| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: revoking drop table priviliege
A copy of this was sent to chandrasekar_at_my-dejanews.com
(if that email address didn't require changing)
On Thu, 28 Jan 1999 06:55:06 GMT, you wrote:
>Hello Mr John Koo, I am in receipt of your mail . Thankx for the same.But
>still my doubt is not fully rectified . My actual problem is I can let any
>users connect to 'test1' schema but they should not drop any tables in
>'test1'. In otherwords test1 schema has create session privileges. To the
>best of my knowledge if a user has create session priviliegem, then dropping
>a table would also be possible . Is my assumption right ? If so how to
>prevent the user from dropping a table in the schema where the user is
>connected . Anticipating ur reply
>
Yes, if test1 logs in AND test1 has a table, test1 can DROP that table.
thats the problem. You are letting end users log in with a common schema -- in fact the schema that OWNS the objects. Thats like giving everone root on a unix boot -- they can do whatever the 'real' test1 could do.
The answer to your problem is:
>cheers
>chandrasekar
>
>
>
>
>In article <36ADA32F.175B20AE_at_i-wave.net>,
> John Koo <johnkoo_at_i-wave.net> wrote:
>> chandrasekar_at_my-dejanews.com wrote:
>>
>> > Hi, I have two questions for ORACLE DBA INTELLECTUALS : 1. Is it possible
>> > to revoke only a drop table priviliege from the user who can connect to
>> > database, query tables and do transactions . 2. Is it possible to restrict
>> > a user from dropping and creating tables based on the terminal numbers;
>> >
>> > To eloborate the environment , We are running ORACLE 8.0.3.0 in
>> > winNT platform . We have an user 'test1' where all the other users can query
>> > this schemas table but the users should not drop or create any tables of
>their
>> > own in 'test1'. Particularly the users working in terminal c100,c101,c102 &
>> > c103 should not be given priviliege for creating or dropping tables .
>> >
>> > Your valuable inputs are greatly appreciated .
>> > thankx in advance
>> > cheers
>> > CHANDRASEKAR
>> >
>> > -----------== Posted via Deja News, The Discussion Network ==----------
>> > http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
>>
>> HI CHANDRASEKAR,
>>
>> If the users are just having "SELECT, UPDATE, INSERT,DELETE"
>> object privileges on tables in other people schema , then it should
>> solve your problem. Make sure the users are not having too powerful
>> system privileges such as "DROP ANY TABLE" !
>>
>> John Koo
>> johnkoo_at_i-wave.net
>>
>>
>
>-----------== Posted via Deja News, The Discussion Network ==----------
>http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
Thomas Kyte
tkyte_at_us.oracle.com
Oracle Service Industries
Reston, VA USA
--
http://govt.us.oracle.com/ -- downloadable utilities
Anti-Anti Spam Msg: if you want an answer emailed to you, you have to make it easy to get email to you. Any bounced email will be treated the same way i treat SPAM-- I delete it. Received on Thu Jan 28 1999 - 07:38:50 CST
 |
 |