Grant connect allows viewing of other users

Situation:
In SQL*Plus: Create a user, grant connect to the user. Connect as the new user and try to query dba_users. ORA-00942 error occurs (which is good).
In Raptor, connect as the new user. Expand the users tree and now you, the new user, can see every user in the database (among other data dictionary items). That's not good, right? This occurs in the latest release (0919).

Do you suggest that through raptor you can get access to dba objects with only connect granted? Impossible :) Try this in raptor and sql+
select * from all_users;
select * from dba_users;

Similar Messages

  • Any way to create a form that allows users to create profiles that can be viewed by other users?

    I'm working on a social media site, and I would like to give users the ability to create simple profiles that can be viewed by other users. Is there any way I can do this in Muse CC? Any good resource websites with code I can embed?

    Muse form widgets can only email the form submission data to a specified email address for non-BC hosting at this time. For BC with webCommerce plan and above, this should be possible with the help of webApps however, that is an advanced topic and would require some knowledge of CMS and HTML to implement <http://helpx.adobe.com/business-catalyst/partner/web-apps.html>.
    Also this will not be possible with Muse on its own as Muse outputs static pages only and what you are looking for requires backend technology to work (that BC offers).
    Thanks,
    Vinayak

  • SQL Developer and Blocking View of Other Users' Objects

    I am using SQL Developer in a classroom environment. My student users can “see” Other Users objects. They cannot modify, but none the less can see the structure and data.
    I only want the users to be able to see their own objects. Is there a privilege that needs to be revoked? (In using SQL Plus command line, this was not a problem.)
    Thanks.
    -Karen

    Karen,
    From sysdba account (sys/system). Run following and verify for that particular user grant is revoked. May be exit from sql developer and log back in or refresh view.
    YOu can also potenially revoke all the privs from all non admin uses i.e.r even connect/resource roles and grant them back.
    revoke select any table from yourschemaname;
    revoke connect from schemaname;
    revoke create session from  schemaname;
    revoke resource from schemaname;
    Then just grant privs as need basis
    grant connect to schemanme;
    grant resource to schemaname;
    grant create session to schemaname;
    ..Regards
    Edited by: OrionNet on Jan 23, 2009 2:01 PM

  • Permissions issues on views referencing other users [solved]

    Hi,
    I've hit a (for me) unexplainable problem;
    Situation:
    - Table T in schema A
    - View V in schema B, referencing the table T from schema A (B has SELECT/REFERENCES privileges on table T)
    - User C gets ORA-01031 when trying to SELECT from view V (C has SELECT/REFERENCES privileges on V and T)
    In my eyes, user C has more privileges than needed to get the results from view V. Nevertheless, Oracle thinks he has insufficient privileges.
    Anyone catches what I'm missing or bumped into the same issue?
    Thanks for any comments,
    K
    (10.2.0.2 Linux 64bit Enterprise)

    A wouldn't give access WITH GRANT OPTION to B if B wasn't trusted to
    propagate to other users, but what if he isn't?
    I'm not saying WITH GRANT OPTION is bad, it's actually very useful in
    probably 99% of the cases. I just don't know why it's enforced to be used.I'm not understanding what you're not understanding.
    When A grants SELECT on a table to B what they are granting is permission for B and B only to see that data. If B wants a third user C to view A's data there are two options:
    (1) B asks A to explictly grant SELECT to C
    (2) B asks A to grant them SELECT WITH GRANT OPTION
    It doesn't matter whether B wants C to have direct access to A's table or to mediate it through a view of their own, B cannot grant privilege's on A's data to anybody else unless A approves it.
    The advantage of granting SELECT WITH GRANT OPTION to B is that A doesn't have to bother issuing lots of grants to people B wants to share with. The downside is that B has to be trusted. If B turns out to be untrustworthy then REVOKE SELECT FROM B must withdraw access not only from B but from every other user who was granted by B.
    Note that even if A has grant SELECT to C, if A revokes SELECT WITH GRANT OPTION from B than C will not be able to use B's view on A's table either though C can directly select the data from A's table....
    SQL> conn a/a
    Connected.
    SQL> grant select on t to b with grant option
      2  /
    Grant succeeded.
    SQL> grant select on t to c
      2  /
    Grant succeeded.
    SQL> conn b/b
    Connected.
    SQL> grant select on v to c
      2  /
    Grant succeeded.
    SQL> conn c/c
    Connected.
    SQL> select * from b.v
      2  /
            C1 C
             3 C
    SQL> conn a/a
    Connected.
    SQL> revoke select on t from b
      2  /
    Revoke succeeded.
    SQL> conn c/c
    Connected.
    SQL> select * from b.v
      2  /
    select * from b.v
    ERROR at line 1:
    ORA-04063: view "B.V" has errors
    SQL> conn a/a
    Connected.
    SQL> grant select on t to b
      2  /
    Grant succeeded.
    SQL> conn c/c
    Connected.
    SQL> select * from b.v
      2  /
    select * from b.v
    ERROR at line 1:
    ORA-01031: insufficient privileges
    SQL> select * from a.t
      2  /
            C1 C
             1 A
             2 B
             3 C
    SQL> So the architecture is quite watertight. Perhaps the problem is that this is not how it's working in your production system. But I would be very surprised if your production system was broken in the way you describe. More likely is that there is some missing part of the jigsaw. But without a complete dump of your system's granted privileges it is hard for us to say what's wrong.
    Cheers, APC
    Blog : http://radiofreetooting.blogspot.com/

  • Granting the privileges to the Other User

    Hi,
    I am Using Oracle 10g. My Question is, I am Selecting the table from party from SYSTEM as the user and SYSADM is the Password. It is populating the Record. And when Select the table Party in SYSADM as the user and SYSADM as the password it is giving no rows message. I tryed to give the Privileges to the SYSADM but it is not taking
    Can anyone give the process to give privileges to the another user to ( Means SYSTEM user table to SYSADM user tables )
    Can anyone give suggestion...!
    Thank u..!

    hi,
    i am using Oracle 10g. Previously i asked the question there is no reply.
    So i tryed this commands but no effect please can anyone tell me any suggestions
    Here SYSTEM is User, SYSADM is PASSWORD, TEST is Database
    connected as SYSTEM/SYSADM@TEST
    SQL> GRANT INSERT, DELETE, UPDATE, SELECT ON ' || table_name || ' TO SYSADM; Here SYSADM is Another USER Name
    Grant succeeded.
    Like this i am getting. Any mistake i made when writing this Statement, Otherwise why this is not granting Privileges to other USER SYSADM
    Pls. Tell me any Suggestions..!
    Thank u..!

  • To publish an output of a report to be viewed by other users

    We want to run Create Accounting program automatically at night under a special user lets say "SUPPORT".
    We want 5 users from Finance to be able to view the output of this program. They do not have access to the same responsibility from which that report was run by SUPPORT user.
    Is there any feature in R12 that you can use to publish output of a particular report to be viewed by other people? Does Role Based Access Control let you achieve this?
    Thanks.
    Edited by: user9027345 on 6-Jun-2011 6:32 AM

    Pl see these MOS Docs on how this can be achieved
    Concurrent Processing - Settings for Profile Option "Concurrent Report Access Level" (Doc ID 736547.1)
    R12 View Concurrent Requests FAQ (Doc ID 1261985.1)
    R12: Role Based Access Control (RBAC) Unable to View Output for Requests Submitted by other Users (Doc ID 862812.1)
    This topic has been discussed previously in other threads - http://forums.oracle.com/forums/search.jspa?threadID=&q=concurrent+AND+report+AND+access+AND+level&objID=c3&dateRange=thisyear&userID=&numResults=15
    HTH
    Srini

  • How to view / edit other users subscriptions to reports via report admin user ?

    Is there a built-in GUI means or power tool to access a list of all the users' subscriptions to reports in SQL 2012 ?
    It seems that report admin can only view his own subscriptions, same as any other user via "my subscriptions", but no found option for report admin user to view or manage susbcriptions of other users.
    How would u recommend to view the list of all the subscriptions to reports in SSRS, and as necessary to
    also manage them ?
    p.s. Is there a GUI for this in SQL 2014 ?
    Thanks

    Hi moital,
    According to your description, you want to access a list which contains all users subscriptions and edit them. Right?
    In Reporting Services, we have a table named "Subscription" in the ReportServer database. It includes all the information of each subscription. Please go to SQL Server Management Studio and try the query below in ReportServer database:
    select c.UserName,b.SubscriptionID,a.ItemID ReportID,a.Path,a.Name ReportName
    from Subscriptions b inner join Catalog a on a.ItemID=b.Report_OID inner join Users c on b.OwnerID=c.UserID
    It will return us each subscription with corresponding ReportName, UserName and Path:
    Then we can go to the Report based on the path if we need to edit the subscription. We don't have build-in GUI for any version SQL, but this can be a good method to get the list of subscriptions.
    If you have any question, please feel free to ask.
    Best Regards,
    Simon Hou
      

  • Grant tables/views to other user

    i have 3 user (a,b,c)
    i want to grant select previlege of all the tables/views of user a,b to c
    please help me out which one is the shortest method to doing this

    sukhijank wrote:
    grant select any table to a,b,c;
    select 'grant select on '|| OWNER || '.' ||view_name || ' to ' || '<USERNAME>;' from dba_views;
    This is considered lazy and bad practice. A better practice would be to create a role, make individual grants on the tables and views owned by a and b to the role and then grant the role to c.
    This is assuming c will be just querying the objects and not referencing the objects in its own objects (ie views packages etc). If this is the case then direct grants from a and b to c are needed. Once again, you should only grant the minimum necessary and resist the temptation to do a quick fix and grant system privs to ordinary users.
    Andre

  • Unable to View the Other User's Developed Interfaces

    Hi All,
    One of my colleague has developed 3 interfaces with his ID in Repository.
    He is able to view and test all those scenarios.
    but if i login with my ID means , iam unable to see those Scenarios at all in IR
    Before this iam able to view if he developed any scenarios with his ID also..
    But now only this problem has come,What could be the problem.
    Regards

    Hi Prateek,
    He activated all the development & tested successfully those interfaces..
    All the users are having the Equal Roles only. there is no specific roles to any user.
    We all have Admin roles
    Before this iam able to see all the interfaces irrespective of any user's ID development.
    Thsi is the problem occured Now only
    Regards
    Edited by: Suman gupta on Nov 7, 2008 11:29 AM

  • How to connect Apple TV to other users at the internet

    Can anyone tell me if I can share a iTunes libary with a friend/brother who also have direct ADSL connection to the internet? We both have a Apple TV device and iTunes, and would like to share the contens with each other. I have already tried the network settings, but until now without luck! Is it possible????
    Thanks in advance

    Perhaps this is a step in the right direction:
    http://lifehacker.com/software/vpn/
    I dont have Apple TV yet but like this idea of an encrypted VPN
    Macbook 2GHZ/2G Ram   Mac OS X (10.4.9)  

  • Error creating view with tables of other user

    I am creating of view containing two tables of another user. I
    am a dba-user.
    The statement looks like this:
    CREATE VIEW TEST
    (SELECT ...
    FROM DWH.TABLE_A A, DWH.TABLE_B B
    WHERE A.ID = B.ID)
    I get an error-message (ORA-00942: Table or view not found).
    When I create the view as user DWH, everything went OK. I don't
    think it has something to do with privileges since I am the dba-
    user.
    How can I create a view using other users tables?

    Hi
    To create view on table of another user you need to have select
    privilege grant directly to you - not to role granted to you. In
    your case you can select tables because you have granted dba
    role and it has select any table prvivilege, but you havent
    directly granted this rights without role.
    Regards

  • How to view the output submitted by other user

    Product : EBS R12.0.4
    Plateform : RHEL AS 4.6
    I want to view the output submitted by other users. I have tested it for responsiblity level in which sysadmin can view the other users request but it is labour work. Can anyone suggest to view it with less work.
    Regards,

    Hi,
    you need to understand the new RBAC concept and the involved objects. Just to mention that Grants are here specific EBS-RBAC objects you have to deal with. You need to be sysadmin and functional Administrator to define and assign those objects. I know that the metalink note is short and could be longer, but all steps are right.
    If you ask mainly what you are doing by utilizing this notes, you are defining additional where clauses, internally added to the basic object (here concurrent requests) and additionally you are granting rights to get buttons enabled (log / out).
    If you need something else, just let me know.
    Regards
    Volker

  • How to view other user inbox?

    Hi,
    As i am able to view my inbox using tocde SBWP. But i want to view for other user inbox, Can i view it
    without maintaining substitute for other user?
    Thanks in advacne.

    I Guess This is Not Possible.

  • Chmod -R 700 on home directory doesn't restrict other users

    Hi All,
    I have several users sharing a mac. I wanted to secure my home directory so I opened a terminal and typed:
    cd /users
    chmod -R 700 alandye
    a ls -l confirmed permissions recursively changed for my home directory and subsidiary directories and files had been set to og-rwx.
    Then, I logged in as a different user (tknoble) , and tried to access the directory (alandye)through the finder that I had just restricted permissions on, and viola, I could read any file in there.
    This doesn't happen on Unix or Linux, why is it happening here? I tried restricting account tknoble to non-administrative, but got the same problem.
    Net/net, finder seems to be ignoring the posix file permissions.
    Can anyone explain why this is happening?
    thanks,
    Alan

    ... Still, the ACL issue and the open default permissions including the default umask on the Mac has me perplexed. I've used ACL's for years as a system manager on mainframes and other secure enterprise unix platforms, generally through a central administrative console like RACF or ACF2 on the mainframe. It identifies all ACL's on the system and allows you to administer them centrally. The idea that my mac has system generated ACL's that are only accessible through chmod on a file by file basis and are inherently set with open permissions seems like a bad security setup.
    First, the default permissions and umask values have been typical of Unix systems since I started using them back in '85. And even in the Family situation, allowing family members the ability to share information is not uncommon, and can be frustrating to the family if everything is totally locked up.
    Plus your complaints about ACLs, it just a side issue, as the /User/username folder should have only had an ACL that prevented accidental deletion. Your real problem was cached Finder information. So this ACL discussion is just a tangential issue.
    Second, a Mac is a mass market consumer personal computer, with a strong leaning towards 1 person being the owner and user of that computer. It is not typically sold as a Mainframe replacement. Having tightly locked down, no access default permissions and umask just makes life extremely difficult for the mass market consumer.
    Applying Mainframe rules to a Mac is only going to frustrate you.
    As for having an ACL admin tool besides chmod, for the most part consumers are not aware of ACLs, they are used sparingly on the Mac, and as such it is not something Apple has felt a need to invest in. Maybe there is a 3rd party utility that will provide this service for you.
    While investigating this I did discover a similar problem with a RAID array I have attached with similar file permission problems. chmod -R 700 on directories does set the permission bits correctly, but again, finder bypasses them and allows access for other users, even after a reboot. Apparently, according to this http://hints.macworld.com/article.php?story=20020418091450891 the externally attached drives ignore ownership by default.
    Again, the Mac is a mass market consumer item. Just about every external drive on a Mac is a detachable device, which can be moved around to other Macs, etc... (especially USB thumb drives, SD cards, etc...). Having these devices default to strict security would again frustrate the mass consumer Mac user, when all they want to do is get their pictures off of the SD card, or move files between 2 computers, etc...
    My point is that the defaults Apple has selected are targeted to the mass consumer Mac user. Not the data center mainframe user.
    I would encourage you to give Apple feedback on your experiences
    <http://www.apple.com/feedback/macosx.html>
    or
    BugReporter
    <http://bugreporter.apple.com>
    Free ADC (Apple Developer Connection) account needed for BugReporter.
    Anyone can get a free account at:
    <http://developer.apple.com/programs/register/>

  • New to mac , when i imported pictures on my account , i noticed the family user account can not view pictures in iPhoto why is this and how do i allow other users on my mac to view the pictures

    how do I allow other users to view pictures in iphoto on my computer?? can only view pictures when signed in administrator account?

    Try Here  >  http://www.apple.com/findouthow/photos/#intro
    More Info Here for the New Mac User...
    Mac essentials   http://support.apple.com/kb/HT2477
    PC to Mac video      http://support.apple.com/kb/VI207
    Find Out How (Video)
    http://www.apple.com/findouthow/mac/

Maybe you are looking for

  • Javascript error while creating trees

    Hi I had to create a tree of the structure customerA ->siteA ->equip1 ->equip2 ->siteB -> -> customerB ->siteB ->equip4 ->equip4 now i have created a view from three tables and the structure of the view is as follows equipmentid, equipmentname, custo

  • Solaris-express-10/03 emacs core dump

    I've just installed emacs on Solaris express 10/03 in Sun-Blade-100 box and having problem in gui mode. Emacs only runs with -nw in text mode but not in gui mode. Starting with no options, it has segmentation fault with coredump. Although it is not r

  • Muse Site Returning Error Only in Chrome that Files are Missing

    I created www.helixweb.co.uk today, and I have an isse. Using Safari, Firefox and IE, there are no problems with my site. Every page loads fine for me. However when I then go into Chrome.... I get this error(I only get it on the Advertising menu of t

  • DWCS4 OSX10.5 site cache won't persist

    thanks, in advance for help with this! i have to continually recache a site because after refreshing the local folder or interacting with the remote server, the files distill to _mm _notes _ secure  and _Templates, all empty. I also notice that when

  • EoMPLS and L2TPv3

    Good morning everyone.... I was wondering if someone could help me out with this? I have setup a dev lab setup to test some stuff out before I go forward and move to production but I have hit a brick wall... Here is a general setup Diagram.