D This optional character indicates that this role is to be a default role of the database user. This allows the user to grant the role to other roles only.
Roles cannot be granted to users if the operating system is used to manage roles. Note : If either the D or A characters are specified, they must be preceded by an underscore.
Using Operating System Role Management When you use operating system managed roles, it is important to note that database roles are being granted to an operating system user. What practical uses does it have? Any caveats? I'd appreciate input from those who have used it. I have never heard about this. Join Date Sep Posts I support a 3rd party app that uses this privilege to allow a proxy user to attach to the database and execute commands on behalf of the actual user.
I don't like it you abdicate control at the Oracle level , but a lot of apps seem to be going that way. Security is defined and implemented supposedly! No one has yet been able to satisfactorily explain to me, the "A" in "DBA", why I don't have full control of database security! I can create objects on behalf of users, but I can't grant security on those objects to others???
So now I have to have a list of 60 different Oracle accounts and passwords that I need to use and maintain in order to reorg user tables. Why, why, WHY??? Boivin, Patrice J I have about users. I have about users.
Kimberly Smith I normally would not even want to reorganize user tables. So I guess I never had a reason to complain about that. For the most part I deal only with the application accounts and I sure don't have 60 of those. I would then grant to roles and grant the roles to users. If joe blow developer needs a table in his own account they know how to create them or I tell them how or point them to the proper manual.
They do not need them tuned in that environment. They are not on my production system so. I normally would not even want to reorganize user tables. They are not on my production system so its not affecting anything else. That is the way its worked on all enviroments I have been in. Now granted there could be someone out there that has 60 application accounts but if it should still be the dba touching the production accounts so consolidate the passwords.
Ana "Jesse, Rich" world. So now I have to have a list. Right on! Tom Pall I consider myself the database administrator, not the data administrator. It's not all that hard to write dynamic sql to grant access to a schema object to a user. I consider myself the database administrator, not the data administrator. Jesse, Rich Hi Kimberly, I think our respective usage of "users" may differ slightly. We have a few different 3rd-party packages that use Oracle.
Each one has it's own schema, and with some forethought, it's own database.
0コメント