Solved

synonym access

Posted on 2014-11-03
8
187 Views
Last Modified: 2015-01-05
I have created a table and give grants and synonyms like below

from user user1
----------------------------
create table sample_table(col1 number);
grant select on sample_table to user2,user3;
create or replace synonym user2.sample_table for gencargo.sample_table;

from user3
--------------------------
I was able to access through synonym from user2 like
select * from user2.sample_table;
I should be able to access only like gencargo.sample_table right?
how this is possible?
0
Comment
Question by:sakthikumar
8 Comments
 
LVL 10

Expert Comment

by:HuaMinChen
ID: 40420999
Hi,
You must ensure you've granted the relevant rights of the view/synonym to the users.
0
 
LVL 13

Expert Comment

by:Alexander Eßer [Alex140181]
ID: 40421054
Have you checked other privileges, like 'SELECT ANY TABLE' for that user?!
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40421156
>>how this is possible?

It is possible,because the actions which you had performed justifies them.. see the explanations below

If I am right, your user1 is gencargo.

You had created a synonym in user2 as per your statement

create or replace synonym user2.sample_table for gencargo.sample_table;

Also you had given grant select access to user2 and user3, the below statement which you had written above justifies it

grant select on sample_table to user2,user3;

so from user3 while doing a select, you are using the synonym which you had created earlier for gencargo.sample_table.

as both user2 and user3 has access to the table, its behaving as if the user3 is accessing user1 table to which it has access and showing you the result
0
 

Author Comment

by:sakthikumar
ID: 40423247
Hi Wasim Akram Shaik,

In the example as you mentioned, I meant gencargo as user1.(apologize for confusion)
User1  creates synonym for user2.(doesn't matter if user1 is creating or user2 or any sysdba is creating synonym)
but user3 is using synonym which is created for user2.
user3 should be accessing user1.sample_table right?

and the user is not having "select any table" access
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40423261
But Sakhtikumar, user3 doesn't have "select any table" access but it does have select access from the table which you had granted to user2 and user3

grant select on sample_table to user2,user3;

Open in new window


So basically this select access to user3 is sufficient to access the table and its being used via the underlying synonym to the table.
0
 

Author Comment

by:sakthikumar
ID: 40423280
Though the underlying table is same, synonym is not created for user3 it is created for user2.
0
 
LVL 16

Accepted Solution

by:
Wasim Akram Shaik earned 500 total points
ID: 40423293
Oracle While going to resolve the synonym name it checks for the object whether the user does have access to it or not.

See the extract from docs:

Synonyms permit applications to function without modification regardless of which user owns the table or view and regardless of which database holds the table or view

http://docs.oracle.com/cd/E11882_01/server.112/e26088/statements_7001.htm#SQLRF01401

If it doesn't have access it would give you the error stating table or view doesn't exist.
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40423294
also try to revoke the grant from user3

REVOKE SELECT ON sample_table FROM user3;

and after that try using the same select statement and see the difference
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Why doesn't the Oracle optimizer use my index? Querying too much data Most Oracle developers know that an index is useful when you can use it to restrict your result set to a small number of the total rows in a table. So, the obvious side…
Background In several of the companies I have worked for, I noticed that corporate reporting is off loaded from the production database and done mainly on a clone database which needs to be kept up to date daily by various means, be it a logical…
This video shows how to copy a database user from one database to another user DBMS_METADATA.  It also shows how to copy a user's permissions and discusses password hash differences between Oracle 10g and 11g.
This video shows how to recover a database from a user managed backup

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now