API tools faq
paste
Advertisement
Guest User

Privs

a guest
Nov 12th, 2018
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Oracle 11 13.91 KB | None | 0 0
raw download clone embed print report
  1. -- -----------------------------------------------------------------------------
  2. --                 WWW.PETEFINNIGAN.COM LIMITED
  3. -- -----------------------------------------------------------------------------
  4. -- Script Name : find_all_privs.sql
  5. -- Author      : Pete Finnigan
  6. -- Date        : June 2003
  7. -- -----------------------------------------------------------------------------
  8. -- Description : Use this script to find which privileges have been granted to a
  9. --               particular user. This scripts lists ROLES, SYSTEM privileges
  10. --               and object privileges granted to a user. If a ROLE is found
  11. --               then it is checked recursively.
  12. --
  13. --               The output can be directed to either the screen via dbms_output
  14. --               or to a file via utl_file. The method is decided at run time
  15. --               by choosing either 'S' for screen or 'F' for File. If File is
  16. --               chosen then a filename and output directory are needed. The
  17. --               output directory needs to be enabled via utl_file_dir prior to
  18. --               9iR2 and a directory object after.
  19. -- -----------------------------------------------------------------------------
  20. -- Maintainer  : Pete Finnigan (http://www.petefinnigan.com)
  21. -- Copyright   : Copyright (C) 2004 PeteFinnigan.com Limited. All rights
  22. --               reserved. All registered trademarks are the property of their
  23. --               respective owners and are hereby acknowledged.
  24. -- -----------------------------------------------------------------------------
  25. --  Usage      : The script provided here is available free. You can do anything
  26. --               you want with it commercial or non commercial as long as the
  27. --               copyrights and this notice are not removed or edited in any way.
  28. --               The scripts cannot be posted / published / hosted or whatever
  29. --               anywhere else except at www.petefinnigan.com/tools.htm
  30. -- -----------------------------------------------------------------------------
  31. -- To Do       :
  32. --               1 - add proxy connection authorities
  33. --               2 - add SELECT ANY TABLE and SELECT ANY DICTIONARY access
  34. -- -----------------------------------------------------------------------------
  35. -- Version History
  36. -- ===============
  37. --
  38. -- Who         version     Date      Description
  39. -- ===         =======     ======    ======================
  40. -- P.Finnigan  1.0         Jun 2003  First Issue.
  41. -- P.Finnigan  1.1         Jun 2003  Output to file added.
  42. -- P.Finnigan  1.2         Jan 2004  Corrected exit/exists bug in 'whenever'.
  43. -- N.Dunbar    1.3         Jan 2004  Added real TAB characters and uppercased
  44. --                                   user input for username and output method.
  45. -- P.Finnigan  1.4         Feb 2004  Clarified use of utl_file for 9ir2.
  46. -- P.Finnigan  1.5         Feb 2004  Added the owner to output for object privs
  47. --                                   (Thanks to Guy Dallaire for this addition)
  48. -- P.Finnigan  1.6         Oct 2004  Changed output to include title in line
  49. --                                   with other reports in the toolkit. Also added
  50. --                                   usage notes.
  51. -- P.Finnigan  1.7         Apr 2005  Added whenever sqlerror continue to stop
  52. --                                   subsequent errors barfing SQL*Plus. Thanks
  53. --                                   to Norman Dunbar for the update.
  54. -- D. Arthur   1.8         Nov 2014  1) Added ability to skip table privileges;
  55. --                                   2) Added sorting: system privs, table privs,
  56. --                                   roles, then execute before table privs;
  57. --                                   3) Added parallel for performance;
  58. --                                   4) Indicate if role is password protected;
  59. --                                   5) Fix: in column privs, owner prefix
  60. --                                   on the table instead of the column
  61. --                                   6) PF: put all original formatting back.
  62. -- P.Finnigan  1.9         Nov 2014  David Litchfield found a bug ORA-12801 with
  63. --                                   parallel hint. You can try uncommenting the
  64. --                                   hint and if it works fine; if not leave
  65. --                                   commented out.
  66. -- -----------------------------------------------------------------------------
  67.  
  68. --whenever sqlerror exit rollback
  69. SET feed ON
  70. SET head ON
  71. SET arraysize 1
  72. SET SPACE 1
  73. SET verify off
  74. SET pages 25
  75. SET lines 80
  76. SET termout ON
  77. --clear screen
  78. SET serveroutput ON SIZE 1000000
  79.  
  80. --spool find_all_privs.lis
  81.  
  82. undefine user_to_find
  83. undefine output_method
  84. undefine file_name
  85. undefine output_dir
  86.  
  87. SET feed off
  88. col system_date noprint new_value val_system_date
  89.  
  90. SELECT TO_CHAR (SYSDATE, 'Dy Mon dd hh24:mi:ss yyyy') system_date FROM sys.dual;
  91.  
  92. SET feed ON
  93.  
  94. prompt find_all_privs: RELEASE 1.9.0.0.0 - Production ON &val_system_date
  95. prompt Copyright (c) 2004 - 2014 PeteFinnigan.com LIMITED. ALL rights reserved.
  96. prompt
  97. accept user_to_find CHAR prompt   'NAME OF USER TO CHECK                 [ORCL]: ' DEFAULT orcl
  98. accept output_method CHAR prompt  'OUTPUT METHOD Screen/File                [S]: ' DEFAULT s
  99. accept file_name CHAR prompt      'FILE NAME FOR OUTPUT              [priv.lst]: ' DEFAULT priv.lst
  100. accept output_dir CHAR prompt     'OUTPUT DIRECTORY [DIRECTORY  or file (/tmp)]: ' DEFAULT "/tmp"
  101. accept examine_tables CHAR prompt 'EXAMINE TABLE PRIVILEGES?              [N/Y]: ' DEFAULT "N"
  102. prompt
  103.  
  104. DECLARE
  105.    --
  106.    lv_tabs             NUMBER := 0;
  107.    lg_fptr             utl_file.file_type;
  108.    lv_file_or_screen   VARCHAR2 (1) := 'S';
  109.  
  110.     --
  111.     PROCEDURE open_file (pv_file_name IN VARCHAR2,
  112.             pv_dir_name IN VARCHAR2) IS
  113.     BEGIN
  114.         lg_fptr:=utl_file.fopen(pv_dir_name,pv_file_name,'A');
  115.     EXCEPTION
  116.         WHEN utl_file.invalid_path  THEN
  117.             dbms_output.put_line('invalid path');
  118.         WHEN utl_file.invalid_mode  THEN
  119.             dbms_output.put_line('invalid mode');
  120.         WHEN utl_file.invalid_filehandle  THEN
  121.             dbms_output.put_line('invalid filehandle');
  122.         WHEN utl_file.invalid_operation  THEN
  123.             dbms_output.put_line('invalid operation');
  124.         WHEN utl_file.read_error  THEN
  125.             dbms_output.put_line('read error');
  126.         WHEN utl_file.write_error  THEN
  127.             dbms_output.put_line('write error');
  128.         WHEN utl_file.internal_error  THEN
  129.             dbms_output.put_line('internal error');
  130.         WHEN OTHERS THEN
  131.             dbms_output.put_line('ERROR (open_file) => '||SQLCODE);
  132.             dbms_output.put_line('MSG (open_file) => '||SQLERRM);
  133.  
  134.     END open_file;
  135.     --
  136.     PROCEDURE close_file IS
  137.     BEGIN
  138.         utl_file.fclose(lg_fptr);
  139.     EXCEPTION
  140.         WHEN utl_file.invalid_path  THEN
  141.             dbms_output.put_line('invalid path');
  142.         WHEN utl_file.invalid_mode  THEN
  143.             dbms_output.put_line('invalid mode');
  144.         WHEN utl_file.invalid_filehandle  THEN
  145.             dbms_output.put_line('invalid filehandle');
  146.         WHEN utl_file.invalid_operation  THEN
  147.             dbms_output.put_line('invalid operation');
  148.         WHEN utl_file.read_error  THEN
  149.             dbms_output.put_line('read error');
  150.         WHEN utl_file.write_error  THEN
  151.             dbms_output.put_line('write error');
  152.         WHEN utl_file.internal_error  THEN
  153.             dbms_output.put_line('internal error');
  154.         WHEN OTHERS THEN
  155.             dbms_output.put_line('ERROR (close_file) => '||SQLCODE);
  156.             dbms_output.put_line('MSG (close_file) => '||SQLERRM);
  157.  
  158.     END close_file;
  159.     --
  160.     PROCEDURE write_op (pv_str IN VARCHAR2) IS
  161.     BEGIN
  162.         IF lv_file_or_screen='S' THEN
  163.             dbms_output.put_line(pv_str);
  164.         ELSE
  165.             utl_file.put_line(lg_fptr,pv_str);
  166.         END IF;
  167.     EXCEPTION
  168.         WHEN utl_file.invalid_path  THEN
  169.             dbms_output.put_line('invalid path');
  170.         WHEN utl_file.invalid_mode  THEN
  171.             dbms_output.put_line('invalid mode');
  172.         WHEN utl_file.invalid_filehandle  THEN
  173.             dbms_output.put_line('invalid filehandle');
  174.         WHEN utl_file.invalid_operation  THEN
  175.             dbms_output.put_line('invalid operation');
  176.         WHEN utl_file.read_error  THEN
  177.             dbms_output.put_line('read error');
  178.         WHEN utl_file.write_error  THEN
  179.             dbms_output.put_line('write error');
  180.         WHEN utl_file.internal_error  THEN
  181.             dbms_output.put_line('internal error');
  182.         WHEN OTHERS THEN
  183.             dbms_output.put_line('ERROR (write_op) => '||SQLCODE);
  184.             dbms_output.put_line('MSG (write_op) => '||SQLERRM);
  185.  
  186.     END write_op;
  187.     --
  188.    PROCEDURE get_privs (pv_grantee IN VARCHAR2, lv_tabstop IN OUT NUMBER)
  189.    IS
  190.       --
  191.       lv_tab    VARCHAR2 (50) := NULL;
  192.       lv_loop   NUMBER;
  193.  
  194.       --
  195.       CURSOR c_main (
  196.          cp_grantee IN VARCHAR2)
  197.       IS
  198.     -- the hint is commented out as David got an ORA-12801 and an ORA-00600 because of the
  199.     -- hint. You can try the hint, if it works, then fine, if not comment out
  200. --           select /*+ PARALLEL a */
  201.            SELECT
  202.                  a.*
  203.              FROM (SELECT 'ROLE' typ,
  204.                           grantee grantee,
  205.                           granted_role priv,
  206.                           admin_option ad,
  207.                           '--' tabnm,
  208.                           '--' colnm,
  209.                           '--' owner,
  210.                           r.password_required pwd
  211.                      FROM dba_role_privs rp join dba_roles r ON rp.granted_role = r.ROLE
  212.                     WHERE grantee = cp_grantee
  213.                    UNION
  214.                    SELECT 'SYSTEM' typ,
  215.                           grantee grantee,
  216.                           privilege priv,
  217.                           admin_option ad,
  218.                           '--' tabnm,
  219.                           '--' colnm,
  220.                           '--' owner,
  221.                           '--' pwd
  222.                      FROM dba_sys_privs
  223.                     WHERE grantee = cp_grantee
  224.                    UNION
  225.                    SELECT 'TABLE' typ,
  226.                           grantee grantee,
  227.                           privilege priv,
  228.                           grantable ad,
  229.                           table_name tabnm,
  230.                           '--' colnm,
  231.                           owner owner,
  232.                           '--' pwd
  233.                      FROM dba_tab_privs
  234.                     WHERE grantee = cp_grantee AND '&&examine_tables' = 'Y'
  235.                    UNION
  236.                    SELECT 'COLUMN' typ,
  237.                           grantee grantee,
  238.                           privilege priv,
  239.                           grantable ad,
  240.                           table_name tabnm,
  241.                           column_name colnm,
  242.                           owner owner,
  243.                           '--' pwd
  244.                      FROM dba_col_privs
  245.                     WHERE grantee = cp_grantee AND '&&examine_tables' = 'Y') a
  246.          ORDER BY CASE
  247.                      WHEN a.typ = 'ROLE' THEN 4
  248.                      WHEN a.typ = 'SYSTEM' THEN 1
  249.                      WHEN a.typ = 'TABLE' THEN 2
  250.                      WHEN a.typ = 'COLUMN' THEN 3
  251.                      ELSE 5
  252.                   END,
  253.                   CASE WHEN a.priv IN ('EXECUTE') THEN 1 WHEN a.priv IN ('SELECT', 'UPDATE', 'INSERT', 'DELETE') THEN 3 ELSE 2 END,
  254.                   a.tabnm,
  255.                   a.colnm,
  256.                   a.priv;
  257.  
  258.    BEGIN
  259.       lv_tabstop := lv_tabstop + 1;
  260.  
  261.       FOR lv_loop IN 1 .. lv_tabstop
  262.       LOOP
  263.          lv_tab := lv_tab || CHR (9);
  264.       END LOOP;
  265.  
  266.       FOR lv_main IN c_main (pv_grantee)
  267.       LOOP
  268.          IF lv_main.typ = 'ROLE' THEN
  269.             write_op (
  270.                   lv_tab
  271.                || 'ROLE => '
  272.                || lv_main.priv
  273.                || CASE WHEN lv_main.pwd = 'YES' THEN ' (password)' ELSE NULL END
  274.                || ' which contains =>');
  275.             get_privs (lv_main.priv, lv_tabstop);
  276.          ELSIF lv_main.typ = 'SYSTEM' THEN
  277.             write_op (lv_tab || 'SYS PRIV => ' || lv_main.priv || ' grantable => ' || lv_main.ad);
  278.          ELSIF lv_main.typ = 'TABLE' THEN
  279.             write_op (
  280.                   lv_tab
  281.                || 'TABLE PRIV => '
  282.                || lv_main.priv
  283.                || ' object => '
  284.                || lv_main.owner
  285.                || '.'
  286.                || lv_main.tabnm
  287.                || ' grantable => '
  288.                || lv_main.ad);
  289.          ELSIF lv_main.typ = 'COLUMN' THEN
  290.             write_op (
  291.                   lv_tab
  292.                || 'COL PRIV => '
  293.                || lv_main.priv
  294.                || ' object => '
  295.                || lv_main.owner
  296.                || '.'
  297.                || lv_main.tabnm
  298.                || ' column_name => '
  299.                || lv_main.colnm
  300.                || ' grantable => '
  301.                || lv_main.ad);
  302.          END IF;
  303.       END LOOP;
  304.  
  305.       lv_tabstop := lv_tabstop - 1;
  306.       lv_tab := '';
  307.    EXCEPTION
  308.       WHEN OTHERS THEN
  309.          dbms_output.put_line ('ERROR (get_privs) => ' || SQLCODE);
  310.          dbms_output.put_line ('MSG (get_privs) => ' || SQLERRM);
  311.    END get_privs;
  312.  
  313. BEGIN
  314.    lv_file_or_screen := UPPER ('&&output_method');
  315.  
  316.    IF lv_file_or_screen = 'F' THEN
  317.       open_file ('&&file_name', '&&output_dir');
  318.    END IF;
  319.  
  320.    write_op (
  321.       'User => ' || UPPER ('&&user_to_find') || ' has been granted the following privileges');
  322.    write_op ('====================================================================');
  323.    get_privs (UPPER ('&&user_to_find'), lv_tabs);
  324.  
  325.    IF lv_file_or_screen = 'F' THEN
  326.       close_file;
  327.    END IF;
  328. EXCEPTION
  329.    WHEN OTHERS THEN
  330.       dbms_output.put_line ('ERROR (main) => ' || SQLCODE);
  331.       dbms_output.put_line ('MSG (main) => ' || SQLERRM);
  332. END;
  333. /
  334.  
  335. prompt FOR updates please visit http://www.petefinnigan.com/tools.htm
  336. prompt
  337. --spool off
  338.  
  339. WHENEVER sqlerror continue
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!