Link to home
Start Free TrialLog in
Avatar of E43509
E43509Flag for United States of America

asked on

Understanding the limitations of separating the Oracle schema owner versus an oracle user of schema

I am trying to find a list of operations / tasks that an oracle schema owner can do that cannot be done by another oracle user  (not a sysdba) without giving them some super privileges.   I am not just talking about a simple granting select, insert, update, delete, execute on an schema object to a user
For example, the TRUNCATE TABLE command.  Easily done by schema owner, but not available to another oracle user unless you grant that user 'DROP ANY TABLE'.

Our security group is looking at restricting access by this method and I need to give my vendors of various applications an idea where this paradigm may break their app.
Thanks
ASKER CERTIFIED SOLUTION
Avatar of slightwv (䄆 Netminder)
slightwv (䄆 Netminder)

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of E43509

ASKER

Thanks for the replies above.  I think my question is not quite clear enough as I understand these concepts but don't have a clear line of sight to a simple list of what are the gotchas with the separation of schema owner versus schema user.  
Granting drop any table to non sys level users is not something we would do but just an example of a gotcha.  We have one app that runs a truncate on temporary staging tables (instead of a delete).  Therefore that application will not run as some other oracle user and will continue to attach as the schema owner.
I need to identify other similar operations or conditions to be proactive on these vendor apps and identify which ones may have problems (white box approach).  We don't want to run them in this separation mode and hope testing finds any problems (black box approach).
Thx
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.