Re: Separate Schemas for Data and Application?
- From: Igor Racic <igor.racic@xxxxxxxxx>
- To: yong321@xxxxxxxxx
- Date: Sat, 12 Apr 2014 12:44:25 +0200
>> For a long time, I've wished Oracle to allow "grant
select,insert,update,delete on <schema> to <grantee>".
Agreed.
I remember suspicious when said to consultants that each table needs grant
command to be accessed from another schema.
They felt it must have been some shortcut I didn't know about...
Regards
Igor
2014-04-09 15:54 GMT+02:00 Yong Huang <yong321@xxxxxxxxx>:
> > It would create a load of extra work for maintaining grants and
> > synonyms and generally complicate build scripts for no benefit that...
>
> I agree. We used to enforce the policy of having a data account and a code
> account. In addition to more work, one annoyance is that whenever a new
> table is created in the data account, a new grant, and a synonym (if not
> prefixing "owner." in code and not using "alter session set
> current_schema") must be created in the code account, but this is sometimes
> missed. We don't grant "select any table" to the code account. For a long
> time, I've wished Oracle to allow "grant select,insert,update,delete on
> <schema> to <grantee>".
>
> Yong Huang
>
Other related posts:
