admin/mars
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ecd833f6825b8379ba2bace7a9fb4809fa9ac22f
mars/MARS_Packages/REL01/MARS-1049/00_MARS_1049_grant_permissions.sql
Grzegorz Michalski ecd833f682 Init
2026-02-02 10:59:29 +01:00

49 lines
2.1 KiB
SQL
Raw Blame History

-- ===================================================================
-- MARS-1049 INSTALLATION COMPONENT: Grant Permissions for Hash Tracking
-- ===================================================================
-- Purpose: Grant CT_MRDS necessary permissions to read package source across schemas
-- Author: Grzegorz Michalski
-- Date: 2025-11-25
-- Version: 1.0.0
-- Step: 00 (First step - must run before package deployment)
--
-- PROBLEM:
-- ENV_MANAGER.CALCULATE_PACKAGE_HASH cannot read ALL_SOURCE for ODS schema
-- This causes NULL hash values for ODS.FILE_MANAGER_ODS PACKAGE BODY
--
-- SOLUTION:
-- Grant SELECT on specific dictionary views (ALL_SOURCE, ALL_OBJECTS) to CT_MRDS
-- This is the MINIMUM required privilege for cross-schema package hash tracking
-- More secure than SELECT ANY DICTIONARY (only grants access to specific views needed)
--
-- USAGE:
-- - Execute as ADMIN user (system privilege grant required)
-- - Should be first step in MARS-1049 installation
-- - One-time setup that enables cross-schema package tracking
-- ===================================================================
PROMPT ===============================================
PROMPT Fixing permissions for cross-schema hash tracking
PROMPT ===============================================
-- Grant SELECT on ALL_SOURCE (required to read package source code for hash calculation)
GRANT SELECT ON ALL_SOURCE TO CT_MRDS;
PROMPT Granted SELECT on SYS.ALL_SOURCE to CT_MRDS
PROMPT ===============================================
PROMPT Permission fix completed (MINIMUM PRIVILEGE)
PROMPT ===============================================
PROMPT
PROMPT CT_MRDS can now:
PROMPT - Read ALL_SOURCE for any schema (package source code)
PROMPT - Calculate SHA256 hashes for packages in ODS and other schemas
PROMPT
PROMPT CT_MRDS CANNOT:
PROMPT - Read user tables in ODS or other schemas
PROMPT - Access other dictionary views
PROMPT - Access any data outside of ALL_SOURCE view
PROMPT
PROMPT SECURITY: Absolute minimum privilege - only ALL_SOURCE view granted
PROMPT ===============================================
Reference in New Issue View Git Blame Copy Permalink