That might be true in Oracle 8, but was a problem in Oracle 7. Just being paranoid.
>>> [EMAIL PROTECTED] 06/15/01 11:11AM >>>
Bill,
Roles created by a user never go away. They are not attached to the user.
They belong to the system (I just tried this in 816 - created a user,
granted CREATE_ROLE to that user, connected as that user, created a role and
dropped the user - the role still exists).
Likewise grants to database objects. Once they are established, they exist
on their own. Dropping the user who granted the access has nothing to do
with the grant itself (unless it is to objects that existed in the dropped
users account, because these objects go away).
I never user the SYS or SYSTEM accounts to create accounts, roles or perform
grants. I use SYS (or internal) for db startup and shutdown and Rman
backups only.
I create a DBA account (which owns the schema for the database) to do all of
the create account, roles and object grants. I actually don't even know the
System account password - if I really need to get into it, I alter the
password to a new string and connect to it.
I'm not saying that you are doing anything wrong. Every DBA has their own
way of doing things, and your way is perfectly fine (not that you are asking
for approval! :) ). At least you are not using the SYS or SYSTEM account
for schema objects. I saw this happen once!
Hope this helps!
Tom Mercadante
Oracle Certified Professional
-----Original Message-----
Sent: Friday, June 15, 2001 9:31 AM
To: Multiple recipients of list ORACLE-L
What account I use depends on what I am doing. For example to set up roles,
grant rights, and create users I use the SYSTEM account. For anything else,
I use my DBA account. The reason is that if I ever leave and my account is
removed, all those rights that I granted and all the roles that I created
would go away. The SYSTEM account will never be removed. We learned this the
hard way because we had a DBA leave and we removed his user id.
>>> [EMAIL PROTECTED] 06/15/01 05:55AM >>>
Hi all,
I generally use SYSTEM rather than SYS for DBA work, and would like to
discourage the use of SYS as much as possible. Partly because it
bypasses auditing and the profile, and also because I tend to regard SYS
as being for Oracle-specific things (like running scripts from
$ORACLE_HOME/rdbms/admin) and SYSTEM for doing the day-to-day tasks
(like administering storage, performance monitoring etc).
Does this reasoning make sense? And, what would be a good way to explain
it to developers who've gotten used to writing app installation scripts
than run as SYS (for example, they might refer to AQ$_AGENT rather than
SYS.AQ$_AGENT)?
Thanks,
g.
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Guy Hammond
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: William Beilstein
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Mercadante, Thomas F
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: William Beilstein
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
