RE: Private Synonyms

From: Jackie Brock <J.Brock_at_cablelabs.com>
Date: Wed, 11 Dec 2013 23:34:23 +0000
Message-ID: <9FA6FCA2E9AD2E4E82FCBAC5F343BCA5235DCDC5_at_EXCHANGE.cablelabs.com>

I wholeheartedly concur with the fishy.

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Dick Goulet Sent: Wednesday, December 11, 2013 4:30 PM To: oracle-l_at_freelists.org
Subject: Private Synonyms

All,

Is there anyone other than myself that doesn't think this is right. For those of you who have missed it, like I did, when Oracle started evolving Fine Grained Access Controls (FGA) the role of private synonyms changed. Try this for starters and I'll make it easy:

install the scott account, we'll need emp.
create another account, any name you like, I'll use user1.
create a third account, I'll call it user2.
as scott grant select on emp to user1.
as scott grant select on emp to user2.
as user1 create a private synonym to scott.emp
as user2 "select * from user1.emp;"

If you go back to a V8 database step 7 above will end in an ORA-00942. If your on V9 or higher, you get data.

Does this sound fishy??? I've opened an itar with Oracle. They referenced note:174368.1 Policies on Synonyms. But this just seems wrong to me. Any other opinion???

Dick Goulet
Senior Oracle DBA.

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Dec 12 2013 - 00:34:23 CET

This message: [ Message body ]
Next message: John Hurley: "Re: best DBA script collection"
Previous message: Dick Goulet: "Private Synonyms"
In reply to: Dick Goulet: "Private Synonyms"
Next in thread: D'Hooge Freek: "Re: Private Synonyms"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message