RE: Basic Oracle Views and Tables Permissions Question.

  • From: "Lex de Haan" <lex.de.haan@xxxxxxxxxxxxxx>
  • To: <chris@xxxxxxxxxxxxxxxxxxxxx>, <ltiu@xxxxxxxxxxxxx>
  • Date: Fri, 15 Oct 2004 11:16:54 +0200

if that were true, views would be worthless for security;
anyone could circumvent the views by looking at the view definition
in the data dictionary, and access the underlying tables.

so you *don't* need any privileges on underlying tables
in order to use privileges granted to you on a view;
of course, the act of *granting* those privileges on the view
( as opposed to *using* them) is something else:
that is only allowed for the owner (SYS) or anyone with DBA privileges.

Chris is right, by the way: you should never grant insert/update/delete
privileges on data dictionary objects to anyone.

Kind regards,
Lex.

-------------------------------
visit http://www.naturaljoin.nl <http://www.naturaljoin.nl>
-------------------------------
skype me <callto://lexdehaan>


-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of
chris@xxxxxxxxxxxxxxxxxxxxx
Sent: Friday, October 15, 2004 09:12
To: ltiu@xxxxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: Basic Oracle Views and Tables Permissions Question.


Lydon,

As far as I'm aware it is the permissions on the underlying table(s) that
count
and not those on the views. BTW it should be easy for you to prove this to
yourself by setting up a simple test.

Also you shouldn't be giving update/insert access to sys objects to other
users.
This isn't good practise. It's also not a good idea to create your own
objects
in sys if you've done that. The sys schema is Oracle's so we should leave it
to
Oracle, except for select access of course.

HTH

Chris



Quoting Lyndon Tiu <ltiu@xxxxxxxxxxxxx>:

> Hello,
>
> I have a table that is owned by sys and is only accessible (insert,
select,
> update) to user sys.
>
> Now if I create a view on that table that is more permissible (allows
select,
> insert, update) to everyone ... every user in the database.
>
> Is this possible or is the view's permission dependent on the underlying
> table's permissions?
>
> Thanks for helping.
>
> --
> Lyndon Tiu
> --
> //www.freelists.org/webpage/oracle-l
>


Chris Dunscombe

Christallize Ltd

-------------------------------------------------
Everyone should have http://www.freedom2surf.net/
--
//www.freelists.org/webpage/oracle-l



--
//www.freelists.org/webpage/oracle-l

Other related posts:

  1. Home
  2. oracle-l
  3. Archive
  4. 10-2004