Thursday, 4 February 2016

Listing user Granted Privileges



I had written blogs, when i received request from user and he wanted to know all granted rights/privileges to DB user.
For this purpose there are few DBA views ( DBA_TAB_PRIVS,DBA_ROLE_PRIVS ,DBA_SYS_PRIVS) from which we can query and get desire outputs.
supporting view explanation :-
-----------------------
DBA_USERS      ----------->    List info about all the users in the database.
DBA_TAB_PRIVS  ----------->    Lists the object privileges granted to users.
DBA_ROLE_PRIVS ----------->    Lists roles that are granted/assigned to a either another role or a user.
DBA_SYS_PRIVS  ----------->    Lists system privileges that are granted/assigned to a either another role or a user.


For the instance  :-  

Way 1 :-
select dbms_metadata.get_ddl( 'USER', 'DB_ADMIN' ) || '/' from dual
UNION ALL
select dbms_metadata.get_granted_ddl( 'SYSTEM_GRANT', 'DB_ADMIN' ) || '/' from dual
UNION ALL
select dbms_metadata.get_granted_ddl( 'OBJECT_GRANT', 'DB_ADMIN' ) || '/' from dual
UNION ALL
select dbms_metadata.get_granted_ddl( 'ROLE_GRANT', 'DB_ADMIN' ) || '/' from dual

Way 2 :-


Granted objects privs
----------------------
SQL> select GRANTEE,PRIVILEGE, TABLE_NAME from dba_tab_privs where grantee='LABUSER';

GRANTEE                        PRIVILEGE                                TABLE_NAME
====================================================================================
LBACSYS                        QUERY REWRITE                            EXPDEPACT$
LBACSYS                        DEBUG                                    EXPDEPACT$
LBACSYS                        FLASHBACK                                EXPDEPACT$
LBACSYS                        INDEX                                    EXPDEPACT$
LBACSYS                        DELETE                                   EXPPKGACT$
LBACSYS                        INDEX                                    EXPPKGACT$
LBACSYS                        INSERT                                   EXPPKGACT$
LBACSYS                        SELECT                                   EXPPKGACT$
LBACSYS                        UPDATE                                   EXPPKGACT$
LBACSYS                        FLASHBACK                                EXPPKGACT$
LBACSYS                        ALTER                                    EXPPKGACT$
LBACSYS                        REFERENCES                               EXPPKGACT$
LBACSYS                        ON COMMIT REFRESH                        EXPPKGACT$
LBACSYS                        QUERY REWRITE                            EXPPKGACT$
LBACSYS                        DEBUG                                    EXPPKGACT$


Granted roles
----------------
SQL> select grantee, granted_role from dba_role_privs where grantee='LABUSER';

GRANTEE                        GRANTED_ROLE
===================================================
DB_ADMIN                       SELECT_CATALOG_ROLE
DB_ADMIN                       CONNECT
DB_ADMIN                       DBA
DB_ADMIN                       DBA
DB_ADMIN                       CONNECT

System Privs
==================
SQL> select grantee, PRIVILEGE from dba_sys_privs where grantee='LABUSER';
GRANTEE         PRIVILEGE
=============================
DB_ADMIN     CREATE SESSION
DB_ADMIN     SELECT ANY DICTIONARY
DB_ADMIN     SELECT ANY TABLE
DMSYS         ALTER SESSION
DMSYS         ALTER SYSTEM
DMSYS         CREATE JOB
DMSYS         CREATE LIBRARY




====================== THANK YOU =====================================
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)