| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: create user with global rights ..?
Hallo Howard,
thanx a lot for your answer.
Have a nice day.
Oliver
"Howard J. Rogers" wrote:
> "Oliver Otto" <ootto_at_genese.de> wrote in message
> news:3D4C03D7.6F84566F_at_genese.de...
> > Hallo,
> >
> > how can I create a user with global rights ..? Last time I setup all
> > grants for every table by hand but this time I do want to make it easier
> > within my test enviroment. Is there really not way to give a user all
> > rights ..?
> >
>
> If the issue is purely one of wanting to work with tables, then the SELECT
> ANY TABLE, INSERT ANY TABLE,UPDATE ANY TABLE and DELETE ANY TABLE privileges
> can be granted.
>
> (Incidentally, a complete list of privileges is available by doing a select
> * from system_privilege_map).
>
> Or you could simply 'grant dba to user', since the DBA role includes these
> same privileges (and most other privileges besides, so that comes very close
> to 'giving a user all rights').
>
> This is, of course, not best practice, and renders your database wide open
> to eventual abuse. But it answers your question.
>
> > I try to configure a user based on sys or sysdba but this do not work. I
> > got the error message:"you do not have enough rights". What a funny
> > error message.
> >
>
> Why? It's only funny if you don't understand what the sysdba privilege
> means. It's a privilege which implies the ability to startup, shutdown,
> backup, recover and create databases. It's therefore obviously a
> jealously-guarded privilege, since granting it to someone is tantamount to
> inviting that person to wreak complete havoc on your database. Therefore,
> you have to already possess the SYSDBA privilege to grant it to someone
> else. And because use of this privilege can be authorised *either* by being
> written into the password file, *or* by membership of an appropriate
> operating system group, it can only be granted within the database to a
> database user when you are using an EXCLUSIVE password file.
>
> > Now you ask yourself why don't he use sys or system user. The anser is
> > near, I do want to run a Script from this new user which create some
> > Views based on tables and views from sys. I am not able to give these
> > rights globally :-( Any hints ..?!?
> >
>
> Personally, this sounds like a production database. Therefore, you should
> grant the privileges on each table, individually, as you did before.
> Granting privileges with the word 'any' in them is effectively unsecuring
> your database. Granting the DBA role would likewise be a quick fix, but
> utterly unsuitable for a production environment.
>
> Regards
> HJR
>
> > I hope I describe the problem ok...
> >
> > Thanx a lot
> >
> > Oliver
> >
Received on Mon Aug 05 2002 - 07:40:16 CDT
 |
 |