Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Create user with no privs but CREATE SESSION and he can see things in SYS?
craig.drabik_at_gmail.com schreef:
> Hi all. Probably a newbie question here, but anyways.. If I do:
>
> CREATE USER test IDENTIFIED BY test;
> grant connect to test;
>
> And then connect to the DB as test in TOAD, I can see a bunch of things
> in the SYS schema - things like AUDIT_ACTIONS, ODCI_SECOBJ$,
> OLAPI_HISTORY, etc. Probably about 30 tables in all. Why is the user
> allowed to see them? Does it matter? Can I just REVOKE SELECT ON...?
>
> Thanks in advance...
>
Because SYS granted select to public?
Why would you want to revoke these? Some may be used for
correct functioning of other tools.
Besides:
SQL> connect test/test
Connected.
SQL> desc sys.audit_actions
Name Null? Type ----------------------------------------- -------- ---------------------------- ACTION NOT NULL NUMBER NAME NOT NULL VARCHAR2(27)
SQL> connect / as sysdba
Connected.
SQL> revoke select on sys.audit_actions from test;
revoke select on sys.audit_actions from test
*
ERROR at line 1:
ORA-01927: cannot REVOKE privileges you did not grant
SQL> revoke select on sys.audit_actions from public; Revoke succeeded.
And I'm not sure you want that!
-- Regards, Frank van Bortel Top-posting is one way to shut me up...Received on Mon Aug 21 2006 - 14:22:25 CDT