Ben wrote:
> 9.2.0.5 Ent Ed, AIX5L
>
> I'm in the process of remodeling our users and roles for a more
> efficient security policy. We have approximately 500G db with around
> 2000 tables scattered over 10 tablespaces. Of the 50 user accounts
> setup, only two are primarily used by the bulk of our 1500 sessions.
> The thing is that our individual users have been granted two different
> roles that have various tables, while they have also been granted the
> same priviledges on an individual basis. Could this cause parses to be
> slower than they should? I will try to give an example to make this
> more clear, I feel like I've made this question a little confusing....
>
>
> schema1
> tab1
> tab2
>
> schema2
> tab3
> tab4
> tab5
>
> user1
> grant role1 to user1
> grant all on tab1, tab2, tab3, tab4, tab5 to user1
>
> user2
> grant role1 to user2
> grant all on tab1, tab2, tab3, tab4, tab5 to user2
>
> role1
> grant all on tab1, tab2, tab3, tab4, tab5 to role1
>
> of course this is on a much wider scheme.
I don't see this as a performance issue big enough to be noticeable. But
it certainly is a security hazard and makes maintenance more difficult.
--
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu
(replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org
Received on Fri Nov 03 2006 - 10:44:22 CST
