Read an Excerpt
Chapter 5: Database security Reports and Utilities
grantall.sql Directory: $DBA
File Type: SQL Script
Edit Required: No
Output File: grall_tmp.sql, grall.sql
This script creates and then executes a script to grant the specified username (such as OPS$ORACLE) all privileges to all nonsystern objects in a database.
grantool
Directory: $DBA
File Type: Shell Script
Edit Required: No
Output File: Screen
This script grants SELECT access on required tables to a specific user, for use in running the $TOOLS/dbousers, $TOOLS/dbo_sql, and $TOOLS/locks utilities.
Note that if this procedure has a privilege violation when trying to grant access to the V$ tables, you must first run the grantsys.sql script, which will grant SELECT WITH GRANT OPTION to yourself, and then rerun the grantool script.
The script will prompt for the Oracle SID of the database to be accessed, and the username to be granted SELECT access to the required tables.
grantool.sql
Directory: $DBA
File Type: SQL Script
Edit Required: No
Output File: Screen
This script is called by the grantool script to perform the actual grants, as described in the previous section.
grantsys.sql
Directory: $DBA
File Type: SQL Script
Edit Required: No
Output File: Screen
This script grants to the current user account the privileges required to grant other users access to the $TOOLS/dbo and locksutilities (via the grantools script).
You will use this script when your account (typically, OPS$oracle) does not have the SELECT privilege WITH GRANT OPTION on the required V$ tables. The script will prompt you for the SYS account password.
makeops
Directory: $DBA
File Type: Shell Script
Edit Required: No
Output File: Screen
Syntax: makeops sid newuser
sid
The Oracle SID of the database to be accessed.
newuser
The new User ID (less the "OPS$" prefix) to be created.
This script creates a new OPS$ username account for a given user, matching the configuration and privileges of the user's current non-OPS$ account. This allows the DBA to quickly create an OPS$ account for a given user which is otherwise identical to the user's existing account without having to determine and duplicate existing privileges. If an OPS$username account exists, the user can then easily log into the database without having to specify a username or password. Here is an example for SQL*Plus:
sqlplus /
The account is created with an "impossible" password, so that it can only be accessed from the server, and even then only by the sqlplus "/" clause.
Restrictions
- This script requires that the following files exist:
$DBA/makeqps.sql
$DBA/copyusis.sql
$TOOLS/define
$T0OLS/fixcase
$DBA/valid_db - An OPS$username account must exist (where username matches your UNIX operating system username). This can be created by executing the creops script.
- The PWSYS environment variable must exist. This variable must contain the password to the Oracle database's SYS account.
- The PW environment variable must exist. This variable must contain the password to the Oracle database's SYSTEM account....