Skip to Main Content
Forums

Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Grant folder and subfold access to another User

CRobertsMar 14 2012 — edited Mar 15 2012
This is my version of Oracle:
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
PL/SQL Release 11.2.0.2.0 - Production
CORE    11.2.0.2.0      Production
TNS for Solaris: Version 11.2.0.2.0 - Production
NLSRTL Version 11.2.0.2.0 - Production
I have create an Oracle User, called "AdvSearch", that have a number of folders in Xdb with a root folder of "/AdvSearch" for a development effort. Just for development, I have another Oracle User, "TEST_LEGALSERVICES" that I want full read and write to the files and folders under the cited root. I can't seem to grant access to the second User. Based on my reading, I tried this against the acl created for Advsearch:
DECLARE
   Dummy_Nr     PLS_INTEGER;
   Ace_Tx       VARCHAR2(2000);
   Ace_Xml      XMLType;
   AclPath_Tx   VARCHAR2(2000) := '/sys/acls/ADVSEARCH/ADVSEARCH_acl.xml';
 BEGIN
   Ace_Tx   := '<ace xmlns="http://xmlns.oracle.com/xdb/acl.xsd"
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                     xsi:schemaLocation="http://xmlns.oracle.com/xdb/acl.xsd
                                         http://xmlns.oracle.com/xdb/acl.xsd
                                         DAV:http://xmlns.oracle.com/xdb/dav.xsd">
                  <principal>TEST_LEGALSERVICES</principal>
                  <grant>true</grant>
                  <privilege><all/></privilege>
                </ace>';
   Ace_Xml  := XMLType.createXML(Ace_Tx);
   Dummy_Nr := DBMS_XDB.changePrivileges(AclPath_Tx, Ace_Xml);
 END;
 /
This code ran, but when I examine the file under AclPath_Tx, I can see that that xml node was not created. So when I run this query against one level up from the root, I get this message:
ELSDV03> SELECT DBMS_XDB.GETPRIVILEGES('/AdvSearch/Repository') AS Rights FROM Dual;
ERROR:
ORA-31050: Access denied
ORA-06512: at "XDB.DBMS_XDB", line 422


no rows selected
I am not sure if this is relevant, but this is my acl after the change privilege has been run:
select XdbUriType('/sys/acls/ADVSEARCH/ADVSEARCH_acl.xml').GetXml() as doc FROM Dual;

DOC
------------------------------------------------------------------------------------------------------------------------
<acl description="Protected:Readable by PUBLIC and all privileges to OWNER" xmlns="http://xmlns.oracle.com/xdb/acl.xsd"
xmlns:dav="DAV:" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/xdb/a
cl.xsd                           http://xmlns.oracle.com/xdb/acl.xsd" shared="false">
  <ace>
    <grant>true</grant>
    <principal>dav:owner</principal>
    <privilege>
      <all/>
    </privilege>
  </ace>
  <ace>
    <grant>true</grant>
    <principal>XDBADMIN</principal>
    <privilege>
      <all/>
    </privilege>
  </ace>
  <ace>
    <grant>true</grant>
    <principal>PUBLIC</principal>
    <privilege>
      <read-properties/>
      <read-contents/>
      <read-acl/>
      <resolve/>
    </privilege>
  </ace>
  <ace>
    <grant>true</grant>
    <principal>ADVSEARCH</principal>
    <privilege>
      <all/>
    </privilege>
  </ace>
</acl>


1 row selected.
I guess I am missing a step or otherwise doing something wrong. Just how can I grant access to all the files and folders under /AdvSearch to Test_LegalServices? Another related question, does there have to two ACL files for the two Users, or can just one work for one set of folders in Xdb?

Thank you.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Apr 12 2012
Added on Mar 14 2012
#performance-availability, #xml-db
1 comment
280 views