Skip to Main Content
  • Questions

  • Granting Select, Insert, Delete, Update to user through Role not working

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, chetan.

Asked: August 17, 2017 - 6:36 am UTC

Last updated: December 15, 2017 - 6:44 am UTC

Version: 12c

Viewed 100K+ times! This question is

You Asked

Dear Team.

Firstly I would like to thank you for your valuable time and quick responses.

I have two users userA, userB.

userA has a table abc and userB want to access it.

When userA grant select, insert, update, delete to userB directly then userB can
access it with no trouble:
------------------------------------------------------------------------------------

userA> grant select, insert, update, delete on userA.abc to userB;

userA> grant succeded

userB> select * from userA.abc; -- works fine
------------------------------------------------------------------------------------

But, when i grant select, insert, update, delete to a role and
then assign this role to userB, then userB can't access it:
------------------------------------------------------------------------------------

userA> create role test_role;

userA> grant select, insert, update, delete on userA.abc to test_role;

userA> grant test_role to userB;

userB> select * from userA.abc; -- gives error table or view does not exists
------------------------------------------------------------------------------------

Please suggest how to do it through roles.


Thanks and Regards,

and Chris said...

Your example looks OK to me...

By any chance does userB have an existing role granted to it which is the default role?

If so, when you grant the new role it won't be a default role. Which means it's not enabled when you connect.

You can overcome this by running "set role all" or altering userB to include this new role in the default list:

grant create session to u identified by u;
create role r1;
create role r2;

grant r1 to u;
alter user u default role r1;

create table t (
  x int
);

grant select, insert, update, delete on chris.t to r2;
grant r2 to u;

conn u/u

insert into chris.t values (1);

SQL Error: ORA-00942: table or view does not exist

select * from chris.t;

SQL Error: ORA-00942: table or view does not exist

set role all;

insert into chris.t values (1);

1 row inserted.

select * from chris.t;

X  
1

Rating

  (2 ratings)

Is this answer out of date? If it is, please let us know via a Comment

Comments

chetan kasar, August 17, 2017 - 11:31 am UTC

Thank you Chris..

Including role into default role for the user, solved my problem.

User authentification

Mohamed Oueslati, December 14, 2017 - 3:25 pm UTC

When we create users with Manage users and groups in oracle apex 5.1. i want to know where the users will be inserted in wich table in the database??
Connor McDonald
December 15, 2017 - 6:44 am UTC 

SQL> desc apex_workspace_apex_users
 Name                                                                    Null?    Type
 ----------------------------------------------------------------------- -------- ------------------------
 WORKSPACE_ID                                                            NOT NULL NUMBER
 WORKSPACE_NAME                                                          NOT NULL VARCHAR2(255)
 WORKSPACE_DISPLAY_NAME                                                           VARCHAR2(4000)
 FIRST_SCHEMA_PROVISIONED                                                NOT NULL VARCHAR2(128)
 USER_NAME                                                               NOT NULL VARCHAR2(100)
 FIRST_NAME                                                                       VARCHAR2(255)
 LAST_NAME                                                                        VARCHAR2(255)
 EMAIL                                                                            VARCHAR2(240)
 DATE_CREATED                                                            NOT NULL DATE
 DATE_LAST_UPDATED                                                       NOT NULL DATE
 AVAILABLE_SCHEMAS                                                                NUMBER
 IS_ADMIN                                                                         VARCHAR2(12)
 IS_APPLICATION_DEVELOPER                                                         VARCHAR2(12)
 ACCOUNT_LOCKED                                                                   VARCHAR2(3)
 DESCRIPTION                                                                      VARCHAR2(240)
 PASSWORD_VERSION                                                        NOT NULL VARCHAR2(20)
 ACCOUNT_EXPIRY                                                                   DATE
 FAILED_ACCESS_ATTEMPTS                                                           NUMBER
 PROFILE_IMAGE_NAME                                                               VARCHAR2(100)
 PROFILE_MIMETYPE                                                                 VARCHAR2(255)
 PROFILE_FILENAME                                                                 VARCHAR2(255)
 PROFILE_CHARSET                                                                  VARCHAR2(128)

SQL> select USER_NAME, WORKSPACE_NAME
  2  from apex_workspace_apex_users;

USER_NAME            WORKSPACE_NAME
-------------------- --------------------
MCDONAC              ASKTOM
ADMIN                INTERNAL
MCDONAC              MCDONAC

SQL>


more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

Security

All of the vital components for a secure database are covered in the Security guide.