Re: access to dbms_fga package on shared server

Comments embedded.

On May 12, 8:03 am, maxim2k <maxi..._at_gmail.com> wrote:
> Hi,
>
> I manage an Oracle Database 10g R2 on Red Hat Enterprise Linux 4, the
> server is shared between a few customers: each customer has access
> (CONNECT and RESOURCE priveges) to his own schema only, he cannot access
> other customers objects.

I can only presume this access is through the schema owner. Is this the ONLY account accessing this users objects?

>
> One of our customers just asked EXECUTE privilege on the dbms_fga package.
>

Which should not be an issue. My question is this: if there is only ONE user account which can access these user objects what good does having execute privilege on dbms_fga provide? This is used to provide Fine-Grained Access (fga) to database objects based upon a user id. If only ONE user id accesses these objects I can see no purpose in granting access to this package.

> I'm new to this package and I'm not sure what would be the consequences
> of such grant.
>

None, really, as normally it restricts/audits user access to objects not owned by that user.

> Can I safely grant that to the customer in question without compromising
> the security of other customers data on the shared server?
>

Certainly, however I see little, if any, benefit to this if my understanding of this configuration (one user account per customer) is correct.

> Thanks.

David Fitzjarrell Received on Mon May 12 2008 - 08:30:31 CDT