I just wanted to know if anyone of you ever generated a user in a 11g database who only is able to see the content of one specifc workspace.
The workflow would be that an admin-like user generates a new workspace and after this he creates a new user who can only see/change the data in this workspace.
So when the new user is logging in, he is automatically in this new workspace and he has no priviliges to merge/create/rollback workspaces, or to change into another workspace.
Could anybody please give me a hint on how to achieve this?
Along with granting privileges on the specific tables, you would need to grant ACCESS_WORKSPACE using dbms_wm.grantWorkspacePriv on the specified workspace. Without granting any other privileges, the user would not be able to create additional child workspaces, or merge/rollback the workspace. Then, you would need to create a logon database trigger that places the user in the appropriate default workspace.
However, a user is always able to access the LIVE workspace. There currently isn't any way to prevent that.