RE: V$ access for production support
- From: Tanel Poder <tanel.poder.003@xxxxxxx>
- To: Dave.Herring@xxxxxxxxxx, "'Christian Antognini'" <Christian.Antognini@xxxxxxxxxxxx>
- Date: Sun, 03 Sep 2006 22:32:54 +0800
Well someone malicious could cause some library cache latch contention by
running PL/SQL or nested loop joins against unindexed columns of V$SQL or
V$SQL_SHARED_MEMORY.
So you'd need to:
1) work out which views would actually be needed for production support
2) distinguish which views are dangerous and which are not and create the
roles based on that
3) give respective roles to the users based on how much you trust them ;)
Tanel.
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx
> [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Herring
> Dave - dherri
> Sent: Sunday, September 03, 2006 22:13
> To: Christian Antognini
> Cc: oracle-l
> Subject: RE: V$ access for production support
>
> Welllll, I'd like to say I had a great reason, but so far
> I've only come up with being paranoid. I guess I could
> create a role and grant privs on those V_$ views I need to,
> then grant the role to those needing access for production
> support. Sure a lot easier than creating wrapper procedures
> per SQL statement!
>
> Glad I asked.
>
> Dave
--
//www.freelists.org/webpage/oracle-l
Other related posts:
