 81 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 205 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 468 LiveLabs
- 39 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 175 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 233 Portuguese
Grant doesn't works in PDB
Dear Oracle Community,
Sorry to bother you again. Maybe my question is stupid. I have installed Oracle 12c and created a PDB like this:
-- creation of PDB PEEI
create pluggable database PEEI admin user PEEI_SYS identified by PEEI
roles = (DBA);
-- open PDB PEEI
alter pluggable database PEEI open read write;
-- create automatic trigger to start all pluggable database
create or replace trigger Sys.After_Startup after startup on database
begin
execute immediate 'alter pluggable database all open';
end After_Startup;
After that I have created a user PEEI in the PDB PEEI. I would like that the user PEEI can insert, delete, update but not do create table and delete table to ensure security in production. Here is my code:
-- create tablespace for PEEI
sqlplus PEEI_SYS/[email protected]
CREATE TABLESPACE PEEI_DATA DATAFILE SIZE 5G;
CREATE TABLESPACE PEEI_IDX DATAFILE SIZE 5G;
-- create roles
CREATE ROLE ROLE_PEEI_READ NOT IDENTIFIED;
CREATE ROLE ROLE_PEEI_WRITE NOT IDENTIFIED;
-- create peei user
CREATE USER "PEEI" IDENTIFIED BY "PEEI" DEFAULT TABLESPACE PEEI_DATA TEMPORARY TABLESPACE TEMP PROFILE DEFAULT ACCOUNT UNLOCK;
--grant roles for PEEI
GRANT ROLE_PEEI_READ TO PEEI;
GRANT RESOURCE TO PEEI;
GRANT ROLE_PEEI_WRITE TO PEEI;
GRANT CONNECT TO PEEI;
ALTER USER PEEI DEFAULT ROLE ALL;
--System Privileges for PEEI
GRANT UNLIMITED TABLESPACE TO PEEI;
GRANT GRANT ANY PRIVILEGE TO PEEI;
GRANT ALTER ANY ROLE TO PEEI;
GRANT GRANT ANY ROLE TO PEEI;
However after my code. When I create a table in PEEI_SYS, the user PEEI cannot see the table. Could you please help me ?
Thank you very much in advance.
Answers
-
I have solved this issue. It's a stupid question. I just need to create the table in PEEI_SYS schema and do the grant with explicit name like this:
GRANT SELECT ON PEEI_SYS.PEEI_P_TRACKING TO ROLE_PEEI_READ;
GRANT DELETE ON PEEI_SYS.PEEI_P_TRACKING TO ROLE_PEEI_WRITE;
GRANT INSERT ON PEEI_SYS.PEEI_P_TRACKING TO ROLE_PEEI_WRITE;
GRANT UPDATE ON PEEI_SYS.PEEI_P_TRACKING TO ROLE_PEEI_WRITE;
After that I can create a SAS library and setting schema = PEEI_SYS. In this way the user PEEI cannot delete tables from PEEI_SYS schema.
Have a nice day.