Kbase 17082: User security and privileges requirements with ORACLE DataServer?
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
02/06/2008 |
|
Status: Verified
GOAL:
User security and privileges requirements with ORACLE DataServer?
GOAL:
What privileges are required for Schema Migration, ProtoOra?
GOAL:
What privileges required for Schema Pull?
GOAL:
User privileges in Oracle database
GOAL:
User permissions in Oracle database
FACT(s) (Environment):
Oracle
Oracle DataServer
All Supported Operating Systems
FIX:
To use the DataServer for ORACLE, there are three security requirements:
1. To create the schema holder for the ORACLE database, you must have SELECT privileges for system objects in the ORACLE database. The privileges required to access the schema holder and connect to the ORACLE database with the DataServer depend on whether and how your application modifies the database.
When you create or update a schema holder for an ORACLE database, you must be able to connect to the database and have SELECT privileges on specific system objects. SELECT privileges on system objects are required because the Progress Data Dictionary cannot access the data dictionary tables in the ORACLE database without them; it must access those tables to create a schema holder.
Here is the list of tables that require SELECT permissions
sys.argument$
sys.col$
sys.com$
sys.con$
sys.dual
sys.icol$
sys.ind$
sys.link$
sys.obj$
sys.procedure$
sys.seq$
sys.syn$
sys.tab$
sys.user$
sys.view$
sys.ts$
2. For schema migration, protoora, additional select privileges are required
CREATE SESSION
CREATE TABLE
CREATE SEQUENCE
3. To run DataServer applications that access an ORACLE database, you must have SELECT privileges for the "sys.dual" system table.Permissions for connecting a schema holder
To connect a schema holder for an ORACLE database, you must provide a valid user ID and password combination for ORACLE at connection time. Use the User ID (-U) parameter to provide the user ID and the Password (-P) parameter to provide the password.
Table 5?6: Required ORACLE permissions
Permission Object
CREATE SESSION Database
SELECT System objects:
sys.argument$
sys.col$
sys.com$
sys.con$
sys.dual
sys.icol$
sys.ind$
sys.link$
sys.obj$
sys.procedure$
sys.seq$
sys.syn$
sys.tab$
sys.ts$
sys.user$
sys.view$
4. Once you have set up the schema holder, the required ORACLE privileges vary among users depending on their applications. For example, the user running an OpenEdge application that queries, but does not update, a table in the ORACLE database must connect to the ORACLE database with a user and password that provides at least SELECT privileges on the table.
Note: In addition to the permissions required by the applications that users run, users must have SELECT permission on the sys.dual system table.
In summary, the user ID and password combination required to run an application depends on:
? The ORACLE database tables the application accesses.
? The type of access required on those tables.
Note: A database administrator (DBA) has to establish all user ID and password combinations within ORACLE.