Re: Permissions Question

Johne_uk wrote:
> Hi,
>
> I have recently moved into the role of Oracle DBA in my company which
> has a few DB servers. The main production server has a single DB
> Instance with a number of schemas. I've noticed that many of the tables
> in these schemas have public grants.
>
> This has never been a security problem in the past as we are a small
> company and all users are internal employees. However, a situation has
> emerged whereby an external company requires access to a single schema
> on the DB server.
>
> The obvious problem here is that the external user will also be able to
> view all tables that have public grants. Is there any way that I can
> prevent this other than removing all public grants from tables and
> reassigning to a single role that can be granted to our internal
> application schemas.
>
> I think I know that this is not possible but there's no harm in asking.
>
> Thanks in advance

A public synonym gives someone knowledge that an object exists. It does not grant SELECT or other privileges.

A bigger problem, if you are in the US (appears likely UK from your name) is that the law now makes internal security violations just as important as external security violations including fines and jail time. I'd suggest cleaning up the mess as your laws will likely soon be like ours just as ours are rapidly catching up to the Japanese.

-- 
Daniel A. Morgan
http://www.psoug.org
damorgan_at_x.washington.edu
(replace x with u to respond)