Grants with Oracle

General Discussion
1

Hi,


I run our Oracle 11g database like this


user named “appname” has full rights to a database.

user named “app_appname” only has access for basic CRUD operations,they can’t create/drop tables.


WIthout liquibase I would typically run any patch files and then afterwards run a script I have that grants access on everything to the app_appname user. (The script is full of stored proceedures etc.


I typically need to run this script as sysdba; either via


sqlplus / as sysdba;


or by using sqldeveloper with the username sys and the ROLE set to sysdba;


I’m taking recommendations now for how to do this with liquibase. Currently I have 2 changeSets I think i want to run. I run one against my database, and then the other against the sys database.



2

I read some forum posts and did more googling. Here are some additional details


1: I’m now running it as they “system” user which is at least getting me connected to oracle just fine.


2: I’m calling my script like this


       

declare

  l_SQL varchar2(4000);

begin

  for cur in (

    select * from dba_tables where owner = ‘TEST_MYAPP’)

  loop

    l_sql := ‘grant select, insert, update, delete on ’ || cur.owner || ‘.’ || cur.table_name || ’ to MYAPP_RW_ROLE’;

    --dbms_output.put_line(l_SQL || ‘;’);

    execute immediate l_SQL;

  end loop;

end;


declare

  l_SQL varchar2(4000);

begin

  for cur in (

    select * from dba_sequences where sequence_owner = ‘TEST_MYAPP’)

  loop

    l_sql := ‘grant select on ’ || cur.sequence_owner || ‘.’ || cur.sequence_name || ’ to MYAPP_RW_ROLE’;

    --dbms_output.put_line(l_SQL || ‘;’);

    execute immediate l_SQL;

  end loop;

end;


3: and this is the error i’m getting

Liquibase update Failed: Migration failed for change set dba_liquibase.xml::1::jeffm:

     Reason: liquibase.exception.DatabaseException: Error executing SQL declare

  l_SQL varchar2(4000);

begin

  for cur in (

    select * from dba_tables where owner = ‘TEST_MYAPP’)

  loop

    l_sql := ‘grant select, insert, update, delete on ’ || cur.owner || ‘.’ || cur.table_name || ’ to MYAPP_RW_ROLE’;

    --dbms_output.put_line(l_SQL || ‘;’);

    execute immediate l_SQL;

  end loop;

end;


declare

  l_SQL varchar2(4000);

begin

  for cur in (

    select * from dba_sequences where sequence_owner = ‘TEST_MYAPP’)

  loop

    l_sql := ‘grant select on ’ || cur.sequence_owner || ‘.’ || cur.sequence_name || ’ to MYAPP_RW_ROLE’;

    --dbms_output.put_line(l_SQL || ‘;’);

    execute immediate l_SQL;

  end loop;

end;: ORA-06550: line 13, column 1:

PLS-00103: Encountered the symbol “DECLARE”

ORA-06550: line 23, column 4:

PLS-00103: Encountered the symbol “end-of-file” when expecting one of the following:


   ( begin case declare end exception exit for goto if loop mod

   null pragma raise return select update while with

    <a double-quoted



3

I think the problems is that liquibase does not try to split up the SQL in your block into the two statements that there is and just passes it along to Oracle which expects it to be just one statement.


Put your two DECLARE blocks in separate tags and see if that works.

Nathan

4

if you are not specifying a liquibaseSchema parameter, it is just created as “create table DATABASECHANGELOG” without a specified schema. 


Is there default schema for the SYSTEM user besides SYSTEM?

Nathan

5

That worked perfectly.


Now for a weird question, when I execute this as the “system” user , where does the databasechangelog table get created? I seem to find it anywhere.


6

Yeah I found it in system. I was looking in Sys. Tanks.