Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: ODBC ignores priveleges?
On Tue, 22 Jun 1999 14:20:51 -0400, Gerard Tromp
<tromp_at_sanger.med.wayne.edu> wrote:
>Greetings,
>
> I have a peculiar situation. When using sqlplus on the server, any
>particular user can only see the tables created by, or granted to, that
>user (direcly or via role). When the database is queried using ODBC from
>a Win95 client, however, all the tables in the tablespace are visible
>and are selectable. Any clues?
Yes, all your users are by default a member of PUBLIC, and PUBLIC by default has select privileges on many system catalog tables, including sys.all_tables.
This is a gigantic security hole that I wish Oracle would remove. Thankfully, you can do it manually by either droping PUBLIC, or revoking it from all users.
Ciao
Fuzzy
:-)
Received on Wed Jun 23 1999 - 18:24:24 CDT