Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Permission to the Oracle database table
Yes, you can grant one user read, and another write access, as long as
it is not the owner of the table; the owner always has all rights.
Your last option is also possible, and it the correct approach as far as I am concerned.
User A is owner of the tables, account is locked.
User B is owner of packaged procedures, and has been granted access to
the tables of A.
Make this a direct grant, not through a role. Account B is locked, too.
All application users are granted execute rights on packages of user B.
App user c can have other packages granted than app user d.
This is -imho- the only way to write database indepenent applications: your packages are platform specific, your front end just calls procedures.
There is even an other variation, supported by Oracle development tools like Designer: have yet an intermediate user that owns the so called table API procedures; these procedures do all manipulation and business rule constraint checking, and are being called by the application layer (which would be owned by user B in the above example)
Hth, Frank van Bortel Received on Thu Mar 23 2006 - 03:28:07 CST