cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Determining a users's roles and what privileges are in a role

Go to solution
george_hamilton
Participant

on ‎08-21-2008 11:53 PM

0 Kudos

I am trying to determine for audit purposes what users have certain roles assigned to them. I have found the roles (and I think what privileges they have DBA_PRIV_ROLES and DBA_ROLES).

I can't find anywhere how to determine what roles have been to a user. None of my Oracle books or google searches provide any info (they tell me how to create a role, assign a role to a user, and remove a role from a user) but not how to determine what roles a user has. Any help is greatly appreciated!!!!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-22-2008 1:38 AM
0 Kudos

Hi George,

I think if you 'select grantee, granted_role from dba_role_privs' with either a 'where = <user>' or not should get you the roles that have been granted to a users and who granted the access.

Or there is a 'role_role_privs' in Oracle 10 - which gives you the roles that have been granted to other roles.

But remember a user can be granted access to a table in two ways - via a direct privilege on the table (dba_tab_privs or role_tab_privs) or via a role (dba_role_privs or role_role_privs).

Good luck,

Sheryl.

Show replies
Show replies
george_hamilton
Participant
‎08-23-2008 12:56 AM
0 Kudos

What's strange is that SAP has new role SAPCONN. But is seems to be treated as a user tool. I guess I can write a query using DBA_ROLES, DBA_PRIV_ROLES, and DBA_SYS_PRIVS. Does that sound right to you?

fidel_vales
Employee
Employee
‎08-23-2008 10:11 AM
0 Kudos

Hi,

> What's strange is that SAP has new role SAPCONN

No, it is not strange.

Oracle 10g R2 has limited the CONNECT and RESOURCE roles.

If "nothing" is done when you upgrade your SAP installation to 10g you will be getting ORA-1031 errors.

To avoid that, SAP has replaced those two roles by another one made "in house" the SAPCONN.

This is explained on the SAP note 834917.

In this note you can also find the queries you are looking for to find out the user roles, privileges, role definition and so on.

Answers (0)

Ask a Question