Re: Privilege

From: Hans Forbrich <fuzzy.graybeard_at_gmail.com>
Date: Tue, 7 Mar 2017 12:28:24 -0700
Message-ID: <baffca11-3875-5732-dfea-be0c42aa551b_at_gmail.com>

For non-repudiation and other reasons, application access would normally be done by unique userid for each user. As such, administration is much easier to handle by role than by the potentially large number of users involved.

Unfortunately, many applications are written to access the database through one database userid, rather than one userid per user. This defeats all sorts of capabilities built into the database - although Real Application Security does restore some of that capability.

My opinion, not necessarily that of my employer /Hans

On 2017-03-07 12:01 PM, Dominic Brooks wrote:
> not granting privileges to application schemas directly only via roles?

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Mar 07 2017 - 20:28:24 CET

This message: [ Message body ]
Next message: Powell, Mark: "Re: Privilege"
Previous message: Luis Santos: "Re: Columns AVG_CACHE_HIT_RATIO and AVG_CACHED_BLOCKS from DBA_TAB_STATISTCS"
Next in thread: Powell, Mark: "Re: Privilege"
Maybe reply: Powell, Mark: "Re: Privilege"
Maybe reply: Powell, Mark: "Re: Privilege"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message