We have a case where a special Oracle user outside of the baan Oracle group is granted access to specific Baan tables in Oracle. If a Baan reconfigure is preformed on any of those tables, the Oracle user outside of the baan group loses access to the reconfigured tables.

Is there a simple way to ensure that the special Oracle user is also regranted access to these Baan tables like how Baan users are?

Hi francishsu,

During a table reconfigure/reorganise, the table is dropped and recreated. Thus Oracle specific table grants for the user will be lost in the process.

You could make the user a member of the 'Baan' schema within Oracle - like all the other Baan users.

Problem then is that the user will have access to all Oracle tables. This maybe slightly dangerous from a security point of view.

Of course, you could run a simple SQL script after each reorganise to regrant the lost authorisations. If you use Unix scripts for the reorgs then this is much simpler.

Hello,

Best practice is to create a role and assign the authorizations over the Baan tables to the role.

Grant the role to the user(s).

This way you only have to re-grant the authorizations to the role after a Baan table reorganization which you can do with a simple sql script.

regards,
Gunther

If you grant the r_baan to the Oracle user, he/she will always be able to access any baan table even whether it gets reorganized, dropped or recreated from within Baan. The advantage here is that Baan will remove/add grants from the 'r_baan' appropriately. The disadvantage is level of granularity: it is either all tables from all companies or none.

This is what James what hinting at in his reply but it might not have been 100% clear.