RE: way to grant schema privilege
Date: Tue, 29 Sep 2009 11:54:12 -0400
Message-ID: <6B0D50B70F12BD41B5A67F14F5AA887FD624FB_at_us-bos-mx022.na.pxl.int>
Sorry, Nuno, but that is incorrect. Please see http://www.it-eye.nl/weblog/2005/09/12/oracle-proxy-users-by-example/
Dick Goulet
Senior Oracle DBA/NA Team Lead
PAREXEL International
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Nuno Souto
Sent: Monday, September 28, 2009 11:57 PM
Cc: Oracle L
Subject: Re: way to grant schema privilege
Not directly, no. Even through proxies, you still need to grant access
to
objects via a role and then the role to a logon, be that a proxy or for
example,
any logon that does a "ALTER SESSION SET CURRENT_SCHEMA=<schema>".
In other words: the proxy user is not a replacement for granted
privileges, it
complements them.
Your choice if you use a proxy logon - relevant for three-tier access -
or
something like a login trigger setting current_schema. Then a role is
granted to
that logon. The role defines the access privileges, not the user logon.
You
cannot grant an entire schema to a role, it has to be object by object.
-- Cheers Nuno Souto in sunny Sydney, Australia dbvision_at_iinet.net.au dba1 mcc wrote,on my timestamp of 29/09/2009 4:07 AM:Received on Tue Sep 29 2009 - 10:54:12 CDT
> On ORACLE 10GR2 and 11G is it possible grant access privileges on
schema level NOT table/view level.
>
> for example, I want grant 'select, update, delete" on one schema (all
object under that schema) to another person. Is it possible?
>
-- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l