--- title: "Script to Grant Oracle Permissions | Microsoft Docs" ms.custom: "" ms.date: "03/14/2017" ms.prod: sql ms.prod_service: "database-engine" ms.reviewer: "" ms.technology: replication ms.topic: conceptual helpviewer_keywords: - "Oracle publishing [SQL Server replication], script to grant permissions" ms.assetid: d742fd30-347a-452f-b5fc-b03232360c6b author: "MashaMSFT" ms.author: "mathoma" --- # Script to Grant Oracle Permissions [!INCLUDE[appliesto-ss-xxxx-xxxx-xxx-md](../../../includes/appliesto-ss-xxxx-xxxx-xxx-md.md)] The script provided in this topic is used during the configuration of an Oracle database that will publish data using [!INCLUDE[msCoName](../../../includes/msconame-md.md)] [!INCLUDE[ssNoVersion](../../../includes/ssnoversion-md.md)] replication. This script is also available in the following directory after installation: *\*:\\\Program Files\Microsoft SQL Server\\*\*\MSSQL\Install\oracleadmin.sql. For more information about configuring the Oracle database, see [Configure an Oracle Publisher](../../../relational-databases/replication/non-sql/configure-an-oracle-publisher.md). > [!NOTE] > This script includes the statement `GRANT CREATE ANY TRIGGER TO &&AdminLogin;`, which is required for the triggers used by transactional replication. If you will use only snapshot replication, remove this line from the script. **To run the script from the Oracle SQL\*Plus utility** 1. On the SQL Server Distributor, open a Command Prompt window. 2. To use SQL*PLUS to connect to the Oracle database and execute the oracleadmin.sql script from its default install directory, type the following syntax: ``` sqlplus system/P@$$W0rd@orcl @"c:\Program Files\Microsoft SQL Server\\MSSQL\Install\oracleadmin.sql" ``` In this example, the built-in Oracle account **system** is used to connect to an Oracle database with a network name of "orcl". 3. When prompted, specify the user name, user password, and default table space. ``` --*********************************************************************** -- Copyright (c) 2003 Microsoft Corporation -- -- File: -- oracleadmin.sql -- -- Purpose: -- PL/SQL script to create a database user with the required -- permissions to administer SQL Server publishing for an Oracle -- database. -- -- &&ReplLogin == Replication user login -- &&ReplPassword == Replication user password -- &&DefaultTablespace == Tablespace that will serve as the default -- tablespace for the replication user. -- The replication user will be authorized to allocate UNLIMITED space -- on the default tablespace, which must already exist. -- -- Notes: -- -- This script must be run from an Oracle login having the -- authorization to create a new user and grant unlimited tablespace on -- any existing tablespace. The login must also be able to grant to the -- newly created login the following authorizations: -- -- create public synonym -- drop public synonym -- create sequence -- create procedure -- create session -- create table -- create view -- -- Additionally, the following properties are also required for -- transactional publications. -- -- create any trigger -- -- All of the privileges may be granted through a role, with the -- exception of create table, create view, and create any trigger. -- These must be granted explicitly to the replication user login. -- In the script, all grants are granted explicitly to the replication -- user. -- -- In addition to these general grants, a table owner must explicitly -- grant select authorization to the replication user on a table before -- the table can be published. -- *********************************************************************** ACCEPT ReplLogin CHAR PROMPT 'User to create for replication: '; ACCEPT ReplPassword CHAR PROMPT 'Replication user passsword: ' HIDE; ACCEPT DefaultTableSpace CHAR DEFAULT 'SYSTEM' PROMPT 'Default tablespace: '; -- Create the replication user account CREATE USER &&ReplLogin IDENTIFIED BY &&ReplPassword DEFAULT TABLESPACE &&DefaultTablespace QUOTA UNLIMITED ON &&DefaultTablespace; -- It is recommended that only the required grants be granted to this -- user. -- -- The following 5 privileges are granted explicitly, but could be -- granted through a role. GRANT CREATE PUBLIC SYNONYM TO &&ReplLogin; GRANT DROP PUBLIC SYNONYM TO &&ReplLogin; GRANT CREATE SEQUENCE TO &&ReplLogin; GRANT CREATE PROCEDURE TO &&ReplLogin; GRANT CREATE SESSION TO &&ReplLogin; -- The following privileges must be granted explicitly to the -- replication user. GRANT CREATE TABLE TO &&ReplLogin; GRANT CREATE VIEW TO &&ReplLogin; -- The replication user login needs to be able to create a tracking -- trigger on any table that is to be published in a transactional -- publication. The CREATE ANY privilege is used to obtain the -- authorization to create these triggers. To replicate a table, the -- table owner must additionally explicitly grant select authorization -- on the table to the replication user. -- -- NOTE: CREATE ANY TRIGGER is not required for snapshot publications. GRANT CREATE ANY TRIGGER TO &&ReplLogin; ``` ## See Also [Configure an Oracle Publisher](../../../relational-databases/replication/non-sql/configure-an-oracle-publisher.md)