Return-Path: Received: from ensim.rackshack.net (root@localhost) by orafaq.net (8.11.6/8.11.6) with ESMTP id h7DJ0RZ29752 for ; Wed, 13 Aug 2003 14:00:27 -0500 X-ClientAddr: 66.27.56.210 Received: from ns3.fatcity.com (rrcs-west-66-27-56-210.biz.rr.com [66.27.56.210]) by ensim.rackshack.net (8.11.6/8.11.6) with ESMTP id h7DJ0Qp29747 for ; Wed, 13 Aug 2003 14:00:26 -0500 Received: from ns3.fatcity.com (localhost.localdomain [127.0.0.1]) by ns3.fatcity.com (8.12.5/8.12.5) with ESMTP id h7DGU081019360 for ; Wed, 13 Aug 2003 09:35:08 -0700 Received: (from root@localhost) by ns3.fatcity.com (8.12.5/8.12.5/Submit) id h7DGAXJN012944 for oracle-l@orafaq.net; Wed, 13 Aug 2003 09:10:33 -0700 Received: by fatcity.com (05-Jun-2003/v1.0g-b73/bab) via fatcity.com id 005CA7F4; Wed, 13 Aug 2003 09:04:23 -0800 Message-ID: Date: Wed, 13 Aug 2003 09:04:23 -0800 To: Multiple recipients of list ORACLE-L X-Comment: Oracle RDBMS Community Forum X-Sender: "Stephane Faroult" Sender: ml-errors@fatcity.com Reply-To: ORACLE-L@fatcity.com Errors-To: ML-ERRORS@fatcity.com From: "Stephane Faroult" Subject: RE: [Q] limit user privilege to see the schema through ODBC?? Organization: Fat City Network Services, San Diego, California X-ListServer: v1.0g, build 73; ListGuru (c) 1996-2003 Bruce A. Bergman Precedence: bulk Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit > >We have ORACLE 9ir2 on UNIX server. Our users >normally access DB through ODBC. The tools on PC >side >may be MS Access or Crystal report. When users >connect to DB through ODBC, their have lot of >tables, >views will show on screen. Those tables and view >include sys and system tables like: > public.dbaXXXXX > public.dbmsXXXX > public.gvXXXXX > public.v$XXX > public.x$XXXX > >Does their has way to elimit it and only show the >tables or view we grant it? > > >Thanks. > Mike, Everything depends on the account used by the ODBC connection, and on the 'GRANT TO PUBLIC' which have been done. You should possibly create a user named ODBC_ACCOUNT or similar with a very very small number of privileges, and use it. You could also revoke any privilege granted to PUBLIC - except that you risk nasty surprises (ooops where is DUAL gone?). Personally, I would gladly revoke a lot of things from PUBLIC, and redefine a number of ALL_... dictionary views. The trouble is that developers of third party applications - and in fact it could also be said of quite a number of developers within Oracle as well - take the 'let's grant as many privileges as possible, we'll avoid problem' approach. If they need, for some good reason, to access only one DBA_ view, you can be sure that as part of the installation process the account will be promoted to DBA or will at least get SELECT ANY TABLE or SELECT ANY DICTIONARY. Regards, Stephane Faroult Oriole -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Stephane Faroult INET: sfaroult@oriolecorp.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).