I'm curious how other groups are addressing database level
permissions/privileges, especially within Oracle. The motivation for this
is to see if there are a set of base privileges that are common enough that
we could have the installer automatically apply for all sites.
Here at CBIL, we use two roles, GUS_R and GUS_W (read and write) that are
given select on all tables/views and update/insert/delete/select on all
tables/views/sequences (respectively). Users are then granted the roles as
appropriate.
Does anyone have any strong objections for including these grants as part of
the install process? What other privilege models are folks using that may
be a better approach? One option is to use a cascading role system and have
GUS_W (for example) be granted RAD_W, DOTS_W, ..., which are then granted
the individual schema level privileges.
--Mike
|
