Re: User Privileges

From: Tony Berrington <tony.berrington_at_bt.com>
Date: Thu, 14 Mar 2002 11:42:09 +0000
Message-ID: <3C908C90.B6A7D142_at_bt.com>

And, because Daniel has automated the granting process, the gains from using a role are greatly reduced.

damorgan wrote:

> That will work as long as the privileges are not needed by a stored procedure,
> function, or package where the privileges must be granted explicitly to the
> user.
>
> Daniel Morgan
>
> ratcheer wrote:
>
> > In addition to what Daniel said, it will be easier to maintain if you create
> > a role and grant the object privileges to that role. Grant the role to each
> > user.
> >
> > Later on, if there is a new table, you just grant the privileges to the role
> > and all of the users automatically get it.
> >
> > Tim
> >
> > "damorgan" <damorgan_at_exesolutions.com> wrote in message
> > news:3C8F7480.D4DAF211_at_exesolutions.com...
> > > Forget #1. That is the equivalent of granting DBA to PUBLIC.
> > >
> > > Use #2 ... but instead of doing it manually invest an hour and write a
> > stored
> > > procedure to get object names from xxx_OBJECTS and grant the object
> > > privileges using native dynamic SQL. Write once ... use many times ... you
> > > could even run it nightly under DBMS_JOB if you are really nervous about
> > > this.
> > >
> > > Daniel Morgan
> > >
> > >
> > >
> > > Mytskidis Georgios wrote:
> > >
> > > > Hello
> > > >
> > > > I've a user named MAINUSER which owns a variety of objects
> > > > (tables,sequences,...). I need to create a few other users (i.e.
> > > > USER1,USER2,...) who need to have FULL ACCESS on every object that the
> > > > MAINUSER owns. I see two ways for doing so :
> > > > 1). Grant DBA role to all (USER1,USER2,...); not very elegant or safe
> > > > 2). Grant SELECT,INSERT,UPDATE,DELETE ON <MAINUSER.object> TO
> > > > USER1,USER2,...; this approach has the risk that an object might be
> > > > forgotten or when a new object is created to run the above Grant for
> > that
> > > > new object.
> > > >
> > > > Is there any other more elegant-fast way ?
> > > >
> > > > Thanks in advance for your reply
> > > >
> > > > --
> > > > --
> > > >
> > > > Best Regards
> > > >
> > > > MYTSKIDIS GEORGIOS
> > > > Mytskidis_G_at_GI-Net.Gr
> > >
Received on Thu Mar 14 2002 - 12:42:09 CET

This message: [ Message body ]
Next message: Knut Talman: "Re: Internal password"
Previous message: Jonathan Lewis: "Re: Help:LOB problem"
Maybe in reply to: Mytskidis Georgios: "User Privileges"
In reply to damorgan: "Re: User Privileges"
Next in thread: Knut Talman: "Re: Internal password"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message