Monday, September 15, 2008

How to make global read only user

In many cases we need to make a read only user for the entire data dictionary and for all the tables of all schemas. Suppose in order to analysis the entire schema or to monitor performance of the database you might give only select privilege of the entire schema of a user as well as on the dictionary objects of database. But that user will not be able to delete or alter or modify anything of other schema objects. If your goal is make just read only user of a schema then have a look at
http://arjudba.blogspot.com/2008/09/create-read-only-user-for-schema.html

You can simply achive this goal by giving him three permission.
1)Create Session: With this privilege he will be able to logon in the the database.

2)Select any Table: With this privilege he will be able to select any table schema rather than SYS objects. Though if O7_DICTIONARY_ACCESSIBILITY parameter is set to TRUE then SELECT ANY TABLE privilege provides access to all SYS and non-SYS objects.

3)Select any dictionary: If O7_DICTIONARY_ACCESSIBILITY parameter is set to TRUE then this privilege is not required to select data dictionary objects or in other word SYS objects. If O7_DICTIONARY_ACCESSIBILITY parameter is set to false then this privilege is required to give select permission on the data dictionary objects.

Following is an example. User arju will be globally read only user.
SQL> create user arju identified by a;
User created.

SQL> grant create session,select any dictionary,select any table to arju;
Grant succeeded.

Related Documents
Use SELECT ANY DICTIONARY or SELECT_CATALOG_ROLE or SELECT ANY TABLE
What is O7_DICTIONARY_ACCESSIBILITY?
A user can do work in his schema with only Create Session Privilege.
Create Read only user for a Schema

No comments:

Post a Comment