You can also look at sudo. sudo is designed for this type of authorization in
Linux and very commonly used. We use it for a few things, such as letting a qa
group execute flashback database scripts. It requires an account on the linux
host and allows a script to be executed as a particular user ( oracle ).
On Oct 14, 2015, at 11:06 AM, Chris King <ckaj111@xxxxxxxx> wrote:
I see a theme here.. internal database code.. PL/SQL to the rescue! Thanks..
I'll give that a go.
From: "Deas, Scott" <Scott.Deas@xxxxxxx>
To: "ckaj111@xxxxxxxx" <ckaj111@xxxxxxxx>; Oracle-l Digest Users
<oracle-l@xxxxxxxxxxxxx>
Sent: Wednesday, October 14, 2015 10:42 AM
Subject: RE: linux/sqlplus scripting to obscure permissions
Chris,
Are you sure you want this controlled directly in the script? Would it make
more sense to have a package do the work, and the users have access to
execute the package?
If you really do want to use the script, I would look into Oracle wallets if
you want to hide the authentication of the script from the user, but my
preference would be individual login accounts with access to execute the
package (which gives you auditing options as a result).
Thanks,
Scott
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Chris King
Sent: Wednesday, October 14, 2015 10:27 AM
To: Oracle-l Digest Users
Subject: linux/sqlplus scripting to obscure permissions
I've written two sql scripts which can be used to expand a tablespace. The
intent is to make these scripts available to non-DBAs to manage potential
off-hours issues.
Because the scripts will be run by non-DBAs, I would like to modify them such
that the user will not have direct passwords or database permissions, but
just permission to execute the scripts. i.e. the scripts will handle all
permission issues.
I'm having trouble finding the details of how to do this both on the linux
and oracle side of things. So far for Oracle, I've found the externally
identified type accounts, but I'm concerned that this may not be secure. And
for scripting on linux, I'm at a loss.
Could someone point me in the right direction?
Many thanks!
Notice of Confidentiality: **This E-mail and any of its attachments may
contain
Lincoln National Corporation proprietary information, which is privileged,
confidential,
or subject to copyright belonging to the Lincoln National Corporation family
of
companies. This E-mail is intended solely for the use of the individual or
entity to
which it is addressed. If you are not the intended recipient of this E-mail,
you are
hereby notified that any dissemination, distribution, copying, or action
taken in
relation to the contents of and attachments to this E-mail is strictly
prohibited
and may be unlawful. If you have received this E-mail in error, please notify
the
sender immediately and permanently delete the original and any copy of this
and any printout. Thank You.**
