FAQ
Folks,


Pardon me, but I just got to let this out before I start thinking
about mailing a letter bomb or some other sort of retribution. I've got
a number of duhvelopers, with an emphasis on the duh, that use Toad.
Now every once in a while these folks just have to call Quest tech
support for some assistance, like integrating PVCS. Well every time
they do that the Quest tech folks inform them that they NEED DBA
priviledges in the database. It's a major pain in the neck with my
having to repair something there after, like restoring a tablespace that
they dropped. Is there anyone out there having similar problems? And
if there are any Quest folks on the list, which I believe there are, how
about tweaking the tool so that DBA is NOT needed. I mean replace all
those calls to DBA_this and that with ALL_.




Dick Goulet, Senior Oracle DBA

45 Bartlett St Marlborough, Ma 01752, USA
Tel.: 508.573.1978 |Fax: 508.229.2019 | Cell:508.742.5795

RGoulet_at_kanbay.com
: POWERING TRANSFORMATION

Search Discussions

  • Baumgartel, Paul at Jan 5, 2007 at 7:31 pm
    My last job was full of TOAD-using developers and I never had to give them DBA (they weren't using the add-on, extra-cost DBA module for TOAD). I might have given them SELECT ANY DICTIONARY or SELECT_CATALOG_ROLE.


    Paul Baumgartel
    CREDIT SUISSE

    Information Technology
    DBA & Admin - NY, KIGA 1
    11 Madison Avenue
    New York, NY 10010
    USA

    Phone 212.538.1143
    paul.baumgartel_at_credit-suisse.com
    www.credit-suisse.com

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org On Behalf Of Richard J. Goulet
    Sent: Friday, January 05, 2007 2:21 PM
    To: oracle-l_at_freelists.org
    Subject: Third Party tool rant

    Folks,


    Pardon me, but I just got to let this out before I start thinking about mailing a letter bomb or some other sort of retribution. I've got a number of duhvelopers, with an emphasis on the duh, that use Toad. Now every once in a while these folks just have to call Quest tech support for some assistance, like integrating PVCS. Well every time they do that the Quest tech folks inform them that they NEED DBA priviledges in the database. It's a major pain in the neck with my having to repair something there after, like restoring a tablespace that they dropped. Is there anyone out there having similar problems? And if there are any Quest folks on the list, which I believe there are, how about tweaking the tool so that DBA is NOT needed. I mean replace all those calls to DBA_this and that with ALL_.




    Dick Goulet, Senior Oracle DBA

    45 Bartlett St Marlborough, Ma 01752, USA
    Tel.: 508.573.1978 |Fax: 508.229.2019 | Cell:508.742.5795

    RGoulet_at_kanbay.com
    : POWERING TRANSFORMATION



    Please access the attached hyperlink for an important electronic communications disclaimer:

    http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html

    --
    http://www.freelists.org/webpage/oracle-l
  • Kerber, Andrew at Jan 5, 2007 at 7:32 pm
    They don't need DBA access. select_catalog_role or select any
    dictionary is sufficient, and even those aren't needed if you just give
    grants to the specific dba views that Toad uses. The people at Quest
    know this, and should know that you don't give dba privs to every
    developer.



    Andrew W. Kerber
    Oracle DBA
    UMB

    816-860-3921
    andrew.kerber_at_umb.com



    "If at first you dont succeed, dont take up skydiving"

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org
    On Behalf Of Richard J. Goulet
    Sent: Friday, January 05, 2007 1:21 PM
    To: oracle-l_at_freelists.org
    Subject: Third Party tool rant



    Folks,



    Pardon me, but I just got to let this out before I start thinking
    about mailing a letter bomb or some other sort of retribution. I've got
    a number of duhvelopers, with an emphasis on the duh, that use Toad.
    Now every once in a while these folks just have to call Quest tech
    support for some assistance, like integrating PVCS. Well every time
    they do that the Quest tech folks inform them that they NEED DBA
    priviledges in the database. It's a major pain in the neck with my
    having to repair something there after, like restoring a tablespace that
    they dropped. Is there anyone out there having similar problems? And
    if there are any Quest folks on the list, which I believe there are, how
    about tweaking the tool so that DBA is NOT needed. I mean replace all
    those calls to DBA_this and that with ALL_.





    Dick Goulet, Senior Oracle DBA

    45 Bartlett St Marlborough, Ma 01752, USA
    Tel.: 508.573.1978 |Fax: 508.229.2019 | Cell:508.742.5795

    RGoulet_at_kanbay.com
    : POWERING TRANSFORMATION



    NOTICE: This electronic mail message and any attached files are confidential. The information is exclusively for the use of the individual or entity intended as the recipient. If you are not the intended recipient, any use, copying, printing, reviewing, retention, disclosure, distribution or forwarding of the message or any attached file is not authorized and is strictly prohibited. If you have received this electronic mail message in error, please advise the sender by reply electronic mail immediately and permanently delete the original transmission, any attachments and any copies of this message from your computer system. Thank you.

    --
    http://www.freelists.org/webpage/oracle-l
  • Wolfgang Breitling at Jan 5, 2007 at 7:57 pm
    Why not grant the toad users SELECT_CATALOG_ROLE. Probably not
    ideal, but a heck of a lot better than DBA.

    9.2.0.7> grant connect, create session to guest identified by guest;

    Grant succeeded.

    9.2.0.7> connect guest/guest_at_ora92
    9.2.0.7> select count(0) from all_tables;

    COUNT(0)

    33

    1 row selected.

    9.2.0.7> select count(0) from dba_tables;
    select count(0) from dba_tables

    *

    ERROR at line 1:
    ORA-00942: table or view does not exist

    in between here the following happened from a different session:

    SQL> grant select_catalog_role to guest;

    Grant succeeded.

    SQL>

    9.2.0.7> select count(0) from dba_tables;
    select count(0) from dba_tables

    *

    ERROR at line 1:
    ORA-00942: table or view does not exist

    9.2.0.7> connect guest/guest_at_ora92
    Connected.
    9.2.0.7> select count(0) from dba_tables;

    COUNT(0)

    28396

    1 row selected.

    9.2.0.7>

    Works too in 10g (10.1.0.5, don't have a 10.2 handy at the moment).
    At 12:20 PM 1/5/2007, Richard J. Goulet wrote:
    Folks,

    Pardon me, but I just got to let this out before I start
    thinking about mailing a letter bomb or some other sort of
    retribution. I've got a number of duhvelopers, with an emphasis on
    the duh, that use Toad. Now every once in a while these folks just
    have to call Quest tech support for some assistance, like
    integrating PVCS. Well every time they do that the Quest tech
    folks inform them that they NEED DBA priviledges in the
    database. It's a major pain in the neck with my having to repair
    something there after, like restoring a tablespace that they
    dropped. Is there anyone out there having similar problems? And
    if there are any Quest folks on the list, which I believe there
    are, how about tweaking the tool so that DBA is NOT needed. I mean
    replace all those calls to DBA_this and that with ALL_.

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

    []

    Dick Goulet, Senior Oracle DBA

    <?xml:namespace prefix = st1 ns =
    "urn:schemas-microsoft-com:office:smarttags" />45 Bartlett
    St Marlborough, Ma 01752, USA
    Tel.: 508.573.1978 |Fax: 508.229.2019 | Cell:508.742.5795

    RGoulet_at_kanbay.com
    : POWERING TRANSFORMATION

    Regards

    Wolfgang Breitling
    Centrex Consulting Corporation
    www.centrexcc.com

    This email has been scanned by the MessageLabs Email Security System.
    For more information please visit http://www.messagelabs.com/email

    --
    http://www.freelists.org/webpage/oracle-l

    application/octet-stream attachment: 3d48108.gif
  • Phil Singer at Jan 6, 2007 at 2:54 am

    Wolfgang Breitling wrote:
    Why not grant the toad users SELECT_CATALOG_ROLE. Probably not ideal,
    but a heck of a lot better than DBA.
    Excellent idea (will break a few things in TOAD, but you will want those
    things broken anyway). But, just to be complete, first create a role
    that looks just like SELECT_CATALOG_ROLE, but has permissions to a
    variation of DBA_USERS which doesn't have the hashed password in it.

    [I know this is obvious to most on this list, but it may not be for a
    few lurkers].

    --
    Phil Singer | psinger1 at chartermi dot net
    PhD, OCP, and All Around Good Guy | Do the Obvious to Reply
    --
    http://www.freelists.org/webpage/oracle-l
  • Jan van mourik at Jan 6, 2007 at 3:48 am
    Yes, I know how frustrating that is. I think most companies are too lazy to
    figure out or document exactly which privileges are needed, so they take the
    easy way out -- use DBA! But it can't be that easy anymore these days, not
    with SOX and such!

    Jan van Mourik
    Hotsos Enterprises, Ltd
    Hotsos Symposium 2007 / March 4-8
  • Jared Still at Jan 8, 2007 at 6:27 pm
    On 1/5/07, jan van mourik wrote:

    >
    Yes, I know how frustrating that is. I think most companies are too lazy
    to figure out or document exactly which privileges are needed, so they take
    the easy way out -- use DBA! But it can't be that easy anymore these days,
    not with SOX and such!
    Yup, this has been an issue with Toad for years.

    In the 90's I had to write a custom version of DBA_(some dba view here)
    for use by developers in production. They were required to
    see certain stored objects in production, we were required to
    prevent allowing them destructive access to the database.

    --
    Jared Still
    Certifiable Oracle DBA and Part Time Perl Evangelist

    --
    http://www.freelists.org/webpage/oracle-l

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
categoriesoracle
postedJan 5, '07 at 7:20p
activeJan 8, '07 at 6:27p
posts7
users7
websiteoracle.com

People

Translate

site design / logo © 2022 Grokbase