Reputation: 2377
Oracle DBA Role and its specific functions (and possible replacement)
I have to install an application server that requires an user to write to the database, possibly create new schemes and such. However, I've always used the "work around" to assign the DBA Role to that user.
I have some questions, as I am not that deep into Oracle security.
- Has the DBA role a level of privileges that can affect the whole Oracle installation?
- Where can I find what privileges the DBA role exactly have?
- How do I create an alternative role?
Thanks,
Upvotes: 3
Views: 4679
Answers (2)
Reputation: 1251
First look into Ronnis' solution. If this is not sufficient create a package, owned by SYSTEM, and grant EXECUTE to the user or users that need it. Add procedures that perform the needed operations taking care to limit their power as much as possible.
Upvotes: 0
Reputation: 12833
1) Yes, the dba role should have enough privileges to screw up a database beyond fixing.
2)
select *
from role_sys_privs
where grantee = 'DBA';
3) Unless you plan on having several user with similar privileges, I recommend creating a user and grant all needed privileges explicitly to this user instead of via a role.
You can read more about the topic in Oracle Database Security Guide chapter 11, Administering User Privileges, Roles, and Profiles
Upvotes: 9
Related Questions
- Recommended ORACLE Role for user
- create role ORACLE
- Oracle Roles and privileges hierarchy
- What privileges does a role grant?
- Create or replace role?
- Granting DBA privileges to user in Oracle
- Oracle select privilege on DBA_ROLES
- How to create and set roles in Oracle by Oracle Sql Developer?
- Roles in oracle
- difference between roles and users