Question on group privilege
From: Pap <oracle.developer35_at_gmail.com>
Date: Sun, 14 Nov 2021 00:09:53 +0530
Message-ID: <CAEjw_fgM6PY8FBBo0HmAh8MVn=s3n4Bdq69KVZVC7ba4Rsq9sw_at_mail.gmail.com>
Hi, We have a team which is going to mainly look into database performance issues and will not do any administrative work(say e.g. script deployment,backup recovery, upgrade, migration, replication etc). And we want to make sure to have required privileges to the performance group but no elevated privilege should be given.
Date: Sun, 14 Nov 2021 00:09:53 +0530
Message-ID: <CAEjw_fgM6PY8FBBo0HmAh8MVn=s3n4Bdq69KVZVC7ba4Rsq9sw_at_mail.gmail.com>
Hi, We have a team which is going to mainly look into database performance issues and will not do any administrative work(say e.g. script deployment,backup recovery, upgrade, migration, replication etc). And we want to make sure to have required privileges to the performance group but no elevated privilege should be given.
What I can think of is, mainly to investigate the historical and current performance issues in the production database, we should have a "select catalogue role" so that all the dba_* views can be read/queried along with application tables. And also they should be able to run the sql tuning advisor , create profile/baselines/patch etc. I think 11.2 was creating a profile role specifically. But 19C has something to replace that and a superior one called 'ADMINISTER SQL MANAGEMENT OBJECT'. So I want to understand, is this ADMINISTER SQL MANAGEMENT OBJECT privilege is safe without any elevated privilege underlying within? And/Or if any additional privilege is required for this group?
-- http://www.freelists.org/webpage/oracle-lReceived on Sat Nov 13 2021 - 19:39:53 CET