Talk About Network

Google


Register and Login
Nick
Password
Register create new account Sign up is FREE and you can post replies, new topics, bookmark posts and more!
Recover lost password


Data Bases > Oracle Server > Re: access to d...
Latest [ Topics | Posts ] Archive Post A New Topic Post a Reply
<< Topic < Post Post 4 of 6 Topic 16542 of 17418
 Post > Topic >>

Re: access to dbms_fga package on shared server

by Mark D Powell <Mark.Powell@[EMAIL PROTECTED] > May 12, 2008 at 06:42 AM

On May 12, 9:30=A0am, "fitzjarr...@[EMAIL PROTECTED]
" <orat...@[EMAIL PROTECTED]
> wrote:
> Comments embedded.
>
> On May 12, 8:03=A0am, maxim2k <maxi...@[EMAIL PROTECTED]
> wrote:
>
> > Hi,
>
> > I manage an Oracle Database 10g R2 on Red Hat Enterprise Linux 4, the
> > server is shared between a few customers: each customer has access
> > (CONNECT and RESOURCE priveges) to his own schema only, he cannot
access=

> > other customers objects.
>
> I can only presume this access is through the schema owner. =A0Is this
> the ONLY account accessing this users objects?
>
>
>
> > One of our customers just asked EXECUTE privilege on the dbms_fga
packag=
e.
>
> Which should not be an issue. =A0My question is this: if there is only
> ONE user account which =A0can access these user objects what good does
> having execute privilege on dbms_fga provide? =A0This is used to provide
> Fine-Grained Access (fga) to database objects based upon a user id.
> If only ONE user id accesses these objects I can see no purpose in
> granting access to this package.
>
> > I'm new to this package and I'm not sure what would be the
consequences
> > of such grant.
>
> None, really, as normally it restricts/audits user access to objects
> not owned by that user.
>
> > Can I safely grant that to the customer in question without
compromising=

> > the security of other customers data on the shared server?
>
> Certainly, however I see little, if any, benefit to this if my
> understanding of this configuration (one user account per customer) is
> correct.
>
> > Thanks.
>
> David Fitzjarrell

To add to what David posted ask the customer what he or she intends to
do.  It the customer application p***** in the 'real' user then the
customer may be trying to capute who really performed a change or may
actually want to use the dbms_rls package.

Personally I do not think customers should have the ability to create
objects in a production environment.  If this is a valid activity for
the application then I would want the object creation handled via a
package referenced via a provided screen interface.

HTH -- Mark D Powell --




 6 Posts in Topic:
access to dbms_fga package on shared server
 maxim2k <maxim2k@[EMAI  2008-05-12 15:03:08 
Re: access to dbms_fga package on shared server
 "fitzjarrell@[EMAIL   2008-05-12 06:30:31 
Re: access to dbms_fga package on shared server
 maxim2k <maxim2k@[EMAI  2008-05-12 16:03:22 
Re: access to dbms_fga package on shared server
 Mark D Powell <Mark.Po  2008-05-12 06:42:28 
Re: access to dbms_fga package on shared server
 "fitzjarrell@[EMAIL   2008-05-12 08:30:53 
Re: access to dbms_fga package on shared server
 Mark D Powell <Mark.Po  2008-05-13 08:26:57 

Post A Reply:
  Go here to Signup

AddThis Feed Button


About - Advertising - Contact - Frequently Asked Questions - Privacy Policy - Terms of Use - Signup
Contact
tan12V112 Sat Nov 22 15:22:09 CST 2008.