| dougiez |
Posted: May 30, 2008 04:15:15 AM |
Total Post: 6
Joined: Aug, 2007
|
I want to create user who can only read and write data to database but cannot perform any other dba or sys task. are there any default roles that can be assigned to this user. or i have to grant update,insert on all objects in the database.
1. create user test identified by test;
2. grant create session to test;
3. ??????????????? - what else
|
|
|
 hanu |
| Posted: May 30, 2008 05:57:44 AM |  |
|
Total Post: 4
Joined: May, 2008
|
The user who have dba or sys privileges,he can only perform dba or sys tasks. If u want a user with read and write permissions, try the following commands.
1. grant select any table to user.
2. grant update any table to user.
so that he can read and update the data in database.
|
|
|
|
|
| Gitesh |
| Posted: May 30, 2008 11:09:53 PM | |
|
Total Post: 322
Joined: May, 2005
|
Update any and select any privileges are dangerous because it can access/update sys and system data dictionary tables. This is the risky. Better option create a script with login as user with command "grant select,update on <table_name> to <new_username>" and execute it.
|
|
|
|
|
| bigPapas |
| Posted: Jun 19, 2008 10:31:59 AM | |
|
Total Post: 14
Joined: Apr, 2007
|
I agree with Gitesh. Very risky if user has select any and update any. This will fail any type of Security Audit (SOX, etc). Better to compile list of tables the new user has access to , and assign on that table only.
use dynamic sql to make easier:
select 'grant select, update on '||owner||'.'||table_name||' to USERX;'
from dba_tables
where owner = 'USERA'
and table_name like 'APPLS%';
gabe
|
|
|
|
|
| positive |
| Posted: Aug 11, 2008 08:50:11 PM | |
|
Total Post: 483
Joined: Jun, 2008
|
http://neworacledba.blogspot.com
|
|
|
|
|
| Time Zone: EDT |
Send this thread to your friend |
