Session ID:

Prepared by:

Granting Oracle Schema Permissions When Objects not Created Yet !

Jasmine B Wednesday, April 13, 2016 12 – 12:30pm

1198

@mjgangler

Mike Gangler – Senior Database Specialist Secure-24 - @mjgangler Mjgangler@yahoo.com

About Mike Gangler

•  Oracle ACE with robust database credentials •  DBA for over 28 years, working with Oracle

since version 4 •  Team Lead and Senior Database Specialist at

Secure-24 •  Currently serving on the board of the Southeast

Michigan Oracle Professionals (SEMOP) group – www.meetup.com

•  Charter member of the Board of Directors for the International Oracle Users Group (IOUG) – www.ioug.org

•  Follow me on my Blog http://mjgangler.wordpress.com and on twitter! @mjgangler

2

About Secure-24

3

FOUNDED

HEADQUARTERS GLOBAL

OPERATION CENTERS

DATA CENTERS

Secure-24 was founded in 2001 and since then has grown

to 500+ employees and has received

recogniPon as one of Computerworld’s Best Places to Work in IT, 3-

years running.

Secure-24 is headquartered in

Southfield, MI

Serving customers around the globe,

Secure-24 has two (2) OperaPon Centers in Michigan, one (1) in

Nevada and one (1) in Hyderabad India.

Secure-24 has three (3) data centers in

Michigan, one (1) in Nevada, plus several global partnerships. We only choose the safest locaPons for

our data centers.

Secure-24 has 15 years of experience delivering managed IT operaPons, applicaPon hosPng and cloud services to enterprises worldwide. We manage SAP, Hyperion, PeopleSo], JD Edwards, Oracle E-Business Suite and other mission

criPcal applicaPons across all industries for businesses of every size.

Communi'es Educa'on

Join for as low as $150

SELECT Journal Resource Center IOUG Press Webinars & Podcasts IOUG Forum 5 Minute Briefing

Plus get access to IOUG’s content library, peer-to-peer networking, and more! Corporate options also available!

Oracle Conferences in Detroit Area

Southeast Michigan Oracle Professionals

http://www.meetup.com/SouthEast-Michigan-Oracle-Professionals/

Meet monthly – 2nd Tuesday of the month

Michigan Oracle User Summit November 3, 2016 http://www.mous.us

Great Lakes Oracle Conference

•  2016 Great Lakes Oracle Conference (GLOC)

•  May 18 & 19, 2016 Cleveland Public Auditorium

Cleveland, OH

https://www.neooug.org/gloc/

Todays Discussion

Learn how Secure-24 uses Roles and a simple trigger to grant “Read Only” access to objects that are not created yet. This process is quite common in MS SQL Server and is needed for many database systems.

7

Pre-Steps – User Steps

•  Create a read only role in the database –  > create role IOUG_READONLY;

8

Pre-Steps – User Steps

•  Grant Role to user requiring read only access

– > grant IOUG_READONLY to IOUG_USER ; – > alter user IOUG_USER default role all;

** Note – need default=yes or you will have to do a:

>> alter session set role=IOUG_READONLY; >> 12c – set role ioug_readonly;

9

DDL Trigger

CREATE or REPLACE TRIGGER AFTER_DDL AFTER DDL on IOUG_OBJECTS.SCHEMA declare v_sysevent varchar2(25); v_message varchar(255); l_job number; begin select ora_sysevent into v_sysevent from dual; if ( v_sysevent in ('CREATE') ) then v_message := 'execute immediate "grant select on IOUG_OBJECTS.'||ora_dict_obj_name||' to IOUG_READONLY";'; dbms_job.submit (l_job,replace(v_message,'"','''') ) ; end if; end; /

10

Results

Now whenever a new object gets created the role is granted via the pl/sql and dbms_job. The following is a test output: Connect IOUG_OJBECTS/pw IOUG_OBJECTS@IOUGDEV > create table foo1 (col1 varchar2(255)); Table created. IOUG_OBJECTS@IOUGDEV > connect IOUG/pw Connected. IOUG@IOUGDEV > select * from IOUG_OBJECTS.foo1; no rows selected IOUG@IOUGDEV > desc IOUG_OBJECTS.foo1; Name Null? Type —————————————– ——– —————————- COL1 VARCHAR2(255)

11

DDL Trigger - Notes

NOTES: • Must use dbms_job.submit in order for the role to be in place.

• Unless you have a public synonym you may need to add the schema name prior to the object.

• The default role must be set to true or you will need to alter session to enable that read only role.

• Please let me know if this works for you and big thanks to “Ask Tom” who helped me resolve the PL/SQL and DDL issue. Also, please let me know if there is a automatic way to do this Oracle.

12

Demo – If Time

Visit Secure-24 in booth #1315!

•  Enter for a chance to win a $5,000 travel gift card!

•  Meet with other S-24 executives and technical resources

•  Discuss your organization’s Cloud Strategy for 2016

•  Learn more about our capabilities with Oracle’s Virtual Compute Appliance

Questions

ServerPool2

JDE

MikeGanglerMichael.gangler@secure-24.comBlog:hBps://mjgangler.wordpress.com

mjgangler

Please complete the session evaluation Paper – 1198 Author – Mike Gangler We appreciate your feedback and Insight

You May complete the session evaluation via the mobile app