Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Using current_schema allows too much access
In article <bafba412.0106181126.1ddd6027_at_posting.google.com>,
stevens_at_coloradocustomware.com says...
>
>I am trying to change our application from a application sercurity
>model, to indeividual database users using Oracle's security. I can
>solve the problem of accessing the applications schema by using alter
>session set current_schema = xxx. One side effect is users could
>potentially access the application schema using an ad-hoc tool with
>full rights to modify data.
>
>Does anyone have any ideas how to get around that?
Great confusion here on my part.
ALTER SESSION SET CURRENT_SCHEMA=xxx
does not change your privelege set -- you have given the end users nothing new here. You've only made it such that:
select * from t
is intrepreted as
select * from xxx.t
thats it -- if the user could not execute "select * from xxx.t", altering the current schema will not make it so they can. current schema does NOT affect priveleges.
So, can you be more clear as to the problem?? Current Schema is a neat way to avoid synonyms but conveys no additional priveleges.
-- Thomas Kyte (tkyte@us.oracle.com) http://asktom.oracle.com/ Expert one on one Oracle, programming techniques and solutions for Oracle. http://www.amazon.com/exec/obidos/ASIN/1861004826/ Opinions are mine and do not necessarily reflect those of Oracle CorpReceived on Tue Jun 19 2001 - 07:20:05 CDT