diff --git a/ingestion/src/metadata/ingestion/source/database/oracle/connection.py b/ingestion/src/metadata/ingestion/source/database/oracle/connection.py index 5a98d7a5197..324aa5def4f 100644 --- a/ingestion/src/metadata/ingestion/source/database/oracle/connection.py +++ b/ingestion/src/metadata/ingestion/source/database/oracle/connection.py @@ -38,6 +38,7 @@ from metadata.ingestion.connections.builders import ( ) from metadata.ingestion.connections.test_connections import test_connection_db_common from metadata.ingestion.ometa.ometa_api import OpenMetadata +from metadata.ingestion.source.database.oracle.queries import CHECK_ACCESS_TO_DBA from metadata.utils.logger import ingestion_logger CX_ORACLE_LIB_VERSION = "8.3.0" @@ -136,9 +137,13 @@ def test_connection( Test connection. This can be executed either as part of a metadata workflow or during an Automation Workflow """ + + test_conn_queries = {"CheckAccess": CHECK_ACCESS_TO_DBA} + test_connection_db_common( metadata=metadata, engine=engine, service_connection=service_connection, automation_workflow=automation_workflow, + queries=test_conn_queries, ) diff --git a/ingestion/src/metadata/ingestion/source/database/oracle/queries.py b/ingestion/src/metadata/ingestion/source/database/oracle/queries.py index 068c6b13057..c07f8725d65 100644 --- a/ingestion/src/metadata/ingestion/source/database/oracle/queries.py +++ b/ingestion/src/metadata/ingestion/source/database/oracle/queries.py @@ -88,7 +88,7 @@ WHERE type = 'PROCEDURE' and owner = '{schema}' """ ) - +CHECK_ACCESS_TO_DBA = "SELECT table_name FROM DBA_TABLES where ROWNUM < 2" ORACLE_GET_STORED_PROCEDURE_QUERIES = textwrap.dedent( """ WITH SP_HISTORY AS (SELECT diff --git a/openmetadata-docs/content/v1.1.x/connectors/database/oracle/index.md b/openmetadata-docs/content/v1.1.x/connectors/database/oracle/index.md index 2b9b62d00a2..98d72291d85 100644 --- a/openmetadata-docs/content/v1.1.x/connectors/database/oracle/index.md +++ b/openmetadata-docs/content/v1.1.x/connectors/database/oracle/index.md @@ -57,6 +57,9 @@ GRANT new_role TO user_name; -- GRANT CREATE SESSION PRIVILEGE TO USER GRANT CREATE SESSION TO new_role; + +-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER +GRANT SELECT_CATALOG_ROLE TO new_role; ``` With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get diff --git a/openmetadata-docs/content/v1.1.x/connectors/database/oracle/yaml.md b/openmetadata-docs/content/v1.1.x/connectors/database/oracle/yaml.md index 1be404f0d67..59390c13835 100644 --- a/openmetadata-docs/content/v1.1.x/connectors/database/oracle/yaml.md +++ b/openmetadata-docs/content/v1.1.x/connectors/database/oracle/yaml.md @@ -61,8 +61,11 @@ CREATE ROLE new_role; -- GRANT ROLE TO USER GRANT new_role TO user_name; --- GRANT CREATE SESSION PRIVILEGE TO USER +-- GRANT CREATE SESSION PRIVILEGE TO ROLE / USER GRANT CREATE SESSION TO new_role; + +-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER +GRANT SELECT_CATALOG_ROLE TO new_role; ``` With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get diff --git a/openmetadata-docs/content/v1.2.x/connectors/database/oracle/index.md b/openmetadata-docs/content/v1.2.x/connectors/database/oracle/index.md index 3b91358c84c..e62a037bdaf 100644 --- a/openmetadata-docs/content/v1.2.x/connectors/database/oracle/index.md +++ b/openmetadata-docs/content/v1.2.x/connectors/database/oracle/index.md @@ -59,6 +59,9 @@ GRANT new_role TO user_name; -- GRANT CREATE SESSION PRIVILEGE TO USER GRANT CREATE SESSION TO new_role; + +-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER +GRANT SELECT_CATALOG_ROLE TO new_role; ``` With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get diff --git a/openmetadata-docs/content/v1.2.x/connectors/database/oracle/yaml.md b/openmetadata-docs/content/v1.2.x/connectors/database/oracle/yaml.md index 87eef17bca5..2ff448db420 100644 --- a/openmetadata-docs/content/v1.2.x/connectors/database/oracle/yaml.md +++ b/openmetadata-docs/content/v1.2.x/connectors/database/oracle/yaml.md @@ -65,6 +65,9 @@ GRANT new_role TO user_name; -- GRANT CREATE SESSION PRIVILEGE TO USER GRANT CREATE SESSION TO new_role; + +-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER +GRANT SELECT_CATALOG_ROLE TO new_role; ``` With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get diff --git a/openmetadata-docs/content/v1.3.x/connectors/database/oracle/index.md b/openmetadata-docs/content/v1.3.x/connectors/database/oracle/index.md index ad43e7cefea..73e04c031e8 100644 --- a/openmetadata-docs/content/v1.3.x/connectors/database/oracle/index.md +++ b/openmetadata-docs/content/v1.3.x/connectors/database/oracle/index.md @@ -42,6 +42,9 @@ GRANT new_role TO user_name; -- GRANT CREATE SESSION PRIVILEGE TO USER GRANT CREATE SESSION TO new_role; + +-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER +GRANT SELECT_CATALOG_ROLE TO new_role; ``` With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get diff --git a/openmetadata-docs/content/v1.3.x/connectors/database/oracle/yaml.md b/openmetadata-docs/content/v1.3.x/connectors/database/oracle/yaml.md index 31f909a143a..86799f4ba57 100644 --- a/openmetadata-docs/content/v1.3.x/connectors/database/oracle/yaml.md +++ b/openmetadata-docs/content/v1.3.x/connectors/database/oracle/yaml.md @@ -42,6 +42,9 @@ GRANT new_role TO user_name; -- GRANT CREATE SESSION PRIVILEGE TO USER GRANT CREATE SESSION TO new_role; + +-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER +GRANT SELECT_CATALOG_ROLE TO new_role; ``` With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get diff --git a/openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/oracle/index.md b/openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/oracle/index.md index 8761b0dccfb..1241234b75e 100644 --- a/openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/oracle/index.md +++ b/openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/oracle/index.md @@ -42,6 +42,9 @@ GRANT new_role TO user_name; -- GRANT CREATE SESSION PRIVILEGE TO USER GRANT CREATE SESSION TO new_role; + +-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER +GRANT SELECT_CATALOG_ROLE TO new_role; ``` With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get diff --git a/openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/oracle/yaml.md b/openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/oracle/yaml.md index 467b0a089ab..907347b2880 100644 --- a/openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/oracle/yaml.md +++ b/openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/oracle/yaml.md @@ -42,6 +42,9 @@ GRANT new_role TO user_name; -- GRANT CREATE SESSION PRIVILEGE TO USER GRANT CREATE SESSION TO new_role; + +-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER +GRANT SELECT_CATALOG_ROLE TO new_role; ``` With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get diff --git a/openmetadata-ui/src/main/resources/ui/public/locales/en-US/Database/Oracle.md b/openmetadata-ui/src/main/resources/ui/public/locales/en-US/Database/Oracle.md index 8cd71b0f820..58d9a3e3d2c 100644 --- a/openmetadata-ui/src/main/resources/ui/public/locales/en-US/Database/Oracle.md +++ b/openmetadata-ui/src/main/resources/ui/public/locales/en-US/Database/Oracle.md @@ -23,6 +23,9 @@ GRANT new_role TO user_name; -- GRANT CREATE SESSION PRIVILEGE TO USER GRANT CREATE SESSION TO new_role; + +-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER +GRANT SELECT_CATALOG_ROLE TO new_role; ``` - `GRANT SELECT` on the relevant tables which are to be ingested into OpenMetadata to the user diff --git a/openmetadata-ui/src/main/resources/ui/public/locales/fr-FR/Database/Oracle.md b/openmetadata-ui/src/main/resources/ui/public/locales/fr-FR/Database/Oracle.md index 6d35a6d9c43..d35ea9aad35 100644 --- a/openmetadata-ui/src/main/resources/ui/public/locales/fr-FR/Database/Oracle.md +++ b/openmetadata-ui/src/main/resources/ui/public/locales/fr-FR/Database/Oracle.md @@ -17,6 +17,9 @@ GRANT new_role TO user_name; -- GRANT CREATE SESSION PRIVILEGE TO USER GRANT CREATE SESSION TO new_role; + +-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER +GRANT SELECT_CATALOG_ROLE TO new_role; ``` **Important:** OpenMetadata utilise `python-oracledb` qui supoorte seulement les version 12c, 18c, 19c, et 21c d'Oracle.