| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: User PUBLIC - How does it get its privs?? Why is it doing this???
Here's what happens when I try to revoke select any table:
SQL> revoke select any table from public;
revoke select any table from public
*
ERROR at line 1:
ORA-01952: system privileges not granted to 'PUBLIC'
Here's the results of the queries on the role tables:
1 select * from dba_role_privs
2* where grantee = 'PUBLIC'
SQL> /
no rows selected
1 select * from dba_sys_privs
2* where grantee = 'PUBLIC'
SQL> /
no rows selected
select * from dba_tab_privs
where grantee = 'PUBLIC'
*** This shows all the catalog tables as well as select privs to each users
views. EXCEPT for one...the ONLY difference was that this user did
not have UNLIMITED TABLESPACE granted to it.
Does this make a difference?
Somehow...there's something strange going on with PUBLIC!!
Thanks for the ideas so far. I want to make sure I'm checking everything. I'm going to try some mroe testing by creating a clean DB and some clean users with very minimal privs.
Thanks again!
Elizabeth Elliott
PS Sorry if it takes a while to reply....at work I only have access to web based News Readers/Severs. None of my other seems to want to work via Outlook here at work.
In article <9c4485cf.0202131011.4644ae11_at_posting.google.com>, E Elliott
<emelliott_99_at_yahoo.com> writes:
>Here's my situation:
>
>We're using Oracle 8.1.7 on NT.
>
>I have 1 Instance set up with Many schemas. This is a dev and testing
>envirmonent. All the schemas pretty much have the same objects in
>them.
>
>The problem is that: ANY USER can Select data from ANY VIEW in the in
>ANY SCHEMA. We have not explicity granted any rights to the views to
>anyone. I have tracked it down to the fact that the PUBLIC user/role
>has select access to ALL Views in ALL of the Shcemas. I did not grant
>SELECT ANY TABLE to public. I even logged in as Sys and tried to
>revoke select any table and it failed b/c it didn't have the priv.
 |
 |