Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: PERMISSIONS: Viewing, Altering and executing stored procedures/packages/functions

RE: PERMISSIONS: Viewing, Altering and executing stored procedures/packages/functions

From: Leonard, George <GLeonard_at_wesbank.co.za>
Date: Mon, 7 Feb 2005 18:21:15 +0200
Message-ID: <1831A554E8800049B6B970790D2513C03AE71C@fnbkrkmx01.fnb.co.za>


Hi there Mark  

you are correct, i was wrong. i tested it and as you said, having execute does not give permission to alter, what the problem was a dba role granted to a role that the users in question had.  

figured out what was going once i wrote a little ddl audit package that started showing they were alrering packages they were not suppose to after we had some funnies on the system...  

George


From: oracle-l-bounce_at_freelists.org on behalf of Powell, Mark D Sent: Mon 2005/02/07 04:50 PM
To: Oracle L (E-mail)
Subject: RE: PERMISSIONS: Viewing, Altering and executing stored procedures/packages/functions

George, I am a little confused as since when did having the EXECUTE privilege give a user/developer the privilege to CREATE OR REPLACE a procedure. You need the userid/password of the procedure owner or the CREATE ANY PROCEDURE for that. I think you are looking at the wrong privilege as being the problem.
HTH -- Mark D Powell --

-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of Leonard, George Sent: Monday, February 07, 2005 7:32 AM
To: rjamya
Cc: Oracle L (E-mail); Desplace, Laura
Subject: RE: PERMISSIONS: Viewing, Altering and executing stored procedures/packages/functions

Hmm

Now that I think about it, the view covers the viewing of code, but does not do anything for the problem if they can execute code they can alter it and this is one of our big problems...

George

=20________________________________________________
George Leonard
Oracle Database Administrator
New Dawn Technologies @ Wesbank
E-mail:gleonard_at_wesbank.co.za
=20
You Have The Obligation to Inform One Honestly of the risk, And As a Person
You Are Committed to Educate Yourself to the Total Risk In Any Activity! Once Informed & Totally Aware of the Risk, Every Fool Has the Right to Kill or Injure Themselves as They See Fit! =20

-----Original Message-----
From: rjamya [mailto:rjamya_at_gmail.com]=20 Sent: 07 February 2005 14:03 PM
To: Leonard, George
Cc: Oracle L (E-mail); Desplace, Laura
Subject: Re: PERMISSIONS: Viewing, Altering and executing stored procedures/packages/functions

create a system owned view dba$source as select * from xxx_source and then allow developers select from it. In fact, create a private synonym for each of them ...

create or replace duh_1.dba_source for system.dba$source /

create or replace duh_1.all_source for system.dba$source /

That should do the trick ... then you don't have to give 'execute any' privilege, just select on dba$source will do.

Raj

On Mon, 7 Feb 2005 11:10:48 +0200, Leonard, George <GLeonard_at_wesbank.co.za> wrote:
> Hi all

>=20

> My Developers are at it again.
>=20

> Is there any way I can let people see and execute code without being
> able to alter it?
>=20

> Currently giving execute on code gives them permission to alter it and
> we want to stop this,
>=20

> Help please!!!
>=20

> George
> =3D20________________________________________________
> George Leonard
> Oracle Database Administrator
> New Dawn Technologies @ Wesbank
> E-mail:gleonard_at_wesbank.co.za
> =3D20
> You Have The Obligation to Inform One Honestly of the risk, And As a
> Person
> You Are Committed to Educate Yourself to the Total Risk In Any
Activity!
> Once Informed & Totally Aware of the Risk,
> Every Fool Has the Right to Kill or Injure Themselves as They See Fit!
> =3D20

>=20
>

_=3D
> __________________________

>=20
> The views expressed in this email are, unless otherwise stated, those
of =3D
> the author and not those
> of the FirstRand Banking Group an Authorised Financial Service
Provider o=3D
> r its management.
> The information in this e-mail is confidential and is intended solely
for=3D
> =3D20the addressee.
> Access to this e-mail by anyone else is unauthorised.
> If you are not the intended recipient, any disclosure, copying,
distribut=3D
> ion or any action taken or=3D20
> omitted in reliance on this, is prohibited and may be unlawful.
> Whilst all reasonable steps are taken to ensure the accuracy and
integrit=3D
> y of information and data=3D20
> transmitted electronically and to preserve the confidentiality
thereof, n=3D
> o liability or=3D20
> responsibility whatsoever is accepted if information or data is, for
what=3D
> ever reason, corrupted=3D20
> or does not reach its intended destination.
>=20

> =3D20 ________________________________
> --
> http://www.freelists.org/webpage/oracle-l
>=20

--=20



select standard_disclaimer from company_requirements where category =3D 'MANDATORY';
_________________________________________________________________________=
__________________________


The views expressed in this email are, unless otherwise stated, those of = the author and not those
of the FirstRand Banking Group an Authorised Financial Service Provider o= r its management.
The information in this e-mail is confidential and is intended solely for= =20the addressee.
Access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribut= ion or any action taken or=20
omitted in reliance on this, is prohibited and may be unlawful. Whilst all reasonable steps are taken to ensure the accuracy and integrit= y of information and data=20
transmitted electronically and to preserve the confidentiality thereof, n= o liability or=20
responsibility whatsoever is accepted if information or data is, for what= ever reason, corrupted=20
or does not reach its intended destination.

=20                              ________________________________
--
http://www.freelists.org/webpage/oracle-l


--
http://www.freelists.org/webpage/oracle-l



___________________________________________________________________________________________________


The views expressed in this email are, unless otherwise stated, those of the author and not those
of the FirstRand Banking Group an Authorised Financial Service Provider or its management.
The information in this e-mail is confidential and is intended solely for the addressee.
Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or 
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data 
transmitted electronically and to preserve the confidentiality thereof, no liability or 
responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted 
or does not reach its intended destination.

                               ________________________________

--
http://www.freelists.org/webpage/oracle-l
Received on Mon Feb 07 2005 - 11:27:21 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US