Skip to Main Content
  • Questions

  • Access Table Without Synonym and Without Schema Name

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question.

Asked: February 13, 2019 - 4:28 pm UTC

Last updated: February 15, 2019 - 2:02 am UTC

Version: oracle 12c

Viewed 10K+ times! This question is

You Asked

I have a schema called HCR_SCHEMA, in which I have one table called TEST_EMP, and I have a user say USER_A and granted him select on the TEST_EMP table.

I connected as USER_A as tried to execute SELECT * FROM TEST_EMP. Obviosuly it threw me error saying that table or view does not exists.

I know that I havent mentioned schema name nor created a synonym on that table.

Requirement is I would like to refer to that table without creating synonym.. without using schema name and also without altering the session to use current schema after logging in like alter session set current_schema = HCR_SCHEMA;

Is there a possible way to achieve this without doing the above three mentioned options.

Thanks

and Chris said...

What is this, an interview question?

Anyway, there is another technique: proxy users.

These are low-privilege accounts. With the ability to run as higher-powered users. But connecting with the proxy's credentials.

For example:

grant create table, create session, unlimited tablespace
  to data_owner identified by data_owner;

grant create session 
  to proxy_u identified by proxy_u;
   
alter user data_owner 
  grant connect through proxy_u;
  
conn data_owner/data_owner

create table t (
  c1 int
);
insert into t values ( 1 );
commit;

conn proxy_u[data_owner]/proxy_u

select user from dual;

USER         
DATA_OWNER 

select * from t;

C1   
   1


When doing this you're running as-if you're the data_owner. So anything you do runs with their permissions.

Or you could create a view in USER_A that has the schema-qualified table access in its query.

Rating

  (4 ratings)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Priv issue

Moris, February 14, 2019 - 1:21 pm UTC

The problem with proxy user is that he will get all privs on owner objects and hence dml truncate ..what ever he likes.
Chris Saxon
February 14, 2019 - 3:51 pm UTC

True, but OP ruled out most of the safer alternatives.

logon trigger option

Mark Wooldridge Wooldridge, February 14, 2019 - 6:16 pm UTC

It seems the alter session set current_schema was not allowed if done manually by the user. What about a trigger for the schema:
create or replace trigger msw_login_trg
 after logon
    on msw.test_emp
begin
 execute immediate 'alter session set current_schema=hcr_schema';
end;
/


The question also did not mention if a public synonym was allowed.
Connor McDonald
February 15, 2019 - 2:02 am UTC

True, but I'm not a fan of public synonyms although multi-tenant helps a little in that regard.


Please elaborate. Didnt catch whole meaning

Moris, February 14, 2019 - 6:31 pm UTC

"True, but OP ruled out most of the safer alternatives."
Connor McDonald
February 15, 2019 - 2:01 am UTC

The OP (original poster) said:

Requirement is I would like to refer to that table without creating synonym.. without using schema name and also without altering the session to use current schema after logging in like alter session set current_schema = HCR_SCHEMA;

which is sort of like saying:

"I want to achieve X, without using any of the features that let me achieve X" :-)

original requirements

Mark Wooldridge, February 15, 2019 - 2:56 pm UTC

The requirement is fairly specific but it did start out with "I" which could be interpreted as the user having to do the action, it does not specifically state the system could not do any of those things fore you.

I cannot think of any reason why this would be applicable in an actual system, for security you would think that access to things should be very defined.
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

SQL

The Oracle documentation contains a complete SQL reference.