Solved

synonym access

Posted on 2014-11-03
8
189 Views
Last Modified: 2015-01-05
I have created a table and give grants and synonyms like below

from user user1
----------------------------
create table sample_table(col1 number);
grant select on sample_table to user2,user3;
create or replace synonym user2.sample_table for gencargo.sample_table;

from user3
--------------------------
I was able to access through synonym from user2 like
select * from user2.sample_table;
I should be able to access only like gencargo.sample_table right?
how this is possible?
0
Comment
Question by:sakthikumar
8 Comments
 
LVL 10

Expert Comment

by:HuaMinChen
ID: 40420999
Hi,
You must ensure you've granted the relevant rights of the view/synonym to the users.
0
 
LVL 13

Expert Comment

by:Alexander Eßer [Alex140181]
ID: 40421054
Have you checked other privileges, like 'SELECT ANY TABLE' for that user?!
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40421156
>>how this is possible?

It is possible,because the actions which you had performed justifies them.. see the explanations below

If I am right, your user1 is gencargo.

You had created a synonym in user2 as per your statement

create or replace synonym user2.sample_table for gencargo.sample_table;

Also you had given grant select access to user2 and user3, the below statement which you had written above justifies it

grant select on sample_table to user2,user3;

so from user3 while doing a select, you are using the synonym which you had created earlier for gencargo.sample_table.

as both user2 and user3 has access to the table, its behaving as if the user3 is accessing user1 table to which it has access and showing you the result
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:sakthikumar
ID: 40423247
Hi Wasim Akram Shaik,

In the example as you mentioned, I meant gencargo as user1.(apologize for confusion)
User1  creates synonym for user2.(doesn't matter if user1 is creating or user2 or any sysdba is creating synonym)
but user3 is using synonym which is created for user2.
user3 should be accessing user1.sample_table right?

and the user is not having "select any table" access
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40423261
But Sakhtikumar, user3 doesn't have "select any table" access but it does have select access from the table which you had granted to user2 and user3

grant select on sample_table to user2,user3;

Open in new window


So basically this select access to user3 is sufficient to access the table and its being used via the underlying synonym to the table.
0
 

Author Comment

by:sakthikumar
ID: 40423280
Though the underlying table is same, synonym is not created for user3 it is created for user2.
0
 
LVL 16

Accepted Solution

by:
Wasim Akram Shaik earned 500 total points
ID: 40423293
Oracle While going to resolve the synonym name it checks for the object whether the user does have access to it or not.

See the extract from docs:

Synonyms permit applications to function without modification regardless of which user owns the table or view and regardless of which database holds the table or view

http://docs.oracle.com/cd/E11882_01/server.112/e26088/statements_7001.htm#SQLRF01401

If it doesn't have access it would give you the error stating table or view doesn't exist.
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40423294
also try to revoke the grant from user3

REVOKE SELECT ON sample_table FROM user3;

and after that try using the same select statement and see the difference
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Truncate is a DDL Command where as Delete is a DML Command. Both will delete data from table, but what is the difference between these below statements truncate table <table_name> ?? delete from <table_name> ?? The first command cannot be …
From implementing a password expiration date, to datatype conversions and file export options, these are some useful settings I've found in Jasper Server.
Via a live example show how to connect to RMAN, make basic configuration settings changes and then take a backup of a demo database
This video shows how to Export data from an Oracle database using the Original Export Utility.  The corresponding Import utility, which works the same way is referenced, but not demonstrated.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question