Restrict Logger's Access to Your Data

Some DBAs and organizations may have issues with installing Logger in a schema with their existing data. The reason being that they don't want 3rd party code sitting alongside their data. The good news is that this concern can easily be resolved. Logger doesn't need to see your data/schema. Rather, your schema needs to see Logger.

Update 1: I've created a new issue for this so that these scripts will be available as part of Logger 3.1.0 onwards.

Update 2: This is now in Logger 3.1.0. Documentation here.

Here's how to setup Logger so that it can't see your data:

  1. Create a new user (for this example logger_user) with the appropriate permissions. You can review this in the Installation documentation. There's already a script to create a user in the install folder.

  2. Install Logger in the newly created schema.

  3. Grant execute and select permissions from logger_user to your schema:

-- Run as logger_user
grant execute on logger to my_user;
grant select on logger_logs to my_user;
grant select on logger_logs_apex_items to my_user;
grant select on logger_logs_5_min to my_user;
-- Add any additional grants to other Logger views
  1. In your schema, create the appropriate synonyms:
-- Run as my_user
create or replace synonym logger for logger_user.logger;
create or replace synonym logger_logs for logger_user.logger_logs;
create or replace synonym logger_logs_apex_items for logger_user.logger_logs_apex_items;
create or replace synonym logger_logs_5_min for logger_user.logger_logs_5_min;

After doing these steps your schema can see Logger's tables and views, and run the logger package. Assuming you don't grant public access to your tables/packages then Logger can't see your data.