[gdal-dev] [EXTERNAL] Minimum user rights needed for Oracle driver

Smith, Michael ERDC-RDE-CRREL-NH Michael.Smith at erdc.dren.mil
Tue Oct 1 14:49:00 PDT 2013


The MDSYS.CR_SRS table has been deprecated. Its now a view and there are
whole set of tables that are used for handling new spatial reference
systems. User defined SRIDs should all be above 1000000 now. Specific info
is at 
http://docs.oracle.com/cd/E16655_01/appdev.121/e17896/sdo_cs_concepts.htm#i
894537

Frankly, I think GDAL/OGR should never add an SRID to Oracle. There is a
lot more to add than just the WKT specifications.

Mike

-- 
Michael Smith

US Army Corps
Remote Sensing GIS/Center



On 10/1/13 5:28 PM, "Rahkonen Jukka" <jukka.rahkonen at mmmtike.fi> wrote:

>Hi,
>
>What about if GDAL and Oracle can't find common understandment about
>SRID? I have seen that GDAL tries then  to insert something into
>MDSYS.CS_SRS and with our user rights that fails always. I have not
>studied that further because that comes always from my error and adding
>-lco SRID helps which is lucky because our db admins tend to be jealous
>about the MDSYS area.
>
>Nothing to worry about USER/ALL_SDO_INDEX_METADATA, is it handled
>automatically together with read/write rights to tables and views?
>
>-Jukka-
>________________________________________
>Smith, Michael wrote:
>
>> For write access, one needs INSERT and/or UPDATE on an existing table.
>>For
>> a new table, a user needs CREATE TABLE and CREATE SEQUENCE access to a
>> Schema and some tablespace allocation for the schema, ALTER USER
>>USERNAME
>> QUOTA <SIZE> on TABLESPACE Y,   or GRANT UNLIMITED TABLESPACE to
>>USERNAME.
>
>Mike
>
>--
>Michael Smith
>
>US Army Corps
>Remote Sensing GIS/Center
>
>
>
>On 10/1/13 4:58 PM, "Smith, Michael ERDC-RDE-CRREL-NH"
><Michael.Smith at erdc.dren.mil> wrote:
>
>>Jukka,
>>
>>Basically, you need read access to the schema.table in question. The
>>spatial views are automatically available if a user has read access to
>>the
>>table. So the minimum access is
>>
>>GRANT SELECT on SCHEMA.TABLENAME to USERNAME;
>>
>>
>>ALL_SDO_GEOM_METADATA is a view that contains metadata information for
>>all
>>spatial tables on which the user has SELECT permission. It is this view
>>that OGR uses to access Oracle Spatial data.
>>
>>
>>Mike
>>
>>--
>>Michael Smith
>>
>>US Army Corps
>>Remote Sensing GIS/Center
>>
>>
>>
>>
>>On 10/1/13 4:42 PM, "Jukka Rahkonen" <jukka.rahkonen at mmmtike.fi> wrote:
>>
>>>Hi,
>>>
>>>PostGIS manual page has a useful chapter about what rights GDAL user
>>>needs
>>>
>>>" You must have permissions on all tables you want to read and
>>>geometry_columns and spatial_ref_sys.
>>>Misleading behavior may follow without an error message if you do not
>>>have
>>>permissions to these tables. Permission issues on geometry_columns
>>>and/or
>>>spatial_ref_sys tables can be generally confirmed if you can see the
>>>tables
>>>by setting the configuration option PG_LIST_ALL_TABLES to YES. (e.g.
>>>ogrinfo
>>>--config PG_LIST_ALL_TABLES YES PG:xxxxx) "
>>>
>>>Oracle Spatial manual page http://www.gdal.org/ogr/drv_oci.html is
>>>missing
>>>this information. I have also a feeling that with Oracle there are more
>>>tables and views and Oracle system stuff involved. Is here anybody who
>>>could
>>>tell what rights GDAL user must have for a) read access b) read and
>>>write
>>>access? It would be ideal to have a comprehensive list that could be
>>>given
>>>for the ever friendly DB admins
>>>
>>>GRANT [privileges] ON [object_1] TO [user]
>>>GRANT [privileges] ON [object_2] TO [user]
>>>...
>>>
>>>
>>>-Jukka Rahkonen-
>>>
>>>_______________________________________________
>>>gdal-dev mailing list
>>>gdal-dev at lists.osgeo.org
>>>http://lists.osgeo.org/mailman/listinfo/gdal-dev
>>
>>_______________________________________________
>>gdal-dev mailing list
>>gdal-dev at lists.osgeo.org
>>http://lists.osgeo.org/mailman/listinfo/gdal-dev
>
>_______________________________________________
>gdal-dev mailing list
>gdal-dev at lists.osgeo.org
>http://lists.osgeo.org/mailman/listinfo/gdal-dev



More information about the gdal-dev mailing list