Re: Noob Oracle Question

CJM wrote:
> I solved the problem. I may or may not have created another potential
> problem.
>
> If my employer understood the implications of anything, I wouldn't be
> attempting this at short notice with no preparation or training.
>
> Do I? Of course not. Surely if I did understand the implications (and they
> were negative) then I wouldnt have done it. That much *must* be obvious.
>
> Rather than demonstrating how pompous you can be, why dont you start again
> from the beginning. Your post may go something like this:
>
> 'Chris, I can see that you have got past your problem, but I dont think your
> solution is ideal because of A, B & C. A better way to do it would be this
> way...because it avoids the disadvantages A, B & C and has the advantages of
> D, E & F.'
>
> To why I would reply 'Oh, I see. Thanks. That makes sense.'
>
> It's pretty easy. Why don't you try it?
>
> Chris

Chris,

I think what Daniel is trying to tell you, is that granting the SELECT ANY TABLE privilege to your SNE user, is a potential security breach, and should be avoided. It's overkill. One should work on the principal of granting the *least* privileges possible to achieve your goal.

In your example, you should log in as the IFSAPP user and grant SELECT privileges on only the tables that SNE needs to access.

E.g:

SQL> connect IFSAPP/<ifsapp_password>
Connected.
SQL> GRANT SELECT ON <table1> TO SNE;
Grant succeeded.
SQL> GRANT SELECT ON <table2> TO SNE;
Grant succeeded.
SQL> GRANT SELECT ON <table2> TO SNE;
Grant succeeded.

etc...

You will then be able to query these tables, as the SNE user, as follows:

SELECT <whatever>
FROM IFSAPP.<table1>
WHERE <whatever>;

HTH --g Received on Fri Aug 18 2006 - 04:07:13 CDT