Read-only user query in Oracle

oracleoracle-12cschema

I have been asked to create a read only user in a Oracle database 12c. The read only user must have read only grants only to the objects of select schemas, which I created and handed over.

But now the request from the team is that the newly created read only user must have read only grants to even to all those new objects created by those select schemas.

How is this possible? Inputs please!

Best Answer

No, no, no, you should definitely not do this. It is the responsibility of the object creator to grant the necessary privileges. (Although this is a common request, and it would be nice to finally have built-in support for this.)

Since you are on 12c, forget SELECT, and grant READ. SELECT is not a read-only privilege. With SELECT granted, the grantee can run SELECT ... FOR UPDATE, lock rows, and interfere. READ does not allow that.

What you asked is however still possible with some dirty tricks, using a DDL trigger, for example:

How do I create a Oracle trigger that grants permissions

Related Solutions

Jobs view is not visible to read-only account users

As @Jeffrey pointed out, ALL_* view is not useful in your case. You should use DBA_* views because they show the records for all owners of the job objects.

The following sequence works just fine for me:

$ sqlplus /nolog

SQL> connect / as sysdba
Connected.

SQL> select distinct owner from dba_scheduler_job_run_details;

OWNER
------------------------------
EXFSYS
SPONGEBOB
SYS

SQL> create or replace view sys.jcaf as
  2  select * from dba_scheduler_job_run_details
  3  where owner = 'EXFSYS';    
View created.

SQL> grant select on sys.jcaf to spongebob;    
Grant succeeded.

SQL> create public synonym jcaf_v for sys.jcaf;    
Synonym created.

SQL> connect spongebob/passwd    
Connected.

SQL> select distinct owner from jcaf_v;

OWNER
------------------------------
EXFSYS

Removing editioning from an Oracle user

Based on Phil's test case I backed up the the production database using exp.

I dropped the editioned user, recreated them and imported the data with no issues. The user had views and packages which were versioned but as long as you set the edition to the most current one you are good to go.

This query showed that the recreated user was not using editioning

SELECT username,editions_enabled
FROM   dba_users
WHERE editions_enabled = 'Y';

Best Answer

Related Solutions

Jobs view is not visible to read-only account users

Removing editioning from an Oracle user

Related Question