Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Permission to the Oracle database table

Re: Permission to the Oracle database table

From: <frank.van.bortel_at_gmail.com>
Date: 23 Mar 2006 01:28:07 -0800
Message-ID: <1143106087.694486.148020@g10g2000cwb.googlegroups.com> 





Yes, you can grant one user read, and another write access, as long as
it is not the owner of the table; the owner always has all rights.



Your last option is also possible, and it the correct approach as far
as I am concerned.



User A is owner of the tables, account is locked.
User B is owner of packaged procedures, and has been granted access to
the tables of A.


Make this a direct grant, not through a role. Account B is locked, too.
All application users are granted execute rights on packages of user B.
App user c can have other packages granted than app user d.



This is -imho- the only way to write database indepenent applications:
your packages are platform specific, your front end just calls
procedures.



There is even an other variation, supported by Oracle development tools
like Designer: have yet an intermediate user that owns the so called
table API procedures; these procedures do all manipulation and business
rule constraint checking, and are being called by the application layer
(which would be owned by user B in the above example)



Hth, Frank van Bortel
Received on Thu Mar 23 2006 - 03:28:07 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US