I would like to know if a user has a privilege on an object or not.
I'm working on SQL Developer.
When I query manually the table DBA_TAB_PRIVS, I get all the information needed.
However, I need this information to be used in some triggers and functions.
So, I'm writing PL/SQL function that will return 1 if a role has the privilege and 0 otherwise.
CREATE OR REPLACE FUNCTION HAS_PRIVILEGE_ON_OBJECT(rolename IN VARCHAR2,
objectname IN VARCHAR2,
objectowner IN VARCHAR2,
privilegename IN VARCHAR2)
RETURN NUMBER
AS
output NUMBER;
BEGIN
SELECT count(*) INTO output
FROM dba_tab_privs
WHERE grantee = rolename
AND owner = objectowner
AND table_name = objectname
AND privilege = privilegename;
IF output > 0 THEN
RETURN 1;
ELSE
RETURN 0;
END IF;
END has_privilege_on_object;
The function doesn't compile and says :
ORA 942 : table or view does not exist.
The user connected has access to the view DBA_TAB_PRIVS since I can query it, but when trying to automate it using a function. It doesn't work.
Any ideas please?
I'll wager that you have privileges on dba_tab_privs via a role, not via a direct grant. If you want to use a definer's rights stored function, the owner of the function has to have privileges on all the objects granted directly, not via a role.
If you disable roles in your interactive session, can you still query dba_tab_privs? That is, if you do
SQL> set role none;
SQL> select * from dba_tab_privs
do you get the same ORA-00942 error? Assuming that you do
GRANT select any dictionary
TO procedure_owner
will give the procedure_owner user the ability to query any data dictionary table in a stored function. Of course, you could also do a direct grant on just dba_tab_privs.