Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Basic Oracle Views and Tables Permissions Question.

RE: Basic Oracle Views and Tables Permissions Question.

From: <chris_at_thedunscombes.f2s.com>
Date: Mon, 18 Oct 2004 09:51:11 +0100
Message-ID: <1098089471.417383fff13fc@webmail.freedom2surf.net>


Lex,

Thanks for correcting me. Clearly I'm wrong and replied without thinking properly. The data dictionary views all_* etc. provide an example showing that you can have access to a view but not the underlying tables.

Cheers,

Chris

Quoting Lex de Haan <lex.de.haan_at_naturaljoin.nl>:

>
> if that were true, views would be worthless for security;
> anyone could circumvent the views by looking at the view definition
> in the data dictionary, and access the underlying tables.
>
> so you *don't* need any privileges on underlying tables
> in order to use privileges granted to you on a view;
> of course, the act of *granting* those privileges on the view
> ( as opposed to *using* them) is something else:
> that is only allowed for the owner (SYS) or anyone with DBA privileges.
>
> Chris is right, by the way: you should never grant insert/update/delete
> privileges on data dictionary objects to anyone.
>
> Kind regards,
> Lex.
>
> -------------------------------
> visit http://www.naturaljoin.nl <http://www.naturaljoin.nl>
> -------------------------------
> skype me <callto://lexdehaan>
>
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org
> [mailto:oracle-l-bounce_at_freelists.org]On Behalf Of
> chris_at_thedunscombes.f2s.com
> Sent: Friday, October 15, 2004 09:12
> To: ltiu_at_alumni.sfu.ca
> Cc: oracle-l_at_freelists.org
> Subject: Re: Basic Oracle Views and Tables Permissions Question.
>
>
> Lydon,
>
> As far as I'm aware it is the permissions on the underlying table(s) that
> count
> and not those on the views. BTW it should be easy for you to prove this to
> yourself by setting up a simple test.
>
> Also you shouldn't be giving update/insert access to sys objects to other
> users.
> This isn't good practise. It's also not a good idea to create your own
> objects
> in sys if you've done that. The sys schema is Oracle's so we should leave it
> to
> Oracle, except for select access of course.
>
> HTH
>
> Chris
>
>
>
> Quoting Lyndon Tiu <ltiu_at_alumni.sfu.ca>:
>
> > Hello,
> >
> > I have a table that is owned by sys and is only accessible (insert,
> select,
> > update) to user sys.
> >
> > Now if I create a view on that table that is more permissible (allows
> select,
> > insert, update) to everyone ... every user in the database.
> >
> > Is this possible or is the view's permission dependent on the underlying
> > table's permissions?
> >
> > Thanks for helping.
> >
> > --
> > Lyndon Tiu
> > --
> > http://www.freelists.org/webpage/oracle-l
> >
>
>
> Chris Dunscombe
>
> Christallize Ltd
>
> -------------------------------------------------
> Everyone should have http://www.freedom2surf.net/
> --
> http://www.freelists.org/webpage/oracle-l
>

Chris Dunscombe

Christallize Ltd  



Everyone should have http://www.freedom2surf.net/
--
http://www.freelists.org/webpage/oracle-l
Received on Mon Oct 18 2004 - 03:47:01 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US