GRANT_MASTER_ACCESS¶

Grants master access on a sandbox to a user. Sandbox masters are viewed as the sandbox owner by the database regarding access privileges but they do not need to know the password of the sandbox owner. Anyway, the identity of the human user is preserved e.g. regarding application contexts and auditing.

A human user that is granted sandbox master is implicitly configured as a proxy user to the sandbox owner. To use the sandbox the user has to connect using proxy authentication providing the username and the schema name of the sandbox. An example connect string for the human user ‘WKLINGER’ connecting to the sandbox schema ‘SBX_MIGR’ is wklinger[sbx_migr]/password@localhost:1521/pdb.

The user to be granted sandbox master access must be a human user (HU).

If the sandbox is restricted and the new user has less privileges than existing sandbox masters in this sandbox, parameter p_force (see below) has to be set to TRUE, otherwise granting will not succeed. “Restricted” means all sandbox masters will see only the intersection of their access rights. For details on restricted sandboxes see SCURTY Concepts Guide, paragraph “Restricted Sandboxes”.

Users cannot grant themselves sandbox master access. The exception is when the user has been granted the privilege ‘exempt_4eyes’, as stored in table ADM_ADMIN_PRIVS. By default, this is granted to the DBA role.

This procedure inserts a row into table SBX_MASTERS. Sandbox masters are also listed in view SBX_MASTER_DETAILS and in view SBX_USER_LIST where column IS_MASTER is set to “Y”.

Parameter Name	Required	DefaultValue	Values	Description
p_sbx_name	yes			The name of the sandbox. The user (p_username) will be granted master access on this sandbox. The sandbox name is converted to upper case.
p_username	yes			The name of an existing human user (HU).
p_force	yes	FALSE	TRUE FALSE	Should master access be granted to this user if access privileges of existing masters in a restricted sandbox will be reduced? Privileges are reduced if fewer object groups or tenants have been granted to the new sandbox master than to the existing ones. Possible values: TRUE to force granting even if sandbox privileges of other sandbox masters are reduced because the new master has less privileges, FALSE to allow granting only if sandbox privileges stay the same for existing sandbox masters.

Parameter Name

Required

DefaultValue

Values

Description

p_sbx_name

yes

The name of the sandbox. The user (p_username) will be granted master access on this sandbox.

The sandbox name is converted to upper case.

p_username

yes

The name of an existing human user (HU).

p_force

yes

FALSE

TRUE
FALSE

Should master access be granted to this user if access privileges of existing masters in a restricted sandbox will be reduced? Privileges are reduced if fewer object groups or tenants have been granted to the new sandbox master than to the existing ones.

Possible values:

TRUE to force granting even if sandbox privileges of other sandbox masters are reduced because the new master has less privileges,
FALSE to allow granting only if sandbox privileges stay the same for existing sandbox masters.

Example

Grant master access on sandbox ‘MIGR’ to user ‘WKLINGER’:

EXEC scurty.p_sbx_admin.grant_master_access
    ( 'MIGR'
    , 'WKLINGER' );