Re: linux/sqlplus scripting to obscure permissions

From: Kenny Payton <k3nnyp_at_gmail.com>
Date: Wed, 14 Oct 2015 13:50:01 -0400
Message-Id: <DDA972F1-3DBA-442F-BA06-7FE725D25514_at_gmail.com>

You can also look at sudo. sudo is designed for this type of authorization in Linux and very commonly used. We use it for a few things, such as letting a qa group execute flashback database scripts. It requires an account on the linux host and allows a script to be executed as a particular user ( oracle ).

> On Oct 14, 2015, at 11:06 AM, Chris King <ckaj111_at_yahoo.ca> wrote:
>
> I see a theme here.. internal database code.. PL/SQL to the rescue! Thanks.. I'll give that a go.
>
>
> From: "Deas, Scott" <Scott.Deas_at_lfg.com>
> To: "ckaj111_at_yahoo.ca" <ckaj111_at_yahoo.ca>; Oracle-l Digest Users <oracle-l_at_freelists.org>
> Sent: Wednesday, October 14, 2015 10:42 AM
> Subject: RE: linux/sqlplus scripting to obscure permissions
>
> Chris,
>
> Are you sure you want this controlled directly in the script? Would it make more sense to have a package do the work, and the users have access to execute the package?
>
> If you really do want to use the script, I would look into Oracle wallets if you want to hide the authentication of the script from the user, but my preference would be individual login accounts with access to execute the package (which gives you auditing options as a result).
>
> Thanks,
> Scott
>
>
>
> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Chris King
> Sent: Wednesday, October 14, 2015 10:27 AM
> To: Oracle-l Digest Users
> Subject: linux/sqlplus scripting to obscure permissions
>
> I've written two sql scripts which can be used to expand a tablespace. The intent is to make these scripts available to non-DBAs to manage potential off-hours issues.
>
> Because the scripts will be run by non-DBAs, I would like to modify them such that the user will not have direct passwords or database permissions, but just permission to execute the scripts. i.e. the scripts will handle all permission issues.
>
> I'm having trouble finding the details of how to do this both on the linux and oracle side of things. So far for Oracle, I've found the externally identified type accounts, but I'm concerned that this may not be secure. And for scripting on linux, I'm at a loss.
>
> Could someone point me in the right direction?
>
> Many thanks!
>
>
> Notice of Confidentiality: **This E-mail and any of its attachments may contain
> Lincoln National Corporation proprietary information, which is privileged, confidential,
> or subject to copyright belonging to the Lincoln National Corporation family of
> companies. This E-mail is intended solely for the use of the individual or entity to
> which it is addressed. If you are not the intended recipient of this E-mail, you are
> hereby notified that any dissemination, distribution, copying, or action taken in
> relation to the contents of and attachments to this E-mail is strictly prohibited
> and may be unlawful. If you have received this E-mail in error, please notify the
> sender immediately and permanently delete the original and any copy of this E-mail
> and any printout. Thank You.**

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Oct 14 2015 - 19:50:01 CEST

This message: [ Message body ]
Next message: De DBA: "Re: How are OCM jobs recreated by catbundle.sql?"
Previous message: rob_at_oraclewizard.com: "OT: Oracle Developers Choice Awards"
Maybe reply: Chris King: "Re: linux/sqlplus scripting to obscure permissions"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message