Minimum privileges required for "Compare User Objects" as non-object-owner?

Bernhard S

Bernhard S

Member³
What minimum privileges are required to "Compare User Objects", if you are not the object owner?
I found out, that to be able to compare a package of another user you need to be granted select on sys.dba_source, sys.dba_procedures and sys.dba_objects.
Of course the preference "Use DBA Views if available" needs to be selected then.
Are there other alternatives allowing compares as non-object-owner, which require less privileges? What minimum privileges do you need to compare other object types then?
 
For PL/SQL Objects you only need select privileges on dba_source and dba_objects. For other object types you need select privileges on the dba views that hold their definition in the dictionary.
 
Our DBAs don't want a developer to see the real "SYS.DBA_SOURCE" and "SYS.DBA_OBJECTS". So we defined synonyms named "DBA_SOURCE" and "DBA_OBJECTS" in the access user schema pointing to a reduced view of the real "SYS.DBA_SOURCE" and "SYS.DBA_OBJECTS", revealing only code that the access user is supposed to see. This approach doesn't seem to work though. I guess "PL/SQL Developer" tries to use schema-qualified (="SYS.") access to "DBA_%"-Views. Is there any way to achieve the following at the same time using "PL/SQL Developer":
- Letting DBAs define, what source code an access user is supposed to see, i.e. only allowing application user source code visibility
- Being able to compare this source code as this access user with source code in a development environment
- Avoiding to grant execute privileges on those source objects to this access user, just so this code will be visible for the access user in the ALL_SOURCE and ALL_OBJECTS data dictionary views

So how could this be done then?
 
PL/SQL Developer does indeed explicitly use the SYS.DBA_xxxx views, so I don't immediately see a solution.
 
Hi T-Gergely, we thought about that, but architects and DBAs wouldn't approve that. You'd have to think about that each time you deploy a new system then as well, which is easily forgotten.

The best way seems to be to use "grant debug any procedure" or "grant debug" for all sources you need to have access to and you want to be able to compare.
 
You must log in or register to reply here.

Similar threads

koja
  • Discussion Discussion
What I like so far and what I'm still looking for
Replies
1
Views
622
Marco Kalter
Marco Kalter
P
  • Discussion Discussion
Bug with user - view sql and java class privileges
Replies
1
Views
625
Marco Kalter
Marco Kalter
A
  • Discussion Discussion
Essential permissions for a user to use PL/SQL Developer to fullest effect short of full DBA
Replies
1
Views
2K
Marco Kalter
Marco Kalter
J
  • Discussion Discussion
How to use VCS for objects in multiple schemas?
Replies
3
Views
4K
Jeff Kandt
J
Maxmix
  • Discussion Discussion
Would like to see 'Compare to...' enhanced
Replies
1
Views
2K
Marco Kalter
Marco Kalter
Back
Top