How to show all privileges from a user in oracle?
Another useful resource:
http://psoug.org/reference/roles.html
- DBA_SYS_PRIVS
- DBA_TAB_PRIVS
- DBA_ROLE_PRIVS
You can try these below views.
SELECT * FROM USER_SYS_PRIVS;
SELECT * FROM USER_TAB_PRIVS;
SELECT * FROM USER_ROLE_PRIVS;
DBAs and other power users can find the privileges granted to other users with the DBA_
versions of these same views. They are covered in the documentation .
Those views only show the privileges granted directly to the user. Finding all the privileges, including those granted indirectly through roles, requires more complicated recursive SQL statements:
select * from dba_role_privs connect by prior granted_role = grantee start with grantee = '&USER' order by 1,2,3;
select * from dba_sys_privs where grantee = '&USER' or grantee in (select granted_role from dba_role_privs connect by prior granted_role = grantee start with grantee = '&USER') order by 1,2,3;
select * from dba_tab_privs where grantee = '&USER' or grantee in (select granted_role from dba_role_privs connect by prior granted_role = grantee start with grantee = '&USER') order by 1,2,3,4;
There are various scripts floating around that will do that depending on how crazy you want to get. I would personally use Pete Finnigan's find_all_privs script.
If you want to write it yourself, the query gets rather challenging. Users can be granted system privileges which are visible in DBA_SYS_PRIVS
. They can be granted object privileges which are visible in DBA_TAB_PRIVS
. And they can be granted roles which are visible in DBA_ROLE_PRIVS
(roles can be default or non-default and can require a password as well, so just because a user has been granted a role doesn't mean that the user can necessarily use the privileges he acquired through the role by default). But those roles can, in turn, be granted system privileges, object privileges, and additional roles which can be viewed by looking at ROLE_SYS_PRIVS
, ROLE_TAB_PRIVS
, and ROLE_ROLE_PRIVS
. Pete's script walks through those relationships to show all the privileges that end up flowing to a user.