Skip to Content
avatar image
Former Member

Create Read Only User in Oracle 10.2.0.4

Hi., Friends,

I want to create an user in Oracle 10.2.0.4 with read only rights of my hole database. I am not having Enterprise Manager Console so i want create from command prompt.Can u please explain me the step for create and assign read only role to user.

Regards

Mahendran

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    Jul 14, 2009 at 11:46 AM

    Hello Mahendran,

    your description sounds like a license violation with SAP and Oracle.

    Please check sapnote #581312

    Regards

    Stefan

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 14, 2009 at 11:53 AM

    Hi,

    what is the purpose of new user in oracle while sap created during installation.

    You can create by command

    SQL> create user <Username> identified by <Passowrd>;

    Now u can give only connect

    SQL> grant connect to <Username>;

    For Dictionary view

    SQL> grant SELECT_CATALOG_ROLE to username;

    surendrajain

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 14, 2009 at 12:09 PM

    > I want to create an user in Oracle 10.2.0.4 with read only rights of my hole database.

    Somehow people seem to be attracted by this 'simple' approach to data access very much.

    Please - don't start doing that.

    Stop it right away in your own best interest.

    There had been many discussions about database level access of SAP databases in the DB-forums here at SDN, just like this one .

    To cut the long story short: the SAP data is accessible through the application layer only.

    This API performs all kinds of checks, permission management, consistency checking etc.

    Don't bypass it. Don't mess up your system with myriads of little data interfaces.

    regards,

    Lars

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Stefan,

      the key point here is whether SAP application data is accessed or not.

      To monitor the Oracle database you don't need to access the application data.

      And no one needs 'read all' on it either...

      best regards,

      Lars

  • Jul 14, 2009 at 01:14 PM

    Hi Mahendra,

    I am happy with Surendrajain's reply, but with this sql you will not able to view the data present in SAP Schema,

    The entire sql query with the comments in bracket is given below

    1) create user PPMTEST identified by program1;

    2) Create role PPMROLE; { PPMROLE is the role name which will be later assigned to the user PPMTEST}

    3) Grant CONNECT to PPMROLE; { CONNECT role allows the user to connect to oracle database}

    4) Grant SELECT_CATALOG_ROLE to PPMROLE; { SELECT_CATALOG_ROLE role allows the user to view the oracle data dictionary}

    5) GRANT SELECT ANY TABLE to PPMROLE; { "SELECT ANY TABLE" privilege allows the user to view the table which is present in the SAP schema}

    6) Grant PPMROLE to PPMTEST; { Assigning the role PPMROLE to the user PPMTEST}

    7) COMMIT;

    Thanks and Regards

    Debdeep

    Add comment
    10|10000 characters needed characters exceeded