Hi, this is a minor issue and clearly not a but, however I'd like to discuss it here to have your opinons on this.
Database security policies for our deployment environment demand separate users for "Schema Ownership" and "Schema Usage". Thus I have to Oracle database users: * pkiscop1 - Schema Owner * pkiscus1 - Schema User The first one has all permissions required to create the DB schema, i. e. CREATE TABLE etc. In addition the necessary roles for access to Oracle Tablespaces are granted to this user. I used this user in the first iteration to let OpenCA create the database schema. Then I changed the db_user to the Schema User that only has SELECT, UPDATE and DELETE permissions (maybe DELETE is not even necessary). Unfortunately this does not work out of the box because of an Oracle specific behaviour (I don't know if this applies to other Enterprise level DB as well). When the tables are created, only the creator himself can access them by their simple names, e. g. SELECT * FROM REQUEST; does only work for pkiscop1 in my case. The Schema User must prepend the username of the table in each request, e. g. SELECT * FROM PKISCOP1.REQUEST; This behaviour can be controlled in the Oracle setup, making it possible to access any table owned by any user simply by its name. But this behaviour is not default, and may even be disallowed by policies. I am not sure if I really want a special handling for this case or if I simply set said Oracle setting to make it behave as expected normally... As an aside, to make things easier, a stand-alone script (to be called from the command line) to set up the database schema would be great. Then I could simply configure the database by calling the setup script with the Schema Owner user. cheers Martin ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
