I have script in bash to grant privileges (30 grants) in oracle. This script is in cron and it's start every day in specific hour. I want by easiest / fastest way create check / if to grant privileges only if it's not already granted. Someone can help?
Do not bother checking if they have/have not got the privileges. Just grant/revoke them so that whichever user it is ends up with the correct privileges.
You can write a shell script to generate a file with the SQL commands in it and then run the script using SQL/Plus.
The below PL/SQL block only grants the missing privileges. I've used the "expected minus actual" pattern frequently, and I've learned the hard way to always display the problematic SQL statement in the error message.
--Grant missing privileges.
begin
for missing_grants in
(
select grantee, table_name, privilege, 'grant ' || privilege || ' on ' || table_name || ' to asdf ' || grantee grant_ddl
from
(
--Expected privileges:
select 'TEST_USER' grantee, 'TEST1' table_name, 'SELECT' privilege from dual union all
select 'TEST_USER' grantee, 'TEST2' table_name, 'SELECT' privilege from dual union all
select 'TEST_USER' grantee, 'TEST2' table_name, 'INSERT' privilege from dual union all
select 'TEST_USER' grantee, 'TEST2' table_name, 'UPDATE' privilege from dual union all
select 'TEST_USER' grantee, 'TEST2' table_name, 'DELETE' privilege from dual
minus
--Actual privileges:
select grantee, table_name, privilege
from user_tab_privs
where table_name in ('TEST1', 'TEST2')
)
) loop
begin
execute immediate missing_grants.grant_ddl;
exception when others then
raise_application_error(-20000, 'Error with this SQL: ' || missing_grants.grant_ddl || chr(10) || sqlerrm);
end;
end loop;
end;
/
While it's true that you could simply re-run the grants every time, there are several reasons you may not want to do that:
Also, you might want to consider Gary Myers' suggestion to put this task inside the scheduler. With just a single call to DBMS_SCHEDULER, you could put the job inside the database and not have to worry about shell scripts or cron.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.