Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: PERMISSIONS: Viewing, Altering and executing stored procedures/packages/functions

RE: PERMISSIONS: Viewing, Altering and executing stored procedures/packages/functions

From: Leonard, George <GLeonard_at_wesbank.co.za>
Date: Mon, 7 Feb 2005 18:21:15 +0200
Message-ID: <1831A554E8800049B6B970790D2513C03AE71C@fnbkrkmx01.fnb.co.za> 





Hi there Mark
 


you are correct, i was wrong. i tested it and as you said, having execute does not give permission to alter, what the problem was a dba role granted to a role that the users in question had.
 


figured out what was going once i wrote a little ddl audit package that started showing they were alrering packages they were not suppose to after we had some funnies on the system...
 


George





From: oracle-l-bounce_at_freelists.org on behalf of Powell, Mark D
Sent: Mon 2005/02/07 04:50 PM


To: Oracle L (E-mail)


Subject: RE: PERMISSIONS: Viewing, Altering and executing stored procedures/packages/functions





George, I am a little confused as since when did having the EXECUTE
privilege give a user/developer the privilege to CREATE OR REPLACE a
procedure.  You need the userid/password of the procedure owner or the
CREATE ANY PROCEDURE for that.  I think you are looking at the wrong
privilege as being the problem.


HTH -- Mark D Powell --



-----Original Message-----


From: oracle-l-bounce_at_freelists.org


[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of Leonard, George
Sent: Monday, February 07, 2005 7:32 AM


To: rjamya


Cc: Oracle L (E-mail); Desplace, Laura


Subject: RE: PERMISSIONS: Viewing, Altering and executing stored
procedures/packages/functions




Hmm



Now that I think about it, the view covers the viewing of code, but does
not do anything for the problem if they can execute code they can alter
it and this is one of our big problems...



George

=20________________________________________________


George Leonard


Oracle Database Administrator


New Dawn Technologies @ Wesbank


E-mail:gleonard_at_wesbank.co.za


=20


You Have The Obligation to Inform One Honestly of the risk, And As a
Person


You Are Committed to Educate Yourself to the Total Risk In Any Activity!
Once Informed & Totally Aware of the Risk,
Every Fool Has the Right to Kill or Injure Themselves as They See Fit!
=20



-----Original Message-----


From: rjamya [mailto:rjamya_at_gmail.com]=20
Sent: 07 February 2005 14:03 PM


To: Leonard, George


Cc: Oracle L (E-mail); Desplace, Laura


Subject: Re: PERMISSIONS: Viewing, Altering and executing stored
procedures/packages/functions



create a system owned view dba$source as select * from xxx_source and
then allow developers select from it. In fact, create a private
synonym for each of them ...



create or replace duh_1.dba_source for system.dba$source
/



create or replace duh_1.all_source for system.dba$source
/



That should do the trick ... then you don't have to give 'execute any'
privilege, just select on dba$source will do.



Raj




On Mon, 7 Feb 2005 11:10:48 +0200, Leonard, George
<GLeonard_at_wesbank.co.za> wrote:


> Hi all


>=20




> My Developers are at it again.


>=20




> Is there any way I can let people see and execute code without being

> able to alter it?


>=20




> Currently giving execute on code gives them permission to alter it and

> we want to stop this,


>=20




> Help please!!!


>=20




> George

> =3D20________________________________________________

> George Leonard

> Oracle Database Administrator

> New Dawn Technologies @ Wesbank

> E-mail:gleonard_at_wesbank.co.za

> =3D20

> You Have The Obligation to Inform One Honestly of the risk, And As a

> Person

> You Are Committed to Educate Yourself to the Total Risk In Any

Activity!


> Once Informed & Totally Aware of the Risk,

> Every Fool Has the Right to Kill or Injure Themselves as They See Fit!

> =3D20



>=20


>




_=3D


> __________________________



>=20


> The views expressed in this email are, unless otherwise stated, those

of =3D


> the author and not those

> of the FirstRand Banking Group an Authorised Financial Service

Provider o=3D


> r its management.

> The information in this e-mail is confidential and is intended solely

for=3D


> =3D20the addressee.

> Access to this e-mail by anyone else is unauthorised.

> If you are not the intended recipient, any disclosure, copying,

distribut=3D


> ion or any action taken or=3D20

> omitted in reliance on this, is prohibited and may be unlawful.

> Whilst all reasonable steps are taken to ensure the accuracy and

integrit=3D


> y of information and data=3D20

> transmitted electronically and to preserve the confidentiality

thereof, n=3D


> o liability or=3D20

> responsibility whatsoever is accepted if information or data is, for

what=3D


> ever reason, corrupted=3D20

> or does not reach its intended destination.


>=20


> =3D20                              ________________________________



> --

> http://www.freelists.org/webpage/oracle-l

>=20




--=20




select standard_disclaimer from company_requirements where category =3D
'MANDATORY';


_________________________________________________________________________=
__________________________






The views expressed in this email are, unless otherwise stated, those of =
the author and not those


of the FirstRand Banking Group an Authorised Financial Service Provider o=
r its management.


The information in this e-mail is confidential and is intended solely for=
=20the addressee.


Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribut=
ion or any action taken or=20


omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrit=
y of information and data=20


transmitted electronically and to preserve the confidentiality thereof, n=
o liability or=20


responsibility whatsoever is accepted if information or data is, for what=
ever reason, corrupted=20


or does not reach its intended destination.


=20                              ________________________________



--
http://www.freelists.org/webpage/oracle-l


--
http://www.freelists.org/webpage/oracle-l



___________________________________________________________________________________________________


The views expressed in this email are, unless otherwise stated, those of the author and not those
of the FirstRand Banking Group an Authorised Financial Service Provider or its management.
The information in this e-mail is confidential and is intended solely for the addressee.
Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or 
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data 
transmitted electronically and to preserve the confidentiality thereof, no liability or 
responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted 
or does not reach its intended destination.

                               ________________________________

--
http://www.freelists.org/webpage/oracle-l


Received on Mon Feb 07 2005 - 11:27:21 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US