Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Alternatives to roles in procedures?

RE: Alternatives to roles in procedures?

From: Mercadante, Thomas F <NDATFM_at_labor.state.ny.us>
Date: Wed, 19 Sep 2001 05:47:48 -0700
Message-ID: <F001.003926E5.20010919052019@fatcity.com>

I agree with YOU Rachel.

I (the DBA) own all tables, sequences, etc. Developers write stored Procs, Packs and Funcs. In the Development arena, they have "create any procedure" priv which allows them to create and replace Oracle objects in the DBA schema. They develop under a common account, which has been granted SIUD to all tables under the DBA schema.

I know this is a risk (they could trash sys Packs&Procs), but it is Development. If they trash the DB, I restore from the prior day (using Rman!). We've been developing for over a year, and it has not happened yet.

In the remaining environments, they do not have privs to do anything. New releases of their code is installed by me, on a regularly scheduled basis (Friday afternoon - it sucks!).

Much more straightforward than the multiple-schema suggestion.

Hope this helps.

Tom Mercadante
Oracle Certified Professional

-----Original Message-----
Sent: Tuesday, September 18, 2001 10:45 PM To: Multiple recipients of list ORACLE-L

isn't it still simpler to let the schema owner own procedures that access tables in that schema, and grant execute on the procedures rather grant SIUD

on all tables owned by each schema owner? I'd think there would be fewer procedures than tables in each schema

>From: "Jesse, Rich" <Rich.Jesse_at_qtiworld.com>
>Reply-To: ORACLE-L_at_fatcity.com
>To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
>Subject: RE: Alternatives to roles in procedures?
>Date: Tue, 18 Sep 2001 11:20:28 -0800
>
>Interesting! However, if I had shown a real-world example, I think it
>would've poked a hole in your excellent idea. Add schema "C" (and "D" and
>"E") onto this example that schema "B" also needs to access.
>
>Ain't no way in hell the devs are gonna rewrite all of their code to
>accommodate Jeff T's environment, either.
>
>Thanks for the suggestions, but I'm looking at the brute force method,
>methinks. :)
>
>Rich Jesse System/Database Administrator
>Rich.Jesse_at_qtiworld.com Quad/Tech International, Sussex, WI USA
>
>Disclaimer: rm -rf /bin/laden
>
>
>
>-----Original Message-----
>Sent: Monday, September 17, 2001 21:55
>To: Multiple recipients of list ORACLE-L
>
>
>um, create the procedures in schema A and grant execute to schema B?
>removes the need for direct grants on the tables.
>
>
> >From: "Jesse, Rich" <Rich.Jesse_at_qtiworld.com>
> >Reply-To: ORACLE-L_at_fatcity.com
> >To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
> >Subject: Alternatives to roles in procedures?
> >Date: Mon, 17 Sep 2001 12:30:24 -0800
> >
> >So, there we are, in 8.1.7 on HP/UX 11.0. We have several dozen tables
>in
> >schema "A" that need to be accessed from procedures in schema "B". We
>had
> >previously been using a role to grant access to these tables but now with
> >the procedures, this ain't an option.
> >
> >Are there any alternatives to granting SELECT, INSERT, UPDATE, DELETE,
>etc
> >on each table to schema "B"?
> >
> >TIA,
> >Rich Jesse System/Database Administrator
> >Rich.Jesse_at_qtiworld.com Quad/Tech International, Sussex, WI
>USA
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Jesse, Rich
> INET: Rich.Jesse_at_qtiworld.com
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).



Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Rachel Carmichael
  INET: carmichr_at_hotmail.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Mercadante, Thomas F
  INET: NDATFM_at_labor.state.ny.us

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed Sep 19 2001 - 07:47:48 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US