MINI MINI MANI MO
Rem $Header: ordim/admin/imprv.sql /main/39 2017/10/01 20:01:37 smavris Exp $
Rem
Rem imprv.sql
Rem
Rem Copyright (c) 2002, 2017, Oracle and/or its affiliates.
Rem All rights reserved.
Rem
Rem NAME
Rem imprv.sql
Rem
Rem DESCRIPTION
Rem This script grants the privs required by the media components
Rem of Oracle Multimedia (not Locator).
Rem
Rem NOTES
REM You must connect as SYSDBA prior to running this script
REM
Rem MODIFIED (MM/DD/YY)
Rem
Rem BEGIN SQL_FILE_METADATA
Rem SQL_SOURCE_FILE: ordim/admin/imprv.sql
Rem SQL_SHIPPED_FILE: ord/im/admin/imprv.sql
Rem SQL_PHASE: IMPRV
Rem SQL_STARTUP_MODE: NORMAL
Rem SQL_IGNORABLE_ERRORS: NONE
Rem SQL_CALLING_FILE: $SRCHOME/ordim/admin/immednnc.sql,impatch.sql,imrelod.sql,
Rem imu112.sql,imu121.sql
Rem END SQL_FILE_METADATA
Rem
@@?/rdbms/admin/sqlsessstart.sql
--
-- Privs needed by SYS
--
grant create any operator to SYS;
grant create any indextype to SYS;
grant drop any indextype to SYS;
grant drop any operator to SYS;
grant javauserpriv to SYS;
begin
dbms_java.grant_permission ('SYSTEM', 'java.io.FilePermission',
'<<ALL FILES>>', 'read');
end;
/
--
-- Privs needed by ORDSYS
--
-- SYS privs
grant unlimited tablespace to ORDSYS;
-- ROLES
grant javauserpriv to ordsys;
-- OBJECT privs
grant execute on sys.dbms_lock to ordsys;
grant execute on sys.dbms_lob to ordsys;
grant execute on sys.dbms_sql to ordsys;
grant execute on sys.dbms_utility to ordsys;
grant execute on sys.dbms_random to ordsys;
grant execute on sys.utl_file to ordsys;
--
-- Grants needed for ORDSYS views
--
grant select on dba_views to ordsys with grant option;
grant select on dba_tables to ordsys with grant option;
grant select on dba_object_tables to ordsys with grant option;
grant select on dba_tab_cols to ordsys;
grant select on dba_indexes to ordsys;
--
-- Grant needed to check migrate mode for Rolling Upgrade
--
grant select on v_$instance to ordsys;
begin
dbms_java.grant_permission('ORDSYS','SYS:java.lang.RuntimePermission',
'getClassLoader', '');
dbms_java.grant_permission('ORDSYS', 'SYS:java.util.logging.LoggingPermission',
'control','');
end;
/
-- Privs needed to load native library
-- enable SYS
begin
dbms_java.grant_permission
('SYS',
'SYS:oracle.aurora.rdbms.security.PolicyTablePermission',
'0:java.lang.RuntimePermission#loadLibrary.ordim',
null);
dbms_java.grant_permission
('SYS',
'SYS:oracle.aurora.rdbms.security.PolicyTablePermission',
'0:java.lang.RuntimePermission#loadLibrary.oraordim',
null);
-- grant to ORDSYS
dbms_java.grant_permission
('ORDSYS', 'SYS:java.lang.RuntimePermission',
'loadLibrary.ordim', '');
dbms_java.grant_permission
('ORDSYS', 'SYS:java.lang.RuntimePermission',
'loadLibrary.oraordim', '');
-- clib_jiio
dbms_java.grant_permission
('SYS',
'SYS:oracle.aurora.rdbms.security.PolicyTablePermission',
'0:java.lang.RuntimePermission#loadLibrary.clib_jiio',
null);
-- grant to ORDSYS
dbms_java.grant_permission
('ORDSYS', 'SYS:java.lang.RuntimePermission',
'loadLibrary.clib_jiio', '');
end;
/
begin
--revoke from SYS
dbms_java.revoke_permission
('SYS',
'SYS:oracle.aurora.rdbms.security.PolicyTablePermission',
'0:java.lang.RuntimePermission#loadLibrary.ordim',
null);
dbms_java.revoke_permission
('SYS',
'SYS:oracle.aurora.rdbms.security.PolicyTablePermission',
'0:java.lang.RuntimePermission#loadLibrary.oraordim',
null);
dbms_java.revoke_permission
('SYS',
'SYS:oracle.aurora.rdbms.security.PolicyTablePermission',
'0:java.lang.RuntimePermission#loadLibrary.clib_jiio',
null);
end;
/
-- END privs need for native library
-- Grant the write permissions on java.io.tmpdir to ORDSYS
-- which is needed by jp2 codec
CREATE OR REPLACE FUNCTION ordGetJavaProp (propname varchar2)
RETURN varchar2
AS LANGUAGE JAVA
NAME 'java.lang.System.getProperty(java.lang.String) return java.lang.String';
/
BEGIN
dbms_java.grant_permission
('ORDSYS',
'SYS:java.io.FilePermission',
ordGetJavaProp('java.io.tmpdir') || ordGetJavaProp('file.separator') || '*',
'read,write,delete');
END;
/
begin
dbms_java.grant_permission ('ORDSYS', 'SYS:java.io.FilePermission',
'<<ALL FILES>>', 'read,write,delete');
end;
/
DROP FUNCTION ordGetJavaProp;
-- imageio access permission grant to ordsys
-- which is needed in processcopy
begin
dbms_java.grant_permission(
'ORDSYS',
'SYS:java.lang.RuntimePermission',
'accessClassInPackage.com.sun.imageio.plugins.jpeg', '');
end;
/
begin
dbms_java.grant_permission(
'ORDSYS',
'SYS:java.lang.RuntimePermission',
'accessClassInPackage.com.sun.media.jai.codec', '');
end;
/
--
-- Privs needed for ORDSYS to use import/export extensibility
--
grant insert on sys.exppkgobj$ to ORDSYS;
grant insert on sys.exppkgact$ to ORDSYS;
grant insert on sys.expdepobj$ to ORDSYS;
grant insert on sys.expdepact$ to ORDSYS;
grant delete on sys.exppkgobj$ to ORDSYS;
grant delete on sys.exppkgact$ to ORDSYS;
grant delete on sys.expdepobj$ to ORDSYS;
grant delete on sys.expdepact$ to ORDSYS;
--
-- grants to ORDDATA
--
-- SYS privs
grant unlimited tablespace to ORDDATA;
--
-- Privs needed by ORDPLUGINS
--
-- No SYS privs
--
grant execute on sys.utl_http to ordplugins;
grant execute on sys.utl_file to ordplugins;
grant execute on sys.dbms_lob to ordplugins;
--
-- Grants needed by SI_INFORMTN_SCHEMA user
--
-- SYS privs
grant unlimited tablespace to SI_INFORMTN_SCHEMA;
--==========================================================================
-- CREATE ROLE for the dicom administrator
--
--==========================================================================
create role ORDADMIN;
--=========================================================================
-- Changes needed for Invoker Rights related privileges
--=========================================================================
declare
already_revoked exception;
pragma exception_init(already_revoked,-01927);
procedure revoke_inherit_privilege(user in varchar2) as
begin
execute immediate
'revoke inherit privileges on user '||user||' from PUBLIC';
exception
when already_revoked then
null;
end;
begin
revoke_inherit_privilege('ORDDATA');
revoke_inherit_privilege('ORDSYS');
revoke_inherit_privilege('ORDPLUGINS');
revoke_inherit_privilege('SI_INFORMTN_SCHEMA');
end;
/
grant inherit any privileges to ORDSYS;
grant inherit any privileges to ORDPLUGINS;
@?/rdbms/admin/sqlsessend.sql
OHA YOOOO