granting oracle schema permissions when objects not created yet
TRANSCRIPT
Session ID:
Prepared by:
Granting Oracle Schema Permissions When Objects not Created Yet !
Jasmine B Wednesday, April 13, 2016 12 – 12:30pm
1198
@mjgangler
Mike Gangler – Senior Database Specialist Secure-24 - @mjgangler [email protected]
About Mike Gangler
• Oracle ACE with robust database credentials • DBA for over 28 years, working with Oracle
since version 4 • Team Lead and Senior Database Specialist at
Secure-24 • Currently serving on the board of the Southeast
Michigan Oracle Professionals (SEMOP) group – www.meetup.com
• Charter member of the Board of Directors for the International Oracle Users Group (IOUG) – www.ioug.org
• Follow me on my Blog http://mjgangler.wordpress.com and on twitter! @mjgangler
2
About Secure-24
3
FOUNDED
HEADQUARTERS GLOBAL
OPERATION CENTERS
DATA CENTERS
Secure-24 was founded in 2001 and since then has grown
to 500+ employees and has received
recogniPon as one of Computerworld’s Best Places to Work in IT, 3-
years running.
Secure-24 is headquartered in
Southfield, MI
Serving customers around the globe,
Secure-24 has two (2) OperaPon Centers in Michigan, one (1) in
Nevada and one (1) in Hyderabad India.
Secure-24 has three (3) data centers in
Michigan, one (1) in Nevada, plus several global partnerships. We only choose the safest locaPons for
our data centers.
Secure-24 has 15 years of experience delivering managed IT operaPons, applicaPon hosPng and cloud services to enterprises worldwide. We manage SAP, Hyperion, PeopleSo], JD Edwards, Oracle E-Business Suite and other mission
criPcal applicaPons across all industries for businesses of every size.
Communi'es Educa'on
Join for as low as $150
SELECT Journal Resource Center IOUG Press Webinars & Podcasts IOUG Forum 5 Minute Briefing
Plus get access to IOUG’s content library, peer-to-peer networking, and more! Corporate options also available!
Oracle Conferences in Detroit Area
Southeast Michigan Oracle Professionals
http://www.meetup.com/SouthEast-Michigan-Oracle-Professionals/
Meet monthly – 2nd Tuesday of the month
Michigan Oracle User Summit November 3, 2016 http://www.mous.us
Great Lakes Oracle Conference
• 2016 Great Lakes Oracle Conference (GLOC)
• May 18 & 19, 2016 Cleveland Public Auditorium
Cleveland, OH
https://www.neooug.org/gloc/
Todays Discussion
Learn how Secure-24 uses Roles and a simple trigger to grant “Read Only” access to objects that are not created yet. This process is quite common in MS SQL Server and is needed for many database systems.
7
Pre-Steps – User Steps
• Create a read only role in the database – > create role IOUG_READONLY;
8
Pre-Steps – User Steps
• Grant Role to user requiring read only access
– > grant IOUG_READONLY to IOUG_USER ; – > alter user IOUG_USER default role all;
** Note – need default=yes or you will have to do a:
>> alter session set role=IOUG_READONLY; >> 12c – set role ioug_readonly;
9
DDL Trigger
CREATE or REPLACE TRIGGER AFTER_DDL AFTER DDL on IOUG_OBJECTS.SCHEMA declare v_sysevent varchar2(25); v_message varchar(255); l_job number; begin select ora_sysevent into v_sysevent from dual; if ( v_sysevent in ('CREATE') ) then v_message := 'execute immediate "grant select on IOUG_OBJECTS.'||ora_dict_obj_name||' to IOUG_READONLY";'; dbms_job.submit (l_job,replace(v_message,'"','''') ) ; end if; end; /
10
Results
Now whenever a new object gets created the role is granted via the pl/sql and dbms_job. The following is a test output: Connect IOUG_OJBECTS/pw IOUG_OBJECTS@IOUGDEV > create table foo1 (col1 varchar2(255)); Table created. IOUG_OBJECTS@IOUGDEV > connect IOUG/pw Connected. IOUG@IOUGDEV > select * from IOUG_OBJECTS.foo1; no rows selected IOUG@IOUGDEV > desc IOUG_OBJECTS.foo1; Name Null? Type —————————————– ——– —————————- COL1 VARCHAR2(255)
11
DDL Trigger - Notes
NOTES: • Must use dbms_job.submit in order for the role to be in place.
• Unless you have a public synonym you may need to add the schema name prior to the object.
• The default role must be set to true or you will need to alter session to enable that read only role.
• Please let me know if this works for you and big thanks to “Ask Tom” who helped me resolve the PL/SQL and DDL issue. Also, please let me know if there is a automatic way to do this Oracle.
12
Demo – If Time
Visit Secure-24 in booth #1315!
• Enter for a chance to win a $5,000 travel gift card!
• Meet with other S-24 executives and technical resources
• Discuss your organization’s Cloud Strategy for 2016
• Learn more about our capabilities with Oracle’s Virtual Compute Appliance
Please complete the session evaluation Paper – 1198 Author – Mike Gangler We appreciate your feedback and Insight
You May complete the session evaluation via the mobile app