Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Fine grained access control - SYS user
On Tue, 23 Apr 2002 15:11:11 +1200, Thomas Hesse
<thomas.hesse_at_team.xtra.co.nz> wrote:
>Hi,
>
>is it correct that the SYS user is not using any of the predicates ?
>
>e.g. when I am using something like this:
>
>CREATE OR REPLACE FUNCTION context_flag
> (obj_schema VARCHAR2, obj_name VARCHAR2)
> RETURN VARCHAR2 IS d_predicate VARCHAR2(2000);
>
>BEGIN
> d_predicate := 'flag = ''Y''';
> RETURN d_predicate;
>END context_flag;
>
>
>
>The users are only getting rows with flag='Y', but as SYS users I got
>all.
>
>Is there a way to change this ?
>
>
>Cheers
>Thomas
It is SYS isn't it. SYS can read the whole database, by design. If you don't trust the people using SYS, make sure the appropiate persons are fired. What you want is to lock a safe and throw away the key.
Regards
Sybrand Bakker, Senior Oracle DBA
To reply remove -verwijderdit from my e-mail address Received on Mon Apr 22 2002 - 23:26:13 CDT