This page (revision-2) was last changed on 26-Nov-2021 10:22 by rforbes

This page was created on 26-Nov-2021 10:22 by JMyers

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
2 26-Nov-2021 10:22 2 KB rforbes to previous
1 26-Nov-2021 10:22 254 bytes JMyers to last

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 3 removed one line
The use of DEFAULT ROLE [only|] relates to accessing the database from outside the application, using a third party tool, like Discoverer or SQL.
At line 5 removed 14 lines
The P2K user is the owner of all the schema objects (tables, stored procedures, views, etc.) in the database and can see them all. Other users cannot see them unless they have been granted explicit permission to do so, or a role they have that is enabled has explicit permission to do so. Because all professional interface users are also database users, they must be granted the [P2K_USER] role. This role has explicit permission to access all the P2K owned schema objects. If you make this role a DEFAULT ROLE, then when that user connects to the database using an external tool, they will have access to all the objects that the P2K_USER role has.
For example, user JJONES is defined in the application. If they connect to the database using SQL*Plus, they may get the following result
{{{
select * from P2K_HR_IDENTITIES;
*
ERROR at line 1:
ORA-00942: table or view does not exist
}}}
The user will have P2K_USER role granted because they need it to run the application, but if it is a DEFAULT ROLE, then the select statement above will return results, because the user has that role enabled upon login, by default.
This is particularly important for end-user reporting tools like Discoverer, as the users will need access to the tables, views and functions required to produce the reports desired. In this case, it is recommended that a different role (not P2K_USER) as a default role be created and rights granted to that role for just the objects, and capabilities needed to produce the reports. End user reporting needs SELECT capabilities on views (and maybe tables) rather than SELECT, INSERT, DELETE etc.