Re: Separate Schemas for Data and Application?

From: Yong Huang <yong321_at_yahoo.com>
Date: Wed, 9 Apr 2014 06:54:51 -0700 (PDT)
Message-ID: <1397051691.69336.YahooMailNeo_at_web184803.mail.gq1.yahoo.com>

> It would create a load of extra work for maintaining grants and

> synonyms and generally complicate build scripts for no benefit that...

I agree. We used to enforce the policy of having a data account and a code account. In addition to more work, one annoyance is that whenever a new table is created in the data account, a new grant, and a synonym (if not prefixing "owner." in code and not using "alter session set current_schema") must be created in the code account, but this is sometimes missed. We don't grant "select any table" to the code account. For a long time, I've wished Oracle to allow "grant select,insert,update,delete on <schema> to <grantee>".

Yong Huang

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Apr 09 2014 - 15:54:51 CEST

This message: [ Message body ]
Next message: Nathan Owen: "Re: Different Day/Night Thresholds in EM12c?"
Previous message: Stojan Veselinovski: "Re: 12cR1"
Maybe in reply to: Jeff C: "Separate Schemas for Data and Application?"
Next in thread: Igor Racic: "Re: Separate Schemas for Data and Application?"
Reply: Igor Racic: "Re: Separate Schemas for Data and Application?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message