Oracle – create synonym ora-01031 insufficient privileges

grantoracleprivilegesschemasynonym

I need help understanding what grants/privileges a user needs to CREATE a SYNONYM when it points to another (different) schema object.

When I try the below, I get ora-01031 insufficient privileges, so obviously I am missing and failing to apply other needed privileges. I did search as well as I could but couldn't find anything specific to cross-schema synonyms.

CREATE USER test IDENTIFIED BY pw DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP;
ALTER USER test IDENTIFIED BY pw;
GRANT CONNECT, RESOURCE TO test;

-- ... create a bunch of stuff in test...

CREATE USER READWRITE IDENTIFIED BY pw DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE    TEMP;
ALTER USER READWRITE IDENTIFIED BY pw;
GRANT CONNECT, RESOURCE TO READWRITE;

GRANT SELECT ON GDACS.FIXALARMS TO PUBLIC;
GRANT UPDATE, INSERT ON GDACS.FIXALARMS TO READWRITE; 

CONNECT READWRITE/pw;

CREATE SYNONYM FIXALARMS for test.FIXALARMS;
ORA-01031 insufficient privileges

Best Answer

The documentation for the CREATE SYNONYM command includes:

Prerequisites

To create a private synonym in your own schema, you must have the CREATE SYNONYM system privilege.

To create a private synonym in another user's schema, you must have the CREATE ANY SYNONYM system privilege.

To create a PUBLIC synonym, you must have the CREATE PUBLIC SYNONYM system privilege.

You're trying to create a private synonym in READWRITE's own schema, so you have to have to do:

GRANT CREATE SYNONYM TO READWRITE;

The object the synonym is pointing to is in a different schema, but that isn't relevant here.

If your new account is only going to access objects in the GDACS schema, and particularly if you have a lot of objects you want to grant access to, then as an alternative to having to create synonyms for everything you could alter the new user's current_schema in each session - possibly via a logon trigger.

Related Solutions

Php – return variable approach

I think what you need here is the $GLOBALS array. For Example, if you assign $GLOBALS['var_1'] = 1 then when you return from the function, the variable $var_1 will be set to 1.

Oracle ORA-01031: insufficient privileges while creating user

You just need a CREATE USER system privilege BUT don't forget to use CONTAINERclause which should be set to ALL, if you omit this clause then the grantee will have CREATE USER system privilege on the current container.

Specify CONTAINER = ALL to commonly grant a system privilege, object privilege on a common object, or role, to a common user or common role

GRANT

When a common user account is created, the account is created in all of the open pluggable databases. So the user who is creating this new user must have CREATE USER system privilege on all containers.

SQL> grant create user to c##user container=all;

Grant succeeded.

SQL> conn c##user
Enter password: 
Connected.
SQL> create user c##user2 identified by user2;

User created.

Best Answer

Related Solutions

Php – return variable approach

Oracle ORA-01031: insufficient privileges while creating user

Related Topic