Problem solve

A report of all users, grants and privileges

This SQL creates a report of all users and their grants, roles and privileges.

Ofer Harel

Published: 28 Oct 2002

Sometimes you need to know all the privileges your users have in a database. This collection of scripts summarize...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate Email Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

and detail all users, roles and grants in the database.

A few remarks:

The list of users excludes those users that are part of the Oracle schemas. You might want to edit the list to support your needs.
For my convenience, the list of roles excludes those that are part of the Oracle roles. Again, you might want to edit the list to support your needs.
You may spool the report to a file or cut any piece of code you like.
This has been tested in 8.0.5 and all versions of 8i.

-----------------------------
-- A report of all grantee --
-----------------------------
set pagesize 2000
set echo off
set feed off
set verify off

-- Users list
ttitle 'All users'
select username "Users"
  from dba_users
 where username not in ('SYS','SYSTEM','OUTLN',
                        'DBSNMP','SCOTT','DB_CONTROL',
                        'OPS$ORACLE','XXX')
/

-- All user's granted
break on user skip 1 on user
col user format a15
col grant format a30
ttitle 'All users granted'
select grantee "User" ,granted_role "Grant", 'role' "Type" 
  from dba_role_privs
 where grantee in (select username from dba_users
                    where username not in ('SYS','SYSTEM',
'OUTLN','DBSNMP','SCOTT','DB_CONTROL','OPS$ORACLE','XXX'))
   and granted_role not in ('CONNECT')
union all
select grantee "User", privilege "Grant", 'priv' "Type" 
  from dba_sys_privs
 where grantee in (select username from dba_users
                    where username not in ('SYS','SYSTEM',
'OUTLN','DBSNMP','SCOTT','DB_CONTROL','OPS$ORACLE','XXX'))
   and privilege not in ('CONNECT')
union all
select grantee "User", owner||'.'||table_name "Grant", lower(privilege)
"Type"
  from dba_tab_privs 
 where grantee in (select username from dba_users
                    where username not in ('SYS','SYSTEM',
'OUTLN','DBSNMP','SCOTT','DB_CONTROL','OPS$ORACLE','XXX'))
order by 1
/

-- All role's granted
break on role skip 1 on role
col role format a15
col grant format a30
ttitle 'All roles granted'
select grantee "Role", granted_role "Grant", 'role' "Type" 
  from dba_role_privs
 where grantee not in (select username from dba_users)
   and grantee not in ('EXECUTE_CATALOG_ROLE','EXP_FULL_DATABASE','DBA',
                       'IMP_FULL_DATABASE','SELECT_CATALOG_ROLE',
                       'AQ_ADMINISTRATOR_ROLE','CONNECT',
                       'HS_ADMIN_ROLE','DELETE_CATALOG_ROLE',
                       'AQ_USER_ROLE','RECOVERY_CATALOG_OWNER',
                       'SNMPAGENT')
   and granted_role not in ('CONNECT')
union all
select grantee "Role", privilege "Grant", 'priv' "Type" 
  from dba_sys_privs
 where grantee not in (select username from dba_users)
   and grantee not in ('EXECUTE_CATALOG_ROLE','EXP_FULL_DATABASE','DBA',
                       'IMP_FULL_DATABASE','SELECT_CATALOG_ROLE',
                       'AQ_ADMINISTRATOR_ROLE','CONNECT',
                       'HS_ADMIN_ROLE','DELETE_CATALOG_ROLE',
                       'AQ_USER_ROLE','RECOVERY_CATALOG_OWNER',
                       'SNMPAGENT')
union all
select grantee "Role", owner||'.'||table_name "Grant", lower(privilege)
"Type"
  from dba_tab_privs 
 where grantee not in (select username from dba_users)
   and grantee not in ('EXECUTE_CATALOG_ROLE','EXP_FULL_DATABASE','DBA',
                       'IMP_FULL_DATABASE','SELECT_CATALOG_ROLE',
                       'AQ_ADMINISTRATOR_ROLE','CONNECT','PUBLIC',
                       'HS_ADMIN_ROLE','DELETE_CATALOG_ROLE',
                       'AQ_USER_ROLE','RECOVERY_CATALOG_OWNER',
                       'SNMPAGENT')
order by 1
/

-- Objects owned by users
break on user skip 1 on user
col user format a15
ttitle 'All users objects'
select owner "User", object_name "Object name", object_type "Type" 
  from all_objects
where owner in (select username from dba_users
                    where username not in ('SYS','SYSTEM',
'OUTLN','DBSNMP','SCOTT','DB_CONTROL','OPS$ORACLE8','XXX'))
/

For More Information

Feedback: E-mail the editor with your thoughts about this tip.
More tips: Hundreds of free Oracle tips and scripts.
Tip contest: Have an Oracle tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize -- submit your tip today!
Ask the Experts: Our SQL, database design, Oracle, SQL Server, DB2, metadata, and data warehousing gurus are waiting to answer your toughest questions.
Forums: Ask your technical Oracle questions--or help out your peers by answering them--in our active forums.
Best Web Links: Oracle tips, tutorials, and scripts from around the Web.

For More Information

How to create Oracle Multitenant database user accounts

New Salesforce FoundationConnect designed for grantmakers

Using Oracle 12c Unified Auditing to set database audit policies

REST vs. SOAP: Choosing the best web service

Oracle brings GoldenGate data integration service to cloud

Era Software raises $15.25M for enterprise data management

Dgraph GraphQL database users detail graph use cases

TigerGraph unveils support for GCP, adds new connectors

Startup Veezoo emerges from stealth with NLQ-based platform

15 data science tools to consider using in 2021

S/4HANA Cloud SaaS ERP: Buying team overview

SAP forms financial services partnership with Dediq

Unpatched applications threaten SAP security

SQL Server database design best practices and tips for DBAs

SQL Server in Azure database choices and what they offer users

Using a LEFT OUTER JOIN vs. RIGHT OUTER JOIN in SQL

Incorporate diversity and inclusion in technology design

Microsoft previews OpenJDK distro to the delight of devs

Supreme Court ruling on Java APIs eases developer worries

Nvidia SDK simulates quantum computing circuits on GPU systems

Programmable processor technology for next-gen data centers

Data processing units accelerate infrastructure performance

Hyland gets digital asset management tech with Nuxeo buy

OpenText releases Cloud Editions content services updates

Adobe courts small businesses with Acrobat Pro package

Shift to HR shared services could save Connecticut millions

10 steps to support your HCM system post go-live

Face mask detection a newcomer to employee surveillance

For More Information

Dig Deeper on Oracle database security

How to create Oracle Multitenant database user accounts

New Salesforce FoundationConnect designed for grantmakers

Using Oracle 12c Unified Auditing to set database audit policies

REST vs. SOAP: Choosing the best web service