The oldest posts, are written in Italian. If you are interested and you want read the post in English, please use Google Translator. You can find it on the right side. If the translation is wrong, please email me: I'll try to translate for you.

venerdì, agosto 04, 2017

Dataedo software, Part 04: Importing objects - 02

I have to check if the TRIGGERS are imported. In order to do this, I get just the first 5 tables

So, let check Dataedo

Ouch!!!! No trigger on the tables is reported by Dataedo. It not enough. I check the same thing using another tool: Toad.

Well. Let check the triggers

Ooooh. The triggers exist on the tables, but Dataedo didn't import them. I want to try to connect to Oracle using directly the owner of the tables

Connecting using the owner

A number of imported objects is the same of the previous import when I used the nagios schema

The trigger on the table

Bingo! Now the trigger is visible. In order to understand what is happening, I have to check the privileges of nagios user

The CREATE ANY TRIGGER is missing. So I grant the privilege and check Dataedo again

Now I have to remove the old connection and re-create the new one

Removing a repository

After the user nagios is imported again, I can see also the TRIGGERs

Using nagios schema with "CREATE ANY TRIGGER" privilege

So I suspect that maybe there will be some others differences. Let me check. Without "CREATE ANY TRIGGER" privilege, the nagios user can't see the TRIGGER dependencies

Using nagios schema without "CREATE ANY TRIGGER" privilege

but with the right privilege, Dataedo report all dependencies correctly.

Using nagios schema with "CREATE ANY TRIGGER" privilege

In my opinion, CREATE ANY TRIGGER (as "EXECUTE ANY PROCEDURE" or "SELECT ANY TABLE") is a bad privilege for a user. It is a failure of security policy. Because Dataedo5 use "ALL_" views inside Oracle the  "CREATE ANY TRIGGER" privilege is necessary. As I suggested, it could be better grant just SELECT_CATALOG_ROLE role and querying "DBA_" views instead "ALL_"



2017/08/04 - About the privileges you need to grant to the user that not own objects, Dataedo sent me the link to the documentation:

Nessun commento: