Home » RDBMS Server » Security » MANAGE GROUP OF USERS
MANAGE GROUP OF USERS [message #454500] Thu, 06 May 2010 03:00 Go to next message
hamdan102
Messages: 16
Registered: May 2009
Location: jordan
Junior Member

hellooooo

how i can create user(application administrator) who have responsability of group of user as a follow:

user administrator1
The group of users only (user1_1, user1_2, user1_3 ..... etc)

And also user administrator2
The group of users only (user2_1, user2_2, user2_3 ..... etc)

And so on

So that any one of them (administrator1, administrator2, ... etc) can create or delete or modify users and
set roles and read all roles and privileges ,only on users that belong to them (administrator1, administrator2, ... etc).
Re: MANAGE GROUP OF USERS [message #454504 is a reply to message #454500] Thu, 06 May 2010 03:26 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Groups of users is not an Oracle concept.
If you are talking about application administrative tasks, you must have an "application" (could be a simple package) to do these tasks.
This package is owned by a powerful Oracle accounts and check the calling administrator to restrict the tasks to the users it is allowed to manager

Regards
Michel
Re: MANAGE GROUP OF USERS [message #454509 is a reply to message #454504] Thu, 06 May 2010 03:33 Go to previous messageGo to next message
hamdan102
Messages: 16
Registered: May 2009
Location: jordan
Junior Member

aha


can u -plz- show me an example?

assume that the "admin1" user is appliaction administrator ?

and he has create,alter,drop user privilege

which view(s) in "admin1" schema show me those user (created by "admin1")?
and which view(s)in "admin1" schema show me they system and objects privieleg?

remmber
"admin1" just has create,alter,drop user privilege

not dba role.

okay

[Updated on: Thu, 06 May 2010 03:34]

Report message to a moderator

Re: MANAGE GROUP OF USERS [message #454517 is a reply to message #454509] Thu, 06 May 2010 03:52 Go to previous messageGo to next message
cookiemonster
Messages: 13917
Registered: September 2008
Location: Rainy Manchester
Senior Member
hamdan102 wrote on Thu, 06 May 2010 09:33

which view(s) in "admin1" schema show me those user (created by "admin1")?

None, you'd have to create your own tables to store this information.

hamdan102 wrote on Thu, 06 May 2010 09:33

and which view(s)in "admin1" schema show me they system and objects privieleg?

dba_tab_privs would be one but your admin user isn't going to have sufficient privileges to query it.

[Updated on: Thu, 06 May 2010 03:52]

Report message to a moderator

Re: MANAGE GROUP OF USERS [message #454523 is a reply to message #454517] Thu, 06 May 2010 03:58 Go to previous messageGo to next message
hamdan102
Messages: 16
Registered: May 2009
Location: jordan
Junior Member

okay




i will create own tables to store all this information.

(all_users,all_roles,all system privi,all_object_peivis)

thank you alot
Re: MANAGE GROUP OF USERS [message #454536 is a reply to message #454509] Thu, 06 May 2010 04:06 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
remmber
"admin1" just has create,alter,drop user privilege

not dba role.

It should not have this privilege as he can then drop user that it should not drop.
You must create an intermediate package to do this and implement you policy.

Regards
Michel
Re: MANAGE GROUP OF USERS [message #454565 is a reply to message #454536] Thu, 06 May 2010 05:08 Go to previous message
hamdan102
Messages: 16
Registered: May 2009
Location: jordan
Junior Member

thanks alot for your help
Previous Topic: audit the logs for selecting particular column
Next Topic: cannot startup the DB because Audit file directory not exist
Goto Forum:
  


Current Time: Thu Mar 28 16:26:56 CDT 2024