Why doesn't DLP use roles within Oracle?

book

Article ID: 160537

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Why doesn't DLP use roles within Oracle?  Oracle can be administered in such a way that when an account is created for a particular position, only those permissions needed for that position are granted.  Those permissions are "bundled" into a role.  Rather than granting individual permissions, a role can be granted.  Why isn't this done with DLP?

Resolution

Object privileges granted through roles do not work within procedures, functions, and packages.  Those permissions must be granted explicitly to the user.  DLP utilizes objects that require specific access privileges.  They must be accessible through procedures, functions, or packages. 

Very specifically, the upgrader will not work.  The initial install may work, but the upgrader will FAIL.  It this appears to be the case, have the customer directly grant all permissions to the schema owner, leave the roles as is.  Then reattempt the upgrade.

A demonstration script is attached.

Attachments

Demonstration600824214.txt get_app