What are the exact permisions required for codecollaborator's Oracle account.

Question

I hope someone can help me out here as support is being very ellusive in their response and the docs only state full access.

What are the exact grants required for this Oracle account?

I've granted SBcode (my Oracle user account for code collaborator)CREATE PROCEDURE, SESSION, TABLE and VIEW. Is this all that is required on the Oracle side, if not what is required? Regards Norm

ebrown_1 · Answer

Perhaps you can help us answer this definitively, since we don't have an Oracle DBA in house. We do know that in most Oracle configurations, you can fulfill all requirements by running CREATE USER COLLAB ... And then using COLLAB for both the username and schema for Code Collaborator. Are the granted privileges the same as running GRANT ALL ON schema.* TO COLLAB? And are there privileges given by these that you are concerned about?

normd · Answer

I asked support but all they stated was&nbsp; "Session table and view should be sufficient, we don't create any procedures. we do alter views while the app is running and alter tables on upgrades"&nbsp; which is far less then granting the CodeCollab user account "full access".&nbsp; I took a stab at what I perceived as the required grants and wanted to know from more seasoned users/dba what exactly is required.As for your statement on Grant all privs on schema to user - this is not a valid statement.&nbsp; You grant rights (create, update,delete, etc) on schema objects - that is tables,views, etc..&nbsp;&nbsp; You can "Grant all privileges to &lt;user&gt; which is overkill from a security perspective. The above Grant all would give some&nbsp; 200 System Privileges. The user Norm is a new account that I created as a test. &nbsp; GRANT UPDATE ANY CUBE DIMENSION TO NORM;&nbsp; GRANT INSERT ANY MEASURE FOLDER TO NORM;&nbsp; GRANT DROP ANY MEASURE FOLDER TO NORM;&nbsp; GRANT CREATE MEASURE FOLDER TO NORM;&nbsp; GRANT UPDATE ANY CUBE TO NORM;&nbsp; GRANT CREATE ANY CUBE TO NORM;&nbsp; GRANT ALTER ANY ASSEMBLY TO NORM;&nbsp; GRANT CHANGE NOTIFICATION TO NORM;&nbsp; GRANT ALTER ANY SQL PROFILE TO NORM;&nbsp; GRANT DROP ANY SQL PROFILE TO NORM;&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.DROP_ANY_RULE,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.CREATE_RULE_OBJ,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.CREATE_ANY_EVALUATION_CONTEXT,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; GRANT ADMINISTER DATABASE TRIGGER TO NORM;&nbsp; BEGINSYS.DBMS_AQADM.GRANT_SYSTEM_PRIVILEGE (&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; 'DEQUEUE_ANY',&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; ADMIN_OPTION =&gt; FALSE);END;/&nbsp; BEGINSYS.DBMS_AQADM.GRANT_SYSTEM_PRIVILEGE (&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; 'ENQUEUE_ANY',&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; ADMIN_OPTION =&gt; FALSE);END;/&nbsp; GRANT QUERY REWRITE TO NORM;&nbsp; GRANT UNDER ANY VIEW TO NORM;&nbsp; GRANT EXECUTE ANY OPERATOR TO NORM;&nbsp; GRANT CREATE OPERATOR TO NORM;&nbsp; GRANT ALTER ANY MATERIALIZED VIEW TO NORM;&nbsp; GRANT GRANT ANY PRIVILEGE TO NORM;&nbsp; GRANT ALTER PROFILE TO NORM;&nbsp; GRANT ALTER DATABASE TO NORM;&nbsp; GRANT AUDIT ANY TO NORM;&nbsp; GRANT GRANT ANY ROLE TO NORM;&nbsp; GRANT CREATE PUBLIC DATABASE LINK TO NORM;&nbsp; GRANT ALTER TABLESPACE TO NORM;&nbsp; GRANT CREATE TABLESPACE TO NORM;&nbsp; GRANT RESTRICTED SESSION TO NORM;&nbsp; GRANT ALTER SESSION TO NORM;&nbsp; GRANT CREATE SESSION TO NORM;&nbsp; GRANT FLASHBACK ARCHIVE ADMINISTER TO NORM;&nbsp; GRANT SELECT ANY CUBE TO NORM;&nbsp; GRANT SELECT ANY CUBE DIMENSION TO NORM;&nbsp; GRANT INSERT ANY CUBE DIMENSION TO NORM;&nbsp; GRANT EXECUTE ANY ASSEMBLY TO NORM;&nbsp; GRANT CREATE ANY SQL PROFILE TO NORM;&nbsp; GRANT MANAGE SCHEDULER TO NORM;&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.ALTER_ANY_RULE,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; GRANT EXPORT FULL DATABASE TO NORM;&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.DROP_ANY_RULE_SET,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.CREATE_RULE_SET_OBJ,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.CREATE_EVALUATION_CONTEXT_OBJ,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; GRANT GRANT ANY OBJECT PRIVILEGE TO NORM;&nbsp; GRANT ON COMMIT REFRESH TO NORM;&nbsp; GRANT CREATE ANY DIMENSION TO NORM;&nbsp; GRANT EXECUTE ANY INDEXTYPE TO NORM;&nbsp; GRANT DROP ANY OPERATOR TO NORM;&nbsp; GRANT EXECUTE ANY TYPE TO NORM;&nbsp; GRANT CREATE ANY TYPE TO NORM;&nbsp; GRANT CREATE TYPE TO NORM;&nbsp; GRANT CREATE ANY DIRECTORY TO NORM;&nbsp; GRANT CREATE ANY MATERIALIZED VIEW TO NORM;&nbsp; GRANT CREATE ANY TRIGGER TO NORM;&nbsp; GRANT CREATE ROLE TO NORM;&nbsp; GRANT CREATE SEQUENCE TO NORM;&nbsp; GRANT DROP ANY INDEX TO NORM;&nbsp; GRANT DELETE ANY TABLE TO NORM;&nbsp; GRANT UPDATE ANY TABLE TO NORM;&nbsp; GRANT LOCK ANY TABLE TO NORM;&nbsp; GRANT CREATE TABLE TO NORM;&nbsp; GRANT BECOME USER TO NORM;&nbsp; GRANT UNLIMITED TABLESPACE TO NORM;&nbsp; GRANT AUDIT SYSTEM TO NORM;&nbsp; GRANT UPDATE ANY CUBE BUILD PROCESS TO NORM;&nbsp; GRANT CREATE ANY CUBE BUILD PROCESS TO NORM;&nbsp; GRANT CREATE ANY MEASURE FOLDER TO NORM;&nbsp; GRANT DROP ANY CUBE DIMENSION TO NORM;&nbsp; GRANT DELETE ANY CUBE DIMENSION TO NORM;&nbsp; GRANT CREATE ANY CUBE DIMENSION TO NORM;&nbsp; GRANT ALTER ANY MINING MODEL TO NORM;&nbsp; GRANT CREATE ASSEMBLY TO NORM;&nbsp; GRANT ALTER ANY EDITION TO NORM;&nbsp; GRANT SELECT ANY TRANSACTION TO NORM;&nbsp; GRANT CREATE ANY JOB TO NORM;&nbsp; GRANT DEBUG CONNECT SESSION TO NORM;&nbsp; BEGINSYS.DBMS_AQADM.GRANT_SYSTEM_PRIVILEGE (&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; 'MANAGE_ANY',&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; ADMIN_OPTION =&gt; FALSE);END;/&nbsp; GRANT ALTER ANY DIMENSION TO NORM;&nbsp; GRANT DROP ANY INDEXTYPE TO NORM;&nbsp; GRANT CREATE ANY INDEXTYPE TO NORM;&nbsp; GRANT ALTER ANY LIBRARY TO NORM;&nbsp; GRANT CREATE ANY LIBRARY TO NORM;&nbsp; GRANT CREATE LIBRARY TO NORM;&nbsp; GRANT ANALYZE ANY TO NORM;&nbsp; GRANT CREATE TRIGGER TO NORM;&nbsp; GRANT FORCE TRANSACTION TO NORM;&nbsp; GRANT DROP ANY ROLE TO NORM;&nbsp; GRANT ALTER ANY INDEX TO NORM;&nbsp; GRANT CREATE ANY INDEX TO NORM;&nbsp; GRANT ALTER ANY CLUSTER TO NORM;&nbsp; GRANT COMMENT ANY TABLE TO NORM;&nbsp; GRANT CREATE ROLLBACK SEGMENT TO NORM;&nbsp; GRANT DROP TABLESPACE TO NORM;&nbsp; GRANT DROP ANY CUBE BUILD PROCESS TO NORM;&nbsp; GRANT CREATE CUBE BUILD PROCESS TO NORM;&nbsp; GRANT DELETE ANY MEASURE FOLDER TO NORM;&nbsp; GRANT CREATE ANY MINING MODEL TO NORM;&nbsp; GRANT CREATE MINING MODEL TO NORM;&nbsp; GRANT CREATE ANY ASSEMBLY TO NORM;&nbsp; GRANT CREATE EXTERNAL JOB TO NORM;&nbsp; GRANT ADMINISTER SQL TUNING SET TO NORM;&nbsp; GRANT CREATE JOB TO NORM;&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.ALTER_ANY_RULE_SET,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.CREATE_ANY_RULE_SET,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.ALTER_ANY_EVALUATION_CONTEXT,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; GRANT MERGE ANY VIEW TO NORM;&nbsp; GRANT CREATE DIMENSION TO NORM;&nbsp; GRANT ALTER ANY OPERATOR TO NORM;&nbsp; GRANT CREATE MATERIALIZED VIEW TO NORM;&nbsp; GRANT DROP PROFILE TO NORM;&nbsp; GRANT EXECUTE ANY PROCEDURE TO NORM;&nbsp; GRANT CREATE ANY PROCEDURE TO NORM;&nbsp; GRANT CREATE PROCEDURE TO NORM;&nbsp; GRANT FORCE ANY TRANSACTION TO NORM;&nbsp; GRANT ALTER ANY ROLE TO NORM;&nbsp; GRANT DROP ANY CLUSTER TO NORM;&nbsp; GRANT SELECT ANY TABLE TO NORM;&nbsp; GRANT BACKUP ANY TABLE TO NORM;&nbsp; GRANT ALTER SYSTEM TO NORM;&nbsp; GRANT ALTER ANY CUBE DIMENSION TO NORM;&nbsp; GRANT EXECUTE ASSEMBLY TO NORM;&nbsp; GRANT DROP ANY EDITION TO NORM;&nbsp; GRANT READ ANY FILE GROUP TO NORM;&nbsp; GRANT EXECUTE ANY PROGRAM TO NORM;&nbsp; BEGINSYS.DBMS_RESOURCE_MANAGER_PRIVS.GRANT_SYSTEM_PRIVILEGE&nbsp; (GRANTEE_NAME&nbsp;&nbsp; =&gt; 'NORM', &nbsp;&nbsp; PRIVILEGE_NAME =&gt; 'ADMINISTER_RESOURCE_MANAGER',&nbsp;&nbsp; ADMIN_OPTION&nbsp;&nbsp; =&gt; FALSE);END;/&nbsp; GRANT DROP ANY CONTEXT TO NORM;&nbsp; GRANT DROP ANY DIMENSION TO NORM;&nbsp; GRANT ALTER ANY INDEXTYPE TO NORM;&nbsp; GRANT CREATE INDEXTYPE TO NORM;&nbsp; GRANT CREATE ANY OPERATOR TO NORM;&nbsp; GRANT DROP ANY LIBRARY TO NORM;&nbsp; GRANT ALTER ANY TYPE TO NORM;&nbsp; GRANT ALTER RESOURCE COST TO NORM;&nbsp; GRANT DROP ANY SEQUENCE TO NORM;&nbsp; GRANT DROP ANY VIEW TO NORM;&nbsp; GRANT CREATE ANY VIEW TO NORM;&nbsp; GRANT DROP PUBLIC SYNONYM TO NORM;&nbsp; GRANT DROP ANY SYNONYM TO NORM;&nbsp; GRANT ADMINISTER SQL MANAGEMENT OBJECT TO NORM;&nbsp; GRANT DROP ANY CUBE TO NORM;&nbsp; GRANT DROP ANY ASSEMBLY TO NORM;&nbsp; GRANT MANAGE ANY FILE GROUP TO NORM;&nbsp; GRANT MANAGE FILE GROUP TO NORM;&nbsp; GRANT ADMINISTER ANY SQL TUNING SET TO NORM;&nbsp; GRANT ADVISOR TO NORM;&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.CREATE_ANY_RULE,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.EXECUTE_ANY_RULE_SET,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; GRANT ALTER ANY OUTLINE TO NORM;&nbsp; GRANT UNDER ANY TYPE TO NORM;&nbsp; GRANT DROP ANY TYPE TO NORM;&nbsp; GRANT DROP ANY MATERIALIZED VIEW TO NORM;&nbsp; GRANT DROP ANY PROCEDURE TO NORM;&nbsp; GRANT ALTER ANY PROCEDURE TO NORM;&nbsp; GRANT CREATE ANY SEQUENCE TO NORM;&nbsp; GRANT CREATE VIEW TO NORM;&nbsp; GRANT CREATE ANY SYNONYM TO NORM;&nbsp; GRANT CREATE ANY CLUSTER TO NORM;&nbsp; GRANT INSERT ANY TABLE TO NORM;&nbsp; GRANT DROP ANY TABLE TO NORM;&nbsp; GRANT DROP USER TO NORM;&nbsp; GRANT ALTER USER TO NORM;&nbsp; GRANT ALTER ANY CUBE TO NORM;&nbsp; GRANT CREATE CUBE TO NORM;&nbsp; GRANT COMMENT ANY MINING MODEL TO NORM;&nbsp; GRANT EXECUTE ANY CLASS TO NORM;&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.EXECUTE_ANY_RULE,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; GRANT IMPORT FULL DATABASE TO NORM;&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.DROP_ANY_EVALUATION_CONTEXT,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; GRANT FLASHBACK ANY TABLE TO NORM;&nbsp; GRANT RESUMABLE TO NORM;&nbsp; GRANT DROP ANY OUTLINE TO NORM;&nbsp; GRANT CREATE ANY OUTLINE TO NORM;&nbsp; GRANT ALTER ANY TRIGGER TO NORM;&nbsp; GRANT SELECT ANY SEQUENCE TO NORM;&nbsp; GRANT CREATE SYNONYM TO NORM;&nbsp; GRANT CREATE CLUSTER TO NORM;&nbsp; GRANT ALTER ANY TABLE TO NORM;&nbsp; GRANT CREATE ANY TABLE TO NORM;&nbsp; GRANT DROP ROLLBACK SEGMENT TO NORM;&nbsp; GRANT ALTER ROLLBACK SEGMENT TO NORM;&nbsp; GRANT CREATE USER TO NORM;&nbsp; GRANT MANAGE TABLESPACE TO NORM;&nbsp; GRANT CREATE CUBE DIMENSION TO NORM;&nbsp; GRANT SELECT ANY MINING MODEL TO NORM;&nbsp; GRANT DROP ANY MINING MODEL TO NORM;&nbsp; GRANT CREATE ANY EDITION TO NORM;&nbsp; BEGINSYS.DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(&nbsp; PRIVILEGE&nbsp;&nbsp;&nbsp; =&gt; SYS.DBMS_RULE_ADM.EXECUTE_ANY_EVALUATION_CONTEXT,&nbsp; GRANTEE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =&gt; 'NORM',&nbsp; GRANT_OPTION =&gt; FALSE);END;/&nbsp; GRANT DEBUG ANY PROCEDURE TO NORM;&nbsp; GRANT CREATE ANY CONTEXT TO NORM;&nbsp; GRANT UNDER ANY TABLE TO NORM;&nbsp; GRANT GLOBAL QUERY REWRITE TO NORM;&nbsp; GRANT EXECUTE ANY LIBRARY TO NORM;&nbsp; GRANT DROP ANY DIRECTORY TO NORM;&nbsp; GRANT CREATE PROFILE TO NORM;&nbsp; GRANT DROP ANY TRIGGER TO NORM;&nbsp; GRANT DROP PUBLIC DATABASE LINK TO NORM;&nbsp; GRANT CREATE DATABASE LINK TO NORM;&nbsp; GRANT ALTER ANY SEQUENCE TO NORM;&nbsp; GRANT CREATE PUBLIC SYNONYM TO NORM;

Forum Discussion

What are the exact permisions required for codecollaborator's Oracle account.

2 Replies

Related Content

The requested operation requires elevation

Conditionally Required Parameters

Report: requirements coverage

Missing Required Headers error

Object Required error, please help!

Recent Discussions

Users logged out of web interface too soon

Saving review with comments & pins

Perforce Setup

How to allow only specific users to log in to Collaborator

Migrate Review Templates