| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: ODBC Bypassing Oracle's Security :-(
Brian Graham wrote:
>
> I've set up an Oracle account where I've granted select priviledges
> only on the desired tables. I've then set up synonyms to the tables.
>
> When I used ODBC32 and MsAccess '95, I find that I can update the
> owner's tables directly, and via the synonyms I created.
Well, I found out the answer. Never let your manager loose with the
DBA account! ;-) Although I ran a script granting select only on the
tables, my manager had previously "grant ALL on.. to PUBLIC" . So, it
was picking up the public rights.
How does Murphy's law go? In any collection of data, the piece most
certainly correct beyond all need of checking is the error. Something
like that.
Thanks to all who responded.
-- Brian Graham (grahamb_at_qouest.net)Received on Wed Mar 18 1998 - 00:00:00 CST
 |
 |