Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Newbie security question

Re: Newbie security question

From: <terry_stjean_at_my-deja.com>
Date: Tue, 12 Sep 2000 15:04:13 GMT
Message-ID: <8plgks$k13$1@nnrp1.deja.com> 






In article <8plenq$hkj$1_at_nnrp1.deja.com>,
  Mark D Powell <markp7832_at_my-deja.com> wrote:


> In article <8pl7lt$8rn$1_at_nnrp1.deja.com>,

>   terry_stjean_at_my-deja.com wrote:

> > We have 2 tablespaces, dev and prod (development and production). We

> > have 2 users set up, devuser and produser. Devuser should have read

> > access to tablespace prod as well as all data and object access to

> > tablespace dev. Produser should have no access to tablespace dev and

> > only data access to tablespace prod.

> > What do I need to do to set this up this way.

> >

> > Terry

> >

> 1) Give each userid only the privileges it needs including quota only

> on its object target tablespaces

>

> 2) Do not give out access to the id's to anyone you are not forced to

> give them to

>

> 3) Instead set up a prod user role and a test user role and perform

 the


> necessary grants to the role and give the roles respectively to a prod

> application user and test application user.  Give these out as

> necessary.

>

> Item 3 will separate the object ownership/modification function from

> the data manipulation function.  The prod owner can issue a select

> privilege to the test user role.  Using roles allows the use of a

> single grant statement to provide all necessary DML privileges to any

> number of production or test id's.  I come from the school of thought

> where every user should have to logon with their own id and an

> application should not run as a single database user.  Hard coded

> id/password combinations are security weak points cause they are not

> that hard to get.

>

> --

> Mark D. Powell  -- The only advice that counts is the advice that

>  you follow so follow your own advice --

>

> Sent via Deja.com http://www.deja.com/

> Before you buy.

>



O.k., I found out how to create roles and assign a role to a user. But,
how do I prevent a user from accessing another tablespace. Do I have to
grant authority to each table for each user?



Terry




Sent via Deja.com http://www.deja.com/


Before you buy.
Received on Tue Sep 12 2000 - 10:04:13 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US