Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Authorete

RE: Authorete

From: John Flack <>
Date: Fri, 12 Mar 2004 08:45:48 -0500
Message-ID: <>

I'm trying to get a handle on exactly what you want the programmers to be able to do, and what you don't want them able to do.  

If you are just trying to keep them from doing DDL, then you give them all their own user accounts, create and grant a "programmer" role with SELECT, INSERT, UPDATE and DELETE on the tables. The tables are owned by a separate application schema to which only you have the password. It might not even have the connect privilege.  

Want to limit the rows on which they may operate too? Look into Vitual Private Database.  

Want to give them limited and highly controlled access to DDL? Create a DDL package in the application schema with procedures that do EXECUTE IMMEDIATE commands for each DDL that you want to allow, then grant the programmer role EXECUTE on the package. You can add all kinds of code to control exactly what they can do, and even have it e-mail you every time they use it, to let you know what they are up to.

-----Original Message-----
From: April Wells [] Sent: Friday, March 12, 2004 7:49 AM
To: ''
Subject: RE: Authorete

Ya know, I was thinking maybe adopting the idea of medieval times... if you get caught screwing around with the tables, I cut off your fingers... but there is this company policy against bodily harm against programmers... the SPCA comes around and fines you for hurting dumb animals...  

This was safer.      

April Wells
Oracle DBA/Oracle Apps DBA
Corporate Systems
Amarillo Texas

"Few people really enjoy the simple pleasure of flying a kite" Adam Wells age 11
"Imagination is the highest kite one can fly." Lauren Bacall

-----Original Message-----
From: Goulet, Dick [] Sent: Thursday, March 11, 2004 3:26 PM
Subject: RE: Authorete

Shackles work very well in that case. Possibly you could borrow a few pairs of handcuffs from the local police department!! *-)  

Dick Goulet
Senior Oracle DBA
Oracle Certified 8i DBA

-----Original Message-----
From: April Wells [] Sent: Thursday, March 11, 2004 3:08 PM
Subject: RE: Authorete

no, I don't think that will give me what I'm really after...  

The idea is to tie the hands of the programmers to such an extent that I KNOW what they can and can not do... and how bad they can put me in a bind.  

Please see the official ORACLE-L FAQ:

To unsubscribe send email to: put 'unsubscribe' in the subject line.
Archives are at
FAQ is at
Received on Fri Mar 12 2004 - 07:42:27 CST

Original text of this message