Mark Forums Read

Create view from DBA_ROLES for non-privileged users?

Go Back

comp.databases.oracle.server comp.databases.oracle.server

Reply

Page 1 of 3

1

#1

Old

dananrg@yahoo.com

Posts: n/a

Create view from DBA_ROLES for non-privileged users? - 06-12-2008 , 09:50 AM

Is it possible to create a view based off DBA_ROLES so that a non-DBA
user can keep track of which users belong to roles associated with his
department? In this case, all roles associated with the specific
department are named with a common prefix, e.g. ABC_<rest of role
name>.

I'm thinking of something like the following:

CREATE VIEW ABC_USER_ROLES as
SELECT USERNAME, GRANTED_ROLE
FROM DBA_ROLES
WHERE GRANTED_ROLE LIKE '%ABC_%';

Is there any technical or security issue in creating a view like this
for the user.

It would be a time-saver for all concerned to have the view (vs.
generating static reports of what users are in which roles).

Reply With Quote

#2

Old

Ana C. Dent

Posts: n/a

Re: Create view from DBA_ROLES for non-privileged users? - 06-12-2008 , 08:18 PM

dananrg (AT) yahoo (DOT) com wrote in news:b754c633-bfa5-4437-b9f7-e32b90b40809@
27g2000hsf.googlegroups.com:

Quote:

Is it possible to create a view based off DBA_ROLES so that a non-DBA
user can keep track of which users belong to roles associated with his
department? In this case, all roles associated with the specific
department are named with a common prefix, e.g. ABC_<rest of role
name>.

I'm thinking of something like the following:

CREATE VIEW ABC_USER_ROLES as
SELECT USERNAME, GRANTED_ROLE
FROM DBA_ROLES
WHERE GRANTED_ROLE LIKE '%ABC_%';

Is there any technical or security issue in creating a view like this
for the user.

It would be a time-saver for all concerned to have the view (vs.
generating static reports of what users are in which roles).

My reaction is that a stored procedure owned by some appropriately
privileged schema that could be invoked by PUBLIC might be a better choice.

Reply With Quote

#3

Old

Ana C. Dent

Posts: n/a

Re: Create view from DBA_ROLES for non-privileged users? - 06-12-2008 , 08:18 PM

dananrg (AT) yahoo (DOT) com wrote in news:b754c633-bfa5-4437-b9f7-e32b90b40809@
27g2000hsf.googlegroups.com:

Quote:

Is it possible to create a view based off DBA_ROLES so that a non-DBA
user can keep track of which users belong to roles associated with his
department? In this case, all roles associated with the specific
department are named with a common prefix, e.g. ABC_<rest of role
name>.

I'm thinking of something like the following:

CREATE VIEW ABC_USER_ROLES as
SELECT USERNAME, GRANTED_ROLE
FROM DBA_ROLES
WHERE GRANTED_ROLE LIKE '%ABC_%';

Is there any technical or security issue in creating a view like this
for the user.

It would be a time-saver for all concerned to have the view (vs.
generating static reports of what users are in which roles).

My reaction is that a stored procedure owned by some appropriately
privileged schema that could be invoked by PUBLIC might be a better choice.

Reply With Quote

#4

Old

Ana C. Dent

Posts: n/a

Re: Create view from DBA_ROLES for non-privileged users? - 06-12-2008 , 08:18 PM

dananrg (AT) yahoo (DOT) com wrote in news:b754c633-bfa5-4437-b9f7-e32b90b40809@
27g2000hsf.googlegroups.com:

Quote:

Is it possible to create a view based off DBA_ROLES so that a non-DBA
user can keep track of which users belong to roles associated with his
department? In this case, all roles associated with the specific
department are named with a common prefix, e.g. ABC_<rest of role
name>.

I'm thinking of something like the following:

CREATE VIEW ABC_USER_ROLES as
SELECT USERNAME, GRANTED_ROLE
FROM DBA_ROLES
WHERE GRANTED_ROLE LIKE '%ABC_%';

Is there any technical or security issue in creating a view like this
for the user.

It would be a time-saver for all concerned to have the view (vs.
generating static reports of what users are in which roles).

My reaction is that a stored procedure owned by some appropriately
privileged schema that could be invoked by PUBLIC might be a better choice.

Reply With Quote

#5

Old

Ana C. Dent

Posts: n/a

Re: Create view from DBA_ROLES for non-privileged users? - 06-12-2008 , 08:18 PM

dananrg (AT) yahoo (DOT) com wrote in news:b754c633-bfa5-4437-b9f7-e32b90b40809@
27g2000hsf.googlegroups.com:

Quote:

Is it possible to create a view based off DBA_ROLES so that a non-DBA
user can keep track of which users belong to roles associated with his
department? In this case, all roles associated with the specific
department are named with a common prefix, e.g. ABC_<rest of role
name>.

I'm thinking of something like the following:

CREATE VIEW ABC_USER_ROLES as
SELECT USERNAME, GRANTED_ROLE
FROM DBA_ROLES
WHERE GRANTED_ROLE LIKE '%ABC_%';

Is there any technical or security issue in creating a view like this
for the user.

It would be a time-saver for all concerned to have the view (vs.
generating static reports of what users are in which roles).

My reaction is that a stored procedure owned by some appropriately
privileged schema that could be invoked by PUBLIC might be a better choice.

Reply With Quote

#6

Old

Ana C. Dent

Posts: n/a

Re: Create view from DBA_ROLES for non-privileged users? - 06-12-2008 , 08:18 PM

dananrg (AT) yahoo (DOT) com wrote in news:b754c633-bfa5-4437-b9f7-e32b90b40809@
27g2000hsf.googlegroups.com:

Quote:

Is it possible to create a view based off DBA_ROLES so that a non-DBA
user can keep track of which users belong to roles associated with his
department? In this case, all roles associated with the specific
department are named with a common prefix, e.g. ABC_<rest of role
name>.

I'm thinking of something like the following:

CREATE VIEW ABC_USER_ROLES as
SELECT USERNAME, GRANTED_ROLE
FROM DBA_ROLES
WHERE GRANTED_ROLE LIKE '%ABC_%';

Is there any technical or security issue in creating a view like this
for the user.

It would be a time-saver for all concerned to have the view (vs.
generating static reports of what users are in which roles).

My reaction is that a stored procedure owned by some appropriately
privileged schema that could be invoked by PUBLIC might be a better choice.

Reply With Quote

#7

Old

Ana C. Dent

Posts: n/a

Re: Create view from DBA_ROLES for non-privileged users? - 06-12-2008 , 08:18 PM

dananrg (AT) yahoo (DOT) com wrote in news:b754c633-bfa5-4437-b9f7-e32b90b40809@
27g2000hsf.googlegroups.com:

Quote:

Is it possible to create a view based off DBA_ROLES so that a non-DBA
user can keep track of which users belong to roles associated with his
department? In this case, all roles associated with the specific
department are named with a common prefix, e.g. ABC_<rest of role
name>.

I'm thinking of something like the following:

CREATE VIEW ABC_USER_ROLES as
SELECT USERNAME, GRANTED_ROLE
FROM DBA_ROLES
WHERE GRANTED_ROLE LIKE '%ABC_%';

Is there any technical or security issue in creating a view like this
for the user.

It would be a time-saver for all concerned to have the view (vs.
generating static reports of what users are in which roles).

My reaction is that a stored procedure owned by some appropriately
privileged schema that could be invoked by PUBLIC might be a better choice.

Reply With Quote

#8

Old

Ana C. Dent

Posts: n/a

Re: Create view from DBA_ROLES for non-privileged users? - 06-12-2008 , 08:18 PM

dananrg (AT) yahoo (DOT) com wrote in news:b754c633-bfa5-4437-b9f7-e32b90b40809@
27g2000hsf.googlegroups.com:

Quote:

Is it possible to create a view based off DBA_ROLES so that a non-DBA
user can keep track of which users belong to roles associated with his
department? In this case, all roles associated with the specific
department are named with a common prefix, e.g. ABC_<rest of role
name>.

I'm thinking of something like the following:

CREATE VIEW ABC_USER_ROLES as
SELECT USERNAME, GRANTED_ROLE
FROM DBA_ROLES
WHERE GRANTED_ROLE LIKE '%ABC_%';

Is there any technical or security issue in creating a view like this
for the user.

It would be a time-saver for all concerned to have the view (vs.
generating static reports of what users are in which roles).

My reaction is that a stored procedure owned by some appropriately
privileged schema that could be invoked by PUBLIC might be a better choice.

Reply With Quote

#9

Old

dananrg@yahoo.com

Posts: n/a

Re: Create view from DBA_ROLES for non-privileged users? - 06-13-2008 , 07:02 AM

On Jun 12, 9:18*pm, "Ana C. Dent" <anaced... (AT) hotmail (DOT) com> wrote:

Quote:

My reaction is that a stored procedure owned by some appropriately
privileged schema that could be invoked by PUBLIC might be a better choice..- Hide quoted text -

Thanks Ana. They prefer to not use stored procedures in my
environment, but I will look into it.
Any other thoughts about the original approach? Why specifically might
your solution be preferable?

Thanks again.

Dana

Reply With Quote

#10

Old

dananrg@yahoo.com

Posts: n/a

Re: Create view from DBA_ROLES for non-privileged users? - 06-13-2008 , 07:02 AM

On Jun 12, 9:18*pm, "Ana C. Dent" <anaced... (AT) hotmail (DOT) com> wrote:

Quote:

My reaction is that a stored procedure owned by some appropriately
privileged schema that could be invoked by PUBLIC might be a better choice..- Hide quoted text -

Thanks Ana. They prefer to not use stored procedures in my
environment, but I will look into it.
Any other thoughts about the original approach? Why specifically might
your solution be preferable?

Thanks again.

Dana

Reply With Quote

Reply

Page 1 of 3

1

« Previous Thread | Next Thread »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.