Skip to main content
HashnodeKeep It Simple. Developer's tips.

Command Palette

Search for a command to run...

[Open Source Liquibase] Use super-user (not SYS!) to run Liquibase multi-schema changesets

Updated
3 min read
[Open Source Liquibase] Use super-user (not SYS!) to run Liquibase multi-schema changesets
R
Rafal Grzegorczyk

Oracle APEX & PL/SQL Developer with 10 years of experience in IT, including financial systems for government administration, energy, banking and logistics industry. Enthusiast of database automation. Oracle ACE Associate. Certified Liquibase database versioning tool fan. Speaker at Kscope, APEX World, SOUG, HrOUG, POUG and DOAG. Likes swimming in icy cold lakes in winter and playing basketball.

Part of seriesLiquibase

These are notes for myself. Use on production database at your own risk

I use Liquibase a lot.

I can't imagine my work without versioning and controlling my database changes.

Don't use SYS to deploy your Liquibase changesets!

If I have a simple one-schema application, it's a no-brainer - use this schema user to deploy Liquibase changesets.

What If it's more complicated, and my app uses two or more schemas?

I can use SYS as SYSDBA to run Liquibase changesets. But shouldn't we beware of it?

User your own (not SYS) SUPER_USER

CREATE ROLE SUPER_USER;

--I used GRANT ALL PRIVILEGES TO SUPER_USER;
--and removed all unnecessary grants ( in my opinion)
GRANT ALTER ANY INDEX TO SUPER_USER;
GRANT ALTER ANY MATERIALIZED VIEW TO SUPER_USER;
GRANT ALTER ANY PROCEDURE TO SUPER_USER;
GRANT ALTER ANY SEQUENCE TO SUPER_USER;
GRANT ALTER ANY TABLE TO SUPER_USER;
GRANT ALTER ANY TRIGGER TO SUPER_USER;
GRANT ALTER ANY TYPE TO SUPER_USER;
GRANT ALTER SESSION TO SUPER_USER;
GRANT COMMENT ANY TABLE TO SUPER_USER;
GRANT CREATE ANY CONTEXT TO SUPER_USER;
GRANT CREATE ANY INDEX TO SUPER_USER;
GRANT CREATE ANY INDEXTYPE TO SUPER_USER;
GRANT CREATE ANY JOB TO SUPER_USER;
GRANT CREATE ANY MATERIALIZED VIEW TO SUPER_USER;
GRANT CREATE ANY PROCEDURE TO SUPER_USER;
GRANT CREATE ANY SEQUENCE TO SUPER_USER;
GRANT CREATE ANY SYNONYM TO SUPER_USER;
GRANT CREATE ANY TABLE TO SUPER_USER;
GRANT CREATE ANY TRIGGER TO SUPER_USER;
GRANT CREATE ANY TYPE TO SUPER_USER;
GRANT CREATE ANY VIEW TO SUPER_USER;
GRANT CREATE DATABASE LINK TO SUPER_USER;
GRANT CREATE JOB TO SUPER_USER;
GRANT CREATE MATERIALIZED VIEW TO SUPER_USER;
GRANT CREATE ROLE TO SUPER_USER;
GRANT CREATE SEQUENCE TO SUPER_USER;
GRANT CREATE SESSION TO SUPER_USER;
GRANT CREATE SYNONYM TO SUPER_USER;
GRANT CREATE TABLE TO SUPER_USER;
GRANT CREATE TABLESPACE TO SUPER_USER;
GRANT CREATE TRIGGER TO SUPER_USER;
GRANT CREATE TYPE TO SUPER_USER;
GRANT CREATE VIEW TO SUPER_USER;
GRANT DELETE ANY TABLE TO SUPER_USER;
GRANT DROP ANY CONTEXT TO SUPER_USER;
GRANT DROP ANY INDEX TO SUPER_USER;
GRANT DROP ANY INDEXTYPE TO SUPER_USER;
GRANT DROP ANY MATERIALIZED VIEW TO SUPER_USER;
GRANT DROP ANY PROCEDURE TO SUPER_USER;
GRANT DROP ANY SEQUENCE TO SUPER_USER;
GRANT DROP ANY SYNONYM TO SUPER_USER;
GRANT DROP ANY TABLE TO SUPER_USER;
GRANT DROP ANY TRIGGER TO SUPER_USER;
GRANT DROP ANY TYPE TO SUPER_USER;
GRANT DROP ANY VIEW TO SUPER_USER;
GRANT DROP PUBLIC DATABASE LINK TO SUPER_USER;
GRANT DROP PUBLIC SYNONYM TO SUPER_USER;
GRANT EXECUTE ANY PROCEDURE TO SUPER_USER;
GRANT EXECUTE ANY PROGRAM TO SUPER_USER;
GRANT GRANT ANY OBJECT PRIVILEGE TO SUPER_USER;
GRANT GRANT ANY PRIVILEGE TO SUPER_USER;
GRANT ON COMMIT REFRESH TO SUPER_USER;
GRANT SELECT ANY SEQUENCE TO SUPER_USER;
GRANT SELECT ANY TABLE TO SUPER_USER;
GRANT UPDATE ANY TABLE TO SUPER_USER;
GRANT INSERT ANY TABLE TO SUPER_USER;
GRANT USE ANY JOB RESOURCE TO SUPER_USER;
GRANT APEX_ADMINISTRATOR_ROLE to SUPER_USER;

GRANT SUPER_USER to MY_LIQUIBASE_USER;

It's still quite empowered not SYS user.

#oracle#databases
213 views

Comments

Join the discussion

No comments yet. Be the first to comment.

Liquibase

Part 6 of 6

Everything you need to know about database schema changes control using Open Source Liquibase & Oracle SQLcl Liquibase

Start from the beginning

Open Source Liquibase tutorial - a step-by-step guide for you.

Introduction Many organizations have implemented DevOps in their applications. At the same time, their database change process hasn’t evolved and is still left in the dark ages. But what if you could automate that, too? It can be done using Liquibase...

More from this blog

Keep It Simple. Developer's tips.

57 posts