MINI MINI MANI MO
Rem
Rem $Header: sdo/admin/mdprivs.sql /main/49 2017/07/12 08:29:13 rjanders Exp $
Rem
Rem mdprivs.sql
Rem
Rem Copyright (c) 1998, 2017, Oracle and/or its affiliates.
Rem All rights reserved.
Rem
Rem NAME
Rem mdprivs.sql - <one-line expansion of the name>
Rem
Rem DESCRIPTION
Rem <short description of component this file declares/defines>
Rem
Rem NOTES
Rem <other useful comments, qualifications, etc.>
Rem
Rem BEGIN SQL_FILE_METADATA
Rem SQL_SOURCE_FILE: sdo/admin/mdprivs.sql
Rem SQL_SHIPPED_FILE: md/admin/mdprivs.sql
Rem SQL_PHASE: MDPRIVS
Rem SQL_STARTUP_MODE: NORMAL
Rem SQL_IGNORABLE_ERRORS: NONE
Rem SQL_CALLING_FILE: sdo/admin/catmdh.sql
Rem END SQL_FILE_METADATA
Rem
Rem MODIFIED (MM/DD/YY)
Rem rjanders 07/10/17 - LRG#20429241: Ignore CTXAPP/CTXSYS not found
Rem sravada 07/06/17 - move privs from sdordfsa
Rem rjanders 06/30/17 - Add SYS/MDSYS prefixes
Rem rjanders 06/23/17 - #26308657: Ignore CTXAPP/CTXSYS if not installed
Rem sravada 06/14/17 - remove echo off
Rem rjanders 05/10/17 - #26037683: Raise 'when other' exceptions
Rem rjanders 03/23/17 - #25437999: Remove 'when others then NULL'
Rem handlers
Rem rjanders 03/09/17 - Add missing SQL_FILE_METADATA information
Rem sdas 01/11/17 - grant EXECUTE on DBMS_PRIV_CAPTURE without GRANT
Rem option
Rem sravada 01/11/17 - bug 25370681
Rem zzhang 12/02/16 - grant execute on sys.dbms_pdb to mdsys
Rem sravada 01/15/16 - move CTX privs to dynSQL
Rem sravada 12/22/15 - add exception handler for java call
Rem bkazar 12/07/15 - Grant execute on Oracle Text XML Index CTX apis
Rem sravada 06/25/15 - bug 21232762
Rem rjanders 03/30/15 - Grant select on SYS.ALL_SEGMENTS view
Rem bkazar 12/30/14 - Add CSW202+ related priviliges
Rem bbamba 03/10/14 - Provide MDSYS privileges for Location Tracking
Rem rjanders 03/16/13 - #16473696: Start/End _ORACLE_SCRIPT
Rem initialization
Rem sravada 02/20/12 - bug 13729392
Rem sravada 01/19/12 - add ADMINISTER DATABASE TRIGGER priv
Rem sravada 08/23/11 - fix inherit privs
Rem sravada 03/22/11 - grant explicit tablespace to MDSYS
Rem vkolovsk 01/22/09 - grant flashback to mdsys (needed for incremental
Rem semantic inference)
Rem ningan 09/24/07 - bug-6415891: add dba_java_classes privilege for NDM
Rem bgouslin 01/07/07 - New version to fix Windoze format issue caused by
Rem some ADE bug
Rem zzhang 01/05/06 - grant dba_all_tables privilege to georaster
Rem zzhang 10/20/05 - add more privileges for georaster
Rem nalexand 05/19/05 - add create any trigger to MDSYS
Rem sravada 05/11/05 -
Rem geadon 05/04/05 - Add DBMS_SYSTEM privilege
Rem zzhang 04/27/05 - remove grant DELETE ANY TABLE privilege to MDSYS
Rem sravada 04/28/05 -
Rem sravada 04/20/04 - bug 3575743
Rem wexu 06/24/03 - grant DELETE ANY TABLE privilege to MDSYS
Rem sravada 10/01/02 -
Rem sravada 04/22/02 - revoke "all privilleges" from MDSYS
Rem sravada 10/08/01 -
Rem bgouslin 02/12/01 - Fix mdsys entries
Rem sravada 04/20/00 - grant admin to mdsys
Rem ranwei 10/22/98 - Privileges list for MDSYS
Rem ranwei 10/22/98 - Created
Rem
REM
REM You must connect as SYS prior to running this script.
REM
Rem ********************************************************************
Rem #16473696: Indicate Oracle-Supplied object
@@?/rdbms/admin/sqlsessstart.sql
Rem ********************************************************************
Rem set echo off
--
-- System privs needed by MDSYS
--
-- grant all privileges to MDSYS with admin option;
-- the set below should be included in the admin option
grant create session to MDSYS;
grant connect, resource, create library, create procedure, unlimited tablespace to MDSYS;
grant create operator to MDSYS;
grant create indextype to MDSYS;
grant create type to MDSYS;
grant create table to MDSYS;
grant create public synonym to MDSYS;
grant drop public synonym to MDSYS;
-- grant select_catalog_role to MDSYS ;
-- grant execute_catalog_role to MDSYS;
grant create view to MDSYS;
grant create sequence to MDSYS;
grant create any sequence to MDSYS;
-- the following seem to give errors; so explicitly grant them
--
-- Privs needed for MDSYS to create mdbootstrap package
--
-- grant select on sys.obj$ to MDSYS;
-- grant select on sys.user$ to MDSYS;
-- grant select on sys.ts$ to MDSYS;
-- grant select on sys.col$ to MDSYS;
--
-- Privs needed for MDSYS to create mdlib package
--
grant select on sys.dba_segments to MDSYS;
grant select on sys.dba_objects to MDSYS;
grant select on sys.dba_tablespaces to MDSYS;
grant select on sys.dba_tables to MDSYS;
grant select on sys.dba_views to mdsys with grant option;
grant select on sys.dba_object_tables to mdsys with grant option;
grant select on sys.dba_tab_columns to MDSYS;
grant select on sys.dba_tab_privs to MDSYS;
grant select on sys.dba_constraints to MDSYS;
grant select on sys.dba_cons_columns to MDSYS;
grant select on sys.dba_indexes to MDSYS;
grant select on sys.dba_ind_columns to MDSYS;
grant select on sys.kopm$ to mdsys;
grant execute on sys.dbms_registry to mdsys;
grant select on sys.dba_registry to mdsys;
grant select on sys.dba_role_privs to mdsys;
grant execute on sys.dbms_lock to mdsys;
grant execute on sys.dbms_pdb to mdsys;
--
-- Privs needed for MDSYS to use import/export extensibility
--
-- grant insert on sys.exppkgobj$ to MDSYS;
-- grant insert on sys.exppkgact$ to MDSYS;
-- grant insert on sys.expdepobj$ to MDSYS;
-- grant insert on sys.expdepact$ to MDSYS;
-- grant delete on sys.exppkgobj$ to MDSYS;
-- grant delete on sys.exppkgact$ to MDSYS;
-- grant delete on sys.expdepobj$ to MDSYS;
-- grant delete on sys.expdepact$ to MDSYS;
--
-- Grant execute on Oracle Text XML Index CTX apis
-- These priviliges are required for both RDF and CSW202+
--
-- CTX does not exists on SE so make these calls via DynSQL
declare
user_role_not_found exception;
pragma exception_init(user_role_not_found, -01917);
role_not_found exception;
pragma exception_init(role_not_found, -01919);
package_not_found exception;
pragma exception_init(package_not_found, -04042);
begin
begin
execute immediate
' GRANT CTXAPP TO MDSYS' ;
exception
-- Ignore if CTXAPP not installed
when package_not_found then NULL;
when role_not_found then NULL;
when user_role_not_found then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')1]: ' || SQLERRM); RAISE;
end;
begin
execute immediate
' GRANT EXECUTE ON CTXSYS.CTX_CLS TO MDSYS';
exception
-- Ignore if CTXSYS not installed
when package_not_found then NULL;
when role_not_found then NULL;
when user_role_not_found then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')2]: ' || SQLERRM); RAISE;
end;
begin
execute immediate
' GRANT EXECUTE ON CTXSYS.CTX_DDL TO MDSYS' ;
exception
-- Ignore if CTXSYS not installed
when package_not_found then NULL;
when role_not_found then NULL;
when user_role_not_found then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')3]: ' || SQLERRM); RAISE;
end;
begin
execute immediate
' GRANT EXECUTE ON CTXSYS.CTX_DOC TO MDSYS' ;
exception
-- Ignore if CTXSYS not installed
when package_not_found then NULL;
when role_not_found then NULL;
when user_role_not_found then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')4]: ' || SQLERRM); RAISE;
end;
begin
execute immediate
' GRANT EXECUTE ON CTXSYS.CTX_OUTPUT TO MDSYS' ;
exception
-- Ignore if CTXSYS not installed
when package_not_found then NULL;
when role_not_found then NULL;
when user_role_not_found then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')5]: ' || SQLERRM); RAISE;
end;
begin
execute immediate
' GRANT EXECUTE ON CTXSYS.CTX_QUERY TO MDSYS' ;
exception
-- Ignore if CTXSYS not installed
when package_not_found then NULL;
when role_not_found then NULL;
when user_role_not_found then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')6]: ' || SQLERRM); RAISE;
end;
begin
execute immediate
' GRANT EXECUTE ON CTXSYS.CTX_REPORT TO MDSYS' ;
exception
-- Ignore if CTXSYS not installed
when package_not_found then NULL;
when role_not_found then NULL;
when user_role_not_found then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')7]: ' || SQLERRM); RAISE;
end;
begin
execute immediate
' GRANT EXECUTE ON CTXSYS.CTX_THES TO MDSYS' ;
exception
-- Ignore if CTXSYS not installed
when package_not_found then NULL;
when role_not_found then NULL;
when user_role_not_found then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')8]: ' || SQLERRM); RAISE;
end;
begin
execute immediate
' GRANT EXECUTE ON CTXSYS.CTX_ULEXER TO MDSYS' ;
exception
-- Ignore if CTXSYS not installed
when package_not_found then NULL;
when role_not_found then NULL;
when user_role_not_found then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')9]: ' || SQLERRM); RAISE;
end;
end;
/
--
-- for GeoRaster
--
grant drop any trigger to mdsys;
grant select on sys.dba_triggers to mdsys;
grant select on sys.dba_synonyms to mdsys;
grant select on sys.dba_types to mdsys;
grant select on sys.dba_type_attrs to mdsys;
grant select on sys.dba_all_tables to mdsys;
grant select any table to mdsys;
grant update any table to mdsys;
grant alter any table to mdsys;
declare
begin
begin
execute immediate ' begin
dbms_java.grant_permission( ''MDSYS'', ''SYS:java.lang.RuntimePermission'',
''accessClassInPackage.com.sun.media.jai.*'', '''' ); end;';
exception
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')10]: ' || SQLERRM); RAISE;
end;
end;
/
--
-- for RDF
--
grant execute on sys.dbms_system to MDSYS;
grant create any trigger to MDSYS;
grant delete any table to MDSYS;
grant flashback any table to MDSYS;
grant execute on dbms_priv_capture to MDSYS;
-- used to prevent application table triple access --
grant execute on dbms_rls to mdsys;
-- to get application table names from ids --
grant select on DBA_OBJECTS to mdsys;
-- used for system trigger - already granted --
grant administer database trigger to mdsys;
grant execute on dbms_scheduler to mdsys;
grant create job to mdsys;
-- required for inference and bulk load. Specifically MERGE STMT and EXCH PART --
grant exempt access policy to mdsys;
--
-- for NDM
--
declare
begin
begin
execute immediate
'grant select on sys.dba_java_classes to MDSYS' ;
exception
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')11]: ' || SQLERRM); RAISE;
end;
end;
/
--
-- for SDO_OBJ_TRKR
--
grant aq_administrator_role, create job, manage scheduler to MDSYS;
grant execute on dbms_aq to MDSYS;
grant execute on dbms_aqadm to MDSYS;
declare
already_revoked exception;
pragma exception_init(already_revoked, -01927);
cannot_grant exception;
pragma exception_init(cannot_grant, -31707);
begin
begin
execute immediate 'revoke inherit privileges on user MDSYS from public';
exception
when already_revoked then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')12]: ' || SQLERRM); RAISE;
end;
begin
execute immediate 'revoke inherit privileges on user MDDATA from public';
exception
when cannot_grant then NULL;
when already_revoked then NULL;
when others then
SYS.DBMS_SYSTEM.KSDWRT(SYS.DBMS_SYSTEM.TRACE_FILE,
'EXCEPTION[mdprivs.sql(' || $$PLSQL_LINE || ')13]: ' || SQLERRM); RAISE;
end;
end;
/
--
-- for CSW202+
--
GRANT SELECT ON SYS.DBA_XML_SCHEMAS TO MDSYS;
grant inherit any privileges to MDSYS;
-- grant inherit privileges on user SYS to MDSYS;
grant ADMINISTER DATABASE TRIGGER to MDSYS;
Rem ********************************************************************
Rem #16473696: Indicate Oracle-Supplied object
@@?/rdbms/admin/sqlsessend.sql
Rem ********************************************************************
OHA YOOOO