
	Home > Ask the Oracle Experts > (Archive) Database Security Questions & Answers > Roles used for transferring data provide too many privileges

Ask The Oracle Expert: Questions & Answers

EMAIL THIS

Roles used for transferring data provide too many privileges

EXPERT RESPONSE FROM: Dan Norris

		Pose a Question

		Other Oracle Categories

		Meet all Oracle Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 19 November 2004
We are required to follow very strict security guidelines for our production databases. One of those guidelines states that a schema owner cannot have create session privileges, except when updating structures. Any user that can connect to the database cannot own any objects. Normally this is not a problem. We have one schema owner, and all users are granted specific access (through roles) to objects in that schema.
Here's my problem: we need to transfer data from one computer to another (not connected via a network) on a regular basis. We have worked out a process, using export and import, to do this. The user running this process must be able to connect to the database. However, this person cannot own any tables. In order to export and import from and to a different schema, they must have exp_full_database and imp_full_database roles. These roles provide way too many privileges (for example, create any table). Is there any other way around this? Any advice is appreciated!

EXPERT RESPONSE

Any user that is able to create tables in another schema will likely have too much privileges for the environment you're describing. Your standard is admirable, but it seems almost too restrictive to get the work done.

The only other potential solution for your problem (which has several restrictions of its own) is to use a logical standby database on one of the hosts. This may or may not work for you depending on your requirements. The logical standby database can be "fed" from archived redo logs. So, instead of doing an export on your primary and copying that file to the secondary server, copy the archived redo logs. Once they are restored to the secondary system, they can be applied to update the secondary server.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Oracle database security
	Oracle Security: Top five headlines
	Oracle Identity Manager adds provisioning, compliance features
	Firm dumps MySQL on Red Hat for Oracle Database on Oracle Linux
	Oracle password best practices
	Five ways to prepare for a SOX audit
	When were the SYS/SYSTEM passwords last changed?
	How to create a password file in Oracle 9i?
	Bharosa to give Oracle users transaction security
	Database security when users can connect without password
	Running a script without user's password to Oracle database

(Archive) Database Security

Identifying the user who submits a query

Is it possible to granting privileges on a schema level?

Acquiring knowledge of Oracle database users and their IDs

Manage users using Oracle Internet Directory

Is there a "backdoor" to retrieve passwords?

Setting up password values

Does Oracle password support special characters?

SQL statement issued by the client system

Oracle forms only accessing the database

Preventing connections to the database

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy