E43509
asked on
Understanding the limitations of separating the Oracle schema owner versus an oracle user of schema
I am trying to find a list of operations / tasks that an oracle schema owner can do that cannot be done by another oracle user (not a sysdba) without giving them some super privileges. I am not just talking about a simple granting select, insert, update, delete, execute on an schema object to a user
For example, the TRUNCATE TABLE command. Easily done by schema owner, but not available to another oracle user unless you grant that user 'DROP ANY TABLE'.
Our security group is looking at restricting access by this method and I need to give my vendors of various applications an idea where this paradigm may break their app.
Thanks
For example, the TRUNCATE TABLE command. Easily done by schema owner, but not available to another oracle user unless you grant that user 'DROP ANY TABLE'.
Our security group is looking at restricting access by this method and I need to give my vendors of various applications an idea where this paradigm may break their app.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
ASKER
Granting drop any table to non sys level users is not something we would do but just an example of a gotcha. We have one app that runs a truncate on temporary staging tables (instead of a delete). Therefore that application will not run as some other oracle user and will continue to attach as the schema owner.
I need to identify other similar operations or conditions to be proactive on these vendor apps and identify which ones may have problems (white box approach). We don't want to run them in this separation mode and hope testing finds any problems (black box approach).
Thx