RE: restrict schema A from schema B

From: Joe Smith <joe_dba_at_hotmail.com>
Date: Mon, 11 Oct 2010 19:37:24 -0500
Message-ID: <BLU108-W289B90EA8033C1A8D59B4997540_at_phx.gbl>


Schema A will have only select on Schema B. Version is 10gRelease 2. Management wants something better that just revoke privileges or revoke system privileges like SELECT ANY TABLE. They have told us to investigate a way to separate the two schemas.    

Date: Tue, 12 Oct 2010 11:31:16 +1100
Subject: Re: restrict schema A from schema B From: stbaldwin_at_multiservice.com
To: joe_dba_at_hotmail.com
CC: oracle-l_at_freelists.org

A few questions :

What privileges does schema A have?
What grants are in place on schema B's objects? What Oracle version are you using?

Ordinarily objects owned by one schema (B) are not accessible to another schema (A) unless either schema B grant access either explicitly to A or to a role that is granted to A. Or, schema A has a system privilege such as SELECT ANY TABLE.

Steve

On Tue, Oct 12, 2010 at 10:36 AM, Joe Smith <joe_dba_at_hotmail.com> wrote:

How to restrict schema A from schema B.  

I have a db with schema B. Our applications are written in C++ and they use schema B. We have to support a 3rd party product that will require us to install schema A ( that supports the 3rd party app ) in our db. How do I absolutely stop schema A from accessing schema Bís objects? Management want options on how to restrict access.  

Besides from granting privileges and assigning roles how can I stop schema A from schema Bís objects? We already use security policies and have discussed building a separate db for schema A.  

Has anybody else had this problem and how did they overcome it?    

thanks.  



This email is intended solely for the use of the addressee and may contain information that is confidential, proprietary, or both. If you receive this email in error please immediately notify the sender and delete the email.
--
http://www.freelists.org/webpage/oracle-l
Received on Mon Oct 11 2010 - 19:37:24 CDT

Original text of this message