Good news, we converted to PL/SQL developer from TOAD.
Bad news, PL/SQL developer seems to be doing the same thing TOAD did before they fixed it. (Or I'm just not seeing the option I need to flip it)
Ok, here's the scenario:
1) create a new user.
2) Create 2 procedures/packages/whatever.
3) grant execute on 1 routine to the user.
4) go into the object browser - you'll only see the object you have privs on.
However, as a developer - supporting a production environment - I often need to see the object, and need to verify the source code - without having execute privs on the object.
(Think an Order creation routine - developer should *NOT* have access to execute that).
Solution is simple:
In Oracle, there are 3 views:
user_objects (shows just the objects you OWN).
all_objects (shows just the objects you have privs on). This is the view being used by PL/SQL (and used by TOAD before we contacted their support).
dba_objects (shows all objects. period). Since TOAD updated their app to use this, it works properly. However, it appears PL/SQL developer is still pointing to all_objects.
I recommend checking if the user has access to see dba_objects. If they have access, use it instead.
The DBAs of the environment will manage the privs inside the database on who can access those views or not. And for a developer, it's not a security issue. (we have access to the source code in other ways, however, we need to see it in the database often to verify the correct code is in there).
At the very least, provide an option in the object browser to switch to that view (or attempt to - throw an error if they don't have the privs).
Please advise!!
Thanks!
Bad news, PL/SQL developer seems to be doing the same thing TOAD did before they fixed it. (Or I'm just not seeing the option I need to flip it)
Ok, here's the scenario:
1) create a new user.
2) Create 2 procedures/packages/whatever.
3) grant execute on 1 routine to the user.
4) go into the object browser - you'll only see the object you have privs on.
However, as a developer - supporting a production environment - I often need to see the object, and need to verify the source code - without having execute privs on the object.
(Think an Order creation routine - developer should *NOT* have access to execute that).
Solution is simple:
In Oracle, there are 3 views:
user_objects (shows just the objects you OWN).
all_objects (shows just the objects you have privs on). This is the view being used by PL/SQL (and used by TOAD before we contacted their support).
dba_objects (shows all objects. period). Since TOAD updated their app to use this, it works properly. However, it appears PL/SQL developer is still pointing to all_objects.
I recommend checking if the user has access to see dba_objects. If they have access, use it instead.
The DBAs of the environment will manage the privs inside the database on who can access those views or not. And for a developer, it's not a security issue. (we have access to the source code in other ways, however, we need to see it in the database often to verify the correct code is in there).
At the very least, provide an option in the object browser to switch to that view (or attempt to - throw an error if they don't have the privs).
Please advise!!
Thanks!
