Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Finding all grants to a particular user
- Thread starter Aerobatty
- Start date
Yes,
Just search this forum and you will find some great scripts posted by Mr. Santa Mufasa.
![[3eyes]](/data/assets/smilies/3eyes.gif "[3eyes] [3eyes]")
----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb
SantaMufasa
Technical User
Aerobatty,
Your original request is a bit ambiguous:
1) Objects: Tables, Indexes, et cetera
2) Roles : "CONNECT", "RESOURCE", "DBA", et cetera
3) System Privileges: "CREATE TABLE", "CREATE VIEW", et cetera
Yet at the end of your request, you said:
Which do you prefer?...Items 1-3, or just item 1?
Also, regardless of your response above, do you want to see output that includes objects owned by "SYS" (i.e., data dictionary objects), and do you wish to see output that includes ROLEs as the grantee (e.g., DBA, PUBLIC, et cetera)?
![[santa]](/data/assets/smilies/santa.gif "[santa] [santa]")
Mufasa
(aka Dave of Sandy, Utah, USA)
[I provide low-cost, remote Database Administration services: www.dasages.com]
Your original request is a bit ambiguous:
I infer from this that you would like to see all of the GRANTs for which a particular user is the GRANTEE. This includes GRANTs to:Aero said:
1) Objects: Tables, Indexes, et cetera
2) Roles : "CONNECT", "RESOURCE", "DBA", et cetera
3) System Privileges: "CREATE TABLE", "CREATE VIEW", et cetera
Yet at the end of your request, you said:
From this part of your request, I infer that you want to see just Item 1, above.Aero said:
Which do you prefer?...Items 1-3, or just item 1?
Also, regardless of your response above, do you want to see output that includes objects owned by "SYS" (i.e., data dictionary objects), and do you wish to see output that includes ROLEs as the grantee (e.g., DBA, PUBLIC, et cetera)?
Mufasa(aka Dave of Sandy, Utah, USA)
[I provide low-cost, remote Database Administration services: www.dasages.com]
![[profile]](/data/assets/smilies/profile.gif "[profile] [profile]")
- Thread starter
- #5
I have searched the archives and found something very close to the answer I was after in thread759-1205523 . I have added a hierarchical lookup to allow returning the privileges of all nested roles a user belongs to.
SELECT grantee, 'Explicit System Privilege', null object_name, privilege
FROM dba_sys_privs WHERE grantee = 'USER_NAME'
UNION ALL
SELECT grantee, 'Explicit Object Privilege',table_name, privilege
FROM dba_tab_privs WHERE grantee = 'USER_NAME'
UNION ALL
SELECT rp.grantee, 'System Privilege From Role '||rp.granted_role, null, sp.privilege
FROM dba_role_privs rp, dba_sys_privs sp
WHERE rp.granted_role = sp.grantee AND (rp.grantee = 'USER_NAME'
OR
rp.grantee in
(SELECT granted_role
FROM dba_role_privs
START WITH grantee = 'USER_NAME'
CONNECT BY PRIOR granted_role = grantee)
)
UNION ALL
SELECT rp.grantee, 'Object Privilege From Role '||rp.granted_role, table_name, op.privilege
FROM dba_role_privs rp, dba_tab_privs op
WHERE rp.granted_role = op.grantee AND (rp.grantee = 'USER_NAME'
OR
rp.grantee in
(SELECT granted_role
FROM dba_role_privs
START WITH grantee = 'USER_NAME'
CONNECT BY PRIOR granted_role = grantee)
)
SELECT grantee, 'Explicit System Privilege', null object_name, privilege
FROM dba_sys_privs WHERE grantee = 'USER_NAME'
UNION ALL
SELECT grantee, 'Explicit Object Privilege',table_name, privilege
FROM dba_tab_privs WHERE grantee = 'USER_NAME'
UNION ALL
SELECT rp.grantee, 'System Privilege From Role '||rp.granted_role, null, sp.privilege
FROM dba_role_privs rp, dba_sys_privs sp
WHERE rp.granted_role = sp.grantee AND (rp.grantee = 'USER_NAME'
OR
rp.grantee in
(SELECT granted_role
FROM dba_role_privs
START WITH grantee = 'USER_NAME'
CONNECT BY PRIOR granted_role = grantee)
)
UNION ALL
SELECT rp.grantee, 'Object Privilege From Role '||rp.granted_role, table_name, op.privilege
FROM dba_role_privs rp, dba_tab_privs op
WHERE rp.granted_role = op.grantee AND (rp.grantee = 'USER_NAME'
OR
rp.grantee in
(SELECT granted_role
FROM dba_role_privs
START WITH grantee = 'USER_NAME'
CONNECT BY PRIOR granted_role = grantee)
)
- Thread starter
- #6
Thanks, I've already solved the problem.
I wanted to see everything, i.e. as per my original question
"require EXACTLY duplicating". I had a problem where a particular user was having problems. I think it's network related though.
The SQL I included should do what I want. It looks like I was writing my reply while you were writing yours but you beat me to it.
How do I close this thread?? Forgive me I'm new here.
I wanted to see everything, i.e. as per my original question
"require EXACTLY duplicating". I had a problem where a particular user was having problems. I think it's network related though.
The SQL I included should do what I want. It looks like I was writing my reply while you were writing yours but you beat me to it.
How do I close this thread?? Forgive me I'm new here.
SantaMufasa
Technical User
Consider it closed. ![[2thumbsup]](/data/assets/smilies/2thumbsup.gif "[2thumbsup] [2thumbsup]")
Mufasa
(aka Dave of Sandy, Utah, USA)
[I provide low-cost, remote Database Administration services: www.dasages.com]
Mufasa(aka Dave of Sandy, Utah, USA)
[I provide low-cost, remote Database Administration services: www.dasages.com]
- Status
Similar threads