Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: [Q] limit user privilege to see the schema through ODBC??

RE: [Q] limit user privilege to see the schema through ODBC??

From: Stephane Faroult <sfaroult_at_oriolecorp.com>
Date: Wed, 13 Aug 2003 09:04:23 -0800
Message-ID: <F001.005CA7F4.20030813090423@fatcity.com> 





>

>We have ORACLE 9ir2 on UNIX server.  Our users

>normally access DB through ODBC.  The tools on PC

>side

>may be MS Access or Crystal report.  When users

>connect to DB through ODBC, their have lot of

>tables,

>views will show on screen.  Those tables and view

>include sys and system tables like:

>    public.dbaXXXXX

>    public.dbmsXXXX

>    public.gvXXXXX

>    public.v$XXX

>    public.x$XXXX

>

>Does their has way to elimit it and only show the

>tables or view we grant it?

>

>

>Thanks.

>




Mike,



  Everything depends on the account used by the ODBC connection, and on the 'GRANT TO PUBLIC' which have been done.
  You should possibly create a user named ODBC_ACCOUNT or similar with a very very small number of privileges, and use it. You could also revoke any privilege granted to PUBLIC - except that you risk nasty surprises (ooops where is DUAL gone?).
Personally, I would gladly revoke a lot of things from PUBLIC, and redefine a number of ALL_... dictionary views. 
<rant>


The trouble is that developers of third party applications - and in fact it could also be said of quite a number of developers within Oracle as well - take the 'let's grant as many privileges as possible, we'll avoid problem' approach. If they need, for some good reason, to access only one DBA_ view, you can be sure that as part of the installation process the account will be promoted to DBA or will at least get SELECT ANY TABLE or SELECT ANY DICTIONARY.
</rant>



Regards,



Stephane Faroult


Oriole

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Stephane Faroult
  INET: sfaroult_at_oriolecorp.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Wed Aug 13 2003 - 12:04:23 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US