Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

oracle read only account

Status
Not open for further replies.
newcg

newcg

Technical User
Feb 1, 2007
22
US
I want to create a new oracle user with ReadOnly access to my 'UserB' oracle account schema/data.

CREATE USER userRO IDENTIFIED BY userRO
DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp;

GRANT CONNECT,
CREATE SESSION,
SELECT ANY TABLE to userRO;

--My question is when I log in as userRO and try to read data from UserB, I get an error. How do I do it.?

SQL> select count(*) from userB_table;
select count(*) from userB_table
*
ERROR at line 1:
ORA-00942: table or view does not exist

If I log in as UserB:
SQL> select count(*) from userB_table;

COUNT(*)
----------
0

thanks.

 
Sort by date Sort by votes
NewCQ,

"UserRO" does not own a table named, "userB_table", therefore, when "UserRO" attempts to access that table, s/he must qualify the access with the name of the Oracle user/schema that owns the table. Here is a revised query that should work for you:
Code: 
select count(*) from [b]userB.[/b]userB_table;
Let us know your findings.


[santa]Mufasa
(aka Dave of Sandy, Utah, USA)
[I provide low-cost, remote Database Administration services: www.dasages.com]
 
Upvote 0 Downvote
thanks mufasa.
That works, but with the priviledge I gave userRO, it cannot do anything else only read access, correct?

GRANT CONNECT,
CREATE SESSION,
SELECT ANY TABLE to userRO;

I see some post that says for read only , only grant connect and create session.. but how do they do a query without the grant select any table ? hmm.
 
Upvote 0 Downvote
NewCG,

Yes, I was wondering why you would give such a powerful privilege (SELECT ANY TABLE) to a read-only user.

I recommend that you do the following:
Code: 
(As a DBA)
CREATE ROLE READ_ONLY_APP_TABLES;
GRANT READ_ONLY_APP_TABLES to userRO;

(As owner of the tables to read)
GRANT SELECT on table1 to READ_ONLY_APP_TABLES;
GRANT SELECT on table2 to READ_ONLY_APP_TABLES;
GRANT SELECT on table3 to READ_ONLY_APP_TABLES;
GRANT SELECT on table4 to READ_ONLY_APP_TABLES;
At that point, UserRO can read any of those four tables only. That is the appropriate method (from a security and privacy perspective) to manage your privileges.

Let us know your thoughts on this.


[santa]Mufasa
(aka Dave of Sandy, Utah, USA)
[I provide low-cost, remote Database Administration services: www.dasages.com]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sufi Shahzad
  • Question
Fingr printer reader digital personna 4500
Replies
0
Views
194
Sufi Shahzad
Sufi Shahzad
TheLazyPig
  • Locked
  • Question
Oracle Data Validation 1
Replies
4
Views
170
TheLazyPig
TheLazyPig
KeyserSoze
  • Locked
  • Question
TOAD for Oracle - Icons
Replies
1
Views
195
Andrzejek
Andrzejek
Livia8
  • Locked
  • Question
Generate report/output on the basis of "enquiry" responsibilities only 1
Replies
16
Views
209
Livia8
Livia8
gc6294
  • Locked
  • Question
Search for a character in Oracle SQL statement 1
Replies
3
Views
139
Andrzejek
Andrzejek

Part and Inventory Search

Sponsor

Back
Top