-
Hello,
Assuming I have 5 applications that are in 5 different tablespaces. And there are about 100 users using the database.
After creating these 100 users, what is the best way to give the users access to the tablespaces that they are not supposed to have access to and also what is the best way to give users access to to tablespaces that they are supposed to have access to?
i.e. to give permission to users of one tablespace and deny them permission to the other tablespace. So that certain users can see the contents of some tablespaces while other user can see the contents of other tablespace.
thanks,
dorothy
-
Security is not managed through tablespaces.
You can create Roles to group privileges , but those privileges are related to the objects in the tablespace.
-
Giving the resource privilige would make all the tablespace available to
the users. U might have to revoke this privilige to limit the object creation
in the user's default tablespace.
-
Right.
But those are QUOTAS.
You can still do a query if you have the select privilege even if you don't have quota on the tablespace.
-
True.
As rcaballe said, object access is managed thru grant and revoke.
Best way is to create the roles for individual tablespace objects and
granting the roles to the users.
Hope it makes sense.
-
I really could not understand what is meant by applications in different table spaces. I believe what you are trying to say is .. the objects for the 5 differenct applications are in 5 different table spaces.
As rcabella said permission cannot be granted or denied for the users on table spaces for viewing the Contents from the tablespace..
So it is not possible to stop the users from going to the tables spaces and access the contents. But you can stop the users from accessing the objects in the tablespaces such as tables etc....
One of the solutions might be create 5 different roles' each having privileges for objects from only one tablespace. And then attach each of these rolls to few users. Remember
don’t give all of the above created rolls to all the users.
-Hidayath
-
thanks "guys". What I really mean is what Hidayath explained. Sorry about the clarity of my question
thanks,
dorothy
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|