Re: access to dbms_fga package on shared server
Date: Mon, 12 May 2008 06:30:31 -0700 (PDT)
Message-ID: <c36b5f9d-0b13-4ec7-a27b-289d0fcddf55@x35g2000hsb.googlegroups.com>
Comments embedded.
On May 12, 8:03 am, maxim2k <maxi..._at_gmail.com> wrote:
> Hi,
>
> I manage an Oracle Database 10g R2 on Red Hat Enterprise Linux 4, the
> server is shared between a few customers: each customer has access
> (CONNECT and RESOURCE priveges) to his own schema only, he cannot access
> other customers objects.
I can only presume this access is through the schema owner. Is this the ONLY account accessing this users objects?
>
> One of our customers just asked EXECUTE privilege on the dbms_fga package.
>
Which should not be an issue. My question is this: if there is only ONE user account which can access these user objects what good does having execute privilege on dbms_fga provide? This is used to provide Fine-Grained Access (fga) to database objects based upon a user id. If only ONE user id accesses these objects I can see no purpose in granting access to this package.
> I'm new to this package and I'm not sure what would be the consequences
> of such grant.
>
None, really, as normally it restricts/audits user access to objects not owned by that user.
> Can I safely grant that to the customer in question without compromising
> the security of other customers data on the shared server?
>
Certainly, however I see little, if any, benefit to this if my understanding of this configuration (one user account per customer) is correct.
> Thanks.
David Fitzjarrell Received on Mon May 12 2008 - 08:30:31 CDT