Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: select only user causing locks?
I object to the term "end-lusers".
End users are innocent.=20
And SELECT FOR UPDATE should be a separate object privilege next to =
SELECT.
Oracle must redesign this in version 11h (hyperspace?)
Regards,
Andre
-----Oorspronkelijk bericht-----
Van: oracle-l-bounce_at_freelists.org =
[mailto:oracle-l-bounce_at_freelists.org]
Namens Mladen Gogala
Verzonden: vrijdag 29 april 2005 22:17
Aan: spatenau_at_gmail.com
CC: Oracle-L
Onderwerp: Re: select only user causing locks?
On 04/29/2005 12:45:24 PM, jungwolf wrote:
> A little research with some test accounts shows that, indeed, an
> account with only select privs can issue a select for update to lock a
> row, or even a lock table x in exclusive mode. Trying to update the
> locked row obviously results in "insufficient privileges", but until
> the read-only account ends the transaction other users are unable to
> modify the row.
Oh my gawd! This reinforces my beliefs that guns should be kept locked =
in a=3D
safe place!
If you give a gun to a childish person, it will shoot itself in a foot, =
at =3D
best. This=3D20
is a typical case of shooting yourself in each foot, and twice, to make =
sur=3D
e that you=3D20
will be unable to walk!
First, you don't ever give end-lusers a tool that can issue ad-hoc =
queries.=3D
You make darned
certain that they don't have a password to connect to database even if =
they=3D
download such tool
themselves. If you catch them trying to use such a tool, make sure that =
the=3D
y will never ever
forget the experience. You are still a wolf puppy, not a young wolf. =
Carefu=3D
l with weapons.
There is a manual for new DBA people on: http://www.bofh.net. PFY, you =
shou=3D
ld learn from=3D20
the master.
--=3D20
Mladen Gogala
Oracle DBA
-- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-lReceived on Fri Apr 29 2005 - 17:13:51 CDT