Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Advice for dblinks between two prod DBs.

RE: Advice for dblinks between two prod DBs.

From: Jesse, Rich <Rich.Jesse_at_qg.com>
Date: Wed, 22 Nov 2006 12:59:17 -0600
Message-ID: <FB5D3CCFCECC2948B5DCF4CABDBE6697A525E5@QTEX1.qg.com>


Yep! The remote DB is our ERP. The API to the ERP data is via views in the app schema. I plan on creating a new user in the ERP DB for each link and granting it only the access to the views that are required.  

Going from a shop where one app account has "SELECT FROM ANY TABLE" to this scenario has it's hurdles. And, yes, I'll take the blame for the former. Amazing what a DBA can learn in the 9 years since... :)  

Thanks guys!
Rich


From: Mercadante, Thomas F (LABOR)
[mailto:Thomas.Mercadante_at_labor.state.ny.us]
Sent: Wednesday, November 22, 2006 12:53 PM To: oracledba.williams_at_gmail.com; Jesse, Rich Cc: Hemant K Chitale; oracle-l_at_freelists.org Subject: RE: Advice for dblinks between two prod DBs.

This is great advice. Create a read-only user in the remote database. Only grant access to the items it needs to see. And again, I would create views in the remote database that are granted to this user that give only what is needed. And pre-joining tables in this view aids querying immensely - the joins happen on the remote database. This speeds things up tremendously!  


From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Dennis Williams
Sent: Wednesday, November 22, 2006 1:44 PM To: Rich.Jesse_at_qg.com
Cc: Hemant K Chitale; oracle-l_at_freelists.org Subject: Re: Advice for dblinks between two prod DBs.

Jesse,

From reading your posting and the replies, I don't see one aspect mentioned.

One of the drawbacks of a database link is that it gives access to the entire schema, particularly troubling where ERP systems are involved. A practice I've used is to create a special username on each end of the database link. On one end, that username owns the database link. At the other end, that username is granted select only privilege to the needed tables. Synonyms can simplify a complicated syntax.

Just a tip.

Dennis Williams

--
http://www.freelists.org/webpage/oracle-l
Received on Wed Nov 22 2006 - 12:59:17 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US