Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: user "PUBLIC" not in All_USERS

Re: user "PUBLIC" not in All_USERS

From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Sat, 17 Jul 2004 17:07:46 -0700
Message-ID: <1090109287.952698@yasure> 





Pete Finnigan wrote:


>>thanks Pete. I was looking at the TYPE#=0 but never looked in DBA_ROLES. 

>>But ...

>>

>>Connected to:

>>Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - Production

>>With the Partitioning, OLAP and Data Mining options

>>

>>SQL> sho user

>>USER is "SYS"

>>SQL> conn system/manager

>>Connected.

>>SQL> sho user

>>USER is "SYSTEM"

>>SQL>


>>

>>Daniel Morgan

>>


> 
> Hi Daniel,
> 
> You missed the "as sysoper", it is this bit that connects you to the
> public schema, but this is the misnomer!!. Its the same as "as sysdba"
> connecting you to the SYS schema.
> 
> kind regards
> 
> Pete





I did indeed.



Thanks.



I finally decided to do what I should have done in the first place ...
RTFM.


Here's what I found:


http://download-west.oracle.com/docs/cd/B13789_01/network.101/b10773/admusers.htm#1008126



"Privileges and roles can also be granted to and revoked from the user 
group PUBLIC. Because PUBLIC is accessible to every database user, all 
privileges and roles granted to PUBLIC are accessible to every database 
user."



So PUBLIC is not a schema. It is not a role. It is not a user. It is
something entirely different ... it is a "user group".



Which of course leads immediately to the question "What is a user
group". So I pursued that next.



http://download-west.oracle.com/docs/cd/B13789_01/server.101/b10743/security.htm#i15987
You can create both public and private synonyms. A public synonym is 
owned by the special user group named PUBLIC and every user in a 
database can access it.



Backs up the first statement but no explanation.



As does:


http://download-west.oracle.com/docs/cd/B13789_01/network.101/b10773/authoriz.htm#1007291
A user's security domain also includes the privileges and roles granted 
to the user group PUBLIC.



As does:


http://download-west.oracle.com/docs/cd/B13789_01/network.101/b10773/checklis.htm#1006151



Revoke unnecessary privileges and roles from the database server user 
group PUBLIC.



But try as I might I could not find a single reference that defined what
a "USER GROUP" is in Oracle. So if anyone has an official statement I am
all eyes.



Thanks.



Daniel Morgan
Received on Sat Jul 17 2004 - 19:07:46 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US