Looking for opinions...
- From: "Sweetser, Joe" <JSweetser@xxxxxxxx>
- To: <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 09:37:45 -0700
Situation is a "generic" database account that too many people know the
password to. But they need to know the password for valid business
reasons. Does it make more sense to limit that account's access to its'
own tables or create a new account(s) and grant those the specific
access they need? I like the second option for various reasons
(auditability (is that a word?) and accountability to name two) but
others think just controlling the generic account's access to objects is
fine. To be a little more clear (and one reason why I don't like the
first option), there would be different privs on different tables -
select only on table A; select, insert on table B; select, update on
Table C; etc). Even with using roles, something just sort of bugs me
about an owner/account not being to update its' own data (read-only
situation exceptions, of course).
Opinions/comments/suggestions? Feel free to send back-channel and I
will summarize since I don't think this falls under a technical
umbrella. :-)
Thanks,
-joe
Confidentiality Note: This message contains information that may be
confidential and/or privileged. If you are not the intended recipient, you
should not use, copy, disclose, distribute or take any action based on this
message. If you have received this message in error, please advise the sender
immediately by reply email and delete this message. Although ICAT Managers, LLC
scans e-mail and attachments for viruses, it does not guarantee that either are
virus-free and accepts no liability for any damage sustained as a result of
viruses. Thank you.
--
//www.freelists.org/webpage/oracle-l
Other related posts:
