Return-Path: Delivered-To: 2-oracle-l@orafaq.com Received: (qmail 16803 invoked from network); 8 Aug 2007 11:07:28 -0500 Received: from freelists-180.iquest.net (HELO turing.freelists.org) (206.53.239.180) by 69.64.49.119 with SMTP; 8 Aug 2007 11:07:28 -0500 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 0AD31725125; Wed, 8 Aug 2007 12:05:11 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04512-06-8; Wed, 8 Aug 2007 12:05:10 -0400 (EDT) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 79653725110; Wed, 8 Aug 2007 12:05:10 -0400 (EDT) Received: with ECARTIS (v1.0.0; list oracle-l); Wed, 08 Aug 2007 11:22:35 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 18EF7722C4E for ; Wed, 8 Aug 2007 11:22:35 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26934-01 for ; Wed, 8 Aug 2007 11:22:34 -0400 (EDT) Received: from mailx2.trivadis.com (gromit.trivadis.com [212.249.206.2]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id E8539720DFE for ; Wed, 8 Aug 2007 11:22:25 -0400 (EDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C7D9D0.3B0FAB3A" Subject: RE: Can we revoke select priv from all_users tables?? Date: Wed, 8 Aug 2007 17:24:36 +0200 Message-ID: <370BF313301A024C962B057686863683DE1EE9@MSXVS04.trivadis.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Can we revoke select priv from all_users tables?? From: "Mathias Zarick" To: X-archive-position: 418 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-to: oracle-l-bounce@freelists.org X-original-sender: Mathias.Zarick@trivadis.com Precedence: normal Reply-to: Mathias.Zarick@trivadis.com List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: oracle-l X-List-ID: oracle-l List-subscribe: List-owner: List-post: List-archive: X-list: oracle-l X-Virus-Scanned: Debian amavisd-new at localhost.localdomain ------_=_NextPart_001_01C7D9D0.3B0FAB3A Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable there are even recommendationsto to revoke this if you have critical security requirements. but some tools like toad, do not really like this, some objects might get invalid. for those you would grant the select priv's to the users directly. see http://www.devshed.com/c/a/Oracle/Securing-the-Database/7/ or=20 http://www.petefinnigan.com/forum/yabb/YaBB.cgi?board=3Dora_sec;action=3D= dis play;num=3D1135003136 =20 cheers Mathias =20 ________________________________ From: oracle-l-bounce@freelists.org [mailto:oracle-l-bounce@freelists.org] On Behalf Of Rumpi Gravenstein Sent: Wednesday, August 08, 2007 3:31 AM To: srinivasanram2004@gmail.com Cc: oracle-l@freelists.org Subject: Re: Can we revoke select priv from all_users tables?? =20 Is there a way to REVOKE the select priv from the all_ tables for a user? =20 One thought ... you could set up user specific synonyms that point to fake tables that hide the public synonyms . =20 Granted that's not a great solution as with a little work a user can still get to the underlying public views, but it does add a barrier between a user and whatever tables you want to cloak. --=20 Rumpi Gravenstein=20 ------_=_NextPart_001_01C7D9D0.3B0FAB3A Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

there are even recommendationsto to = revoke this if=20 you have critical security requirements.

but some tools like toad, do not really like = this, some=20 objects might get invalid.

for those you would grant the select = priv's to the=20 users directly.

see

http:= //www.devshed.com/c/a/Oracle/Securing-the-Database/7/

or

http://www.petefinnigan.com/forum/yabb/= YaBB.cgi?board=3Dora_sec;action=3Ddisplay;num=3D1135003136

cheers Mathias

From: oracle-l-bounce@freelists.org=20 [mailto:oracle-l-bounce@freelists.org] On Behalf Of Rumpi=20 Gravenstein
Sent: Wednesday, August 08, 2007 3:31 = AM
To:=20 srinivasanram2004@gmail.com
Cc:=20 oracle-l@freelists.org
Subject: Re: Can we revoke select priv = from=20 all_users tables??

<snip>

Is there a way to REVOKE the select priv from the all_ = tables for a=20 user?

</snip>

One thought ... you could = set up=20 user specific synonyms that point to fake tables that hide the public = synonyms=20 .

Granted that's not a great solution as with a little = work a user=20 can still get to the underlying public views, but it does add a barrier = between=20 a user and whatever tables you want to cloak.

--
Rumpi = Gravenstein=20 ------_=_NextPart_001_01C7D9D0.3B0FAB3A-- -- http://www.freelists.org/webpage/oracle-l