RE: PERMISSIONS: Viewing, Altering and executing stored procedures/packages/functions
- From: "Leonard, George" <GLeonard@xxxxxxxxxxxxx>
- To: <mark.powell@xxxxxxx>, "Oracle L (E-mail)" <oracle-l@xxxxxxxxxxxxx>
- Date: Mon, 7 Feb 2005 18:21:15 +0200
Hi there Mark
you are correct, i was wrong. i tested it and as you said, having execute does
not give permission to alter, what the problem was a dba role granted to a role
that the users in question had.
figured out what was going once i wrote a little ddl audit package that started
showing they were alrering packages they were not suppose to after we had some
funnies on the system...
George
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx on behalf of Powell, Mark D
Sent: Mon 2005/02/07 04:50 PM
To: Oracle L (E-mail)
Subject: RE: PERMISSIONS: Viewing, Altering and executing stored
procedures/packages/functions
George, I am a little confused as since when did having the EXECUTE
privilege give a user/developer the privilege to CREATE OR REPLACE a
procedure. You need the userid/password of the procedure owner or the
CREATE ANY PROCEDURE for that. I think you are looking at the wrong
privilege as being the problem.
HTH -- Mark D Powell --
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Leonard, George
Sent: Monday, February 07, 2005 7:32 AM
To: rjamya
Cc: Oracle L (E-mail); Desplace, Laura
Subject: RE: PERMISSIONS: Viewing, Altering and executing stored
procedures/packages/functions
Hmm
Now that I think about it, the view covers the viewing of code, but does
not do anything for the problem if they can execute code they can alter
it and this is one of our big problems...
George
=20________________________________________________
George Leonard
Oracle Database Administrator
New Dawn Technologies @ Wesbank
E-mail:gleonard@xxxxxxxxxxxxx
=20
You Have The Obligation to Inform One Honestly of the risk, And As a
Person
You Are Committed to Educate Yourself to the Total Risk In Any Activity!
Once Informed & Totally Aware of the Risk,
Every Fool Has the Right to Kill or Injure Themselves as They See Fit!
=20
-----Original Message-----
From: rjamya [mailto:rjamya@xxxxxxxxx]=20
Sent: 07 February 2005 14:03 PM
To: Leonard, George
Cc: Oracle L (E-mail); Desplace, Laura
Subject: Re: PERMISSIONS: Viewing, Altering and executing stored
procedures/packages/functions
create a system owned view dba$source as select * from xxx_source and
then allow developers select from it. In fact, create a private
synonym for each of them ...
create or replace duh_1.dba_source for system.dba$source
/
create or replace duh_1.all_source for system.dba$source
/
That should do the trick ... then you don't have to give 'execute any'
privilege, just select on dba$source will do.
Raj
On Mon, 7 Feb 2005 11:10:48 +0200, Leonard, George
<GLeonard@xxxxxxxxxxxxx> wrote:
> Hi all
>=20
> My Developers are at it again.
>=20
> Is there any way I can let people see and execute code without being
> able to alter it?
>=20
> Currently giving execute on code gives them permission to alter it and
> we want to stop this,
>=20
> Help please!!!
>=20
> George
> =3D20________________________________________________
> George Leonard
> Oracle Database Administrator
> New Dawn Technologies @ Wesbank
> E-mail:gleonard@xxxxxxxxxxxxx
> =3D20
> You Have The Obligation to Inform One Honestly of the risk, And As a
> Person
> You Are Committed to Educate Yourself to the Total Risk In Any
Activity!
> Once Informed & Totally Aware of the Risk,
> Every Fool Has the Right to Kill or Injure Themselves as They See Fit!
> =3D20
>=20
>
________________________________________________________________________
_=3D
> __________________________
>=20
> The views expressed in this email are, unless otherwise stated, those
of =3D
> the author and not those
> of the FirstRand Banking Group an Authorised Financial Service
Provider o=3D
> r its management.
> The information in this e-mail is confidential and is intended solely
for=3D
> =3D20the addressee.
> Access to this e-mail by anyone else is unauthorised.
> If you are not the intended recipient, any disclosure, copying,
distribut=3D
> ion or any action taken or=3D20
> omitted in reliance on this, is prohibited and may be unlawful.
> Whilst all reasonable steps are taken to ensure the accuracy and
integrit=3D
> y of information and data=3D20
> transmitted electronically and to preserve the confidentiality
thereof, n=3D
> o liability or=3D20
> responsibility whatsoever is accepted if information or data is, for
what=3D
> ever reason, corrupted=3D20
> or does not reach its intended destination.
>=20
> =3D20 ________________________________
> --
> //www.freelists.org/webpage/oracle-l
>=20
--=20
------------------------------
select standard_disclaimer from company_requirements where category =3D
'MANDATORY';
_________________________________________________________________________=
__________________________
The views expressed in this email are, unless otherwise stated, those of =
the author and not those
of the FirstRand Banking Group an Authorised Financial Service Provider o=
r its management.
The information in this e-mail is confidential and is intended solely for=
=20the addressee.
Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribut=
ion or any action taken or=20
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrit=
y of information and data=20
transmitted electronically and to preserve the confidentiality thereof, n=
o liability or=20
responsibility whatsoever is accepted if information or data is, for what=
ever reason, corrupted=20
or does not reach its intended destination.
=20 ________________________________
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
___________________________________________________________________________________________________
The views expressed in this email are, unless otherwise stated, those of the
author and not those
of the FirstRand Banking Group an Authorised Financial Service Provider or its
management.
The information in this e-mail is confidential and is intended solely for the
addressee.
Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or
any action taken or
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrity of
information and data
transmitted electronically and to preserve the confidentiality thereof, no
liability or
responsibility whatsoever is accepted if information or data is, for whatever
reason, corrupted
or does not reach its intended destination.
________________________________
--
//www.freelists.org/webpage/oracle-l
Other related posts:
