Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Fine grained access control - SYS user

Re: Fine grained access control - SYS user

From: Sybrand Bakker <postbus_at_sybrandb.demon.nl>
Date: Tue, 23 Apr 2002 06:26:13 +0200
Message-ID: <8fo9cu0gof4d9mgpfbfd3nco5scpio26u5@4ax.com>


On Tue, 23 Apr 2002 15:11:11 +1200, Thomas Hesse <thomas.hesse_at_team.xtra.co.nz> wrote:

>Hi,
>
>is it correct that the SYS user is not using any of the predicates ?
>
>e.g. when I am using something like this:
>
>CREATE OR REPLACE FUNCTION context_flag
> (obj_schema VARCHAR2, obj_name VARCHAR2)
> RETURN VARCHAR2 IS d_predicate VARCHAR2(2000);
>
>BEGIN
> d_predicate := 'flag = ''Y''';
> RETURN d_predicate;
>END context_flag;
>
>
>
>The users are only getting rows with flag='Y', but as SYS users I got
>all.
>
>Is there a way to change this ?
>
>
>Cheers
>Thomas

It is SYS isn't it. SYS can read the whole database, by design. If you don't trust the people using SYS, make sure the appropiate persons are fired. What you want is to lock a safe and throw away the key.

Regards

Sybrand Bakker, Senior Oracle DBA

To reply remove -verwijderdit from my e-mail address Received on Mon Apr 22 2002 - 23:26:13 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US