Re: how to give user privilege to browse the source code in prodution

From: charles <dshproperty_at_gmail.com>
Date: Wed, 29 Sep 2010 09:02:00 -0700 (PDT)
Message-ID: <bc22a172-49e9-4446-8826-db8d73389c01_at_a9g2000yqg.googlegroups.com>

Thanks David.

We are a new Oracle shop, we are building all those new rules for this new world

Our developer team strongly wanted it. They do not want to use SQL to select against a view. They want to use some gui tool like SQL developer/SQL navigator to browse.

I searched on Pete's site, he only mentioned "never grant select any dictionary".

On oracle's website, it also mentioned
You should grant this privilege with extreme care, because the integrity of your system can be compromised by their misuse.

But Oracle does not give details how the misuse could cause the integrity of our database.

To convince the judge, our supervisor, i need to give some details, some examples, which is hard to find on internet. The only thing i found so far is dba_users has a password column.

>
> They do not need 'select any dictionary'. �You should follow Mark's
> advice and create a view based on the definition of user_source but
> include all of your application owners. �That you still want to use
> the easy way out is a mystery to me. �These developers are not DBAs
> and should not have 'select any dictionary' privilege.
>
> David Fitzjarrell
Received on Wed Sep 29 2010 - 11:02:00 CDT

This message: [ Message body ]
Next message: John Hurley: "Re: sqlplus bind variable question"
Previous message: Chuck: "sqlplus bind variable question"
Maybe in reply to: charles: "how to give user privilege to browse the source code in prodution"
Next in thread: joel garry: "Re: how to give user privilege to browse the source code in prodution"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message