Solved

synonym access

Posted on 2014-11-03
8
194 Views
Last Modified: 2015-01-05
I have created a table and give grants and synonyms like below

from user user1
----------------------------
create table sample_table(col1 number);
grant select on sample_table to user2,user3;
create or replace synonym user2.sample_table for gencargo.sample_table;

from user3
--------------------------
I was able to access through synonym from user2 like
select * from user2.sample_table;
I should be able to access only like gencargo.sample_table right?
how this is possible?
0
Comment
Question by:sakthikumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 11

Expert Comment

by:HuaMinChen
ID: 40420999
Hi,
You must ensure you've granted the relevant rights of the view/synonym to the users.
0
 
LVL 13

Expert Comment

by:Alexander Eßer [Alex140181]
ID: 40421054
Have you checked other privileges, like 'SELECT ANY TABLE' for that user?!
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40421156
>>how this is possible?

It is possible,because the actions which you had performed justifies them.. see the explanations below

If I am right, your user1 is gencargo.

You had created a synonym in user2 as per your statement

create or replace synonym user2.sample_table for gencargo.sample_table;

Also you had given grant select access to user2 and user3, the below statement which you had written above justifies it

grant select on sample_table to user2,user3;

so from user3 while doing a select, you are using the synonym which you had created earlier for gencargo.sample_table.

as both user2 and user3 has access to the table, its behaving as if the user3 is accessing user1 table to which it has access and showing you the result
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:sakthikumar
ID: 40423247
Hi Wasim Akram Shaik,

In the example as you mentioned, I meant gencargo as user1.(apologize for confusion)
User1  creates synonym for user2.(doesn't matter if user1 is creating or user2 or any sysdba is creating synonym)
but user3 is using synonym which is created for user2.
user3 should be accessing user1.sample_table right?

and the user is not having "select any table" access
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40423261
But Sakhtikumar, user3 doesn't have "select any table" access but it does have select access from the table which you had granted to user2 and user3

grant select on sample_table to user2,user3;

Open in new window


So basically this select access to user3 is sufficient to access the table and its being used via the underlying synonym to the table.
0
 

Author Comment

by:sakthikumar
ID: 40423280
Though the underlying table is same, synonym is not created for user3 it is created for user2.
0
 
LVL 16

Accepted Solution

by:
Wasim Akram Shaik earned 500 total points
ID: 40423293
Oracle While going to resolve the synonym name it checks for the object whether the user does have access to it or not.

See the extract from docs:

Synonyms permit applications to function without modification regardless of which user owns the table or view and regardless of which database holds the table or view

http://docs.oracle.com/cd/E11882_01/server.112/e26088/statements_7001.htm#SQLRF01401

If it doesn't have access it would give you the error stating table or view doesn't exist.
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40423294
also try to revoke the grant from user3

REVOKE SELECT ON sample_table FROM user3;

and after that try using the same select statement and see the difference
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why doesn't the Oracle optimizer use my index? Querying too much data Most Oracle developers know that an index is useful when you can use it to restrict your result set to a small number of the total rows in a table. So, the obvious side…
Note: this article covers simple compression. Oracle introduced in version 11g release 2 a new feature called Advanced Compression which is not covered here. General principle of Oracle compression Oracle compression is a way of reducing the d…
Via a live example, show how to restore a database from backup after a simulated disk failure using RMAN.
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question