Re: Are there features on other RDBMS's that it would be good for Oracle to have?

• Original Message ----- From: "Nuno Souto" <dbvision_at_iinet.net.au> To: <oracle-l_at_freelists.org> Sent: Monday, May 28, 2012 11:36 AM Subject: Re: Are there features on other RDBMS's that it would be good for Oracle to have?

|Nuno Souto wrote,on my timestamp of 28/05/2012 12:14 AM:
|
|> Proxy logins don't let me do that: the target automatically assumes any
roles
|> assigned to the target login. Which in most cases is the schema owner.
Not
|> exactly what I wanted: I don't want everyone able to drop a table!
|
|Apologies, forgot to add: in 11.2.0.3 I don't have this problem, just
|re-confirmed. Only in 10g. Dunno why, "feature"?

I'm surprised by this - in my 10.2.0.3, with the sample I gave, only the roles
associated with the target by the 'connect through' clause are activated as the
user connects

| But the
synonym management
|issue is still there, of course. Which is bypassed in my case with the
login
|trigger.

Agreed. I wouldn't want anyone to connect as the owning schema anyway, but without some command to set name-resolution there's an annoying synonym mess to handle, and the logon trigger seems like the optimum solution

|Still would like to have everything controlled by context. I can do that
easily
|with MSSQL: assign a default schema to any login, with access rights
specified
|by schema.

If SchemaX owns tableY, can userA logon as SchemaX but not be allowed to delete from tableY ? To my mind it's that requirement that makes "spare" schema with a name-resolution problem necessary.

Regards

Jonathan Lewis
http://jonathanlewis.wordpress.com/all_postings

Author: Oracle Core (Apress 2011)
http://www.apress.com/9781430239543

--
http://www.freelists.org/webpage/oracle-l