Home » RDBMS Server » Server Administration » View or read only from any objects
View or read only from any objects [message #238839] Sun, 20 May 2007 08:25 Go to next message
chara
Messages: 81
Registered: April 2005
Location: th
Member
Dear all,

Is there any way to permit a client ip 172.168.5.xxx can login to db but only view or only select any objects ?

Thanks for advance !

Chara

Report message to a moderator

Re: View or read only from any objects [message #238840 is a reply to message #238839] Sun, 20 May 2007 09:05 Go to previous messageGo to next message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
A user is identified by his username not by his location.
Why do you want to define privileges on IP and not username?

Regards
Michel

Report message to a moderator

Re: View or read only from any objects [message #238841 is a reply to message #238840] Sun, 20 May 2007 09:18 Go to previous messageGo to next message
chara
Messages: 81
Registered: April 2005
Location: th
Member
Hi Michel,
Thank you for your replied.Because i got a problem about after i grant only select permission to developers user but after they login to db via toad to view any objects.they can not see any objects in toad.Could you pls suggest me to permit developers user can only view any objects in toad.

Rgds
Chara

Report message to a moderator

Re: View or read only from any objects [message #238842 is a reply to message #238841] Sun, 20 May 2007 09:28 Go to previous messageGo to next message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
Sorry, I don't understand.
You want or don't want your developer to see objects?
And what is the relation with IP? Does the developer have their own login or not?
Is this a production database or development one?

Regards
Michel

Report message to a moderator

Re: View or read only from any objects [message #238852 is a reply to message #238839] Sun, 20 May 2007 10:11 Go to previous messageGo to next message
chara
Messages: 81
Registered: April 2005
Location: th
Member
Hi,

1. I want to developer see any objects in toad but after i granted (only select) to them after they login to db via toad and they click "schema brower windows" pane but they can't see any objects (you can test it).Because i want to permit the developer to only checking data on production .Not perpmit edit data.

2.I want to checking with ip of the the developer to only select data.Because the developer use the same user (user admin) with another people users (but ip are different).

3.It's production db.

Rgds
Chara

Report message to a moderator

Re: View or read only from any objects [message #238856 is a reply to message #238852] Sun, 20 May 2007 10:36 Go to previous messageGo to next message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
1. If they have select privilege then they can see the objects. I can't check it as I don't use TOAD (this is a bad product).
It is a bad practice that developer can access the production even only to see data (what a lack of confidentiality!)

2. Each developer should have their own account (to be able to audit [forbidden] access). At least they should have a login with only read access different from the "admin" one which I think must have all the privileges.

3. See 1.

You are trying to workaround bad organization with a technical trick. This will never work.

Regards
Michel

Report message to a moderator

Re: View or read only from any objects [message #238858 is a reply to message #238839] Sun, 20 May 2007 10:44 Go to previous messageGo to next message
chara
Messages: 81
Registered: April 2005
Location: th
Member
Thank you so much

Report message to a moderator

Re: View or read only from any objects [message #238863 is a reply to message #238858] Sun, 20 May 2007 12:25 Go to previous message
Littlefoot
Messages: 21823
Registered: June 2005
Location: Croatia, Europe
Senior Member
Account Moderator
As I see it, you did grant SELECT to your developers, but they don't see any objects because you didn't create them for him/her! So, create SYNONYMS for all objects you'd like your developer to see. This would be a simple script looking like this:
GRANT SELECT ON emp TO developer;
GRANT SELECT ON dept TO developer;
GRANT SELECT ON bonus TO developer;

CONNECT developer

CREATE SYNONYM emp FOR scott.emp;
CREATE SYNONYM dept FOR scott.dept;
CREATE SYNONYM bonus FOR scott.bonus;

EXIT;

Report message to a moderator

Previous Topic: select * from emp
Next Topic: Cannot use DBCA & NETCA (merged topics)
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Dec 02 12:39:08 CST 2024
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.