Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: OEM permissions

RE: OEM permissions

From: Mercadante, Thomas F <thomas.mercadante_at_labor.state.ny.us>
Date: Thu, 18 Dec 2003 08:14:26 -0800
Message-ID: <F001.005DA526.20031218081426@fatcity.com>


Dennis,

I think you are probably ok with this. But the best way to do this is to create an Oracle account, grant what he asks, and start OEM using that account. Try and change things and see what happens. Then you will know for sure what the impact is.

Good Luck!

Tom Mercadante
Oracle Certified Professional

-----Original Message-----
Sent: Thursday, December 18, 2003 10:35 AM To: Multiple recipients of list ORACLE-L

Raj - Thanks for your reply. Were this a consultant, my reply would mirror yours, and maybe not so diplomatically.

   But basically I manage these databases on behalf of this manager, so when he asks for "read-only" access, I can't really refuse. And I think he is pretty competent as a DBA. He says that he prefers to use OEM instead of Toad.

   What I'm really asking is what could these grants be used for besides just reading data? If there are other actions that could be done, I could at least ask him not to perform those actions, so if something bad happens I have provided an alert ahead of time.

   For those who use OEM in your environment, does the SELECT_CATALOG_ROLE and SELECT ANY DICTIONARY privileges sound pretty usual for OEM to be able to scout out the info it needs to paint the pretty displays?

   Yes, I am checking out how this exposes links and what is available on the other systems the links point to. I have also asked his group not to create any database links. Fortunately we have relatively few links.

   Again, thanks for your advice.

Dennis Williams
DBA
Lifetouch, Inc.
dwilliams_at_lifetouch.com

-----Original Message-----
Sent: Thursday, December 18, 2003 7:54 AM To: Multiple recipients of list ORACLE-L

Dennis,

"select any table" has to be a big no no ... anyone can select from sys.link$. But I am still trying how OEM can be used for _development_?? what am I missing? As for

One of our groups hired a new consultant and he (claimed to have DBA background) immediately shot off an email saying he needed "select any table" and "select catalog role" to do his work. We shot off reply "Thanks for your email, while we appreciate your requirements for development, the privileges you are requesting are a tad different than we grant other developers. However we request that you submit a justification for these privileges and tell us how your development would be affected without these and we will accommodate your request". This was 3 months ago and we _still_ haven't heard back.

Raj




Rajendra dot Jamadagni at nospamespn dot com All Views expressed in this email are strictly personal. QOTD: Any clod can have facts, having an opinion is an art !

-----Original Message-----
Sent: Thursday, December 18, 2003 8:24 AM To: Multiple recipients of list ORACLE-L

We have a new manager that wants his group to use OEM for development access, as an alternative to Toad. He has requested a special Oracle userid with the following grants:

     SELECT_CATALOG_ROLE
     SELECT ANY DICTIONARY
     SELECT ANY TABLE

Does this seem reasonable for OEM? The manager is responsible for the data in the database, so I don't see a problem with him viewing the data. There are few database links, and I'll be reviewing them. Any ideas on what mischief could occur? Thanks.




This e-mail message is confidential, intended only for the named recipient(s) above and may contain information that is privileged, attorney work product or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify corporate MIS at (860) 766-2000 and delete this e-mail message from your computer, Thank you.

**********5
--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: Jamadagni, Rajendra
  INET: Rajendra.Jamadagni_at_espn.com
Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: DENNIS WILLIAMS
  INET: DWILLIAMS_at_LIFETOUCH.COM
Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: Mercadante, Thomas F
  INET: thomas.mercadante_at_labor.state.ny.us
Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Thu Dec 18 2003 - 10:14:26 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US