Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

question on synonym 2

Status
Not open for further replies.
maswien

maswien

Technical User
Sep 24, 2003
1,286
CA

We can't make an agreement with the vendor in following situation:

The vendor developed an application, the user used to install and the user used by end user are the same : APP.
This user will have the permission to create or drop objects on a particular tablespace. We think this is a security risk for our database because the user APP also used by the end user. So we want create another user with restrictive permissions and then create synonyms for the objects and grant these objects to the new user. The vendor don't like this idea because this may bring upgrade issue when they want add more objects to the database.

We can't make agreement on this, any one has an idea on this? Thanks alot!
 
Sort by date Sort by votes

Forgot to mention that the application uses unqualified name for all the objects, that's why we suggest synonym.
 
Upvote 0 Downvote
Maswien,

Your concerns are absolutely well taken. The vendor wants to sacrifice your security and increase your risks for the sake of their convenience. There is nothing preventing them from using the APP user for upgrades and still grant permissions to the end-user account on an as-needed basis.

Your leverage with them is financial, promotional, and legal: you can threaten them with pulling your account, spreading the word of their unwillingness to respond to client concerns, and ultimately, legal action. Their behaviour is tatamount to turning the keys over to the inmates.

[santa]Mufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]
 
Upvote 0 Downvote
And if a disgruntled end user drops all of the tables, how does the vendor suggest you get the data back? This would seem a little more critical than the possibility of "possible upgrade difficulties".
 
Upvote 0 Downvote
We have a similar situation (that is, we need to periodically create many synonyms across many accounts). It is not difficult to create a query that dynamically builds a script to create the privileges and synonyms. So you could assume responsibility for the account/synonyms/privileges - thus alleviating the vendor of both the responsibility and the income for accommodating your very appropriate security concerns.
If you need help with this, just let me know.
 
Upvote 0 Downvote

Yes, finally we had an agreement that another user with more restrictive permission is created and the synonyms will be used.

Thanks a lot for all these comments, they make me feel standing on the pretty solid ground! I really appreciate it!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Livia8
  • Locked
  • Question
Question re: SELECT DISTINCT 1
Replies
6
Views
918
SkipVought
S
Chopstik
  • Locked
  • Question
How to identify a package based on a code snippet 1
Replies
1
Views
713
Andrzejek
Andrzejek
Livia8
  • Locked
  • Question
Generate report/output on the basis of "enquiry" responsibilities only 1
Replies
16
Views
311
Livia8
Livia8
kernal
  • Locked
  • Question
If there is a Fee on Class Level then that fee overrides Fee on Course Level 1
Replies
3
Views
171
kernal
kernal
Andrzejek
  • Locked
  • Question
Detect ON DELETE CASCADE in tables 1
Replies
4
Views
257
Andrzejek
Andrzejek

Part and Inventory Search

Sponsor

Back
Top