DBAsupport.com Forums - Powered by vBulletin
Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Access to v$views

  1. #11
    Join Date
    Aug 2002
    Location
    Bangalore, India
    Posts
    405
    grant SELECT_CATALOG_ROLE to user****;

    and also set the folowing init.ora parameter to true.

    O7_DICTIONARY_ACCESSIBILITY
    -nagarjuna

  2. #12
    Join Date
    Feb 2002
    Posts
    70
    And while you at that, why not simpl grant him DBA privilege? And perhaps SYSDBA on top of that? Or, to make it even more simple, why not simply all your user know the SYS password and let them all allways connect as SYS?
    Granting select any table to a user doesn't mean one is giving all the DBA privileges to a user. One is giving just read only privilege on the v$tables.

    For example:
    Developer need to check how many cursors are opened by his application while running, one way is to access the corresponding v$tables to close the cursors that are open. Otherwise everytime he/she has to request the DBA to provide the respective information.

    Its entirely depends upon the situation and request.

    Thanks,
    ________________
    ShanDJ

  3. #13
    Join Date
    Aug 2001
    Location
    Waterloo, On
    Posts
    547
    shandj, granting 'select any table' to all developers will greatly compromise security if you or your organisations have 'secure' tables, ie. database tables you don't want everyone to see. If you don't have that problem of security, go ahead. But also think of the future/ future DBAs in your organisation.
    The very concept of privileges in Oracle is to provide 'granular' security, ie provide only those privileges which are absolutely essential for the user.
    Hence, in this case, 'select catalog role' or 'select any dictionary' is the right choice.

    Raminder Singh

    Oracle Certified DBA: Oracle 8i, 9i


    Mail me at raminderahluwalia@rediffmail.com.

  4. #14
    Join Date
    Dec 2000
    Location
    Ljubljana, Slovenia
    Posts
    4,439
    Originally posted by shandj
    Granting select any table to a user doesn't mean one is giving all the DBA privileges to a user.
    Obviously I wasn't sarcastic enough in my previous reply. Sorry about that.

    It is more than evident that your proposed solution gives much, much, much wider privileges to the end user than original poster was asking for. The original question was very simple: given the user's existing privileges, what do I have to do to enable him access to V$ and DBA_* family of views. In this aspect, your proposal was way to generous. By using your suggestion, the user will have select permition in any peace of data written into the database. I doubt this is what original poster was looking for.
    Jurij Modic
    ASCII a stupid question, get a stupid ANSI
    24 hours in a day .... 24 beer in a case .... coincidence?

  5. #15
    Join Date
    Aug 2002
    Location
    Bangalore, India
    Posts
    405
    Originally posted by nagarjuna
    grant SELECT_CATALOG_ROLE to user****;

    and also set the folowing init.ora parameter to true.

    O7_DICTIONARY_ACCESSIBILITY
    Why nobody is considering my solution???
    -nagarjuna

  6. #16
    Join Date
    Nov 2000
    Location
    Pittsburgh, PA
    Posts
    4,166

    Question

    Originally posted by nagarjuna
    Why nobody is considering my solution???
    I think the reason that no one is considering your solution is that it turns off any new security added after 7.3.4. Another solution might be to have the users spend more time looking at the user views. If they can get what they want with a user view then they already have that privilege they need. If someone had a good reason to do a select on a v$ view then I would do an explicit grant on the object they need for that user. However, I don't know why a non-privileged user would have a need to look at any sys object.

  7. #17
    Join Date
    Nov 2000
    Location
    Pittsburgh, PA
    Posts
    4,166

    Talking

    Originally posted by jmodic
    And while you at that, why not simpl grant him DBA privilege? And perhaps SYSDBA on top of that? Or, to make it even more simple, why not simply all your user know the SYS password and let them all allways connect as SYS? You know, as DBA you'll have far less troubles with user managenment this way!
    If you really want to give users access to a database why don't you just grant sysdba to the public role.


  8. #18
    Join Date
    Dec 2000
    Location
    Ljubljana, Slovenia
    Posts
    4,439
    Originally posted by nagarjuna
    Why nobody is considering my solution???
    Maybe because it was sanjaj_g's orriginal sollution, long before you proposed it?
    Originally posted by SANJAY_G
    You can grant him/her SELECT_CATALOG_ROLE

    Sanjay
    Jurij Modic
    ASCII a stupid question, get a stupid ANSI
    24 hours in a day .... 24 beer in a case .... coincidence?

  9. #19
    Join Date
    Aug 2002
    Location
    Bangalore, India
    Posts
    405
    Originally posted by nagarjuna
    grant SELECT_CATALOG_ROLE to user****;

    and also set the folowing init.ora parameter to true.

    O7_DICTIONARY_ACCESSIBILITY
    Stupid solution again

    We dont need to set O7_DICTIONARY_ACCESSIBILITY to true when we give SELECT_CATALOG_ROLE to user to access v$ and dba_ views. We have to set O7_DICTIONARY_ACCESSIBILITY to true only when we give select privileges on v$ and dba_ views individually.. Stupid solution again
    -nagarjuna

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width