Re: Question about revoking select from PUBLIC

On Tue, 11 Sep 2007 13:26:38 -0700, bontemps <jontan_mlr_at_yahoo.com> wrote:

<SNIP>

>> >Thanks you for your response, Brian. You suggest that I revoke SELECT
>> >on these tables from PUBLIC and grant select on these tables only to
>> >chosen users. Then prepend the schema owner. I did try that first
>> >and got error message ORA-01927: cannot REVOKE privileges you did not
>> >grant. I am sure that either I or the owner did the grant and I dont
>> >know where in the data dictioanry to find grants to PUBLIC. Any
>> >ideas?
>>
>> ALL_TAB_PRIVS
>>
>> SELECT
>> Grantor
>> FROM
>> All_Tab_Privs
>> WHERE
>> Grantee = 'PUBLIC'
>> AND PRIVILEGE = 'SELECT'
>> AND TABLE_SCHEMA = ''
>> AND TABLE_NAME = ''
>>
>> All these views are in the Database Reference "2 Static Data
>> Dictionary Views".
>>
>> B.- Hide quoted text -
>>
>> - Show quoted text -
>
>Thanks again Brian. The query you sent brought back unexpected
>results. Turns out there were only 3 out of the 100 or so tables
>which had the SELECT privilege granted to PUBLIC. So I was mytified
>how these users can see all these tables. After looking more closely,
>I saw a role that had been granted and that role had SELECT ANY table
>privilege. Problem solved. Thanks alot for the help especially in
>pointing out the dictionary. I dont use Oracle often enough to
>remember all these views

Neither do i (yet). But that's why i keep the documentation within reach. Keeping a tab in my browser open to a local copy of the docs makes it trivial just to look it up.

The trick is to look at *just* what i require, and waste all my time looking at all the other interesting stuff.

B. Received on Wed Sep 12 2007 - 07:55:11 CDT