Re: Separate Schemas for Data and Application?

From: Igor Racic <igor.racic_at_gmail.com>
Date: Sat, 12 Apr 2014 12:44:25 +0200
Message-ID: <CAGjkCBZr4tCB1KseTHzB1aw7UwcLXn5eMG9KVyB7pbibCnHaYA_at_mail.gmail.com>

>> For a long time, I've wished Oracle to allow "grant
select,insert,update,delete on <schema> to <grantee>".

Agreed.
I remember suspicious when said to consultants that each table needs grant command to be accessed from another schema. They felt it must have been some shortcut I didn't know about...

Regards
Igor

2014-04-09 15:54 GMT+02:00 Yong Huang <yong321_at_yahoo.com>:

> > It would create a load of extra work for maintaining grants and
> > synonyms and generally complicate build scripts for no benefit that...
>
> I agree. We used to enforce the policy of having a data account and a code
> account. In addition to more work, one annoyance is that whenever a new
> table is created in the data account, a new grant, and a synonym (if not
> prefixing "owner." in code and not using "alter session set
> current_schema") must be created in the code account, but this is sometimes
> missed. We don't grant "select any table" to the code account. For a long
> time, I've wished Oracle to allow "grant select,insert,update,delete on
> <schema> to <grantee>".
>
> Yong Huang
>

--
http://www.freelists.org/webpage/oracle-l

Received on Sat Apr 12 2014 - 12:44:25 CEST

This message: [ Message body ]
Next message: Tim Gorman: "Re: DB12c in Production?"
Previous message: Mayen Shah: "RE: Moving Start SCN for Streams Capture process"
In reply to: Yong Huang: "Re: Separate Schemas for Data and Application?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message