Hello All,
Our DBA has refused to grant access to any SYS tables that needs SELECT acess in order to use the Oracle Enterprise Stage. We can use either Oracle Enterprise Stage or Dynamic Relational Stage to access ORACLE Data.
My question is
(1)
Why does ORACLE Enterprise Stage needs access to the SYS Tables? Is there any documentation that explains how/why does it use the SELECT grants to the SYS TABLES?
(2)
Is there huge difference between Oracle Enterprise and Dynamic Relational Stage if we are ONLY use ORACLE as SOURCE? Our target is NOT ORACLE?
Difference between ORACLE Enterprise and DRM (Dynamic) Stage
Moderators: chulett, rschirm, roy
-
- Participant
- Posts: 71
- Joined: Mon Jul 09, 2007 1:12 pm
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
-
- Participant
- Posts: 71
- Joined: Mon Jul 09, 2007 1:12 pm
Even though we know why SELECT access to above tables are needed, it cannot be implemented in my environment. DBA simply refused to give access to these table and I can see a valid point there! DBA says if we are given SELECT privileges, we will be able to know all information about any table on the ORACLE server and that can compromise on security!
SO, Instead of doing the below step
CREATE ROLE DSXE;
GRANT SELECT on sys.dba_extents to DSXE;
GRANT SELECT on sys.dba_data_files to DSXE;
GRANT SELECT on sys.dba_tab_partitions to DSXE;
GRANT SELECT on sys.dba_tab_subpartitions to DSXE;
GRANT SELECT on sys.dba_objects to DSXE;
GRANT SELECT on sys.all_part_indexes to DSXE;
GRANT SELECT on sys.all_part_tables to DSXE;
GRANT SELECT on sys.all_indexes to DSXE;
Once the role is created, grant it to users who will run DataStage jobs, as
follows:
GRANT DSXE to <oracle userid>;
Is there a way we can still make these tables available through VIEWS ONLY and make the Oracle Enterprise Stage Work? OR any other way to make the Enterprise Stage work as well as addressing the security concern?
SO, Instead of doing the below step
CREATE ROLE DSXE;
GRANT SELECT on sys.dba_extents to DSXE;
GRANT SELECT on sys.dba_data_files to DSXE;
GRANT SELECT on sys.dba_tab_partitions to DSXE;
GRANT SELECT on sys.dba_tab_subpartitions to DSXE;
GRANT SELECT on sys.dba_objects to DSXE;
GRANT SELECT on sys.all_part_indexes to DSXE;
GRANT SELECT on sys.all_part_tables to DSXE;
GRANT SELECT on sys.all_indexes to DSXE;
Once the role is created, grant it to users who will run DataStage jobs, as
follows:
GRANT DSXE to <oracle userid>;
Is there a way we can still make these tables available through VIEWS ONLY and make the Oracle Enterprise Stage Work? OR any other way to make the Enterprise Stage work as well as addressing the security concern?
Do you have option to use SERVER JOB?
If you don't want to use Relational Database Stage to connect to ORACLE and want to use any ORACLE STAGE, try Oracle OCI Stage in Server Job.
If you wish you can find some documentation regarding ORACLE ENTERPRISE STAGE in Parallel Job and ORACLE OCI Stage in SERVER Job.
If you don't want to use Relational Database Stage to connect to ORACLE and want to use any ORACLE STAGE, try Oracle OCI Stage in Server Job.
If you wish you can find some documentation regarding ORACLE ENTERPRISE STAGE in Parallel Job and ORACLE OCI Stage in SERVER Job.