Home > Ask the Oracle Experts > (Archive) Database Security Questions & Answers > Roles used for transferring data provide too many privileges
Ask The Oracle Expert: Questions & Answers
EMAIL THIS

Roles used for transferring data provide too many privileges

Dan Norris EXPERT RESPONSE FROM: Dan Norris

Pose a Question
Other Oracle Categories
Meet all Oracle Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 19 November 2004

We are required to follow very strict security guidelines for our production databases. One of those guidelines states that a schema owner cannot have create session privileges, except when updating structures. Any user that can connect to the database cannot own any objects. Normally this is not a problem. We have one schema owner, and all users are granted specific access (through roles) to objects in that schema.

Here's my problem: we need to transfer data from one computer to another (not connected via a network) on a regular basis. We have worked out a process, using export and import, to do this. The user running this process must be able to connect to the database. However, this person cannot own any tables. In order to export and import from and to a different schema, they must have exp_full_database and imp_full_database roles. These roles provide way too many privileges (for example, create any table). Is there any other way around this? Any advice is appreciated!


>
EXPERT RESPONSE

Any user that is able to create tables in another schema will likely have too much privileges for the environment you're describing. Your standard is admirable, but it seems almost too restrictive to get the work done.

The only other potential solution for your problem (which has several restrictions of its own) is to use a logical standby database on one of the hosts. This may or may not work for you depending on your requirements. The logical standby database can be "fed" from archived redo logs. So, instead of doing an export on your primary and copying that file to the secondary server, copy the archived redo logs. Once they are restored to the secondary system, they can be applied to update the secondary server.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Oracle database security
Oracle Security: Top five headlines
Oracle Identity Manager adds provisioning, compliance features
Firm dumps MySQL on Red Hat for Oracle Database on Oracle Linux
Oracle password best practices
Five ways to prepare for a SOX audit
When were the SYS/SYSTEM passwords last changed?
How to create a password file in Oracle 9i?
Bharosa to give Oracle users transaction security
Database security when users can connect without password
Running a script without user's password to Oracle database

(Archive) Database Security
Identifying the user who submits a query
Is it possible to granting privileges on a schema level?
Acquiring knowledge of Oracle database users and their IDs
Manage users using Oracle Internet Directory
Is there a "backdoor" to retrieve passwords?
Setting up password values
Does Oracle password support special characters?
SQL statement issued by the client system
Oracle forms only accessing the database
Preventing connections to the database

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsTipsAsk the ExpertsMultimediaWhite PapersProductsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts