User who read dictionary tables

classic Classic list List threaded Threaded
4 messages Options
big
Reply | Threaded
Open this post in threaded view
|

User who read dictionary tables

big
Hi,
On 11.2.0.4 on AIX
I want to create a user who can read only dictionary tables like:
ALL_OBJECTS
ALL_TABLES
ALL_VIEWS
ALL_TAB_COLUMNS

How to create him? What should be granted to him?

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: User who read dictionary tables

ErmanArslansOracleBlog
Administrator
ALL_* objects? Ever tried querying them with your user? can't you just select from them?
If you have grant related problems, you can use "grant select" statements to grant the select privileges.
big
Reply | Threaded
Open this post in threaded view
|

Re: User who read dictionary tables

big
Hi,
Thank you.
Yes for the moment user can read any tables (dictionary or others).
But we want to limit him only to dictionary tables.

Regards.
Reply | Threaded
Open this post in threaded view
|

Re: User who read dictionary tables

ErmanArslansOracleBlog
Administrator
 ALL_* views provides access to the objects that your user already have access..
If you need such a thing for limiting the access, you may consider revoking the grants for the related objects from that user.

So, in short; the data that your user sees in those views is limited to the objects that your user has access to. (user's objects + objects that user has access to)

Note that, the dictionary only displays the information for the objects that user is allowed to see, this means -> it is not a security issue.

Those types of objects are granted to public..(I can't check it right now, but it should be so.. please check it..) You know what it means right? Anyways; you may consider revoking the public grants for those all_ * views but there may be consequences and it should be managed well.. If you consider such a thing, you should make Oracle Support approve your action plan.. this is the safest approach..


See the following ->

http://www.petefinnigan.com/weblog/archives/00001220.htm

Als obe cautious and see - >

Cautious When Revoking Privileges Granted to PUBLIC (Doc ID 247093.1)

Also see ->

https://asktom.oracle.com/pls/apex/asktom.search?tag=revoke-access