Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> Re: privileges
Lisa,
Good Luck on your quest.. The company I work for has been in existence for =
7 years and I started working for them 2 years age. There was no documentat=
ion at all about the database or applications when I started. The =
databases are now documented (I still request documentation for the =
applications but not yet. I can still hope) and I am trying to implement =
security options via roles and privileges. over 3 months ago I asked the =
developers, VP of development, Vp of IS for a list of which user needs =
what type of access to what table. No luck to date. I took it upon myself =
to create roles that accessed the tables I thought that were tied to the =
different applications. One by one I am moving the users to the role. If =
some one complains I then know what table I have to add to what role.
The first step was to remove the resource privilege from the users as they =
run client applications and are select options only. The application that =
need other than select are given an id and the id is given a role with the =
additional privileges. Only the role has the ability to change any data. =
That puts the responsibility on the network group to only deploy the =
application to the users that need id. The development group uses a user =
table in the code to verify the user has the privilege to use the =
application.
The second step was to remove the connect option and grant create session =
instead. So far it has worked and I have the majority of the "public" =
permissions revoked.
Hope this gives some insite.
ROR =AA=BF=AA
>>> lkoivu_at_qode.com 09/21/00 05:01PM >>>
I inherited a database and application that was developed using the famous
'smear' method of privileges. In other words, everybody has access to
anything to do whatever they please.=20
It's time I cleaned this up. I have no guidelines to work from and quite honestly don't know the application too well - I have written a minute amount of code for this app. I'm thinking I could sift through dba_source as a starting point, to see whose procedures are accessing stuff outside their schema, etc. Man, this is going to be a big, tedious, messy trial-and-error nightmare.=20
If anyone has done anything similar and has any suggestions I would be =
very
happy to hear them.=20
Thanks
Lisa Rutland Koivu
Oracle Database Administrator
Qode.com
4850 North State Road 7
Suite G104
Fort Lauderdale, FL 33319
V: 954.484.3191, x174 F: 954.484.2933=20 C: 954.658.5849
"The information contained herein does not express the opinion or position of Qode.com and cannot be attributed to or made binding upon Qode.com." Received on Fri Sep 22 2000 - 08:29:33 CDT
![]() |
![]() |