OraFAQ Forum: Security » Oracle Security ....

Home » RDBMS Server » Security » Oracle Security ....

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

Oracle Security .... [message #187179]

Fri, 11 August 2006 04:11

frank.svs
Messages: 162
Registered: February 2006

Senior Member

Hi Team,

I have one security related issue.There are two users U1 and U2. Actually all the objetcts are resided in U1 schema and for U2 only CREATE SESSION privilege has been granted to him. Now, say U1 has granted SELECT privileges to U2 and he is able to SELECT objects as <owner_name>.<object_name> Ex.U1.<tname>. I am also getting results even. Now i just tried to qry the info regarding from which i have got the privileges to access other users objects. So i issued the SQL qry as SELECT * FROM USER_TAB_PRIVS; bUT i am not able to see what all privileges granted to me. Howcome this happen. Is there any security related Logic behind this. Because what i feel is that if anybody grants any privileges those privileges have to be get displayed in USER_TAB_PRIVS.

Thanks in advance,
Frank

Report message to a moderator

Re: Oracle Security .... [message #187236 is a reply to message #187179]

Fri, 11 August 2006 07:41

ebrian
Messages: 2794
Registered: April 2006

Senior Member

What version of the database are you using? Seems to work fine on 9i:

Code: [Select all] [Show/ hide]

SQL> conn test/test
Connected.
SQL> grant create session to test_user identified by test_user;

Grant succeeded.

SQL> create table testtab (a1 number, a2 varchar2(20));

Table created.

SQL> grant select on testtab to test_user;

Grant succeeded.

SQL> conn test_user/test_user
Connected.
SQL> select * from test.testtab;

no rows selected

SQL> select * from user_tab_privs;

GRANTEE                        OWNER
------------------------------ ------------------------------
TABLE_NAME                     GRANTOR
------------------------------ ------------------------------
PRIVILEGE                                GRA HIE
---------------------------------------- --- ---
TEST_USER                      TEST
TESTTAB                        TEST
SELECT                                   NO  NO

Report message to a moderator

Previous Topic:	Auditing SELECT statement with bind variables
Next Topic:	granting privileges

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Mon Apr 07 11:13:38 CDT 2025