Confusion
A reader, September 30, 2001 - 12:10 am UTC
Iam connected as scott
SQL> select * from session_privs
2 /
PRIVILEGE
----------------------------------------
CREATE SESSION
ALTER SESSION
UNLIMITED TABLESPACE
CREATE TABLE
CREATE CLUSTER
CREATE SYNONYM
CREATE VIEW
CREATE SEQUENCE
CREATE DATABASE LINK
CREATE PROCEDURE
CREATE TRIGGER
PRIVILEGE
----------------------------------------
CREATE TYPE
CREATE OPERATOR
CREATE INDEXTYPE
14 rows selected.
SQL> select * from user_sys_privs
2 /
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
SCOTT UNLIMITED TABLESPACE NO
I expect to see the same results even in the second query, but I could not , can you explain why
Actually, what I want is to check
1.what are the roles assigned to my schema,
2.and then what are the privileges assigned to my schema, 3.and then what are the privileges assigned to my schema which are not assigned to any role.
Further Tom
session_privs gives session privileges
v$mystat gives session statistics
what are some of the other kind of views which give specific information on the schema and user.
Lastly,
is session_privs a table or a view, if it is a view how much it is not prefixed with a v$, how many tables are there like session_privs which are not suffixed with v$,and give useful information on the schema , the session and other useful information.
September 30, 2001 - 9:07 am UTC
Easy -- session_privs show the privs in place in your session. It looks like SCOTT has the resource role which gives him the create table, create type, etc priv. SCOTT also has the UNLIMITED tablespace priv granted directly to him -- thats what you see in USER_SYS_PRIVS.
Consider:
scott@ORA817DEV.US.ORACLE.COM> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
SCOTT ALTER SESSION NO
SCOTT ALTER TABLESPACE NO
SCOTT CREATE SNAPSHOT NO
SCOTT UNLIMITED TABLESPACE NO
scott@ORA817DEV.US.ORACLE.COM> @connect /
ops$tkyte@ORA817DEV.US.ORACLE.COM> grant create table to scott;
Grant succeeded.
ops$tkyte@ORA817DEV.US.ORACLE.COM> @connect scott/tiger
scott@ORA817DEV.US.ORACLE.COM> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
SCOTT ALTER SESSION NO
SCOTT ALTER TABLESPACE NO
SCOTT CREATE SNAPSHOT NO
SCOTT CREATE TABLE NO
SCOTT UNLIMITED TABLESPACE NO
user_sys_privs shows those things granted directly to me, session_privs includes privs from roles.
Ok, to see YOUR roles:
scott@ORA817DEV.US.ORACLE.COM> select granted_role from user_role_privs;
GRANTED_ROLE
------------------------------
PLUSTRACE
CONNECT
RESOURCE
To see YOUR privs --- user_sys_privs and user_tab_privs.
And then to see the privs assigned to your schema which are not assigned to a role -- thats more complex. The problem is a ROLE can have a ROLE can have a ROLE can have a ROLE. They are hierarchical. If someone had the connect role and someone granted "NEW_ROLE" to connect -- you would have to add up the privs granted to connect and new_role. Your best bet there might be a stored procedure (although, if you have the priv granted directly to you -- user_sys|tab_privs -- whether you have that in a role as well or not isn't really relevant, maybe you really don't need this bit of information anyway)
As for the last two things -- see the Oracle Reference Manual. There are dozens of USER_* views and V$ views, far far too many to enumerate here. The are all views.
does not work for my case
MIKE, September 30, 2001 - 9:33 am UTC
The site DBA grant the role, RO_DBA, which is a 'read only' DBA.
SQL> select * from dba_role_privs where grantee='TOOLER';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TOOLMAN RO_DBA NO YES
SQL> select * from role_sys_privs where role='RO_DBA';
no rows selected
SQL> select * from role_tab_privs where role='RO_DBA';
no rows selected
SQL>
I do have the privs to read DBA views and the most of schemas' objects. But I want to find out exactly what is RO_DBA.
September 30, 2001 - 9:59 am UTC
select * from dba_tab_privs where grantee = 'TOOLMAN';
select * from dba_sys_privs where grantee = 'TOOLMAN';
will tell you that. Alternatively, log in as toolman and use the query from the view I reference below...
Why did you tell us
TJ, September 30, 2001 - 9:38 am UTC
Tom
Curiously, I have observed that previously you have advetised a couple of queries to get the privileges granted to all the roles for a particular schema.
When we have something like session_privs, why do we need those queries.
If I want a list of my procedures which are running with definer rights on underlying objects, and a list of procedures running with invoker rights on underlying objects, which views should I query, and how should I get them.
September 30, 2001 - 9:56 am UTC
I think you mean my user_role_hierarchy view:
</code>
http://asktom.oracle.com/pls/asktom/f?p=100:11:::::P11_QUESTION_ID:853427230099 <code>
That answers the question for any given user -- what are all of the possible privs they might have. Session privs only shows the privs in place at that point in time (eg: in a procedure, you have a different set of rows in session privs then when NOT in a procedure -- session privs changes as the schemaid under which the procedure is running changes). user_role_hierarchy shows all of the privs for the currently logged in user regardless of the current schemaid.
Currently, this information does not seem to be exposed in the standard data dictionary. A view such as:
create or replace view dba_procedures
as
select owner,
object_name name,
object_id,
object_type,
created,
last_ddl_time,
status,
(select decode( bitand(options,16), 16, 'INVOKER', 'DEFINER' )
from procedure$
where obj# = dba_objects.object_id ) auth_id
from dba_objects
where object_type in ( 'PROCEDURE', 'FUNCTION', 'PACKAGE', 'PACKAGE BODY' )
/
create public synonym dba_procedures for sys.dba_procedures
/
can be used in order to retrieve that however...
still no work
MIKE, September 30, 2001 - 10:24 am UTC
Sorry for a missleading:
The 'TOOLER' should be TOOLMAN, I changed it for did want to release the real User schema. It is OK , i think now.
SQL> select user from dual;
USER
------------------------------
TOOLMAN
SQL> select * from dba_role_privs where grantee='TOOLMAN';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TOOLMAN CONNECT NO YES
TOOLMAN RESOURCE NO YES
TOOLMAN RO_DBA NO YES
SQL> select * from dba_tab_privs where grantee = 'TOOLMAN';
GRANTEE OWNER
------------------------------ ------------------------------
TABLE_NAME GRANTOR
------------------------------ ------------------------------
PRIVILEGE GRA
---------------------------------------- ---
TOOLMAN SYS
V_$RESOURCE_LIMIT SYS
SELECT NO
SQL> select * from dba_sys_privs where grantee = 'TOOLMAN';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TOOLMAN ANALYZE ANY NO
TOOLMAN RESTRICTED SESSION NO
SQL>
It is 8.0.6.
Just can not figure out of what the RO_DBA role is.
September 30, 2001 - 12:55 pm UTC
select * from dba_tab_privs where grantee = 'RO_DBA';
select * from dba_sys_privs where grantee = 'RO_DBA';
mike, September 30, 2001 - 10:55 pm UTC
These worked.
Do not know the reason for no found in
ROLE_SYS/TAB_PRIVS.
Grants
B, March 26, 2004 - 6:36 am UTC
Hi Tom,
In our application there are two schemas: APPL and APPL_VIEW. All the custom objects are owned by APPL. And synonyms have been created on the APPL.objects(tables/views) for APPL_VIEW, so that users logging to APPL_VIEW can select data from the tables/views.
Now there is a requirement where access to certain tables/views will have to be removed from APPL_VIEW. To achieve this the respective synonyms were dropped. But even after dropping the synonym we are able to access the table/view in APPL_VIEW by qualifying the owner (user)name APPL to the objects in question.
APPL_VIEW has the following privileges: CREATE SESSION, ALTER SESSION, CREATE TABLE, SELECT ANY TABLE and EXECUTE ANY PROCEDURE.
No direct grants have been given on these objects by APPL to APPL_VIEW. But APPL_VIEW has been granted a role, appl_role and this role has has been given select privilege on the objects by APPL. Tried revoking the privilege from the role but still we are able to access the table/view by qualifying APPL from APPL_VIEW.
Request your guidance on why this happening and what needs to be done to set this right.
Thanks,
B
March 26, 2004 - 9:28 am UTC
select any table, execute any procedure = "i have no security whatsoever on my system, I can do anything at all I want to any object pretty much"
amazing....
that user needs no direct grants, they are almost a DBA! they can see all, they can run all.
select ANY table <<<=== think about what 'any' might mean in that context!
RE: Select ANY Table
Mark A. Williams, March 26, 2004 - 9:37 am UTC
select ANY table might be bad, but "EXECUTE ANY PROCEDURE" hands the keys to the kingdom right over...
- Mark
Select Any Table
B, March 29, 2004 - 1:18 am UTC
Hi Tom,
Thanks for your clarification.
Regards,
B
problem with role
A reader, October 16, 2004 - 8:32 pm UTC
i am getting a wierd situation.
I create packages pkg1 and pkg2 as user user1.
I create a role role1 and grant execute on pkg1 and create session to role1.
I grant this role to another user user2.
When I connect as user2, I am seeing the pkg2 as well
whereas the role role1 that I have has only execute
privilege on pkg1.
I think I am doing something wrong but am not sure and
thought may be you have some ideas.
thank you.
October 16, 2004 - 8:48 pm UTC
complete, yet CONCISE (as in really small) test cases are 100% appreciated (not to mention mandatory).....
check your PUBLIC privs - perhaps someone has granted an ANY priv to public.
a test case would look like this perhaps:
user2@ORA9IR2> @connect /
user2@ORA9IR2> set termout off
ops$tkyte@ORA9IR2> set termout on
ops$tkyte@ORA9IR2>
ops$tkyte@ORA9IR2> drop user user1 cascade;
User dropped.
ops$tkyte@ORA9IR2> drop user user2 cascade;
User dropped.
ops$tkyte@ORA9IR2> drop role u1_role;
Role dropped.
ops$tkyte@ORA9IR2>
ops$tkyte@ORA9IR2> select * from dba_sys_privs where grantee='PUBLIC';
no rows selected
ops$tkyte@ORA9IR2>
ops$tkyte@ORA9IR2> create user user1 identified by user1;
User created.
ops$tkyte@ORA9IR2> create user user2 identified by user2;
User created.
ops$tkyte@ORA9IR2>
ops$tkyte@ORA9IR2> grant create procedure, create session, create role to user1;
Grant succeeded.
ops$tkyte@ORA9IR2> grant create session to user2;
Grant succeeded.
ops$tkyte@ORA9IR2>
ops$tkyte@ORA9IR2> @connect user1/user1
ops$tkyte@ORA9IR2> set termout off
user1@ORA9IR2> set termout on
user1@ORA9IR2>
user1@ORA9IR2> create or replace package pkg1
2 as
3 procedure p1;
4 end;
5 /
Package created.
user1@ORA9IR2>
user1@ORA9IR2> create or replace package pkg2
2 as
3 procedure p1;
4 end;
5 /
Package created.
user1@ORA9IR2>
user1@ORA9IR2> create role u1_role;
Role created.
user1@ORA9IR2> grant execute on pkg1 to u1_role;
Grant succeeded.
user1@ORA9IR2> grant u1_role to user2;
Grant succeeded.
user1@ORA9IR2>
user1@ORA9IR2> @connect user2/user2
user1@ORA9IR2> set termout off
user2@ORA9IR2> set termout on
user2@ORA9IR2> desc user1.pkg1
PROCEDURE P1
user2@ORA9IR2> desc user1.pkg2
ERROR:
ORA-04043: object user1.pkg2 does not exist
<b>but of course your outcome would be different..... since pkg2 would exist?</b>
ok - here goes
A reader, October 16, 2004 - 10:16 pm UTC
not exactly same as yours - I am trying to find out
why I am not getting expected results.
admin@ORA10G> set echo on
admin@ORA10G> connect admin/admin
Connected.
admin@ORA10G> drop user code_schema cascade;
User dropped.
admin@ORA10G> create user code_schema identified by code_schema default tablespace users quota
2 unlimited on users;
User created.
admin@ORA10G>
admin@ORA10G> grant create session,
2 create public synonym,
3 create role,
4 drop public synonym,
5 create procedure,
6 create trigger,
7 create sequence,
8 create type to code_schema;
Grant succeeded.
-- cant seem to drop role as code_schema (donnow
-- what privilege is missing for user code_schema
admin@ORA10G> drop role role1;
Role dropped.
admin@ORA10G> conn code_schema/code_schema
Connected.
code_schema@ORA10G
code_schema@ORA10G> create or replace package pkg1
2 as
3 procedure p1;
4 end pkg1;
5 /
Package created.
code_schema@ORA10G> show errors;
No errors.
code_schema@ORA10G>
code_schema@ORA10G> create or replace package body pkg1
2 as
3 procedure p1
4 is
5 begin
6 null;
7 end;
8 end pkg1;
9 /
Package body created.
code_schema@ORA10G> create or replace package pkg2
2 as
3 procedure p2;
4 end pkg2;
5 /
Package created.
code_schema@ORA10G> show errors;
No errors.
code_schema@ORA10G>
code_schema@ORA10G> create or replace package body pkg2
2 as
3 procedure p2
4 is
5 begin
6 null;
7 end;
8 end pkg2;
9 /
Package body created.
code_schema@ORA10G> show errors;
No errors.
code_schema@ORA10G> create role role1;
Role created.
code_schema@ORA10G> grant execute on pkg1 to role1;
Grant succeeded.
code_schema@ORA10G>
code_schema@ORA10G> drop public synonym pkg1;
Synonym dropped.
code_schema@ORA10G> create public synonym pkg1 for pkg1;
Synonym created.
code_schema@ORA10G> drop public synonym pkg2;
Synonym dropped.
code_schema@ORA10G> create public synonym pkg2 for pkg1;
Synonym created.
code_schema@ORA10G>
code_schema@ORA10G> connect admin/admin
Connected.
admin@ORA10G
admin@ORA10G> grant create session to role1;
Grant succeeded.
At this point role1 has "create session" and
"execute on pkg1" privileges.
admin@ORA10G> select * from dba_sys_privs where grantee='PUBLIC';
no rows selected
admin@ORA10G> drop user user1 cascade;
User dropped.
admin@ORA10G> create user user1 identified by user1;
User created.
admin@ORA10G> grant role1 to user1;
Grant succeeded.
I expect the user to see only pkg1.
admin@ORA10G> conn user1/user1
Connected.
user1@ORA10G
user1@ORA10G> select * from session_roles;
ROLE1
user1@ORA10G> desc pkg1
PROCEDURE P1
why is the "desc" below not failing?
user1@ORA10G> desc pkg2
PROCEDURE P1
ok - now we revoke the execute on pkg1 from role1.
user1@ORA10G> -- revoke execute on pkg1 from role1
user1@ORA10G> conn admin/admin
Connected.
admin@ORA10G
admin@ORA10G> revoke execute on pkg1 from role1;
Revoke succeeded.
admin@ORA10G> conn user1/user1
Connected.
and we dont see both packages?
user1@ORA10G
user1@ORA10G> desc pkg1
ERROR:
ORA-04043: object "CODE_SCHEMA"."PKG1" does not exist
user1@ORA10G> desc pkg2
ERROR:
ORA-04043: object "CODE_SCHEMA"."PKG1" does not exist
user1@ORA10G> spool off
Does this have to do with synonyms?
Thank you.
urgghh!
A reader, October 16, 2004 - 11:05 pm UTC
the problem is in
"create public synonym pkg2 for pkg1;"
which should have read
create public synonym pkg2 for pkg2;
cut and pasted and time wasted!
thanx!
October 17, 2004 - 9:49 am UTC
no time wasted if you found your mistake!
This is why I force people down the path of providing a
o small
o yet concise
o did i mention SMALL
o yet 100% complete testcase
with all non-relevant bits chopped out. seriously 999 times out of 1,000 that I do that -- I find my own mistake. It is an excellent process.
thanx..
A reader, October 17, 2004 - 11:29 am UTC
I know - I was talking of your time as well :)
Roles & privileges
velu, May 30, 2006 - 5:10 am UTC
-- Description : Use this script to find which privileges have been granted to a
-- particular user. This scripts lists ROLES, SYSTEM privileges
-- and object privileges granted to a user. If a ROLE is found
-- then it is checked recursively.
--
-- The output can be directed to either the screen via dbms_output
-- or to a file via utl_file. The method is decided at run time
-- by choosing either 'S' for screen or 'F' for File. If File is
-- chosen then a filename and output directory are needed. The
-- output directory needs to be enabled via utl_file_dir prior to
-- 9iR2 and a directory object after.
whenever sqlerror exit rollback
set arraysize 1
set space 1
set verify off
set pages 25
set lines 90
set termout on
clear screen
set feed off
set head off
set echo off
set serveroutput on size 1000000
col system_date noprint new_value val_system_date
select to_char(sysdate,'YYYYMMDD') system_date from sys.dual;
undefine user_to_find
prompt
accept user_to_find char prompt 'NAME OF USER TO CHECK : '
/* Creates a temporary view to get the list of ROLES recursivly for a user*/
create or replace view Privileges_Grant_user
(GRANTEE#,PRIVILEGE#,SEQUENCE#,LEV_EL) as
SELECT GRANTEE#,PRIVILEGE#,SEQUENCE#,LEVEL
from sys.sysauth$
connect by prior privilege# = grantee#
start with grantee# = (select USER# from user$ where name = upper('&&user_to_find'));
/* list the roles Hierarchy */
spool find_all_roles_privs_&val_system_date..log;
prompt *********************************************************
prompt List of roles Hierarchically Granted to &user_to_find
prompt *********************************************************
select lpad( ' ', 6 * ( lev_el - 1 ) ) || u2.name "Role Name"
from Privileges_Grant_user v ,
sys.user$ u2
where u2.user#=v.privilege#;
prompt
drop view Privileges_Grant_user;
declare
--
lv_tabs number:=0;
procedure write_op (pv_str in varchar2) is
begin
dbms_output.put_line(pv_str);
exception
when others then
dbms_output.put_line('ERROR (write_op) => '||sqlcode);
dbms_output.put_line('MSG (write_op) => '||sqlerrm);
end write_op;
--
procedure get_privs (pv_grantee in varchar2,lv_tabstop in out number) is
--
lv_tab varchar2(50):='';
lv_loop number;
--
cursor c_main (cp_grantee in varchar2) is
select 'ROLE' typ,
grantee grantee,
granted_role priv,
admin_option ad,
'--' tabnm,
'--' colnm,
'--' owner
from dba_role_privs
where grantee=cp_grantee and
GRANTED_ROLE NOT IN ('CONNECT','SELECT_CATALOG_ROLE','EXECUTE_CATALOG_ROLE',
'RESOURCE','DBA','IMP_FULL_DATABASE','EXP_FULL_DATABASE','AQ_ADMINISTRATOR_ROLE')
union
select 'SYSTEM' typ,
grantee grantee,
privilege priv,
admin_option ad,
'--' tabnm,
'--' colnm,
'--' owner
from dba_sys_privs
where grantee=cp_grantee
union
select 'TABLE' typ,
grantee grantee,
privilege priv,
grantable ad,
table_name tabnm,
'--' colnm,
owner owner
from dba_tab_privs
where grantee=cp_grantee
union
select 'COLUMN' typ,
grantee grantee,
privilege priv,
grantable ad,
table_name tabnm,
column_name colnm,
owner owner
from dba_col_privs
where grantee=cp_grantee
order by 1;
begin
lv_tabstop:=lv_tabstop+1;
for lv_loop in 1..lv_tabstop loop
lv_tab:=lv_tab||chr(9);
end loop;
for lv_main in c_main(pv_grantee) loop
if lv_main.typ='ROLE' then
write_op(lv_tab||'ROLE => '
||lv_main.priv||' which contains =>');
get_privs(lv_main.priv,lv_tabstop);
elsif lv_main.typ='SYSTEM' then
write_op(lv_tab||'SYS PRIV => '
||lv_main.priv
||' grantable => '||lv_main.ad);
elsif lv_main.typ='TABLE' then
write_op(lv_tab||'TABLE PRIV => '
||lv_main.priv
||' object => '
||lv_main.owner||'.'||lv_main.tabnm
||' grantable => '||lv_main.ad);
elsif lv_main.typ='COLUMN' then
write_op(lv_tab||'COL PRIV => '
||lv_main.priv
||' object => '||lv_main.tabnm
||' column_name => '
||lv_main.owner||'.'||lv_main.colnm
||' grantable => '||lv_main.ad);
end if;
end loop;
lv_tabstop:=lv_tabstop-1;
lv_tab:='';
exception
when others then
dbms_output.put_line('ERROR (get_privs) => '||sqlcode);
dbms_output.put_line('MSG (get_privs) => '||sqlerrm);
end get_privs;
begin
write_op('User => '||upper('&&user_to_find')||' has been granted the following privileges');
write_op('*********************************************************');
get_privs(upper('&&user_to_find'),lv_tabs);
exception
when others then
dbms_output.put_line('ERROR (main) => '||sqlcode);
dbms_output.put_line('MSG (main) => '||sqlerrm);
end;
/
prompt
prompt ********************************************************
prompt End of the report
prompt ********************************************************
spool off
whenever sqlerror continue
roles & privileges
velu, May 30, 2006 - 5:11 am UTC
*********************************************************
List of roles Hierarchically Granted to mtest
*********************************************************
CONNECT
RESOURCE
ROLE_PARENT
ROLE_CHILD01
ROLE_CHILD02
ROLE_OTHER
ROLE_OTHER_CHILD01
User => MTEST has been granted the following privileges
*********************************************************
ROLE => ROLE_OTHER which contains =>
ROLE => ROLE_OTHER_CHILD01 which contains =>
SYS PRIV => SELECT ANY TABLE grantable => NO
SYS PRIV => CREATE ANY TABLE grantable => NO
TABLE PRIV => SELECT object => SLS.STGNG_TOPPROSPECTSCORES grantable => NO
TABLE PRIV => SELECT object => SLS.STGNG_TOPPROSPECTSCORES_EMP grantable => NO
TABLE PRIV => SELECT object => SLS.STGNG_TOPPROSPECTSCORES_LOC grantable => NO
TABLE PRIV => SELECT object => SLS.STGNG_TOPPROSPECTSCORES_SAL grantable => NO
ROLE => ROLE_PARENT which contains =>
ROLE => ROLE_CHILD01 which contains =>
ROLE => ROLE_CHILD02 which contains =>
TABLE PRIV => ALTER object => MTEST.EDS grantable => NO
TABLE PRIV => DEBUG object => MTEST.EDS grantable => NO
TABLE PRIV => DELETE object => MTEST.EDS grantable => NO
TABLE PRIV => FLASHBACK object => MTEST.EDS grantable => NO
TABLE PRIV => INSERT object => MTEST.EDS grantable => NO
TABLE PRIV => ON COMMIT REFRESH object => MTEST.EDS grantable => NO
TABLE PRIV => QUERY REWRITE object => MTEST.EDS grantable => NO
TABLE PRIV => SELECT object => MTEST.EDS grantable => NO
TABLE PRIV => UPDATE object => MTEST.EDS grantable => NO
TABLE PRIV => INSERT object => MTEST.WORK grantable => NO
TABLE PRIV => SELECT object => MTEST.WORK grantable => NO
TABLE PRIV => UPDATE object => MTEST.SALES grantable => NO
TABLE PRIV => SELECT object => MTEST.ABCD grantable => NO
TABLE PRIV => UPDATE object => MTEST.EMP grantable => NO
SYS PRIV => CREATE SESSION grantable => NO
SYS PRIV => UNLIMITED TABLESPACE grantable => NO
TABLE PRIV => ALTER object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => ALTER object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => DEBUG object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => DEBUG object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => DELETE object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => DELETE object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => FLASHBACK object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => FLASHBACK object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => INDEX object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => INDEX object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => INSERT object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => INSERT object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => ON COMMIT REFRESH object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => ON COMMIT REFRESH object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => QUERY REWRITE object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => QUERY REWRITE object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => REFERENCES object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => REFERENCES object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => SELECT object => SLS.XEROX_EQUIP_PROFILE grantable => NO
TABLE PRIV => SELECT object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => SELECT object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => SELECT object => ENT.XNAC_MSC grantable => NO
TABLE PRIV => UPDATE object => ENT.XEROX_ESTAB grantable => NO
TABLE PRIV => UPDATE object => ENT.XEROX_INDUSTRY_SEGMENT grantable => NO
TABLE PRIV => UPDATE object => SLS.XTI_TRADE_OUT_INFO grantable => NO
********************************************************
End of the report
********************************************************