RE: auto grant select
- From: "Baumgartel, Paul" <paul.baumgartel@xxxxxxxxxxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Wed, 29 Nov 2006 20:47:31 -0000
I'm surprised to hear an experienced DBA say this.
Here are a couple of (OK, three) good reasons:
--The principle of least privilege says "grant only what is necessary to get
the job done".
--In many shops, there are security standards that forbid granting "select any
table" to non-DBA accounts, and doing so raises a violation (this is the case
where I work, for example).
--Everyone who has access to the u2 account may not be authorized to see all
data in the database.
Paul Baumgartel
CREDIT SUISSE
Information Technology
DBA & Admin - NY, KIGA 1
11 Madison Avenue
New York, NY 10010
USA
Phone 212.538.1143
paul.baumgartel@xxxxxxxxxxxxxxxxx
www.credit-suisse.com
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of bill thater
Sent: Wednesday, November 29, 2006 3:37 PM
To: kevin.lidh@xxxxxxxxx
Cc: toth.istvan@xxxxxxx; oracle-l@xxxxxxxxxxxxx
Subject: Re: auto grant select
am i missing something here? why can't you just grant slect any table to u2?
--
--
Bill "Shrek" Thater ORACLE DBA
shrekdba@xxxxxxxxx
------------------------------------------------------------------------
All the girls say
Save a horse, ride a cowboy
--
http://www.freelists.org/webpage/oracle-l
==============================================================================
Please access the attached hyperlink for an important electronic communications
disclaimer:
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
==============================================================================
--
http://www.freelists.org/webpage/oracle-l
Other related posts: