A few years ago one of the development groups here started using SQL Navigator. When first implemented they were unable to perform many tasks because they didn't have enough access despite specific access having been granted to objects in other schemas on an as needed basis. The immediate request (demand actually) was to grant DBA access. I said no and instead worked with Quest to find out where the problem was. I learned that in order for many of the SQL Navigator development tools to work select access on a number of the DBA_ views was required. Once I granted that everyone was sort of happy, although still a bit annoyed that I wouldn't just grant blanket DBA access. I suspect that may be all that is necessary in TOAD as well although I don't know. It took some work on my part but I was able to get them back to work without granting global privileges. Besides, I learned something about SQL Navigator too. Bill Wagman Univ. of California at Davis IET Campus Data Center wjwagman@xxxxxxxxxxx (530) 754-6208 ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Boyle, Christopher Sent: Thursday, June 14, 2007 7:40 AM To: rjamya@xxxxxxxxx; DENISE@xxxxxxxxxxxxxxxxx Cc: oracle-l@xxxxxxxxxxxxx Subject: RE: TOAD Access to other Schemas I couldn't agree with Raj more (and I used to be one of his developers too!) I am in the process of having the developers' access to the schema that holds the tables revoked. They can work in an _USER schema and qualify their references but too many "I couldn't wait to follow the procedures so I made the changes myself" that never got included in a model or build script have warranted this type of lock down. (Plus, they get the scripts wrong. Not all the developers. Not even most or many of the developers. But enough.) ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of rjamya Sent: Wednesday, June 13, 2007 10:08 PM To: DENISE@xxxxxxxxxxxxxxxxx Cc: oracle-l@xxxxxxxxxxxxx Subject: Re: TOAD Access to other Schemas this is a BIG NO NO. In-fact you can get away with SELECT ANY TABLE, but that too is a NO NO in production/devl environment. Anyone who claims they cannot do any development without these privs is trying for a easy workaround (aka borderline lazy). Ask them what they want, and grant only that, nothing more. Any blanket privilege (e.g. %ANY% types) are _bad_ imho in development environment because you will need those in production then too. My $0.0185 Raj ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ NOTICE OF CONFIDENTIALITY: Information included in and/or attached to this electronic mail transmission may be confidential. This electronic mail transmission is intended for the addressee(s) only. Any unauthorized disclosure, reproduction, or distribution of, and/or any unauthorized action taken in reliance on the information in this electronic mail is prohibited. If you believe that you have received this electronic mail transmission in error, please notify the sender by reply transmission, or contact helpdesk@xxxxxxxxxxxxx <mailto:helpdesk@xxxxxxxxxxxxx> , and delete the message without copying or disclosing it.