Re: how to give user privilege to browse the source code in prodution
From: ddf <oratune_at_msn.com>
Date: Thu, 23 Sep 2010 14:29:15 -0700 (PDT)
Message-ID: <2d652720-0407-45d2-b19f-b25a821aa8b9_at_y32g2000prc.googlegroups.com>
On Sep 23, 4:36 pm, charles <dshprope..._at_gmail.com> wrote:
> On Sep 23, 9:46 am, Mark D Powell <Mark.Powe..._at_hp.com> wrote:
>
>
>
> > On Sep 22, 4:46 pm, "Michel Cadot" <micadot{at}altern{dot}org> wrote:
>
> > > "charles" <dshprope..._at_gmail.com> a crit dans le message de news:
> > > 880b62ca-c4c1-4d7e-9d16-b87d391a4..._at_j5g2000vbg.googlegroups.com...
> > > | All,
> > > |
> > > | We are at Oracle 10g. We need to let our developer to browse source
> > > | code like packages/functions/triggers.
> > > |
> > > | The only way i can think of is grant select any dictionary. Is there
> > > | any security risk there by doing that? What is other options?
> > > |
> > > | Thanks for your help
>
> > > Create a procedure in procedure/... owner schema that displays
>
> Thanks for your reply.
>
> Now, could you tell me what is the risk if i gave them select any
> dictionary, the only thing i guess is the password column exposed in
> dba_users. And we will lock the account if more than 10 failed
> logins. Any other concern i can tell my supervisor if i grant "select
> any dictionary"?
>
>
>
> > > the code source and grant developers the privilege to execute this
> > > procedure.
>
> > > Regards
> > > Michel
>
> > Here is what we did. I took the source code for USER_SOURCE and
> > created a view using this source with the current user restriction
> > removed. The view returns all source. Access is control via granting
> > the select privilege on the view. It would also be easy to restrict
> > the source code being displayyed to that belonging to specific
> > application code owners.
>
> > HTH -- Mark D Powell --- Hide quoted text -
>
> - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
Date: Thu, 23 Sep 2010 14:29:15 -0700 (PDT)
Message-ID: <2d652720-0407-45d2-b19f-b25a821aa8b9_at_y32g2000prc.googlegroups.com>
On Sep 23, 4:36 pm, charles <dshprope..._at_gmail.com> wrote:
> On Sep 23, 9:46 am, Mark D Powell <Mark.Powe..._at_hp.com> wrote:
>
>
>
> > On Sep 22, 4:46 pm, "Michel Cadot" <micadot{at}altern{dot}org> wrote:
>
> > > "charles" <dshprope..._at_gmail.com> a crit dans le message de news:
> > > 880b62ca-c4c1-4d7e-9d16-b87d391a4..._at_j5g2000vbg.googlegroups.com...
> > > | All,
> > > |
> > > | We are at Oracle 10g. We need to let our developer to browse source
> > > | code like packages/functions/triggers.
> > > |
> > > | The only way i can think of is grant select any dictionary. Is there
> > > | any security risk there by doing that? What is other options?
> > > |
> > > | Thanks for your help
>
> > > Create a procedure in procedure/... owner schema that displays
>
> Thanks for your reply.
>
> Now, could you tell me what is the risk if i gave them select any
> dictionary, the only thing i guess is the password column exposed in
> dba_users. And we will lock the account if more than 10 failed
> logins. Any other concern i can tell my supervisor if i grant "select
> any dictionary"?
>
>
>
> > > the code source and grant developers the privilege to execute this
> > > procedure.
>
> > > Regards
> > > Michel
>
> > Here is what we did. I took the source code for USER_SOURCE and
> > created a view using this source with the current user restriction
> > removed. The view returns all source. Access is control via granting
> > the select privilege on the view. It would also be easy to restrict
> > the source code being displayyed to that belonging to specific
> > application code owners.
>
> > HTH -- Mark D Powell --- Hide quoted text -
>
> - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
They do not need 'select any dictionary'. You should follow Mark's advice and create a view based on the definition of user_source but include all of your application owners. That you still want to use the easy way out is a mystery to me. These developers are not DBAs and should not have 'select any dictionary' privilege.
David Fitzjarrell Received on Thu Sep 23 2010 - 16:29:15 CDT