2 Replies Latest reply: Aug 16, 2010 8:41 AM by 647993 RSS

    A user with ACCESS and CREATE automatically get MERGE?

    647993
      Hello all,

      I am running in to an issue while using OWM (10.2.0.4.2) and granting privileges. I have 3 tiers of users: a Viewer (ACCESS_ANY_WORKSPACE), Editor (CREATE_WORKSPACE) and Auditor (full control). What I would like to have my Editor be able to do is have access to any workspace, be able to create their own workspaces and not have the capability to MERGE their workspaces back to live. Without ACCESS_ANY_WORKSPACE, they can only see their own workspaces.

      I have revoked ACCESS and CREATE from PUBLIC. When I grant CREATE_WORKSPACE to my Editor, they get full control of that workspace without MERGE. When I add in ACCESS_WORKSPACE or ACCESS_ANY_WORKSPACE when they create a new workspace, they are granted full control of that workspace including MERGE.

      Is there any way to be able to have a user have access to all of the workspaces, be able to create their own workspaces but not have them able to merge the workspaces? The Editor does not have any MERGE privileges granted, and I can not revoke MERGE from a workspace that they have created.

      Any thoughts?

      Thanks!
      Mike
        • 1. Re: A user with ACCESS and CREATE automatically get MERGE?
          Ben Speckhard-Oracle
          Hi Mike,

          Users always have full privileges on any workspace(s) that they create. The only additional privilege that is needed to merge the child workspace is the ACCESS privilege on the parent workspace. Since you are granting ACCESS_ANY_WORKSPACE to the user, they would have all the necessary privileges to merge, and there is no way to avoid this without removing one or more of these privileges.

          However, one possibility would be to create a trigger that only executed during merge operations using dbms_wm.SetTriggerEvents, and raised an error anytime a user other than the Auditor user attempted to merge a workspace. The other possibility is to create a separate user to create all of the workspaces. The auditor would still have the ACCESS_ANY_WORKSPACE privilege, but would not be able to merge the workspace without the privilege being explicitly granted since they would no longer own the workspace.

          Regards,
          Ben
          • 2. Re: A user with ACCESS and CREATE automatically get MERGE?
            647993
            Thanks Ben!

            I figured this was a works as desgined. I think I'll try the second option as it should be easier to code.

            Thanks!
            Mike