Comments embedded.
On May 12, 8:03=A0am, maxim2k <maxi...@[EMAIL PROTECTED]
> wrote:
> Hi,
>
> I manage an Oracle Database 10g R2 on Red Hat Enterprise Linux 4, the
> server is shared between a few customers: each customer has access
> (CONNECT and RESOURCE priveges) to his own schema only, he cannot access
> other customers objects.
I can only presume this access is through the schema owner. Is this
the ONLY account accessing this users objects?
>
> One of our customers just asked EXECUTE privilege on the dbms_fga
package.=
>
Which should not be an issue. My question is this: if there is only
ONE user account which can access these user objects what good does
having execute privilege on dbms_fga provide? This is used to provide
Fine-Grained Access (fga) to database objects based upon a user id.
If only ONE user id accesses these objects I can see no purpose in
granting access to this package.
> I'm new to this package and I'm not sure what would be the consequences
> of such grant.
>
None, really, as normally it restricts/audits user access to objects
not owned by that user.
> Can I safely grant that to the customer in question without compromising
> the security of other customers data on the shared server?
>
Certainly, however I see little, if any, benefit to this if my
understanding of this configuration (one user account per customer) is
correct.
> Thanks.
David Fitzjarrell
|
