Oracle/DB2/Postgresql/Mysql/Hadoop/Greenplum/Postgres-xl/Mongodb
分类: Oracle
2012-08-03 15:27:22
Cannot be done. In Oracle privileges are granted on specific objects, unless you have the highpowered ANY privileges, which grant access to any object in any schema.
This is one of those things which seems quite annoying but actually is quite sound. There is no good business reason for granting privileges on all on the objects in a schema en masse. Either
Now it may be that the sub-set in the first instance is a very large sub-set. But laziness is not an excuse for poor security practices.
What we can do is generate the grant statements from the data dictionary:
点击(此处)折叠或打开
for a script to be run by user A).
This is still better than granting privileges on the schema, because it means at least any new object added by user A will not automatically be propagated to B without an additional action and, hence, without some additional thought as to whether it is appropriate.