Re: select only user causing locks?

  • From: jungwolf <spatenau@xxxxxxxxx>
  • To: Mladen Gogala <gogala@xxxxxxxxxxxxx>
  • Date: Sat, 30 Apr 2005 09:28:08 -0500

On 4/29/05, Mladen Gogala <gogala@xxxxxxxxxxxxx> wrote:
> Oh my gawd! This reinforces my beliefs that guns should be kept locked in=
 a safe place!
> If you give a gun to a childish person, it will shoot itself in a foot, a=
t best. This


> First, you don't ever give end-lusers a tool that can issue ad-hoc querie=
s. You make darned

As soon as I'm golfing buddies with the CIO...  (jeez, I should know
better than to expect a serious answer on a Friday afternoon.)

Anyway, I finally found this in the docs:
Oracle9i SQL Reference
Release 2 (9.2)
Part Number A96540-02

The following table privileges authorize operations on a table. Any
one of following object privileges allows the grantee to lock the
table in any lock mode with the LOCK TABLE statement.

How many people have taken the above information and realized the
query account the project manager demands for, say, auditing purposes
can then lock up the entire application?  I've been scouring the 'net
and haven't found any warnings to that affect.

This should be just an academic point since any power user sitting at
a SQL prompt that issues a "select for update" or "lock table" command
will be shot.  Unfortunately the power users have moved on to Toad and
it is pretty easy to unwittingly have Toad do a "select for update".

Given that a query (audit) account is a requirement and that I can't
control what tool they will use, anyone have ideas on how to stop the


Other related posts: