liquibase - Where to put databasechangelog for a Oracle read-only user -

February 15, 2012

this sounds silly question please bear me.

i have oracle database, written user owner. database created liquibase, , databasechangelog , databasechangeloglock tables reside in owner schema. far, good.

now i'd create read user, reader. reader needs read access table owner.person, nil else. here's i've done far:

as database admin:

create user reader identified "password"; grant create session reader;  -- necessary reader connect db grant create synonym reader;  -- should reader needs see

then owner:

grant select on person reader;

and finally, reader:

create or replace synonym person owner.person;

now reader can connect database and

select firstname, lastname person;

succeeds.

i'd liquify this. in owner.xml say:

<changeset author="me" id="owner_grants">   <preconditions onfail="continue">     <dbms type="oracle"/>   </preconditions>   <sql>     grant insert,select,update,delete on databasechangelog reader;     grant insert,select,update,delete on databasechangeloglock reader;     grant select on person reader;   </sql>   <rollback>     revoke insert,select,update,delete on databasechangelog reader;     revoke insert,select,update,delete on databasechangeloglock reader;     revoke select on person reader;   </rollback> </changeset>

this works without hitch. next, add together synonym definitions:

<changeset author="me" id="reader_synonyms">   <preconditions onfail="continue">     <dbms type="oracle"/>   </preconditions>   <sql>     create or replace synonym person owner.person;   </sql>   <rollback>     drop synonym person;   </rollback> </changeset>

next set --liquibaseschemaname , --liquibasecatalogname in call:

liquibase \   --username=reader \   --password=password \   --url=jdbc:to:oracle \   --defaultschemaname=reader \   --driver=com.oracle.jdbc.oracledriver \   --changelogfile=reader.xml \   --liquibaseschemaname=owner \   --liquibasecatalogname=owner \   updatesql

the result surprising: liquibase tries locate tables in right schema, fails notice there, , tries create them:

set define off;  -- create database lock table create table owner.databasechangeloglock (id number(10) not null, locked number(1) not null, lockgranted timestamp, lockedby varchar2(255), constraint pk_databasechangeloglock primary key (id));  -- lock database -- create database  alter log table create table owner.databasechangelog (id varchar2(255) not null, author varchar2(255) not null, filename varchar2(255) not null, dateexecuted timestamp not null, orderexecuted number(10) not null, exectype varchar2(10) not null, md5sum varchar2(35), description varchar2(255), comments varchar2(255), tag varchar2(255), liquibase varchar2(20));

and fails because of insufficient privileges, because reader doesn't have create table permission. confused why liquibase thinks has create tables in first place, because there, since owner created them. checked tables indeed exist, , reader can read , write them.

what's going on here? can tell liquibase "trust me, tables there?" or liquibase check existence without taking schema , catalog account? did miss obvious setting?

it looks bug. created https://liquibase.jira.com/browse/core-2087 information, , prepare in liquibase 3.3.0 due out in next week or so.

oracle liquibase

Search This Blog

New Th

liquibase - Where to put databasechangelog for a Oracle read-only user -

Comments

Post a Comment

Popular posts from this blog

xslt - DocBook 5 to PDF transform failing with error: "fo:flow" is missing child elements. Required content model: marker* -

mediawiki - How do I insert tables inside infoboxes on Wikia pages? -

Local Service User Logged into Windows -