Comments embedded.

On May 12, 8:03*am, maxim2k <maxi...@gmail.com> wrote:
> Hi,
>
> I manage an Oracle Database 10g R2 on Red Hat Enterprise Linux 4, the
> server is shared between a few customers: each customer has access
> (CONNECT and RESOURCE priveges) to his own schema only, he cannot access
> other customers objects.

I can only presume this access is through the schema owner. Is this
the ONLY account accessing this users objects?

>
> One of our customers just asked EXECUTE privilege on the dbms_fga package.
>

Which should not be an issue. My question is this: if there is only
ONE user account which can access these user objects what good does
having execute privilege on dbms_fga provide? This is used to provide
Fine-Grained Access (fga) to database objects based upon a user id.
If only ONE user id accesses these objects I can see no purpose in
granting access to this package.

> I'm new to this package and I'm not sure what would be the consequences
> of such grant.
>

None, really, as normally it restricts/audits user access to objects
not owned by that user.

> Can I safely grant that to the customer in question without compromising
> the security of other customers data on the shared server?
>

Certainly, however I see little, if any, benefit to this if my
understanding of this configuration (one user account per customer) is
correct.

> Thanks.


David Fitzjarrell