Re: Are there features on other RDBMS's that it would be good for Oracle to have?
Date: Sun, 27 May 2012 10:55:57 +0100
Message-ID: <6D2875D2F8A14E3D946E32B54539B15A_at_Primary>
- Original Message -----
|From: "Nuno Souto" <dbvision_at_iinet.net.au>
|Second, I've posted about in my blog:
|http://dbasrus.blogspot.com.au/2011/11/wish-list-for-12c.html
|In a nutshell: proxy logins don't cut it because they are not affected by
|roles assigned to the initial login user.
Depends what you mean by "affected" - I've got the following example, tested on 10.2
alter user table_user
grant connect through readonly_person
with role read_tables
;
alter user table_user
grant connect through readwrite_person
with role write_tables
;
table_user is the "user" of the application (who gets data access from table_owner - not shown in this extract - to the actual data objects). table_user has several roles enabled - but isn't allowed to create session.
When readonly_person connects through the proxy, they can only enable the role called read_tables, when readwrite_person connects through the proxy they can only enable the role called write_tables.
| My using a login trigger is
just a kludge
|to what should really be handled by the database context functionality.
|Badly needed for multiple schema/application consolidation.
Not really, except there are boundary conditions where it wouldn't work as nicely as you want. (Applications that create tables and view in one schema, but put types and procedures in a second, for example.)
Did you find any problems with the "enterprise user" mechanism, or was this simply not appropriate to your environment ?
Regards
Jonathan Lewis
Oracle Core (Apress 2011)
http://www.apress.com/9781430239543
-- http://www.freelists.org/webpage/oracle-lReceived on Sun May 27 2012 - 04:55:57 CDT