> Sounds good to me. That way you could delgate the role to another

user,

> let him do the work, and actually find out who is doing what (right

now

> if anything signfiicant gets done, it's done by SYSDA, which isn't

very

> informative since a number of user are required to share this

account).

My only concern is that the current implementation of Role, while SQL
compliant is almost completely useless. Any user can login with any
role -- so how can access to the SYSDBA functions be limited?... they
can't.

The change of SYSDBA from a user to a "role" would be a good thing, only
if the implementation uses a security "group" metaphor to which a user
must be added as a member and not a property which is set as a value at
login.


Sean