Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Can a DBA restrict privileges of a user that is the owner of a schema? We need to remove DDL privileges. Our DBA says it is impossible. Please help!

Re: Can a DBA restrict privileges of a user that is the owner of a schema? We need to remove DDL privileges. Our DBA says it is impossible. Please help!

From: Geo Ralph <zgbasdrr_at_nicks.com>
Date: Wed, 16 Aug 2006 17:24:14 GMT
Message-ID: <2xIEg.107773$9d4.22312@fe2.news.blueyonder.co.uk> 





> is it possible to restrict? is there some workaround?

>



I would be concerned about such a simple schema utilisation.
Separating data and application into separate schemas gives better security
and makes administration more straightforward.



Simple small limited Business


One Schema Solution


<------------- Sch1 ------------->


developer data   application



More Complicated Business.


Two Schema Solution


<-- Sch1--> <------ Sch 2------->


developer      data  application



Very Large Business


Three Schema Solution


 <- Sch1-> <-SchX> <- Sch3->


developer      data   application



Corporate Solution


Four Schema Solution


<- Sch1-> <-SchX> <- Sch3->


developer1   data1     application1


developer2   data2    application2


etc.



SchxX has no "connect" role, it cannot be logged into directly.
The data can only accessed by the application, and only after roles have
been enabled.



Shabble. 
Received on Wed Aug 16 2006 - 12:24:14 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US