If you’ve read this far, you’ve probably concluded that maintaining user accounts can be a tiresome job. Well, you are absolutely correct! Creating a user is easy. Creating a role is easy. Giving grants to roles is easy. Deciding how to mix all of these is sometimes tedious, but it gets done. Doing all of this once or twice is interesting. Doing it a third time is work, and on the fourth request, you will probably be ready to strangle your client. Without some interface to implement small changes, the maintenance of scripts will drive you crazy. You need a tool to help with the management of users and their privileges, and some tools to document what you have done. You really don’t want to do it all over from scratch every time!

This chapter discusses an application that was developed for a client to help solve the maintenance problem. Toward the end of the chapter we provide a sample script to illustrate how the information to create the user and role scripts can be extracted from the data dictionary. You really do need scripts of these kinds in order to recover from catastrophic failure.

There are vendor-supplied tools available to do the type of work we describe in this chapter, but often they are too powerful or complex to turn over to the typical user. A simple custom application of the kind we show in this chapter has the advantage of doing exactly what is needed — and nothing more.