| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: Noob Oracle Question
"gazzag" <gareth_at_jamms.org> wrote in message
news:1155892033.374790.323430_at_p79g2000cwp.googlegroups.com...
>
> Chris,
>
> I think what Daniel is trying to tell you, is that granting the SELECT
> ANY TABLE privilege to your SNE user, is a potential security breach,
> and should be avoided. It's overkill. One should work on the
> principal of granting the *least* privileges possible to achieve your
> goal.
>
With respect, he wasn't trying to me anything that useful.
But I'm aware of (and obviously agree with) the principle of Least Privilege, but I hadn't the knowledge to be that subtle. Rome wasn't built in a day, nor will I be an expert Oracle DBA in 24hrs.
> In your example, you should log in as the IFSAPP user and grant SELECT
> privileges on only the tables that SNE needs to access.
>
> E.g:
>
> SQL> connect IFSAPP/<ifsapp_password>
> Connected.
> SQL> GRANT SELECT ON <table1> TO SNE;
> Grant succeeded.
> SQL> GRANT SELECT ON <table2> TO SNE;
> Grant succeeded.
> SQL> GRANT SELECT ON <table2> TO SNE;
> Grant succeeded.
>
> etc...
>
I was using OEM and I couldnt see anything that gave that level of granularity, but I understand the approach - I'll modify the privileges accordingly.
If you were setting up a new User/Schema, what system privileges would you generally provide to that user for that Schema, if any?
Thanks for your help. [Thanks also to Bernard]
Cheers
Chris Received on Fri Aug 18 2006 - 05:00:32 CDT
 |
 |