| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: all_objects: anyone know why Oracle decided to only make triggers viewable with "CREATE ANY TRIGGER" system priv?
Here is what I do not like. If you give someone the ability to select any
dictionary, a user has the necessary privs to select trigger information
from dba_objects, but not all_objects. That seems a bit backwards. If
security were such a big concern, why allow access to dba_objects instead of
all_objects? Why not just make a private synonym for dba_objects called
all_objects? =)
DBARMAN_SQL > grant create session, select any dictionary to test identified by test;
Grant succeeded.
DBARMAN_SQL > connect test/test
Connected.
DBARMAN_SQL > select count(*) from all_objects where object_type =
'TRIGGER';
COUNT(*)
0
DBARMAN_SQL > select count(*) From dba_objects where object_type = 'TRIGGER'; COUNT(*)
4
On 10/29/07, Powell, Mark D <mark.powell_at_eds.com> wrote:
>
> Security. By default on the owner and DBA's can see trigger (and also
> package body) source.
>
> Triggers are often used for auditing. If you can see what the trigger
> does then you can write the DML to remove the generated trail.
>
> There are ways to provide access to source code without granting DBA or
> ANY privileges. For developers we provide a modified version of the
> user_source view that we then grant select on.
>
> -- Mark D Powell --
> Phone (313) 592-5148
>
-- Charles Schultz -- http://www.freelists.org/webpage/oracle-lReceived on Tue Oct 30 2007 - 08:20:40 CDT
 |
 |