| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: TOAD Access to other Schemas
A few years ago one of the development groups here started using SQL
Navigator. When first implemented they were unable to perform many tasks
because they didn't have enough access despite specific access having
been granted to objects in other schemas on an as needed basis. The
immediate request (demand actually) was to grant DBA access. I said no
and instead worked with Quest to find out where the problem was. I
learned that in order for many of the SQL Navigator development tools to
work select access on a number of the DBA_ views was required. Once I
granted that everyone was sort of happy, although still a bit annoyed
that I wouldn't just grant blanket DBA access. I suspect that may be all
that is necessary in TOAD as well although I don't know. It took some
work on my part but I was able to get them back to work without granting
global privileges. Besides, I learned something about SQL Navigator too.
Bill Wagman
Univ. of California at Davis
IET Campus Data Center
wjwagman_at_ucdavis.edu
(530) 754-6208
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Boyle, Christopher
Sent: Thursday, June 14, 2007 7:40 AM
To: rjamya_at_gmail.com; DENISE_at_wvnvaxa.wvnet.edu
Cc: oracle-l_at_freelists.org
Subject: RE: TOAD Access to other Schemas
I couldn't agree with Raj more (and I used to be one of his developers too!) I am in the process of having the developers' access to the schema that holds the tables revoked. They can work in an _USER schema and qualify their references but too many "I couldn't wait to follow the procedures so I made the changes myself" that never got included in a model or build script have warranted this type of lock down. (Plus, they get the scripts wrong. Not all the developers. Not even most or many of the developers. But enough.)
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of rjamya
Sent: Wednesday, June 13, 2007 10:08 PM
To: DENISE_at_wvnvaxa.wvnet.edu
Cc: oracle-l_at_freelists.org
Subject: Re: TOAD Access to other Schemas
this is a BIG NO NO. In-fact you can get away with SELECT ANY TABLE, but that too is a NO NO in production/devl environment. Anyone who claims they cannot do any development without these privs is trying for a easy workaround (aka borderline lazy).
Ask them what they want, and grant only that, nothing more. Any blanket privilege (e.g. %ANY% types) are _bad_ imho in development environment because you will need those in production then too.
My $0.0185
Raj
NOTICE OF CONFIDENTIALITY: Information included in and/or attached to this electronic mail transmission may be confidential. This electronic mail transmission is intended for the addressee(s) only. Any unauthorized disclosure, reproduction, or distribution of, and/or any unauthorized action taken in reliance on the information in this electronic mail is prohibited. If you believe that you have received this electronic mail transmission in error, please notify the sender by reply transmission, or contact helpdesk_at_multiplan.com <mailto:helpdesk_at_multiplan.com> , and delete the message without copying or disclosing it.
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Jun 14 2007 - 13:12:07 CDT
 |
 |