I've just triple checked my initial post... I did deliberately say "application
schema" not user, individual, end user etc...
Sent from my Windows Phone
________________________________
From: Dominic Brooks<mailto:dombrooks@xxxxxxxxxxx>
Sent: 07/03/2017 19:40
To: Powell, Mark<mailto:mark.powell2@xxxxxxx>;
andrew.kerber@xxxxxxxxx<mailto:andrew.kerber@xxxxxxxxx>
Cc: oracle-l@xxxxxxxxxxxxx<mailto:oracle-l@xxxxxxxxxxxxx>
Subject: RE: Privilege
Yep, yep,yep. All missing the point.
The fact is that I'm not allowed an application schema (the one that owns the
application code that I'm writing) with that privilege.
So my application code cannot use Dbms_parallel_execute because the dbas sat
that the code owning schema cannot have Create job.
Not the first time, not the first place.... But I'm starting to see why this
madness is widespread...
Sent from my Windows Phone
________________________________
From: Powell, Mark<mailto:mark.powell2@xxxxxxx>
Sent: 07/03/2017 19:31
To: dombrooks@xxxxxxxxxxx<mailto:dombrooks@xxxxxxxxxxx>;
andrew.kerber@xxxxxxxxx<mailto:andrew.kerber@xxxxxxxxx>
Cc: oracle-l@xxxxxxxxxxxxx<mailto:oracle-l@xxxxxxxxxxxxx>
Subject: Re: Privilege
I will add my opinion that applications should never run as the application
owner but rather should run using an application user ID that only has DML
privileges to the application tables and execute on stored code granted via a
role. This way if the ID is compromised it cannot be used to change the object
structures or change stored code for the hacker's usage.
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> on behalf
of Andrew Kerber <andrew.kerber@xxxxxxxxx>
Sent: Tuesday, March 7, 2017 2:18:34 PM
To: dombrooks@xxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: Privilege
Well, it is what Oracle recommends. It is also much easier to manage
privileges for entire class of users at once, rather than deal with the
privileges individually. For example, when someone changes a job at a company,
its a lot easier to revoke a developer role and grant her a manager role that
has the appropriate privileges, rather than figure out what privileges
specifically need to be revoked and granted.
On Tue, Mar 7, 2017 at 1:01 PM, Dominic Brooks
<dombrooks@xxxxxxxxxxx<mailto:dombrooks@xxxxxxxxxxx>> wrote:
Can someone explain to me why security policies in multiple global banks (no
significance other than they really should know what they are doing) should
advocate not granting privileges to application schemas directly only via roles?
In what way is this less/more secure?
All this seems to mean is that there is a bunch of stuff that either i can't do
in plsql that I could do via dynamic sql or from sql issued by java application
or that I just can't do (e.g. Dbms parallel execute without create job)?
Sent from my Windows Phone
--
Andrew W. Kerber
'If at first you dont succeed, dont take up skydiving.'
