grant create any directory to schema

From: kathryn axelrod <kat.axe_at_gmail.com>
Date: Mon, 21 Dec 2015 18:10:17 -0800
Message-ID: <CAEbHM452m1CPtcVY0RvcBGNY4NW666=bZt39gbsBKsx0iq2CXQ_at_mail.gmail.com>

Could you
-create an os directory on nfs or similar that they all can access - create one oracle directory pointing to the above with r/w given to the schema
- put a symlink to the os directory in each home? It wouldn't make the directory = their home, but it would be in the homes..and would avoid 'any' grants.

On Monday, December 21, 2015, Jeff Chirco <backseatdba_at_gmail.com <javascript:_e(%7B%7D,'cvml','backseatdba_at_gmail.com');>> wrote:

> I have some developers ythat want to give the CREATE ANY DIRECTORY
> privilege to a schema (a locked schema in production). They reason is
> because they would like to use the sahme directory name but change its
> location based on the OS user that is logged in. So a file will get read
> or created in that users home directory.
> To me this seems like a security issue because then in Test/Dev a
> programmer could change the code to point at any directorythey wanted to
> read potential sensitive data.
> Has anybody dealt with something like this? Is there a way to restrict
> them (by user) to only creating a directory within a certain folder
> structure?
>
> Jeff
>

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Dec 22 2015 - 03:10:17 CET

This message: [ Message body ]
Next message: Mladen Gogala: "Re: grant create any directory to schema"
Previous message: Andrew Kerber: "Re: grant create any directory to schema"
Next in thread: rob: "Re: grant create any directory to schema"
Maybe reply: rob: "Re: grant create any directory to schema"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message