Re: access to dbms_fga package on shared server

From: <>
Date: Mon, 12 May 2008 06:30:31 -0700 (PDT)
Message-ID: <>

Comments embedded.

On May 12, 8:03 am, maxim2k <> wrote:
> Hi,
> I manage an Oracle Database 10g R2 on Red Hat Enterprise Linux 4, the
> server is shared between a few customers: each customer has access
> (CONNECT and RESOURCE priveges) to his own schema only, he cannot access
> other customers objects.

I can only presume this access is through the schema owner. Is this the ONLY account accessing this users objects?

> One of our customers just asked EXECUTE privilege on the dbms_fga package.

Which should not be an issue. My question is this: if there is only ONE user account which can access these user objects what good does having execute privilege on dbms_fga provide? This is used to provide Fine-Grained Access (fga) to database objects based upon a user id. If only ONE user id accesses these objects I can see no purpose in granting access to this package.

> I'm new to this package and I'm not sure what would be the consequences
> of such grant.

None, really, as normally it restricts/audits user access to objects not owned by that user.

> Can I safely grant that to the customer in question without compromising
> the security of other customers data on the shared server?

Certainly, however I see little, if any, benefit to this if my understanding of this configuration (one user account per customer) is correct.

> Thanks.

David Fitzjarrell Received on Mon May 12 2008 - 08:30:31 CDT

Original text of this message