Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: TOAD Access to other Schemas

RE: TOAD Access to other Schemas

From: William Wagman <>
Date: Thu, 14 Jun 2007 11:12:07 -0700
Message-ID: <>

A few years ago one of the development groups here started using SQL Navigator. When first implemented they were unable to perform many tasks because they didn't have enough access despite specific access having been granted to objects in other schemas on an as needed basis. The immediate request (demand actually) was to grant DBA access. I said no and instead worked with Quest to find out where the problem was. I learned that in order for many of the SQL Navigator development tools to work select access on a number of the DBA_ views was required. Once I granted that everyone was sort of happy, although still a bit annoyed that I wouldn't just grant blanket DBA access. I suspect that may be all that is necessary in TOAD as well although I don't know. It took some work on my part but I was able to get them back to work without granting global privileges. Besides, I learned something about SQL Navigator too.  

Bill Wagman
Univ. of California at Davis
IET Campus Data Center
(530) 754-6208  

[] On Behalf Of Boyle, Christopher Sent: Thursday, June 14, 2007 7:40 AM
To:; Cc:
Subject: RE: TOAD Access to other Schemas

I couldn't agree with Raj more (and I used to be one of his developers too!) I am in the process of having the developers' access to the schema that holds the tables revoked. They can work in an _USER schema and qualify their references but too many "I couldn't wait to follow the procedures so I made the changes myself" that never got included in a model or build script have warranted this type of lock down. (Plus, they get the scripts wrong. Not all the developers. Not even most or many of the developers. But enough.)  

[] On Behalf Of rjamya Sent: Wednesday, June 13, 2007 10:08 PM
Subject: Re: TOAD Access to other Schemas  

this is a BIG NO NO. In-fact you can get away with SELECT ANY TABLE, but that too is a NO NO in production/devl environment. Anyone who claims they cannot do any development without these privs is trying for a easy workaround (aka borderline lazy).  

Ask them what they want, and grant only that, nothing more. Any blanket privilege (e.g. %ANY% types) are _bad_ imho in development environment because you will need those in production then too.  

My $0.0185


This email has been scanned by the MessageLabs Email Security System. For more information please visit

This email has been scanned by the MessageLabs Email Security System. For more information please visit

NOTICE OF CONFIDENTIALITY: Information included in and/or attached to this electronic mail transmission may be confidential. This electronic mail transmission is intended for the addressee(s) only. Any unauthorized disclosure, reproduction, or distribution of, and/or any unauthorized action taken in reliance on the information in this electronic mail is prohibited. If you believe that you have received this electronic mail transmission in error, please notify the sender by reply transmission, or contact <> , and delete the message without copying or disclosing it.

Received on Thu Jun 14 2007 - 13:12:07 CDT

Original text of this message