Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: privileges

Re: privileges

From: Ron Rogers <RROGERS_at_galottery.org>
Date: Fri, 22 Sep 2000 09:29:33 -0400
Message-Id: <10627.117654@fatcity.com> 





Lisa,


Good Luck on your quest.. The company I work for has been in existence for =
7 years and I started working for them 2 years age. There was no documentat=
ion at all about the database or applications when I started. The =
databases are now documented (I still request documentation for the =
applications but not yet. I can still hope) and I am trying to implement =
security options via roles and privileges. over 3 months ago I asked the =
developers, VP of development, Vp of IS for a list of which user needs =
what type of access to what table. No luck to date. I took it upon myself =
to create roles that accessed the tables I thought that were tied to the =
different applications. One by one I am moving the users to the role. If =
some one complains I then know what table I have to add to what role.
The first step was to remove the resource privilege from the users as they =
run client applications and are select options only. The application that =
need other than select are given an id and the id is given a role with the =
additional privileges. Only the role has the ability to change any data. =
That puts the responsibility on the network group to only deploy the =
application to the users that need id. The development group uses a user =
table in the code to verify the user has the privilege to use the =
application.


 The second step was to remove the connect option and grant create session =
instead. So far it has worked and I have the majority of the "public" =
permissions revoked.


Hope this gives some insite.


ROR =AA=BF=AA




>>> lkoivu_at_qode.com 09/21/00 05:01PM >>>

I inherited a database and application that was developed using the famous
'smear' method of privileges.  In other words, everybody has access to
anything to do whatever they please.=20



It's time I cleaned this up.  I have no guidelines to work from and quite
honestly don't know the application too well - I have written a minute
amount of code for this app.  I'm thinking I could sift through dba_source
as a starting point, to see whose procedures are accessing stuff outside
their schema, etc.  Man, this is going to be a big, tedious, messy
trial-and-error nightmare.=20



If anyone has done anything similar and has any suggestions I would be =
very


happy to hear them.=20



Thanks



Lisa Rutland Koivu


Oracle Database Administrator


Qode.com


4850 North State Road 7


Suite G104


Fort Lauderdale, FL  33319


V: 954.484.3191, x174
F: 954.484.2933=20
C: 954.658.5849




http://www.qode.com=20



"The information contained herein does not express the opinion or position
of Qode.com and cannot be attributed to or made binding upon Qode.com."
Received on Fri Sep 22 2000 - 08:29:33 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US