RE: Read Only User

  • From: "Gints Plivna" <Gints.Plivna@xxxxxxxxx>
  • To: <oracle-l@xxxxxxxxxxxxx>
  • Date: Fri, 17 Dec 2004 13:03:25 +0200

Sometimes select through programmed interfaces doesn't mean only SELECTS
in tables i.e. what if your programmed interfaces have some kind of
auditing who has seen these data? What if your programmed interfaces
inserts some info in service tables e.g. user (un)succesful connections,
procedures called, performance metrics etc?
I'd even say that in most cases programmed interface does some inserts
or updates for every user logged in, even for a user that has only read
privileges. And I think that it is really a task when creating system to
identify what kind of privileges you need, e.g. do you need to divide
them only for data subsets, do you need separate read, insert, update
and (!) delete privileges, probably you even need separate access for
current and historical data. That is a real system requirements and
design task and I don't think it could be much generalized.

Too bad that such kind of a requirement has been identified so late.
That is as good requirement as creating some new form to display and
edit new business data, and even much worse requirement because it
affects all the system, not only some part of it.


> I am not sure if I have said this before in writing, I think I have, I
> think Oracle should look seriously at letting customers easily specify
> read only user without resorting to wrapper code or any other non
> trivial hacks. I can appreciate that this may not be easy to do but it
> sure would be a useful feature. I don't mean just SELECT ANY TABLE but
> being able to access the data through the same developed interfaces
> already have been coded.

Other related posts: