I have not used; =20 dbms_java.grant_permission('SYS','java.lang.RuntimePermission','loadLibr ary.... but have used; dbms_java.grant_permission( 'MARQUEZ', 'SYS:java.lang.RuntimePermission', 'write/readFileDescriptor' I did this to enable me to use and run JAVA *in* the database; CREATE OR REPLACE AND COMPILE JAVA SOURCE NAMED ...the JAVA program does OS commands. My *guess* is that you developer has JAVA code "outside"? the database that he want to call from "inside" the database? I question how one could "deviate" from any of this...meaning that one must have the correct set of ROLES, GRANTS, PRIVS to completed any task in the database...JAVA not excluded. Again, my experience was that until I got the right mix privs and java code I wasn't able to have any java fun. PS I think just saying the words Oracle & JAVA is a security breach at some level.... PPS Is he using Library "oraawt" specifically...what does it do? Hth, Chris Marquez Oracle DBA HEYMONitor(tm) - heymonitor.com "Oracle Monitoring & Alerting Solution" ----------------------------------- SYS ----------------------------------- SQL> show user USER is "SYS" SQL> Execute dbms_java.grant_permission( 'MARQUEZ', 'SYS:java.io.FilePermission', '<<ALL FILES>>', 'execute'); PL/SQL procedure successfully completed. SQL> execute dbms_java.grant_permission( 'MARQUEZ', 'SYS:java.lang.RuntimePermission', 'writeFileDescriptor', '*' ); PL/SQL procedure successfully completed. SQL> execute dbms_java.grant_permission( 'MARQUEZ', 'SYS:java.lang.RuntimePermission', 'readFileDescriptor', '*' ); PL/SQL procedure successfully completed. -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Goulet, Dick Sent: Tuesday, April 19, 2005 10:40 AM To: oracle-l@xxxxxxxxxxxxx Subject: RE: DBMS_JAVA.GRANT_PERMISSION Ron, =3D09 I did not say the "correct approach", but that there must be "good reason" for it. I've an application developer who wants to deviate from the default & am looking for any experience/good reasons that says we should not. -----Original Message----- From: Reidy, Ron [mailto:Ron.Reidy@xxxxxxxxxxxxxxxxxx]=3D20 Sent: Tuesday, April 19, 2005 10:33 AM To: Goulet, Dick; oracle-l@xxxxxxxxxxxxx Subject: RE: DBMS_JAVA.GRANT_PERMISSION Hmmm, I would never assume the default set up/behavior from any software vendor is the correct approach, but that is just me :) ----------------- Ron Reidy Lead DBA Array BioPharma, Inc. -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Goulet, Dick Sent: Tuesday, April 19, 2005 7:51 AM To: oracle-l@xxxxxxxxxxxxx Subject: DBMS_JAVA.GRANT_PERMISSION Has anyone out there ever had to grant permission for LoadLibrary? There's a Metalink document, Note:259471.1, on how to do it, but are there any downsides? I take the approach that if Oracle set this up as default behavior there is good reason for it. Dick Goulet Senior Oracle DBA Oracle Certified 8i DBA -- //www.freelists.org/webpage/oracle-l This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended=3D20 to be for the use of the individual or = entity named above. If you are not the=3D20 intended recipient, please be aware that any disclosure, copying, distribution=3D20 or use of the contents = of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system. -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l