Home » RDBMS Server » Security » Role Based Access for User Management (Oracle, 11.2.0.4, AIX 6.1)
Role Based Access for User Management [message #682566] Thu, 29 October 2020 02:24 Go to next message
jesuisantony
Messages: 166
Registered: July 2006
Location: Chennai
Senior Member
Hi All,

We have a requirement to perform the user management (user creation, drop, role/privilege assignment) to be done by the L1 team. However, we do not want them to have the DBA access on the database.

Is that possible? We understand that "CREATE USER" privilege allows them to create the user account. But it does not allow the team to grant roles or other privileges to the DB accounts? How can this be achieved?

Regards,
Antony
Re: Role Based Access for User Management [message #682567 is a reply to message #682566] Thu, 29 October 2020 03:36 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

Quote:
However, we do not want them to have the DBA access on the database.

Any execution of SQL statement requires to first be connected to the database.

Quote:
But it does not allow the team to grant roles or other privileges to the DB accounts? How can this be achieved?

Using a stored procedure.

Re: Role Based Access for User Management [message #682594 is a reply to message #682567] Sat, 31 October 2020 04:37 Go to previous messageGo to next message
jesuisantony
Messages: 166
Registered: July 2006
Location: Chennai
Senior Member
Any reference documentations on achieving this solution?
Re: Role Based Access for User Management [message #682595 is a reply to message #682594] Sat, 31 October 2020 05:27 Go to previous message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

There is none.
Just a CREATE PROCEDURE in a privileged account containing the statements you want to execute from the parameters you give (after validating tham) then grant the EXECUTE privilege to the procedure to the accounts that need them.

Previous Topic: Username in lowercase authentication issues
Next Topic: GRANT SELECT ON all_views not working
Goto Forum:
  


Current Time: Thu Mar 28 16:11:10 CDT 2024