Solved

synonym access

Posted on 2014-11-03
8
184 Views
Last Modified: 2015-01-05
I have created a table and give grants and synonyms like below

from user user1
----------------------------
create table sample_table(col1 number);
grant select on sample_table to user2,user3;
create or replace synonym user2.sample_table for gencargo.sample_table;

from user3
--------------------------
I was able to access through synonym from user2 like
select * from user2.sample_table;
I should be able to access only like gencargo.sample_table right?
how this is possible?
0
Comment
Question by:sakthikumar
8 Comments
 
LVL 10

Expert Comment

by:HuaMinChen
ID: 40420999
Hi,
You must ensure you've granted the relevant rights of the view/synonym to the users.
0
 
LVL 13

Expert Comment

by:Alexander Eßer [Alex140181]
ID: 40421054
Have you checked other privileges, like 'SELECT ANY TABLE' for that user?!
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40421156
>>how this is possible?

It is possible,because the actions which you had performed justifies them.. see the explanations below

If I am right, your user1 is gencargo.

You had created a synonym in user2 as per your statement

create or replace synonym user2.sample_table for gencargo.sample_table;

Also you had given grant select access to user2 and user3, the below statement which you had written above justifies it

grant select on sample_table to user2,user3;

so from user3 while doing a select, you are using the synonym which you had created earlier for gencargo.sample_table.

as both user2 and user3 has access to the table, its behaving as if the user3 is accessing user1 table to which it has access and showing you the result
0
 

Author Comment

by:sakthikumar
ID: 40423247
Hi Wasim Akram Shaik,

In the example as you mentioned, I meant gencargo as user1.(apologize for confusion)
User1  creates synonym for user2.(doesn't matter if user1 is creating or user2 or any sysdba is creating synonym)
but user3 is using synonym which is created for user2.
user3 should be accessing user1.sample_table right?

and the user is not having "select any table" access
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40423261
But Sakhtikumar, user3 doesn't have "select any table" access but it does have select access from the table which you had granted to user2 and user3

grant select on sample_table to user2,user3;

Open in new window


So basically this select access to user3 is sufficient to access the table and its being used via the underlying synonym to the table.
0
 

Author Comment

by:sakthikumar
ID: 40423280
Though the underlying table is same, synonym is not created for user3 it is created for user2.
0
 
LVL 16

Accepted Solution

by:
Wasim Akram Shaik earned 500 total points
ID: 40423293
Oracle While going to resolve the synonym name it checks for the object whether the user does have access to it or not.

See the extract from docs:

Synonyms permit applications to function without modification regardless of which user owns the table or view and regardless of which database holds the table or view

http://docs.oracle.com/cd/E11882_01/server.112/e26088/statements_7001.htm#SQLRF01401

If it doesn't have access it would give you the error stating table or view doesn't exist.
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40423294
also try to revoke the grant from user3

REVOKE SELECT ON sample_table FROM user3;

and after that try using the same select statement and see the difference
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Why doesn't the Oracle optimizer use my index? Querying too much data Most Oracle developers know that an index is useful when you can use it to restrict your result set to a small number of the total rows in a table. So, the obvious side…
I remember the day when someone asked me to create a user for an application developement. The user should be able to create views and materialized views and, so, I used the following syntax: (CODE) This way, I guessed, I would ensure that use…
Via a live example, show how to take different types of Oracle backups using RMAN.
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now