Re: Who has what rights on tables they do not own.

From: Pete Finnigan <plsql_at_petefinnigan.com>
Date: Tue, 14 Sep 2004 10:31:25 +0100
Message-ID: <tsvnBXBtprRBRxJ3@peterfinnigan.demon.co.uk>

Hi,

see a script i wrote called find_all_privs.sql available on my web site http://www.petefinnigan.com/tools.htm - it gives all object privileges, roles, and system privileges for a user and does it hierarchically via the roles. An example for the OUTLN user:

find_all_privs: Release 1.0.6.0.0 - Production on Tue Sep 14 10:30:27 2004
Copyright (c) 2004 PeteFinnigan.com Limited. All rights reserved.

NAME OF USER TO CHECK                 [ORCL]: OUTLN
OUTPUT METHOD Screen/File                [S]: S
FILE NAME FOR OUTPUT              [priv.lst]: 

OUTPUT DIRECTORY [DIRECTORY or file (/tmp)]:

User => OUTLN has been granted the following privileges

---

        ROLE => CONNECT which contains =>
                SYS PRIV => ALTER SESSION grantable => NO
                SYS PRIV => CREATE CLUSTER grantable => NO
                SYS PRIV => CREATE DATABASE LINK grantable => NO
                SYS PRIV => CREATE SEQUENCE grantable => NO
                SYS PRIV => CREATE SESSION grantable => NO
                SYS PRIV => CREATE SYNONYM grantable => NO
                SYS PRIV => CREATE TABLE grantable => NO
                SYS PRIV => CREATE VIEW grantable => NO
        ROLE => RESOURCE which contains =>
                SYS PRIV => CREATE CLUSTER grantable => NO
                SYS PRIV => CREATE INDEXTYPE grantable => NO
                SYS PRIV => CREATE OPERATOR grantable => NO
                SYS PRIV => CREATE PROCEDURE grantable => NO
                SYS PRIV => CREATE SEQUENCE grantable => NO
                SYS PRIV => CREATE TABLE grantable => NO
                SYS PRIV => CREATE TRIGGER grantable => NO
                SYS PRIV => CREATE TYPE grantable => NO
        SYS PRIV => EXECUTE ANY PROCEDURE grantable => NO
        SYS PRIV => UNLIMITED TABLESPACE grantable => NO
        TABLE PRIV => DELETE object => SCOTT.EMP grantable => NO
        TABLE PRIV => EXECUTE object => SYS.OUTLN_PKG grantable => NO

PL/SQL procedure successfully completed.

kind regards

Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

Received on Tue Sep 14 2004 - 04:31:25 CDT