snippetMinor
How do I grant execute permission to an Oracle database user?
Viewed 0 times
userpermissiongrantdatabasehoworacleexecute
Problem
I'm trying to call a Java function from Oracle database that does the following:
When I try to run it, I get the following error:
How do I grant this permission?
UPDATE: When I run the following in SQL*Plus (as sysdba):
I get the error:
Process p = Runtime.getRuntime().exec("...");When I try to run it, I get the following error:
ORA-29532: Java call terminated by uncaught Java exception:
java.security.AccessControlException: the Permission (java.io.FilePermission
> execute) has not been granted to SCOTT. The PL/SQL to grant this
is dbms_java.grant_permission( 'SCOTT', 'SYS:java.io.FilePermission', '>', 'execute' )How do I grant this permission?
UPDATE: When I run the following in SQL*Plus (as sysdba):
dbms_java.grant_permission( 'SCOTT',
'SYS:java.io.FilePermission',
'>',
'execute' );I get the error:
SP2-0734: unknown command beginning "/dbms_java..." - rest of line ignored.
SQL> SP2-0734: unknown command beginning "'SYS:java...." - rest of line ignored.
SQL> SP2-0734: unknown command beginning "'<<ALL FIL..." - rest of line ignored.
SP2-0044: For a list of known commands enter HELP
and to leave enter EXIT.Solution
The error message actually gives you the exact syntax
It's not obvious to me whether you modified the text of the error message to remove a directory from the error-- normally, the error will tell you a specific directory that you need to grant access to.
If your intention is to allow the Java stored procedure to execute arbitrary shell scripts (this would be very dangerous-- the commands would run as the Oracle operating system user so they would have the ability to bypass any security measures in the database), you should be able to do something like
dbms_java.grant_permission( 'SCOTT',
'SYS:java.io.FilePermission',
'>',
'execute' )It's not obvious to me whether you modified the text of the error message to remove a directory from the error-- normally, the error will tell you a specific directory that you need to grant access to.
If your intention is to allow the Java stored procedure to execute arbitrary shell scripts (this would be very dangerous-- the commands would run as the Oracle operating system user so they would have the ability to bypass any security measures in the database), you should be able to do something like
begin
dbms_java.grant_permission
('SCOTT',
'java.io.FilePermission',
'>',
'execute');
dbms_java.grant_permission
('SCOTT',
'java.lang.RuntimePermission',
'*',
'writeFileDescriptor' );
end;Code Snippets
dbms_java.grant_permission( 'SCOTT',
'SYS:java.io.FilePermission',
'<<ALL FILES>>',
'execute' )begin
dbms_java.grant_permission
('SCOTT',
'java.io.FilePermission',
'<<ALL FILES>>',
'execute');
dbms_java.grant_permission
('SCOTT',
'java.lang.RuntimePermission',
'*',
'writeFileDescriptor' );
end;Context
StackExchange Database Administrators Q#19338, answer score: 4
Revisions (0)
No revisions yet.