| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: insufficient priviliges
Sybrand.
>First suggestion: stop top-posting
>Second suggestion : stop top-posting
>Third suggestion: Always mention your version in order to avoid
>wasting people's time, as in 8i you can't use David Fitzjarell's
>suggestion.
Excellent reply
Sorry, I did not understand the phrase ... top posting
Yes....Next time I shall give Oracle version first.
The reason I was hesitating to change the password is that this is a production database and as such I did not want to
I would do the above at the last resort
Your trick of creating a stored procedure is an excellent trick
fitzjarrell_at_cox.net wrote:
> Comments embedded.
> Sybrand Bakker wrote:
> > On 12 Jul 2006 15:49:32 -0700, "newbie" <rjngh2005_at_gmail.com> wrote:
> >
> > >Oracle Version 8.1.7.4.1
> > >
> > >Yes, The changing password method is my last resort.
> > >
> > >I would like to attempt any other method to enable either user sys or
> > >system
> > >to grant permission to user test select permission to objects of schema
> > >abc
> > >
> > >Thanks.....I look forward to more suggestions
> >
> > First suggestion: stop top-posting
> > Second suggestion : stop top-posting
> > Third suggestion: Always mention your version in order to avoid
> > wasting people's time, as in 8i you can't use David Fitzjarell's
> > suggestion.
> >
>
> Hmmm, MY suggestion was this:
>
> "You use the user 'abc' to grant privileges on the objects OWNED by
> 'abc'. It's that simple. Possibly you created this 'abc' user to test
>
> things; since you DO have access as SYS as SYSDBA you can CHANGE the
> password for 'abc':
>
> SQL> alter user abc identified by somepasswordicanremember;
>
>
> And, then, by the magic of Oracle you can connect as 'abc':
>
>
> SQL> connect abc/somepasswordicanremember
> Connected.
> SQL> select * from pqr;
>
>
> [all sorts of results here] "
>
> Explain how 'alter user xxx identified by yyyy;' isn't available in 8i,
> please, as I've been using it since Oracle 6 to change user passwords
> (yes, even in the latest releases as the user community can't wrap
> their minds around the 'password' function).
>
> Chuck offered the solution which is release-specific (any release from
> 9i onwards); possibly you misread the thread and attributed comments to
> me which should have been attributed elsewhere.
>
> > There is a very nasty tric to help you do it.
> >
> > As sys or system
> > create or replace procedure <table_owner>.do_sql(sqlstr in varchar2)
> > is
> > begin
> > execute immediate sqlstr;
> > end;
> > /
> >
> > Now as sys or system
> > execute <table_owner>.do_sql('grant .... etc')
> >
> > Works like a charm, and demonstrates whoever know the SYS or SYSTEM
> > password (or any other privileged account) can control the entire
> > database.
> >
> > --
> > Sybrand Bakker, Senior Oracle DBA
>
>
> David Fitzjarrell
Received on Thu Jul 13 2006 - 09:41:26 CDT
 |
 |