Fwd: Security issues in granting v$view select privileges

  • From: Rumpi Gravenstein <rgravens@xxxxxxxxx>
  • To: oracle-l-freelists <oracle-l@xxxxxxxxxxxxx>
  • Date: Sat, 20 Nov 2010 13:51:43 -0500

---------- Forwarded message ----------
From: Rumpi Gravenstein <rgravens@xxxxxxxxx>
Date: Sat, Nov 20, 2010 at 1:50 PM
Subject: Re: Security issues in granting v$view select privileges
To: Jed_Walker@xxxxxxxxxxxxxxxxx


<snip>

select access to all v$views for troubleshooting purposes.
</snip>

My v$view is that if you want good systems, developers need to see what is
going on.  One does that best with access to the v$ views.  If your worried
about improper use in production then you should do a dependency audit prior
to moving an application to production.  If the problem is that development
is not good at checking for this type of thing, then that issue should be
addressed directly with development.

There are many examples where the v$views are helpful, for instance with
code instrumentation.  That instrumentation is expressed in calls to the the
dbms_application_info package and then seen in the v$session view.  If
developers don't have access to this view one can't expect code to be
instrumented.  There are many other views (wait state, plan, etc.) that a
good developer will want.

You should be encouraged that your developers want this type of access.  The
alternative is an environment where "duhvelopers" thrive.

>
-- 
Rumpi Gravenstein




-- 
Rumpi Gravenstein

Other related posts:

  • » Fwd: Security issues in granting v$view select privileges - Rumpi Gravenstein