My security people audited my database and stated that all grants to PUBLIC or grants with the word ANY are a violation of policy.
Specifically, they identified the TOAD schema and the tables within it. They’re asking me if they can revoke all privs from PUBLIC,
create a role and grant the privs to the role. Can anyone tell me if doing the following will break features in Toad 12? I don’t
have the privs to execute these because I’m just a developer who uses Toad.
Also, if anyone could explain what these server side objects (TOAD schema) are used for, that would be great.
REVOKE SELECT ANY DICTIONARY FROM TOAD;
REVOKE DELETE, INSERT, SELECT, UPDATE ON TOAD.TOAD_DATA_FILES FROM PUBLIC;
REVOKE DELETE, INSERT, SELECT, UPDATE ON TOAD.TOAD_FILESTAT FROM PUBLIC;
REVOKE DELETE, INSERT, SELECT, UPDATE ON TOAD.TOAD_FREE_SPACE FROM PUBLIC;
REVOKE DELETE, INSERT, SELECT, UPDATE ON TOAD.TOAD_REF FROM PUBLIC;
REVOKE DELETE, INSERT, SELECT, UPDATE ON TOAD.TOAD_TABLESPACES FROM PUBLIC;
CREATE ROLE TOAD_ROLE;
GRANT SELECT ON SYS.DBA_TRIGGERS TO TOAD_ROLE;
GRANT SELECT ON SYS.DBA_SOURCE TO TOAD_ROLE;
GRANT DELETE, INSERT, SELECT, UPDATE ON TOAD.TOAD_DATA_FILES TO TOAD_ROLE;
GRANT DELETE, INSERT, SELECT, UPDATE ON TOAD.TOAD_FILESTAT TO TOAD_ROLE;
GRANT DELETE, INSERT, SELECT, UPDATE ON TOAD.TOAD_FREE_SPACE TO TOAD_ROLE;
GRANT DELETE, INSERT, SELECT, UPDATE ON TOAD.TOAD_REF FROM TO TOAD_ROLE;
GRANT DELETE, INSERT, SELECT, UPDATE ON TOAD.TOAD_TABLESPACES TO TOAD_ROLE;
GRANT TOAD_ROLE TO TOAD;