Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Basic Oracle Views and Tables Permissions Question.

RE: Basic Oracle Views and Tables Permissions Question.

From: Lex de Haan <lex.de.haan_at_naturaljoin.nl>
Date: Fri, 15 Oct 2004 11:16:54 +0200
Message-ID: <JFEEIGBIDOCCDALDIPLNKEPPCJAA.lex.de.haan@naturaljoin.nl>


if that were true, views would be worthless for security; anyone could circumvent the views by looking at the view definition in the data dictionary, and access the underlying tables.

so you *don't* need any privileges on underlying tables in order to use privileges granted to you on a view; of course, the act of *granting* those privileges on the view ( as opposed to *using* them) is something else: that is only allowed for the owner (SYS) or anyone with DBA privileges.

Chris is right, by the way: you should never grant insert/update/delete privileges on data dictionary objects to anyone.

Kind regards,
Lex.



visit http://www.naturaljoin.nl <http://www.naturaljoin.nl>

skype me <callto://lexdehaan>

-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of chris_at_thedunscombes.f2s.com
Sent: Friday, October 15, 2004 09:12
To: ltiu_at_alumni.sfu.ca
Cc: oracle-l_at_freelists.org
Subject: Re: Basic Oracle Views and Tables Permissions Question.

Lydon,

As far as I'm aware it is the permissions on the underlying table(s) that count
and not those on the views. BTW it should be easy for you to prove this to yourself by setting up a simple test.

Also you shouldn't be giving update/insert access to sys objects to other users.
This isn't good practise. It's also not a good idea to create your own objects
in sys if you've done that. The sys schema is Oracle's so we should leave it to
Oracle, except for select access of course.

HTH Chris

Quoting Lyndon Tiu <ltiu_at_alumni.sfu.ca>:

> Hello,
>
> I have a table that is owned by sys and is only accessible (insert,
select,
> update) to user sys.
>
> Now if I create a view on that table that is more permissible (allows
select,
> insert, update) to everyone ... every user in the database.
>
> Is this possible or is the view's permission dependent on the underlying
> table's permissions?
>
> Thanks for helping.
>
> --
> Lyndon Tiu
> --
> http://www.freelists.org/webpage/oracle-l
>

Chris Dunscombe

Christallize Ltd



Everyone should have http://www.freedom2surf.net/
--
http://www.freelists.org/webpage/oracle-l



--
http://www.freelists.org/webpage/oracle-l
Received on Fri Oct 15 2004 - 04:12:40 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US