granting oracle schema permissions when objects not ...€¦ · granting oracle schema permissions...
TRANSCRIPT
![Page 1: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/1.jpg)
Session ID:
Prepared by:
Granting Oracle Schema Permissions When Objects not Created Yet !
Jasmine B Wednesday, April 13, 2016 12 – 12:30pm
1198
@mjgangler
Mike Gangler – Senior Database Specialist Secure-24 - @mjgangler [email protected]
![Page 2: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/2.jpg)
About Mike Gangler
• Oracle ACE with robust database credentials • DBA for over 28 years, working with Oracle
since version 4 • Team Lead and Senior Database Specialist at
Secure-24 • Currently serving on the board of the Southeast
Michigan Oracle Professionals (SEMOP) group – www.meetup.com
• Charter member of the Board of Directors for the International Oracle Users Group (IOUG) – www.ioug.org
• Follow me on my Blog http://mjgangler.wordpress.com and on twitter! @mjgangler
2
![Page 3: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/3.jpg)
About Secure-24
3
FOUNDED
HEADQUARTERS GLOBAL
OPERATION CENTERS
DATA CENTERS
Secure-24 was founded in 2001 and since then has grown
to 500+ employees and has received
recogniPon as one of Computerworld’s Best Places to Work in IT, 3-
years running.
Secure-24 is headquartered in
Southfield, MI
Serving customers around the globe,
Secure-24 has two (2) OperaPon Centers in Michigan, one (1) in
Nevada and one (1) in Hyderabad India.
Secure-24 has three (3) data centers in
Michigan, one (1) in Nevada, plus several global partnerships. We only choose the safest locaPons for
our data centers.
Secure-24 has 15 years of experience delivering managed IT operaPons, applicaPon hosPng and cloud services to enterprises worldwide. We manage SAP, Hyperion, PeopleSo], JD Edwards, Oracle E-Business Suite and other mission
criPcal applicaPons across all industries for businesses of every size.
![Page 4: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/4.jpg)
Communi'es Educa'on
Join for as low as $150
SELECT Journal Resource Center IOUG Press Webinars & Podcasts IOUG Forum 5 Minute Briefing
Plus get access to IOUG’s content library, peer-to-peer networking, and more! Corporate options also available!
![Page 5: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/5.jpg)
Oracle Conferences in Detroit Area
Southeast Michigan Oracle Professionals
http://www.meetup.com/SouthEast-Michigan-Oracle-Professionals/
Meet monthly – 2nd Tuesday of the month
Michigan Oracle User Summit November 3, 2016 http://www.mous.us
![Page 6: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/6.jpg)
Great Lakes Oracle Conference
• 2016 Great Lakes Oracle Conference (GLOC)
• May 18 & 19, 2016 Cleveland Public Auditorium
Cleveland, OH
https://www.neooug.org/gloc/
![Page 7: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/7.jpg)
Todays Discussion
Learn how Secure-24 uses Roles and a simple trigger to grant “Read Only” access to objects that are not created yet. This process is quite common in MS SQL Server and is needed for many database systems.
7
![Page 8: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/8.jpg)
Pre-Steps – User Steps
• Create a read only role in the database – > create role IOUG_READONLY;
8
![Page 9: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/9.jpg)
Pre-Steps – User Steps
• Grant Role to user requiring read only access
– > grant IOUG_READONLY to IOUG_USER ; – > alter user IOUG_USER default role all;
** Note – need default=yes or you will have to do a:
>> alter session set role=IOUG_READONLY; >> 12c – set role ioug_readonly;
9
![Page 10: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/10.jpg)
DDL Trigger
CREATE or REPLACE TRIGGER AFTER_DDL AFTER DDL on IOUG_OBJECTS.SCHEMA declare v_sysevent varchar2(25); v_message varchar(255); l_job number; begin select ora_sysevent into v_sysevent from dual; if ( v_sysevent in ('CREATE') ) then v_message := 'execute immediate "grant select on IOUG_OBJECTS.'||ora_dict_obj_name||' to IOUG_READONLY";'; dbms_job.submit (l_job,replace(v_message,'"','''') ) ; end if; end; /
10
![Page 11: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/11.jpg)
Results
Now whenever a new object gets created the role is granted via the pl/sql and dbms_job. The following is a test output: Connect IOUG_OJBECTS/pw IOUG_OBJECTS@IOUGDEV > create table foo1 (col1 varchar2(255)); Table created. IOUG_OBJECTS@IOUGDEV > connect IOUG/pw Connected. IOUG@IOUGDEV > select * from IOUG_OBJECTS.foo1; no rows selected IOUG@IOUGDEV > desc IOUG_OBJECTS.foo1; Name Null? Type —————————————– ——– —————————- COL1 VARCHAR2(255)
11
![Page 12: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/12.jpg)
DDL Trigger - Notes
NOTES: • Must use dbms_job.submit in order for the role to be in place.
• Unless you have a public synonym you may need to add the schema name prior to the object.
• The default role must be set to true or you will need to alter session to enable that read only role.
• Please let me know if this works for you and big thanks to “Ask Tom” who helped me resolve the PL/SQL and DDL issue. Also, please let me know if there is a automatic way to do this Oracle.
12
![Page 13: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/13.jpg)
Demo – If Time
![Page 14: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/14.jpg)
Visit Secure-24 in booth #1315!
• Enter for a chance to win a $5,000 travel gift card!
• Meet with other S-24 executives and technical resources
• Discuss your organization’s Cloud Strategy for 2016
• Learn more about our capabilities with Oracle’s Virtual Compute Appliance
![Page 16: Granting Oracle Schema Permissions When Objects not ...€¦ · Granting Oracle Schema Permissions When Objects not Created Yet ! Jasmine B Wednesday, April 13, 2016 12 – 12:30pm](https://reader033.vdocument.in/reader033/viewer/2022060323/5f0dc8a67e708231d43c1145/html5/thumbnails/16.jpg)
Please complete the session evaluation Paper – 1198 Author – Mike Gangler We appreciate your feedback and Insight
You May complete the session evaluation via the mobile app