RE: way to grant schema privilege

From: <dbvision_at_iinet.net.au>
Date: Wed, 30 Sep 2009 07:33:19 +0800
Message-Id: <50891.1254267199_at_iinet.net.au>

What exactly is incorrect, Richard?
I stated very clearly that proxy users relate to authentication, not role granting. You provide an example to show how to setup authentication by proxy and you call what I said incorrect?
Care to re-read what I said?
Please recall that the OP wanted to know how to grant ONLY select,update,delete to all objects. Not insert. Giving him a proxy user to schema owner is rather NOT what he asked for, I'd dare say?

On Tue Sep 29 23:54 , "Goulet, Richard" sent:

>Sorry, Nuno, but that is incorrect. Please see
>http://www.it-eye.nl/weblog/2005/09/12/oracle-proxy-users-by-example/
>
>
>Dick Goulet
>Senior Oracle DBA/NA Team Lead
>PAREXEL International
>
>-----Original Message-----
>From: oracle-l-bounce_at_freelists.org
>[oracle-l-bounce_at_freelists.org','','','')">oracle-l-bounce_at_freelists.org] On
Behalf Of Nuno Souto
>Sent: Monday, September 28, 2009 11:57 PM
>Cc: Oracle L
>Subject: Re: way to grant schema privilege
>
>Not directly, no. Even through proxies, you still need to grant access
>to
>objects via a role and then the role to a logon, be that a proxy or for
>example,
>any logon that does a "ALTER SESSION SET CURRENT_SCHEMA=".
>In other words: the proxy user is not a replacement for granted
>privileges, it
>complements them.
>Your choice if you use a proxy logon - relevant for three-tier access -
>or
>something like a login trigger setting current_schema. Then a role is
>granted to
>that logon. The role defines the access privileges, not the user logon.
>You
>cannot grant an entire schema to a role, it has to be object by object.
>
>
>--
>Cheers
>Nuno Souto
>in sunny Sydney, Australia
>dbvision_at_iinet.net.au
>
>
>dba1 mcc wrote,on my timestamp of 29/09/2009 4:07 AM:
>> On ORACLE 10GR2 and 11G is it possible grant access privileges on
>schema level NOT table/view level.
>>
>> for example, I want grant 'select, update, delete" on one schema (all
>object under that schema) to another person. Is it possible?
>>
>
>
>--
>http://www.freelists.org/webpage/oracle-l
>
>
>)

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Sep 29 2009 - 18:33:19 CDT

This message: [ Message body ]
Next message: chet justice: "Re: Deadlocks"
Previous message: Robert Freeman: "Re: rman restore"
Maybe in reply to: dba1 mcc: "way to grant schema privilege"
Next in thread: Goulet, Richard: "RE: way to grant schema privilege"
Reply: Goulet, Richard: "RE: way to grant schema privilege"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message