Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Create user with no privs but CREATE SESSION and he can see things in SYS?

Re: Create user with no privs but CREATE SESSION and he can see things in SYS?

From: Frank van Bortel <frank.van.bortel_at_gmail.com>
Date: Mon, 21 Aug 2006 21:22:25 +0200
Message-ID: <ecd0sl$m9j$1@news1.zwoll1.ov.home.nl>


craig.drabik_at_gmail.com schreef:
> Hi all. Probably a newbie question here, but anyways.. If I do:
>
> CREATE USER test IDENTIFIED BY test;
> grant connect to test;
>
> And then connect to the DB as test in TOAD, I can see a bunch of things
> in the SYS schema - things like AUDIT_ACTIONS, ODCI_SECOBJ$,
> OLAPI_HISTORY, etc. Probably about 30 tables in all. Why is the user
> allowed to see them? Does it matter? Can I just REVOKE SELECT ON...?
>
> Thanks in advance...
>

Because SYS granted select to public?
Why would you want to revoke these? Some may be used for correct functioning of other tools.
Besides:

SQL> connect test/test
Connected.
SQL> desc sys.audit_actions

  Name                                      Null?    Type
  ----------------------------------------- -------- 
----------------------------
  ACTION                                    NOT NULL NUMBER
  NAME                                      NOT NULL VARCHAR2(27)

SQL> connect / as sysdba
Connected.
SQL> revoke select on sys.audit_actions from test; revoke select on sys.audit_actions from test *
ERROR at line 1:
ORA-01927: cannot REVOKE privileges you did not grant

SQL> revoke select on sys.audit_actions from public; Revoke succeeded.

And I'm not sure you want that!

-- 
Regards,
Frank van Bortel

Top-posting is one way to shut me up...
Received on Mon Aug 21 2006 - 14:22:25 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US