>> For a long time, I've wished Oracle to allow "grant select,insert,update,delete on <schema> to <grantee>". Agreed. I remember suspicious when said to consultants that each table needs grant command to be accessed from another schema. They felt it must have been some shortcut I didn't know about... Regards Igor 2014-04-09 15:54 GMT+02:00 Yong Huang <yong321@xxxxxxxxx>: > > It would create a load of extra work for maintaining grants and > > synonyms and generally complicate build scripts for no benefit that... > > I agree. We used to enforce the policy of having a data account and a code > account. In addition to more work, one annoyance is that whenever a new > table is created in the data account, a new grant, and a synonym (if not > prefixing "owner." in code and not using "alter session set > current_schema") must be created in the code account, but this is sometimes > missed. We don't grant "select any table" to the code account. For a long > time, I've wished Oracle to allow "grant select,insert,update,delete on > <schema> to <grantee>". > > Yong Huang >