How to know if a user has a privilege on Object?

I would like to know if a user has a privilege on an object or not.

I’m working on SQL Developer.

When I query manually the table DBA_TAB_PRIVS, I get all the information needed.

However, I need this information to be used in some triggers and functions.

So, I’m writing PL/SQL function that will return 1 if a role has the privilege and 0 otherwise.

CREATE OR REPLACE FUNCTION HAS_PRIVILEGE_ON_OBJECT(rolename      IN VARCHAR2,
                                                   objectname    IN VARCHAR2,
                                                   objectowner   IN VARCHAR2,
                                                   privilegename IN VARCHAR2)
  RETURN NUMBER
AS
  output NUMBER;
  BEGIN

    SELECT count(*) INTO output
      FROM dba_tab_privs
     WHERE grantee = rolename
       AND owner = objectowner
       AND table_name = objectname
       AND privilege = privilegename;

    IF output > 0 THEN
      RETURN 1;
    ELSE
      RETURN 0;
    END IF;
  END has_privilege_on_object;

The function doesn’t compile and says :

ORA 942 : table or view does not exist.

The user connected has access to the view DBA_TAB_PRIVS since I can query it, but when trying to automate it using a function. It doesn’t work.

Any ideas please?

Answer

I’ll wager that you have privileges on dba_tab_privs via a role, not via a direct grant. If you want to use a definer’s rights stored function, the owner of the function has to have privileges on all the objects granted directly, not via a role.

If you disable roles in your interactive session, can you still query dba_tab_privs? That is, if you do

SQL> set role none;
SQL> select * from dba_tab_privs

do you get the same ORA-00942 error? Assuming that you do

GRANT select any dictionary
   TO procedure_owner

will give the procedure_owner user the ability to query any data dictionary table in a stored function. Of course, you could also do a direct grant on just dba_tab_privs.