Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Schema organization

RE: Schema organization

From: Jenkins, Michael <Michael.Jenkins_at_Nextel.com>
Date: Thu, 05 Jul 2001 07:13:51 -0700
Message-ID: <F001.00341962.20010705071528@fatcity.com> 






A couple of other reasons for this approach:



When you create a DAD in Oracle Application Server, you can choose to store
the password in the config file.  On version 3.02 it is in unencrypted form
and is optional.  On 4.x it's encrypted and mandatory (unless you cheat and
remove the password entry once you create the DAD).  This permits you to
change the password on the schema owner without having to change your DAD,
especially important if your destination database is not owned by you!  We
normally define a schema and a secondary account like data and data_pub.  We
give data_pub all of the data manipulation rights to the data schema.  Very
safe.



If you let others create database links to your database it is nice to avoid
giving them the password to your schema.  Since you can see the password
unencrypted on their end after the database link is created this is
especially dangerous.



I would love to see this become standard practice.  Once something goes into
production there should not be that much DDL affecting the original schema
anyway.  We generally create all of the packages in the original schema and
grant execute to the public schema.



Hope this helps.



--Michael




-----Original Message-----



Sent: Thursday, July 05, 2001 10:06 AM


To: Multiple recipients of list ORACLE-L




Stéphane,



    Your not alone.  I like having one schema that owns all of the objects
and a


second or more that manipulate the data therein.  The reason is that many
times


the passwords for the other user accounts get hard coded into software
making


them almost impossible to change.  This way if the person who was
maintaining


the application leaves you can change the password there to do maintenance
without breaking everything.  Also if you do get a hacker in, it's a lot
harder


to have to delete everything vs drop a table.



Dick Goulet


____________________Reply Separator____________________
Author: =?iso-8859-1?q?paquette=20stephane?= <stephane_paquette_at_yahoo.com>
Date:       7/5/2001 2:40 AM





Hi all,



I'm a fan of having the processing done by a user
different than the owner of the data. 


Am I alone ?



For example, we're on a datawarehouse system where the
data owner is DWH. The etl tool repository owner is
TOOL_POWERMART and the reporting tool repository owner
is TOOL_BOWEBI. The etl processing is done by user
DWH_PM_TRTMNT and the reporting processing is done by
user DWH_BO_TRTMNT.



This way, nobody is connecting as the data's owner.
The developpers and Informatica (Powermart) consultant
would prefer working directly as DWH.



What do you think ?







Stéphane Paquette


DBA Oracle, consultant entrepôt de données
Oracle DBA, datawarehouse consultant


stephane_paquette_at_yahoo.com





Do You Yahoo!? -- Pour faire vos courses sur le Net, 
Yahoo! Shopping : http://fr.shopping.yahoo.com


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: =?iso-8859-1?q?paquette=20stephane?=
  INET: stephane_paquette_at_yahoo.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists


--------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message


to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).



-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: 


  INET: dgoulet_at_vicr.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists


--------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message


to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


--



Please see the official ORACLE-L FAQ: http://www.orafaq.com


--



Author: Jenkins, Michael


  INET: Michael.Jenkins_at_Nextel.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists


--------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message


to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Thu Jul 05 2001 - 09:13:51 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US