ORA-01039: Insufficient Privileges on Underlying Objects of the View
ORA-01039 occurs when a user attempts to access a view but lacks the necessary privileges on the underlying base tables or objects that the view references. This error is particularly common in multi-schema environments where the view owner and the view consumer are different database users. Simply granting SELECT on the view itself is not always sufficient — Oracle may require direct grants on the base objects as well.
Top 3 Causes
1. Missing Direct Grants on Base Tables
The user has SELECT on the view but not on the underlying tables the view queries.
-- Check what objects a view depends on
SELECT referenced_owner, referenced_name, referenced_type
FROM dba_dependencies
WHERE name = 'EMP_DEPT_VIEW'
AND type = 'VIEW';
-- Check existing grants on base tables
SELECT grantee, owner, table_name, privilege
FROM dba_tab_privs
WHERE table_name IN ('EMPLOYEES', 'DEPARTMENTS')
AND grantee = 'APP_USER';
-- Fix: Grant directly on base tables
GRANT SELECT ON hr.employees TO app_user;
GRANT SELECT ON hr.departments TO app_user;
2. Privileges Granted via ROLE Instead of Directly
Oracle does not honor role-based privileges when compiling or validating views. The view owner must have direct grants on all referenced objects.
-- Wrong approach: Granting through a role
GRANT SELECT ON hr.employees TO hr_role;
GRANT hr_role TO view_owner; -- Not sufficient for view creation/use
-- Correct approach: Direct grant to the view owner
GRANT SELECT ON hr.employees TO view_owner;
GRANT SELECT ON hr.departments TO view_owner;
-- Now create the view
CREATE OR REPLACE VIEW view_owner.emp_view AS
SELECT e.employee_id, e.last_name, d.department_name
FROM hr.employees e
JOIN hr.departments d ON e.department_id = d.department_id;
3. Broken Privilege Chain in Nested Views
When a view references another view, each layer must have proper grants. A missing grant in the middle of the chain causes ORA-01039.
-- Trace the full dependency chain
SELECT level, referenced_owner, referenced_name, referenced_type
FROM dba_dependencies
START WITH name = 'TOP_VIEW' AND type = 'VIEW'
CONNECT BY PRIOR referenced_name = name
AND PRIOR referenced_type = type;
-- Fix: Grant at each layer with WITH GRANT OPTION where needed
GRANT SELECT ON base_schema.employees TO mid_schema WITH GRANT OPTION;
GRANT SELECT ON mid_schema.emp_mid_view TO top_schema WITH GRANT OPTION;
GRANT SELECT ON top_schema.emp_top_view TO end_user;
Quick Fix Solutions
-- Identify all missing grants for a view in one query
SELECT 'GRANT SELECT ON ' || d.referenced_owner || '.'
|| d.referenced_name || ' TO TARGET_USER;' AS fix_script
FROM dba_dependencies d
WHERE d.name = 'YOUR_VIEW_NAME'
AND d.type = 'VIEW'
AND d.referenced_type IN ('TABLE', 'VIEW')
AND NOT EXISTS (
SELECT 1 FROM dba_tab_privs p
WHERE p.grantee = 'TARGET_USER'
AND p.owner = d.referenced_owner
AND p.table_name = d.referenced_name
AND p.privilege = 'SELECT'
);
-- Recompile an invalid view after fixing grants
ALTER VIEW your_view_name COMPILE;
-- Recompile all invalid views in a schema
BEGIN
FOR v IN (SELECT object_name FROM dba_objects
WHERE object_type = 'VIEW'
AND status = 'INVALID'
AND owner = 'YOUR_SCHEMA') LOOP
EXECUTE IMMEDIATE 'ALTER VIEW ' || v.object_name || ' COMPILE';
END LOOP;
END;
/
Prevention Tips
1. Always use direct grants for view owners. Never rely on roles alone when a schema owns views that reference objects in other schemas. Establish a standard deployment checklist that verifies direct grants before any view is created or promoted to production.
2. Document your privilege model. In multi-schema environments, maintain a privilege matrix that maps which schemas can access which objects. For nested view architectures, draw out the full grant chain from base tables to the top-level view. This dramatically reduces troubleshooting time when ORA-01039 strikes in production.
Related Errors
- ORA-01031: General insufficient privileges, not specific to views.
- ORA-00942: Table or view does not exist — can appear when base tables are dropped or inaccessible.
- ORA-04063: View has errors — often appears alongside ORA-01039 when a view becomes INVALID after privilege changes.
-
ORA-01720: Grant option does not exist — raised when trying to re-grant a privilege received without
WITH GRANT OPTION.
📖 Want a more detailed guide?
Check out the full in-depth version (Korean) on oraerror.com — includes detailed analysis, additional SQL examples, and prevention tips.
Top comments (0)