From oracle-l-bounce@freelists.org Fri Apr 29 12:45:51 2005 Return-Path: Received: from air891.startdedicated.com (root@localhost) by orafaq.com (8.12.10/8.12.10) with ESMTP id j3THjpSM010570 for ; Fri, 29 Apr 2005 12:45:51 -0500 X-ClientAddr: 206.53.239.180 Received: from turing.freelists.org (freelists-180.iquest.net [206.53.239.180]) by air891.startdedicated.com (8.12.10/8.12.10) with ESMTP id j3THjo4Z010566 for ; Fri, 29 Apr 2005 12:45:50 -0500 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id B0ED918868B; Fri, 29 Apr 2005 11:43:21 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06320-02; Fri, 29 Apr 2005 11:43:21 -0500 (EST) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 369831873A9; Fri, 29 Apr 2005 11:43:21 -0500 (EST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Dj6Mcq+MVlkEkR7Wdahemtg2rQqmjjVxH9R4ONslQ8kFZsNRRwOv7yhHWcQhvW1gu3qlfViLxKWCjfvZRoCxkYd4Ixh67LYPCDnNE1uhMLgGSJbzqPj2+gWqrKtIZ8V6twCJI5RITAB9WvY2sYRxjjoHBkUiAzqgcntx7K1ACXY= Message-ID: <910046b405042909414782992@mail.gmail.com> Date: Fri, 29 Apr 2005 12:41:32 -0400 From: Paul Drake To: Michael.Fleck@lvr.de Subject: Re: User rights Cc: vitalisman@gmail.com, oracle-l@freelists.org In-Reply-To: <4C8A1155526567458C3328A3B56EC00B01F149C4@msx-zv02.lvrintern.lvr.de> Mime-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Content-Disposition: inline References: <4C8A1155526567458C3328A3B56EC00B01F149C4@msx-zv02.lvrintern.lvr.de> X-archive-position: 19205 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-To: oracle-l-bounce@freelists.org X-original-sender: bdbafh@gmail.com Precedence: normal Reply-To: bdbafh@gmail.com X-list: oracle-l X-Virus-Scanned: by amavisd-new-20030616-p9 (Debian) at avenirtech.net X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on air891.startdedicated.com X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=ham version=2.63 On 4/29/05, Michael.Fleck@lvr.de wrote: > Thanks a lot. >=20 > Our problem is, that we use a GUI-based third party tool for these guys = =3D > in our department. I don't know which queries lie behind the button for = =3D > the user rights. I gave the users Select on DBA_TAB_PRIVS and =3D > DBA_ROLE_PRIVS, so they can query the user rights from SQL-Plus, but =3D > with the tool this doesn't work. I think, I will contact the support =3D > people of the tool. >=20 > Best regards, > Michael Fleck=3D20 trace the session of that user using that tool. easiest way is to put an after logon to database trigger for that user account (schema). here is an example of a logon trigger: http://www.databasejournal.com/features/oracle/article.php/3441191 here is an example of using dbms_support to start trace in session: http://www.databasejournal.com/features/oracle/article.php/3469891 hth. Paul >=20 > -----Urspr=3DFCngliche Nachricht----- > Von: Vitalis Jerome [mailto:vitalisman@gmail.com]=3D20 > Gesendet: Freitag, 29. April 2005 14:59 > An: Fleck, Michael > Cc: oracle-l@freelists.org > Betreff: Re: User rights >=20 >=20 > On 4/29/05, Michael.Fleck@lvr.de wrote: > > Hi list members, > >=3D20 > > we have some people in our departments, which do some user=3D20 > > administration. The employees of this department work with oracle=3D20 > > applications. Ths support people in the department want to know, which = =3D >=20 > > access a user has to what tables, indexes etc. Which role or=3D20 > > system-rights do I have to grant to the support people in the=3D20 > > department. With DBA rights they get the right information. I tried=3D2= 0 > > the roles SELECT_ANY_CATALOG and EXECUTE_ANY_CATALOG and the=3D20 > > SELECT_ANY_DICTIONARY right, but none of them worked. > >=3D20 > > Any ideas, which right I have to grant? > >=3D20 > > Best regards, > > Michael Fleck=3D3D20 >=20 > Hi Michael, >=20 > Which queries do the support guys exactly use for this purpose? They =3D > can't only query dba_catalog since this won't tell them which objects a = =3D > user can access. They must be using some queries against DBA_TAB_PRIVS = =3D > and the like. If you can get their queries, it might be easier to find = =3D > the right sufficient role or privileges. >=20 > Regards, > Jerome >=20 > -- > http://www.freelists.org/webpage/oracle-l >=20 --=20 #/etc/init.d/init.cssd stop # f=3Dma, divide by 1, convert to moles. -- http://www.freelists.org/webpage/oracle-l