Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: OEM permissions

RE: OEM permissions

From: Yong Huang <yong321_at_yahoo.com>
Date: Fri, 19 Dec 2003 09:49:25 -0800
Message-ID: <F001.005DA723.20031219094925@fatcity.com> 





Hi, Raj,



9i doesn't allow a user with select any table privilege to view any object
owned by SYS. So the sys.link$ risk is gone. But select any dictionary, a new
privilege in 9i, allows that. In practice, I always grant select_catalog_role
to any developer, but refrain from granting select any dictionary or select any
table. As DBAs, we should encourage developers to make full use of data
dictionary views and open the database to them as much as they can study it. I
would help the consultant in your case instead of just throw back a "NO" to
him.



Yong Huang



Jamadagni, Rajendra wrote:



Dennis,



"select any table" has to be a big no no ... anyone can select from sys.link$.
But I am still trying how OEM can be used for _development_?? what am I
missing? As for ...


One of our groups hired a new consultant and he (claimed to have DBA
background) immediately shot off an email saying he needed "select any table"
and "select catalog role" to do his work. We shot off reply "Thanks for your
email, while we appreciate your requirements for development, the privileges
you are requesting are a tad different than we grant other developers. However
we request that you submit a justification for these privileges and tell us how
your development would be affected without these and we will accommodate your
request". This was 3 months ago and we _still_ haven't heard back.





Do you Yahoo!?


New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.net


-- 



Author: Yong Huang


  INET: yong321_at_yahoo.com


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Fri Dec 19 2003 - 11:49:25 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US