So, let check Dataedo
Ouch!!!! No trigger on the tables is reported by Dataedo. It not enough. I check the same thing using another tool: Toad.
Well. Let check the triggers
Ooooh. The triggers exist on the tables, but Dataedo didn't import them. I want to try to connect to Oracle using directly the owner of the tables
|Connecting using the owner|
A number of imported objects is the same of the previous import when I used the nagios schema
|The trigger on the table|
Bingo! Now the trigger is visible. In order to understand what is happening, I have to check the privileges of nagios user
The CREATE ANY TRIGGER is missing. So I grant the privilege and check Dataedo again
Now I have to remove the old connection and re-create the new one
|Removing a repository|
After the user nagios is imported again, I can see also the TRIGGERs
So I suspect that maybe there will be some others differences. Let me check. Without "CREATE ANY TRIGGER" privilege, the nagios user can't see the TRIGGER dependencies
|Using nagios schema without "CREATE ANY TRIGGER" privilege|
but with the right privilege, Dataedo report all dependencies correctly.
|Using nagios schema with "CREATE ANY TRIGGER" privilege|
In my opinion, CREATE ANY TRIGGER (as "EXECUTE ANY PROCEDURE" or "SELECT ANY TABLE") is a bad privilege for a user. It is a failure of security policy. Because Dataedo5 use "ALL_" views inside Oracle the "CREATE ANY TRIGGER" privilege is necessary. As I suggested, it could be better grant just SELECT_CATALOG_ROLE role and querying "DBA_" views instead "ALL_"