| which privilege i need [message #445518] |
Tue, 02 March 2010 05:39  |
madhavi babburi
Messages: 117
Registered: May 2009
Location: Hyderabad
|
Senior Member |
|
|
Hi,
A function returns the metadata of named objects (Directories, Users, Tablespace....) in the form of DDL. When i execute the function in the schema having the privileges of CONNECT, RESOURCE, DBA, SELECT ANY TABLE, UNDER ANY VIEW AND EXECUTE ANY PROCEDURE, function returns the empty clob without any error. But he same function created and executed in the User having SYSDBA privilege, we get output.
Can you tell me how to get output without SYSDBA priv? and advice me what are other privileges i need?
Please find the code snippet.
CREATE OR REPLACE FUNCTION SCHEMA.DBLINK
RETURN CLOB
AS
v_meta_handle NUMBER;
v_meta_handle_trans NUMBER;
V_DOC CLOB;
V_LOB CLOB;
BEGIN
-- Specify the object type.
v_meta_handle := DBMS_METADATA.OPEN('TABLESPACE');
v_meta_handle_trans:=DBMS_METADATA.ADD_TRANSFORM(v_meta_handle,'DDL');
LOOP
v_doc := DBMS_METADATA.FETCH_CLOB(v_meta_handle);
EXIT WHEN v_doc IS NULL;
v_lob := v_lob ||v_doc;
v_lob := v_lob || '/';
-- When there are no more objects to be retrieved, FETCH_CLOB returns NULL.
END LOOP;
v_lob := v_lob || '';
return v_lob;
end;
Regards,
Madhavi.
|
|
|
|
|
|
|
|
|
|
| Re: which privilege i need [message #445524 is a reply to message #445518] |
Tue, 02 March 2010 05:59  |
madhavi babburi
Messages: 117
Registered: May 2009
Location: Hyderabad
|
Senior Member |
|
|
Hi Michel,
Above one is part of my requirement. I need to export total database in the object level (by passing object type, name, owner as parameters). I able to export all schema objects successfully (i use Invoker rights) in the current database. Now iam trying for named objects. Next i'll try for dependent objects, granted objects,....
I need to provide single program for that. I think get_ddl used in browser interface (directly in sql).
Is my choice (fetch instead of get_xxxx) correct?
I need to use METADATA api for that without mention any data dictionaries (for each object need to connect corresponding data dictionary).
Regards,
Madhavi.
[Updated on: Tue, 02 March 2010 06:01] Report message to a moderator |
|
|
|
|
|
| Re: which privilege i need [message #445530 is a reply to message #445518] |
Tue, 02 March 2010 06:12 |
madhavi babburi
Messages: 117
Registered: May 2009
Location: Hyderabad
|
Senior Member |
|
|
Hi Michel,
Thank you for support. I already have SELECT_CATALOG_ROLE privilege but didn't use invoker rights (AUTHID CURRENT_USER) for named objects. Now i make my program with invoker rights. I got output.
I have a doubt....
Named objects doesn't belong to any schema. Why should we use invoker rights for named objects also?
Regards,
Madhavi.
|
|
|
|
| Re: which privilege i need [message #445531 is a reply to message #445530] |
Tue, 02 March 2010 06:19 |
 |
Michel Cadot
Messages: 68733
Registered: March 2007
Location: Saint-Maur, France, https...
|
Senior Member
Account Moderator |
|
|
Quote:Why should we use invoker rights for named objects also?
As I said roles are not enabled in AUTHID DEFINER function, you have to use AUTHID CURRENT_USER just to activate the role as this is a requirement of the function (which is outside ANSI standard but this is another question).
I bet the function checks the role in SESSION_ROLES view which only sees the activated roles.
Regards
Michel
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
