I have a requirement to create the tables dynamically through procedure from another schema. here are the details..
user1 -- table T1_YYYMM where YYYYMM= year,month e.g T1_201912 needs to be created on this schema.
user2 -- procedure X to create T1_YYYYMM is created on this schema.
user3 -- want to access the procedure X from user3 which should create the tables on user1.
user3 has been given execute permission on p1 but still i am getting permission denied.I dont have access to user1 and user2.All I can access through user3 only. I should not be able to create any table other than T1_YYYYMM on user1.
please advise on this.
from user2 i am able to execute p1 but when I am trying this from user3 i am getting the insufficient privelege error.
grant create any table to user2 -- done
create or replace PROCEDURE USER2.x (owner_name in varchar2 ,
table_name in varchar2
) authid current_user
is
sql_string VARCHAR2(4000);
l_owner varchar2(30) := 'USER1';
l_tab varchar2(100) := 'T1';
l_month varchar2(30) := to_char(add_months(sysdate),'YYYYMM');
BEGIN
IF l_owner=owner_name AND l_tab = table_name then
sql_string := 'CREATE TABLE '||l_owner||'.'||l_tab||'_'||l_month||' AS SELECT * FROM USER1.T2 WHERE 1=2';
EXECUTE IMMEDIATE sql_string;
dbms_output.put_line('Table created :'||l_tab||'_'||l_month);
EXECUTE IMMEDIATE 'GRANT DELETE, INSERT, SELECT, UPDATE ON '||l_tab||'_'||l_month||' TO V_ROLE ';
ELSE
dbms_output.put_line('Permission Denied...');
END IF;
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE (SQLERRM);
END X;
/
grant execute on x to USER3 ;--DONE
/
EXEC USER3.X('USER1','T1');
ORA-01031: insufficient privileges
PL/SQL procedure successfully completed.
You missing link is the privilege
grant create any table to user2;
without it you observe
ORA-01031: insufficient privileges
Full Setup
1) grant create any table
to user2
-- done by DBA
2) create procedure in user2
create procedure x as
begin
execute immediate 'create table user1.tab1 (x number)';
end;
/
3) grant execute
on x
to USER3
grant execute on x to USER3;
4) USER3
runs the procedure
begin
user2.x;
end;
/
See also here - simple CREATE TABLE
privilege is not sufficient to create tables in other schemas.
Also note, that this privilege must be given direct to the user (ie not via a role ) to be able to be used in a procedure.
Alternatives
As pointed out in a comment, a more secure alternative is to move the procedure from user2 to user1 , ie the procedure and the table to be created would be in the same schema.
In that case only execute
privilege on the procedure must be granted to USER3
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.