ED HAYES

I have had an Oracle Service Request (SR) open for 3 years now. The request has to do with how slow several security based objects are to be displayed when a user is set up using Oracle’s newer RBAC (Role Base Access Control) security structure.  Right now we are working on is the list of concurrent requests.

The SR was originally opened as a severity 2.  About a year into the SR, one of my DBAs had some work to do on it and was getting poor response from Oracle support, so he raised the severity to 1.  It has been at severity 1 for about 2 years now.

I have gotten several patches from Oracle.  The first one we applied showed no change in performance at all.  When they released the second patch, I insisted they provide details of what the improvement was so I could confirm A) it actually did improve, and B) they have actually replicated the problem internally.  I didn’t want to waste our DBA team’s time applying an alpha stage patch that has been untested.

I never got the proof that the patch was tested.  I gave up and had the patch applied. The patch broke the security all together; a user would have no access to concurrent requests at all.  Yes it was fast, but it didn’t work.

A third patch was released; it fixed the security, so at least the user would get access, but the performance was 50% slower than an un-patched system.

For several months I have been asking for updates on the SR every week or so, and it get the standard “we are working on it” or “requested status from development” response.

I have poked the bear, per-say, this last week by asking for some manger interaction.  Take a look at the latest response I got from them:

Note in the title of the SR I mentioned “W/RBAC.”  The first question in this SR update is “Are you using RBAC model to define security?”  ARE YOU KIDDING ME?