Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Need DBA advices on creating a new user, application level or DBA level?

Re: Need DBA advices on creating a new user, application level or DBA level?

From: Michael J. Moore <mNiOcShPaAeMl.j.moore_at_wcom.com>
Date: 2000/08/02
Message-ID: <sJ0i5.930$jq1.15424@pm02news.wcom.com>#1/1 






Creating a new user in the dictionary should be no big deal. What is
important are the privileges granted to that user. A user can't grant more
than he is authorized to grant. So simply  don't allow PROJECTA_OWNER to
grant unnecessary privileges. I think that there is no reason to be paranoid
about allowing users to add other users.



Ask you DBA "SPECIFICALLY" what he/she is concerned about and then be
prepared to tell how your implementation plan will not allow that to happen.



"Jimmy" <anonymous_at_anonymous.com> wrote in message
news:398904FD.FA8C195E_at_anonymous.com...


> Hello all,

>

>     Recently, my company wants to develop an application. One of the

> functions of the application is it can create a new user. This function

> can only be done by a project owner, such as PROJECTA_OWNER.

> PROJECTA_OWNER is not a DBA, he is just a project owner with some system

> privileges (such as create user).

>

>     However, my company's DBA strongly disagree this function. He said

> that creating a new user should be done by DBA, not on application

> level. This is because using a client application to create a user may

> bypass his vision, as a result, he don't know why such a user exist

> after the application is running (since anyone who knows the

> PROJECTA_OWNER password can create a new user). He think that it is more

> difficult to manage the user accounts in the future.

>

>     Now, I have some questions:

>

>     1) What do u think the above scenario? Should user creation done by

> DBA, or done on application level? ANy other disadvantages if done on

> application level?

>

>     2) I know that if done on application level, PROJECTA_OWNER need to

> alter some user parameters (e.g. default and temporary tablespace etc).

> However, such parameters may need to be hardcoded. This is not a good

> practice since we need to recompile the program if the tablespace name

> is changed to another name. Is there other ways to handle such

> situation? (I think using a PL/SQL procedure to create a new user, and

> the application is calling this procedure. This procedure is written by

> DBA. In this way, DBA can change this procedure without affect the

> application. Am I right)

>

>     Any suggestions?

>

> Thanks,

> David

>

Received on Wed Aug 02 2000 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US