From oracle-l-bounce@freelists.org Fri Feb 11 09:50:31 2005 Return-Path: Received: from air891.startdedicated.com (root@localhost) by orafaq.com (8.12.10/8.12.10) with ESMTP id j1BFoVJK024989 for ; Fri, 11 Feb 2005 09:50:31 -0600 X-ClientAddr: 206.53.239.180 Received: from turing.freelists.org (freelists-180.iquest.net [206.53.239.180]) by air891.startdedicated.com (8.12.10/8.12.10) with ESMTP id j1BFoVem024985 for ; Fri, 11 Feb 2005 09:50:31 -0600 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id B9B7F6FF13; Fri, 11 Feb 2005 09:49:25 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14330-08; Fri, 11 Feb 2005 09:49:25 -0500 (EST) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 37CA86FF8B; Fri, 11 Feb 2005 09:49:25 -0500 (EST) X-IronPort-AV: i="3.88,195,1102309200"; d="scan'208"; a="160900009:sNHT4980349966" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Priority: normal Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit Subject: RE: Permission to see the procedures Date: Fri, 11 Feb 2005 09:47:43 -0500 Message-ID: <52C70FF150F49E479DAF59C68A27149DAFCECC@va016a0e2.corp.suntrust.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Permission to see the procedures thread-index: AcUPvNkwB8psz8n0RmW9XbGyWzZb0AAAbVvAACIBRpA= From: "Kline.Michael" To: "Thomas Biju" , Cc: X-OriginalArrivalTime: 11 Feb 2005 14:47:23.0661 (UTC) FILETIME=[98C42BD0:01C51048] X-archive-position: 16076 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-To: oracle-l-bounce@freelists.org X-original-sender: Michael.Kline@SunTrust.com Precedence: normal Reply-To: Michael.Kline@SunTrust.com X-list: oracle-l X-Virus-Scanned: by amavisd-new-20030616-p9 (Debian) at avenirtech.net X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on air891.startdedicated.com X-Spam-Status: No, hits=0.2 required=5.0 tests=AWL,EXCUSE_16 autolearn=no version=2.60 X-Spam-Level: The select_catalog_role doesn't seem to work. That made sense. Maybe that's why it didn't work. The need to view the code is stated to be that the DEV database may have "new changes" not on PRD. And they have 4 "dev" databases. So, if he gets a call at 2AM, then he wants to be able to see production code. I'm also tinkering with the thought that I may kick off a flat text report 1 to x times per day and put it in a "public" place where they can look at that. Or perhaps change their "procedures" like I had done at VDH where I make them install changes with a script and that script can go into a "read only" area. But with TOAD and other tools it's so easy to lose control. The developer would like to go into TOAD with "schema browser" and simply pull up the procedure to view. Management has no problems with the viewing, but doesn't want him able to change and recompile. (It's sort of one of those "security" things. There are generic jobs that can be run under Maestro, and if he has access to those, he could run a list script, and then make changes and possibly run a compile script. He wouldn't have the owner password, but the job would run as the owner. This is almost like our conversation over cron when we can also use dba_jobs.) Just need that magic grant that allows "select only" privs to a package/procedure/body. Michael Kline Database Administration Outside 804.261.9446 Cell 804.744.1545 3-9446 > -----Original Message----- > From: Thomas Biju [mailto:BThomas@br-inc.com] > Sent: Thursday, February 10, 2005 5:20 PM > To: spatenau@gmail.com; Kline.Michael > Cc: oracle-l@freelists.org > Subject: RE: Permission to see the procedures > > Try granting the SELECT_CATALOG_ROLE.... > > Thanks, > Biju > > > -----Original Message----- > From: oracle-l-bounce@freelists.org > [mailto:oracle-l-bounce@freelists.org]On Behalf Of Steven Patenaude > Sent: Thursday, February 10, 2005 2:35 PM > To: Michael.Kline@suntrust.com > Cc: oracle-l@freelists.org > Subject: Re: Permission to see the procedures > > > On Thu, 10 Feb 2005 15:21:29 -0500, Kline.Michael > wrote: > > The development folks would like to be able to view the procedures, > > packages, etc., on a production reporting database, but we do *NOT* want > > them to be able change anything. > > > > This is sort of like a "read only" access to packages, procedures, > > triggers, etc. > > > > I would think this would be like a "select any view" but I don't see any > > thing there. > > > > Can this be done by granting some sort of privs to a role and then > > giving them the role? > > There is the dba_source view. I've created a procedure before that > pretty prints the source and given the devs exec privs. That keeps > them out of the data dictionary, and the procedure allows you to have > close control over who sees what, if that is your business need. > > That was developed back in O7. There might be a new feature since > then that makes this easier. > > Steven > -- > http://www.freelists.org/webpage/oracle-l > > > ________________________________________________________________________ _____________________________ > ________ > > This electronic transmission and any attached files are intended solely for the person or entity to > which they are addressed and may contain information that is privileged, confidential or otherwise > protected from disclosure. Any review, retransmission, dissemination or other use, including taking > any action concerning this information by anyone other than the named recipient, is strictly > prohibited. If you are not the intended recipient or have received this communication in error, > please immediately notify the sender and destroy this communication. ************************************************ The information transmitted is intended solely for the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please contact the sender and delete the material from any computer. [ST:A234] ************************************************ -- http://www.freelists.org/webpage/oracle-l