Re: question about user access to tables
From: Jonathan Schilling <jlselsewhere_at_my-deja.com>
Date: Wed, 5 Aug 2009 09:57:13 -0700 (PDT)
Message-ID: <f97d52cd-2914-489d-9ca2-378a28d4443d_at_q35g2000vbi.googlegroups.com>
On Aug 4, 10:35 am, Mark D Powell <Mark.Pow..._at_eds.com> wrote:
> On Aug 3, 4:27 pm, ddf <orat..._at_msn.com> wrote:
>
>
>
> > Comments embedded.
>
> > On Aug 3, 11:28 am, Jonathan Schilling <jlselsewh..._at_my-deja.com>
> > wrote:
>
> > > I have a situation that's stumping me for some reason.
>
> > > I have an Oracle 9i system, with a database called abcweb.
>
> > > One user of it, called abcuser, accesses it via something like
> > > "sqlplus abcuser_at_abcweb_dev.WORLD/pswd1", with ORACLE_SID=abcweb.
> > > They see all the tables in the database, per the
> > > "select owner, table_name from all_tables;" command; the tables
> > > are all owned by the ABCADM account.
>
> > This user probably should have such access.
>
> > > Another user of it, called defuser, accesses it via something like
> > > "sqlplus defuser_at_abcweb_dev.WORLD/pswd2", with the same ORACLE_SID.
> > > They see only some of the tables in the database that the
> > > first user sees, again per the
> > > "select owner, table_name from all_tables;" command; the tables
> > > they do see are also owned by the ABCADM account.
>
> > There MAY be some valid reason why defuser does not possess the same
> > access as abcuser; possibly you should consult the documentation for
> > the application before you go changing any privileges.
>
> > > I want to make it so that the second user, defuser, can see the same
> > > tables that the first user abcuser sees.
>
> > That may not be how this particular user account is to be configured.
> > Have you read the product documentation on proper setup?
>
> > > How do I do this? What
> > > table
> > > or tool or command controls this? (Obviously, I didn't set up this
> > > arrangement, and don't have deep Oracle knowledge.)
>
> > Then possibly you should leave it alone until those who did set this
> > up can be consulted?
>
> > > I've searched and looked at a bunch of things, but none of them
> > > really address this ... I must be missing something simple ... thanks
> > > for any help.
>
> > It isn't rocket science but without knowing HOW these accounts are
> > intended to be configured it's probably best to leave well enough
> > alone until you find out more details.
>
> > > Jonathan Schilling
>
> > David Fitzjarrell
>
> David has a point. Be careful about changing something without first
> trying to gain an understanding of how the environment is set up.
> That being said the following article has a list of useful security
> related views for seeing such things as what roles a user has, what
> grants a role has, and the system privileges assigned to a user.
>
> How do I find out which users have the rights, or privileges, to
> access a given object ? http://www.jlcomp.demon.co.uk/faq/privileges.html
>
> HTH -- Mark D Powell --
Date: Wed, 5 Aug 2009 09:57:13 -0700 (PDT)
Message-ID: <f97d52cd-2914-489d-9ca2-378a28d4443d_at_q35g2000vbi.googlegroups.com>
On Aug 4, 10:35 am, Mark D Powell <Mark.Pow..._at_eds.com> wrote:
> On Aug 3, 4:27 pm, ddf <orat..._at_msn.com> wrote:
>
>
>
> > Comments embedded.
>
> > On Aug 3, 11:28 am, Jonathan Schilling <jlselsewh..._at_my-deja.com>
> > wrote:
>
> > > I have a situation that's stumping me for some reason.
>
> > > I have an Oracle 9i system, with a database called abcweb.
>
> > > One user of it, called abcuser, accesses it via something like
> > > "sqlplus abcuser_at_abcweb_dev.WORLD/pswd1", with ORACLE_SID=abcweb.
> > > They see all the tables in the database, per the
> > > "select owner, table_name from all_tables;" command; the tables
> > > are all owned by the ABCADM account.
>
> > This user probably should have such access.
>
> > > Another user of it, called defuser, accesses it via something like
> > > "sqlplus defuser_at_abcweb_dev.WORLD/pswd2", with the same ORACLE_SID.
> > > They see only some of the tables in the database that the
> > > first user sees, again per the
> > > "select owner, table_name from all_tables;" command; the tables
> > > they do see are also owned by the ABCADM account.
>
> > There MAY be some valid reason why defuser does not possess the same
> > access as abcuser; possibly you should consult the documentation for
> > the application before you go changing any privileges.
>
> > > I want to make it so that the second user, defuser, can see the same
> > > tables that the first user abcuser sees.
>
> > That may not be how this particular user account is to be configured.
> > Have you read the product documentation on proper setup?
>
> > > How do I do this? What
> > > table
> > > or tool or command controls this? (Obviously, I didn't set up this
> > > arrangement, and don't have deep Oracle knowledge.)
>
> > Then possibly you should leave it alone until those who did set this
> > up can be consulted?
>
> > > I've searched and looked at a bunch of things, but none of them
> > > really address this ... I must be missing something simple ... thanks
> > > for any help.
>
> > It isn't rocket science but without knowing HOW these accounts are
> > intended to be configured it's probably best to leave well enough
> > alone until you find out more details.
>
> > > Jonathan Schilling
>
> > David Fitzjarrell
>
> David has a point. Be careful about changing something without first
> trying to gain an understanding of how the environment is set up.
> That being said the following article has a list of useful security
> related views for seeing such things as what roles a user has, what
> grants a role has, and the system privileges assigned to a user.
>
> How do I find out which users have the rights, or privileges, to
> access a given object ? http://www.jlcomp.demon.co.uk/faq/privileges.html
>
> HTH -- Mark D Powell --
Thanks very much for the several responses to this. I'm a veteran guy
and I'm well aware of the pitfalls of monkeying with stuff whose
design one
doesn't really understand. In this case, I was just looking to see if
the one
user could grant access to the other use; I'd used grant equivalents
in
MySQL and Postgres before, but was missing the ALL_TAB_PRIVS that
one of the URLs pointed to. In any event, my user didn't have that
kind
of privilege and I got the sys admin to grant it instead, no harm done.
Received on Wed Aug 05 2009 - 11:57:13 CDT