Multi-Schema Privileges for a Table Trigger in an Oracle Database

Question

I\'m trying to write a table trigger which queries another table that is outside the schema where the trigger will reside. Is this possible? It seems like I have no proble

Answer 1

You should execute this for every table and schema involved:

grant select on OTHER_SCHEMA_%.table_name to MAIN_SCHEMA;

Answer 2

What you are experiencing is a feature of Oracle's security model. The entire point of using schemas is to control access to the data. The tables in my schema are mine, you cannot even see them until I grant you privileges on them.

The syntax is quite simple: the owner schema issues

grant select, insert on my_table to you
/

Alternatively an account with the GRANT ANY privilege (such as a DBA) can pass privileges on any user's objects.

grant select, insert on apc.my_table to you
/

The grantee can be either a user or a role. However, note that we can only build program units - stored procedures, views, triggers - using privileges which have been granted directly through to our user.

So, if you get the other schema owner to grant you the necessary privileges you will be able to build your trigger.

edit

When referencing an object in another schema we need to qualify the object with the schema name ....

insert into apc.whatever_table  values ...

or else we need to create a synonym for it

create synonym whatever for apc.whatever_table;

Answer 3

I feel someone should add the obvious - the other schema's table must be qualified with the schema name or a private/public synonym is needed. I wonder if the original problem was merely a name resolution issue. If not, APC's answer is a good explanation of the Oracle security model.