Solved

synonym access

Posted on 2014-11-03
8
192 Views
Last Modified: 2015-01-05
I have created a table and give grants and synonyms like below

from user user1
----------------------------
create table sample_table(col1 number);
grant select on sample_table to user2,user3;
create or replace synonym user2.sample_table for gencargo.sample_table;

from user3
--------------------------
I was able to access through synonym from user2 like
select * from user2.sample_table;
I should be able to access only like gencargo.sample_table right?
how this is possible?
0
Comment
Question by:sakthikumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Expert Comment

by:HuaMinChen
ID: 40420999
Hi,
You must ensure you've granted the relevant rights of the view/synonym to the users.
0
 
LVL 13

Expert Comment

by:Alexander Eßer [Alex140181]
ID: 40421054
Have you checked other privileges, like 'SELECT ANY TABLE' for that user?!
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40421156
>>how this is possible?

It is possible,because the actions which you had performed justifies them.. see the explanations below

If I am right, your user1 is gencargo.

You had created a synonym in user2 as per your statement

create or replace synonym user2.sample_table for gencargo.sample_table;

Also you had given grant select access to user2 and user3, the below statement which you had written above justifies it

grant select on sample_table to user2,user3;

so from user3 while doing a select, you are using the synonym which you had created earlier for gencargo.sample_table.

as both user2 and user3 has access to the table, its behaving as if the user3 is accessing user1 table to which it has access and showing you the result
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:sakthikumar
ID: 40423247
Hi Wasim Akram Shaik,

In the example as you mentioned, I meant gencargo as user1.(apologize for confusion)
User1  creates synonym for user2.(doesn't matter if user1 is creating or user2 or any sysdba is creating synonym)
but user3 is using synonym which is created for user2.
user3 should be accessing user1.sample_table right?

and the user is not having "select any table" access
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40423261
But Sakhtikumar, user3 doesn't have "select any table" access but it does have select access from the table which you had granted to user2 and user3

grant select on sample_table to user2,user3;

Open in new window


So basically this select access to user3 is sufficient to access the table and its being used via the underlying synonym to the table.
0
 

Author Comment

by:sakthikumar
ID: 40423280
Though the underlying table is same, synonym is not created for user3 it is created for user2.
0
 
LVL 16

Accepted Solution

by:
Wasim Akram Shaik earned 500 total points
ID: 40423293
Oracle While going to resolve the synonym name it checks for the object whether the user does have access to it or not.

See the extract from docs:

Synonyms permit applications to function without modification regardless of which user owns the table or view and regardless of which database holds the table or view

http://docs.oracle.com/cd/E11882_01/server.112/e26088/statements_7001.htm#SQLRF01401

If it doesn't have access it would give you the error stating table or view doesn't exist.
0
 
LVL 16

Expert Comment

by:Wasim Akram Shaik
ID: 40423294
also try to revoke the grant from user3

REVOKE SELECT ON sample_table FROM user3;

and after that try using the same select statement and see the difference
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Fill Null values 5 55
SQL query for highest sequence 4 75
inserting value in table in oracle form 2 30
UTL_FILE invalid file operation 5 60
Working with Network Access Control Lists in Oracle 11g (part 1) Part 2: http://www.e-e.com/A_9074.html So, you upgraded to a shiny new 11g database and all of a sudden every program that used UTL_MAIL, UTL_SMTP, UTL_TCP, UTL_HTTP or any oth…
Note: this article covers simple compression. Oracle introduced in version 11g release 2 a new feature called Advanced Compression which is not covered here. General principle of Oracle compression Oracle compression is a way of reducing the d…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
This video shows information on the Oracle Data Dictionary, starting with the Oracle documentation, explaining the different types of Data Dictionary views available by group and permissions as well as giving examples on how to retrieve data from th…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question