How to give access to execute packages and select from table for another schema

oraclepermissions

I have a schema called SCHEMA1 with packages and tables that needs to be accessed by user SCHEMA2.

I want SCHEMA2 to have access for executing packages and look at source code. Also I would like to give SELECT access to all tables for SCHEMA2.

How can I do that? Thank you.

Best Answer

I answered a very similar question on stackoverflow.

Basically, it's this:

BEGIN
  FOR Rec IN (SELECT object_name, object_type FROM all_objects WHERE owner='SCHEMA1' AND object_type IN ('TABLE','VIEW','PROCEDURE','FUNCTION','PACKAGE')) LOOP
    IF Rec.object_type IN ('TABLE','VIEW') THEN
      EXECUTE IMMEDIATE 'GRANT SELECT ON SCHEMA1.'||Rec.object_name||' TO SCHEMA2';
    ELSIF Rec.object_type IN ('PROCEDURE','FUNCTION','PACKAGE') THEN
      EXECUTE IMMEDIATE 'GRANT EXECUTE ON SCHEMA1.'||Rec.object_name||' TO SCHEMA2';
    END IF;
  END LOOP;
END;

Related Solutions

Granting Read-Only access to an existing Oracle Schema

You'll need a separate account to grant the read-only access to. I would suggest adding a role that you grant read-only access to as well-- you can then re-use that role if more users need this access in the future.

CREATE ROLE my_read_only_role;

BEGIN
  FOR x IN (SELECT table_name FROM dba_tables WHERE owner=<<schema name>>)
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON ' || x.table_name || ' TO my_read_only_role';
  END LOOP;
  FOR y IN (SELECT view_name FROM dba_views WHERE owner=<<schema name>>)
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON ' || y.view_name || ' TO my_read_only_role';
  END LOOP;
END;
/

GRANT my_read_only_role TO new_customer_account;

Once that is done, the new account will need to prefix the table names with the schema name to select the data. Alternatively, you could create public synonyms for each object (you can add another EXECUTE IMMEDIATE to each loop in the code above). Or you could have the user run the command

ALTER SESSION SET current_schema = <<schema name>>

on login. You could also create a login trigger in the new account that would do this automatically. That will cause <<schema name>> to be implicitly added as the schema prefix. It does not affect the privileges of the session-- the user still has the read-only privileges, the default schema name has just been changed.

UNIX – How to give user rights over another user and so I don’t need to sudo or type password

As requested, a bit of a tutorial on groups. Hopefully this isn't too elementary.

By default, most user accounts are also part of a group of the same name. To determine what groups an account is a member of, use the groups command.

# groups root
root : root bin daemon sys adm disk wheel

The first one listed is the primary group, and will be the default group owner of any files that user creates. That's listed in the output of ls as the second 'root' entry.

# touch testfile
# ls -l testfile
-rw-r--r--  1 root root 19 Jan 29 08:37 testfile

In order to add a user to a group, you use usermod as shown. The lowercase "-g" flag you gave it changes the primary group. It may be better to change just a secondary one, using the "-G" and "-a" flag. Namely, to put the git user into luddico's group.

# usermod -G luddico -a git
# groups git
git : git luddico

This should give git access to any files that are owned by the luddico group, and have appropriate group permissions. Group permissions are the second "rwx" set listed in ls. The testfile I showed above only allows read access by the root group. If you wanted to give all members of that group write access, you would have to use chmod for that.

# ls -l testfile
-rw-r--r--  1 root root 19 Jan 29 08:37 testfile
# chmod g+w testfile
# ls -l testfile
-rw-rw-r--  1 root root 19 Jan 29 08:37 testfile

Now anyone in the root group can read or write to testfile. Apply the same concept to Luddico's files.

Best Answer

Related Solutions

Granting Read-Only access to an existing Oracle Schema

UNIX – How to give user rights over another user and so I don’t need to sudo or type password

Related Topic