Home>Question Details


GUILLERMO -- Thanks for the question regarding "AVOID SELECT TABLES WHEN THEY HAVE SELECT TO PUBLIC GRANT", version 10.1.5

Submitted on 3-May-2007 13:03 Central time zone
Tom's latest followup | Bookmark | Bottom
Last updated 4-May-2007 10:58

You Asked

Hi,
I have five diferents schemas, every one has tables, but some tables have SELECT TO PUBLIC grant;
I have to create an user and this user must be able to access only twelve tables, my problem is that when I create the user it has access to the other tables !!!
I did this query using the new user:

SELECT COUNT(*), GRANTOR
FROM all_tab_privs
WHERE grantee = 'PUBLIC'
GROUP BY GRANTOR;

I can select the most tables !!!
How can avoid that new user read the other tables even when the most tables have SELECT TO PUBLIC grant ???

Thank you







and we said...

stop using the "public" grant????

I mean - think about it.

If someone grants to public, they are saying "anyone has access to this, EVERYONE has access to this"

the only way to restrict things is to - well, not be so permissive with the grants in the first place.

So, the only answer is to rethink your approach to security in this database.
Reviews    
4 stars   May 4, 2007 - 3pm Central time zone
Bookmark | Bottom | Top
Reviewer: A reader 


4 stars   May 4, 2007 - 3pm Central time zone
Bookmark | Bottom | Top
Reviewer: A reader 


4 stars   May 4, 2007 - 3pm Central time zone
Bookmark | Bottom | Top
Reviewer: A reader 


All information and materials provided here are provided "as-is"; Oracle disclaims all express and implied warranties, including, the implied warranties of merchantability or fitness for a particular use. Oracle shall not be liable for any damages, including, direct, indirect, incidental, special or consequential damages for loss of profits, revenue, data or data use, incurred by you or any third party in connection with the use of this information or these materials.

About Oracle | Legal Notices and Terms of Use | Privacy Statement