Newbie question on user rights
gpadu99
something strange happens: A user, can select or update records in
another schema. How can I be sure that, no user other than the one
with same name (as the schema name), can sonnect to that schema?
Thanks very much for answering this newbie question..
gazzag
You will find that the user has been granted SELECT and UPDATE
privileges to objects in the other schema - this is not by default.
You (the DBA) will have to revoke these rights if this is not what you
want.
Look in the Oracle documentation for the GRANT and REVOKE commands.
The data dictionary view DBA_TAB_PRIVS is a view that will provide you
with the relevant information.
HTH
-g
gpadu99
Thanks for the quick answer. Is it normal that, the user that an
application uses to connect to the database, has the DBA role? (I
think not). Does this explain the fact that this user has access to
another schema?
gazzag
> Thanks for the quick answer. Is it normal that, the user that an
> application uses to connect to the database, has the DBA role? (I
> think not). Does this explain the fact that this user has access to
>
Normal? Sadly yes, in my experience. Correct? Definitely not;
merely an indication of lazy development.
The DBA role has many privileges associated with it including SELECT
ANY TABLE which, as you correctly surmise, is allowing the user you're
talking about to see (and update, truncate or even drop!) any table
within the database and so is a security risk.
The following query will show you what privileges are given to a
particular user/role:
SELECT PRIVILEGE
FROM dba_sys_privs
WHERE grantee='<user_or_role_name>'
ORDER BY privilege;
HTH
-g