RE: Private Synonyms
- From: Jackie Brock <J.Brock@xxxxxxxxxxxxx>
- To: "rjgoulet@xxxxxxxxxxx" <rjgoulet@xxxxxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 11 Dec 2013 23:34:23 +0000
I wholeheartedly concur with the fishy.
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Dick Goulet
Sent: Wednesday, December 11, 2013 4:30 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: Private Synonyms
All,
Is there anyone other than myself that doesn't think this is right. For
those of you who have missed it, like I did, when Oracle started evolving Fine
Grained Access Controls (FGA) the role of private synonyms changed. Try this
for starters and I'll make it easy:
1) install the scott account, we'll need emp.
2) create another account, any name you like, I'll use user1.
3) create a third account, I'll call it user2.
4) as scott grant select on emp to user1.
5) as scott grant select on emp to user2.
6) as user1 create a private synonym to scott.emp
7) as user2 "select * from user1.emp;"
If you go back to a V8 database step 7 above will end in an ORA-00942. If your
on V9 or higher, you get data.
Does this sound fishy??? I've opened an itar with Oracle. They referenced
note:174368.1 Policies on Synonyms. But this just seems wrong to me. Any
other opinion???
Dick Goulet
Senior Oracle DBA.
Other related posts:
