Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: privileges

Re: privileges

From: Ron Rogers <>
Date: Fri, 22 Sep 2000 09:29:33 -0400
Message-Id: <>

Good Luck on your quest.. The company I work for has been in existence for = 7 years and I started working for them 2 years age. There was no documentat= ion at all about the database or applications when I started. The = databases are now documented (I still request documentation for the = applications but not yet. I can still hope) and I am trying to implement = security options via roles and privileges. over 3 months ago I asked the = developers, VP of development, Vp of IS for a list of which user needs = what type of access to what table. No luck to date. I took it upon myself = to create roles that accessed the tables I thought that were tied to the = different applications. One by one I am moving the users to the role. If = some one complains I then know what table I have to add to what role. The first step was to remove the resource privilege from the users as they = run client applications and are select options only. The application that = need other than select are given an id and the id is given a role with the = additional privileges. Only the role has the ability to change any data. = That puts the responsibility on the network group to only deploy the = application to the users that need id. The development group uses a user = table in the code to verify the user has the privilege to use the = application.
 The second step was to remove the connect option and grant create session = instead. So far it has worked and I have the majority of the "public" = permissions revoked.
Hope this gives some insite.
>>> 09/21/00 05:01PM >>>
I inherited a database and application that was developed using the famous 'smear' method of privileges. In other words, everybody has access to anything to do whatever they please.=20

It's time I cleaned this up. I have no guidelines to work from and quite honestly don't know the application too well - I have written a minute amount of code for this app. I'm thinking I could sift through dba_source as a starting point, to see whose procedures are accessing stuff outside their schema, etc. Man, this is going to be a big, tedious, messy trial-and-error nightmare.=20

If anyone has done anything similar and has any suggestions I would be = very
happy to hear them.=20


Lisa Rutland Koivu
Oracle Database Administrator
4850 North State Road 7
Suite G104
Fort Lauderdale, FL 33319

V: 954.484.3191, x174
F: 954.484.2933=20
C: 954.658.5849

"The information contained herein does not express the opinion or position of and cannot be attributed to or made binding upon" Received on Fri Sep 22 2000 - 08:29:33 CDT

Original text of this message