Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Can a DBA restrict privileges of a user that is the owner of a schema? We need to remove DDL privileges. Our DBA says it is impossible. Please help!

Re: Can a DBA restrict privileges of a user that is the owner of a schema? We need to remove DDL privileges. Our DBA says it is impossible. Please help!

From: Geo Ralph <zgbasdrr_at_nicks.com>
Date: Wed, 16 Aug 2006 17:24:14 GMT
Message-ID: <2xIEg.107773$9d4.22312@fe2.news.blueyonder.co.uk>


> is it possible to restrict? is there some workaround?
>

I would be concerned about such a simple schema utilisation. Separating data and application into separate schemas gives better security and makes administration more straightforward.

Simple small limited Business
One Schema Solution
<------------- Sch1 ------------->
developer data application

More Complicated Business.
Two Schema Solution
<-- Sch1--> <------ Sch 2------->
developer data application

Very Large Business
Three Schema Solution
 <- Sch1-> <-SchX> <- Sch3->
developer data application

Corporate Solution
Four Schema Solution
<- Sch1-> <-SchX> <- Sch3->
developer1 data1 application1
developer2 data2 application2
etc.

SchxX has no "connect" role, it cannot be logged into directly. The data can only accessed by the application, and only after roles have been enabled.

Shabble. Received on Wed Aug 16 2006 - 12:24:14 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US