Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Protecting schema changes

RE: Protecting schema changes

From: Webber Valerie H <>
Date: Fri, 10 Jan 2003 12:44:45 -0800
Message-ID: <>


Is it okay to grant 'select any table' or should it be object specific? I'd think object specific would be more secure.  

Thanks for your help and have a nice weekend too! Val

-----Original Message-----
Sent: Friday, January 10, 2003 3:19 PM
To: Multiple recipients of list ORACLE-L


1). Create a role. Grant select, insert, update and delete of all the tables, views, sequences, procedures, packages and functions used by the application to this role.
2). create public synonyms for the objects in the application synonym. 3). create an "application" account that will be used by the application to connect to the database.
4). grant the role to the application account. 5). tell the applications group to change their JDBC procedure to connect to this new account.
6). then change the password to the application schema account. tell them that changes to this account will now be controlled by you - the DBA.  

problem solved. they can still play in their own account, but changes to the schema account is now controlled by you.  

once you move beyond the development environment, do not give them the ability to create anything in the database - only create query accounts for them to look at the data.  

hope this helps and have a nice weekend.  

Tom Mercadante
Oracle Certified Professional

-----Original Message-----
Sent: Friday, January 10, 2003 2:50 PM
To: Multiple recipients of list ORACLE-L

In a n-tier system that connects to the database with JDBC, how does a DBA keep developers from modifying the application schema without the DBA's consent or knowledge in a centralized development environment?

The developers can have their own personal database on their desktops to program/test with but we have a problem with them making changes to the main development database as the application schema owner. They know/have the application schema username/password since it is used to make the JDBC connections to the database from the app server.

Does anyone have links to defined change control processes that might help?

Thanks in advance!

Valerie H. Webber
Management Systems Designers, Inc
Database Administrator


Please see the official ORACLE-L FAQ:

Author: Webber Valerie H

Fat City Network Services    -- 858-538-5051
San Diego, California        -- Mailing list and web hosting services
To REMOVE yourself from this mailing list, send an E-Mail message to: (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Fri Jan 10 2003 - 14:44:45 CST

Original text of this message