Comments (5)
oravirt
commented on August 25, 2024
Hi, a couple of things:
- I think you may be running an older version of the module
- If 1 is true then - the version you're using 'half-managed' object privs, (select/delete etc on any object). You could add them, but they were never considered after the initial add.
In the current version, I'm actually not sure they can be added at all (since I changed the way I manage the privs) I'm about to start on an update that should fix this though.
In the meantime, there is another module called oracle_privs which I use to set object privs.
So in your case, I would have split the privileges into multiple keys and 2 plays, e.g (note, this isn't actually tested but you get the idea):
- role_grants deals with system privileges
- object_grants sets the type of priv (select/insert etc)
- object lists the objects object_grants should be applied to
oracle_roles:
- name: prtg_role
state: present
role_grants:
- create session
object_grants:
- select
objects:
- "sys.dba_data_files"
- "sys.dba_free_space"
- "sys.dba_segments"
- "sys.dba_tablespaces"
- "sys.v_$archived_log"
- "sys.v_$open_cursor"
- "sys.v_$parameter"
- "sys.v_$recovery_file_dest"
- "sys.v_$session"
- "sys.v_$sesstat"
- "sys.v_$sga_target_advice"
- "sys.v_$statname"
- task: Manage object privs
oracle_privs:
roles={{ item.name }}
state={{ item.state }}
privs={{ item.obj_privs }}
objs={{ item.obj_objects }}
hostname: "{{ ansible_fqdn }}"
service_name: "{{ oracle_sid }}"
user: sys
mode: sysdba
password: "{{ password }}"
with_items:
- "{{ oracle_roles }}"
- name: Add grants to role
oracle_grants:
hostname: "{{ ansible_fqdn }}"
service_name: "{{ oracle_sid }}"
user: sys
mode: sysdba
password: "{{ password }}"
role: "{{ item.name }}"
grants: "{{ item.role_grans }}"
state: "{{ item.state }}"
environment: "{{ oracle_env }}"
with_items:
- "{{ oracle_roles }}"
delegate_to: localhost
become: no
from ansible-oracle-modules.
topher-debusk
commented on August 25, 2024
I did a pull, just to double check my version... I think I was pretty up to date.
I'll give your suggestion a shot. Thanks for taking a look.
Unpacking objects: 100% (6/6), done.
From https://github.com/oravirt/ansible-oracle-modules
19665a0..6b675e5 master -> origin/master
Updating 19665a0..6b675e5
Fast-forward
oracle_tablespace | 191 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 188 insertions(+), 3 deletions(-)
from ansible-oracle-modules.
oravirt
commented on August 25, 2024
Ok.
FYI - I'm adding object priv management now to oracle_grants, so should be done in a couple of days (hopefully)
from ansible-oracle-modules.
oravirt
commented on August 25, 2024
Hi,
I've added the functionality to deal with object privileges to oracle_grants. I've added another key (object_privs), which is passed as a list. Each key should be in the format:
priv:owner.object
e.g
select:sys.dba_tablespaces
grants:
- create session
...
object_privs:
- select:sys.v_$session
- select:sys.dba_data_files
- insert,update,delete,select:owner.table
...
The module is in need of a pretty big re-factor, but it works for now.
from ansible-oracle-modules.
topher-debusk
commented on August 25, 2024
Sorry it took me so long to get around to checking this, but it appears to be working :)
Thanks a bunch!
from ansible-oracle-modules.
Related Issues (20)
- The problem of cx_Oracle HOT 6
- Migration to Python3 - No cmp support HOT 2
- Python3 - oracle_parameter - TypeError: '>' not supported between instances of 'tuple' and 'int' HOT 1
- oracle_tablespace.py - line 663, in drop_tablespace - NameError: global name 'module' is not defined.
- Examples
- Ansible 2.9+ compatibility HOT 1
- oracle_db: domain issue
- Reset expired password on connect
- oracle_user do not set grants HOT 1
- oracle_user: wanted_list and curr_defaults are not compared case insensitive HOT 2
- oracle_parameter: Documentation vs implementation
- oracle_tablespace: module object not handed over to drop_tablespace()
- oracle_services: Unlucky RAC-like calls to srvctl on Single Server HOT 2
- oracle_tablespace: PL/SQL error when altering a tablespace with a huge current maxsize
- oracle_sqldba - check _mode
- Any module for table partition/sub-partition creation HOT 1
- oracle_profile never changes any attributes
- suggestion for container
- Help needed with post script for pdb
- ORA-02003 invalid USERENV
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-oracle-modules.