DBAsupport.com Forums - Powered by vBulletin
Results 1 to 3 of 3

Thread: Can we create users in a hierarchical structure in oracle8i

  1. #1
    Join Date
    Dec 2000
    Posts
    95

    Question

    This is my question

    i want to create a user and then under that user i have to create some other users and again under each user i have to create some other users .....like that hierarchical structure.

    I am able to create this structure. Lets think there are four levels in the hierarchy. Then the information of the 1st level is not accessible for the rest 3 levels. And the information about the 2nd level user is not accessible for 3rd , 4th level users and the 3rd level is not accessible by 4th level.. like taht. This is the way i have to maintain the hierarchy.
    But the problem is 4th level user is able to see the information of 1st level and same for the other levels also.
    I think i faced this problem is because i granted dba role for 1st level. then only the 1st level user can create the users under him. If the user under 1st level user i.e. 2nd level user wants to create users under him. Then i have to grant the dba role to him also, if not he is unable to create users under him.
    That's where the problem comes into picture. If i grant dba roles for each level , i can't maintain the security. The 4 th level user also can see the information of 1 level user.

    so please anybody answer to myquestion that , can a user create another user without dba role ? if it is possible please give some information to me please.

    i am using oracle8i on windowsNT

    SrinivasM


  2. #2
    Join Date
    Oct 2000
    Location
    Saskatoon, SK, Canada
    Posts
    3,925
    To establish this kind of Hireachy, you have to establish a set of roles before granting them to the users. Say for example, that you have four roles created

    Level1_access
    Level2_access
    :
    :

    In such case you can customize the privileges each role has. That is you could give the dba role to Level1_access, but be aware of the dba role, b'cos you are compromising a lot of things with this role. Insteas you could customize the Level1_access role by selectivly granting some system privileges that are in dba_role. For the Level2_access role and the others you could selectively grant access and then establish a hirachy by including the role of Level4_access in Level3_access and so on backwards.

    Hope this would help you to solve the problen that you are having now.

    Good luck,
    Sam
    Thanx
    Sam



    Life is a journey, not a destination!


  3. #3
    Join Date
    Mar 2000
    Location
    Sydney
    Posts
    9
    Yes,
    Sambavan is right. Create the top level user as DBA and give required sys privilages to the roles
    LEVEL2
    LEVEL3
    LEVEL4
    and grant these roles to the users you create.

    GK

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width