RE: Privileges for registering an XML schema
- From: Marco Gralike <Marco.Gralike@xxxxxxx>
- To: "peter.schauss@xxxxxxx" <peter.schauss@xxxxxxx>, Wolfson Larry - lwolfs <lawrence.wolfson@xxxxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 6 Sep 2012 22:32:14 +0000
BTW it is also (performance wise) smart to choose for DBMS_XMLSCHEMA option
ENABLEHIERARCHY => DBMS_XMLSCHEMA.ENABLE_HIERARCHY_NONE
instead of the used one, if you don't use the XDB Repository WebDAV or FTP
options. By default direct access to the registered XML content via WebDAV or
FTP is protected by ACL's, that is you must connect/authorize in one or another
way on the database. The ACL mechanism has a small performance impact and can
be seen in the explain plan output by references to "ACL" actions.
If you don't use FTP or WebDAV access, you can avoid this by using
ENABLEHIERARCHY => DBMS_XMLSCHEMA.ENABLE_HIERARCHY_NONE
The content of the XML stored in the database, is in that case only accessible
via the known standard methods via inserts/sqlnet/odbc/jdbc etc.
M.
________________________________________
From: Marco Gralike
Sent: Friday, September 07, 2012 0:21
To: peter.schauss@xxxxxxx; Wolfson Larry - lwolfs; oracle-l@xxxxxxxxxxxxx
Subject: RE: Privileges for registering an XML schema
You don't need the ANY privilege and/or even DIRECTORY stuff. That's only
needed if you get your XML Schema content from the server via a BFILENAME
construct. Alternative methods for getting the content of the XML Schema (XSD)
is by providing the whole content or via getting it out of the XDB Repository
via XDBUriTpe method.
Also XDBADMIN is not needed if you don't need to register your XSD for all to
see, that is
LOCAL => FALSE,
in DBMS_XMLSCHEMA.registerSchema. XSD's are protected by ACL's that is via the
underlying VPD database methods. By user LOCAL => TRUE a database DBA role can
not see the content by default.
M.
________________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [oracle-l-bounce@xxxxxxxxxxxxx] on behalf
of Schauss, Peter (ESS) [peter.schauss@xxxxxxx]
Sent: Wednesday, August 29, 2012 16:21
To: Wolfson Larry - lwolfs; oracle-l@xxxxxxxxxxxxx
Subject: RE: Privileges for registering an XML schema
Larry,
Thanks for the help. I added the privileges one at a time and kept retrying.
It finally worked after I added RESOURCE. RESOURCE is a role which grants
multiple system privileges, so I looked up what it grants and compared it to
the objects which were created when I registered the schema. My first guess is
that the missing privilege was CREATE TRIGGER. After I get all of this stuff
working, I will try to go back and refine the actual privileges needed.
-Peter Schauss
-----Original Message-----
From: Wolfson Larry - lwolfs [mailto:lawrence.wolfson@xxxxxxxxxx]
Sent: Tuesday, August 28, 2012 4:43 PM
To: Schauss, Peter (ESS); oracle-l@xxxxxxxxxxxxx
Subject: RE: Privileges for registering an XML schema
We just had someone go through this and Think you need all of these
GRANT ALTER SESSION TO &&USER;
GRANT CREATE SESSION TO &&USER;
GRANT CREATE SYNONYM TO &&USER;
GRANT CREATE TABLE TO &&USER;
GRANT CREATE TYPE TO &&USER;
GRANT CREATE VIEW TO &&USER;
GRANT DROP ANY DIRECTORY TO &&USER;
GRANT RESOURCE TO &&USER;
Hope that helps,
Larry
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Schauss, Peter (ESS)
Sent: Tuesday, August 28, 2012 9:57 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Privileges for registering an XML schema
This is Oracle 11.2.0.3 running on AIX 5.3.
Following the example in the "Using Oracle XML DB" I run:
BEGIN
DBMS_XMLSCHEMA.registerSchema(
SCHEMAURL => 'http://local_host:8080/xdb/documentation/MY_Schema.xsd',
SCHEMADOC => bfilename('XML_FILES','MY_Schema.xsd'),
LOCAL => TRUE,
GENTYPES => TRUE,
GENTABLES => TRUE,
CSID => nls_charset_id('WE8ISO8859P1')); END;
And get:
ORA-31061: XDB error: DBMS_XDBZ.ENABLE_HIERARCHY
ORA-06512: at "XDB.DBMS_XDBZ0", line 131
ORA-06512: at "XDB.DBMS_XDBZ0", line 588
ORA-01031: insufficient privileges
ORA-06512: at "XDB.DBMS_XDBZ", line 37
ORA-06512: at line 1
ORA-06512: at "XDB.DBMS_XMLSCHEMA_INT", line 37
ORA-06512: at "XDB.DBMS_XMLSCHEMA", line 65
ORA-06512: at "XDB.DBMS_XMLSCHEMA", line 136
ORA-06512: at line 2
My user has the following privileges:
create table
create any directory
xdbadmin
create view
create type
MOS says that xdbadmin is the only privilege I need to run this stored
procedure. What am I missing?
Thanks,
Peter Schauss
--
//www.freelists.org/webpage/oracle-l
***************************************************************************
The information contained in this communication is confidential, is intended
only for the use of the recipient named above, and may be legally privileged.
If the reader of this message is not the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this communication
is strictly prohibited.
If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy of it
from your computer system.
Thank You.
****************************************************************************
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
