AW: 10g VERSION 10.2.0.3.0 - user that can see SYS & SYSTEM tabl es.

AW: 10g VERSION 10.2.0.3.0 - user that can see SYS & SYSTEM tabl es.

 

  

Besides of that UNLIMITED TABLESPACE is generally a bad idea, because it means, that this user can fill up SYSTEM an SYSAUX tablespaces as well.
Therefore when I grant the RESOURCE role I always revoke UNLIMITED TABLESPACE as next action...

Regards,

Tajana

-----Ursprüngliche Nachricht-----
Von: David McCune [mailto:oracledba-ezmlmshield-x4759605.[Email address protected]
Gesendet: Mittwoch, 28. Mai 2008 22:17
An: LazyDBA Discussion
Betreff: RE: 10g VERSION 10.2.0.3.0 - user that can see SYS & SYSTEM tabl es.

Check the following parameter:

O7_DICTIONARY_ACCESSIBILITY controls restrictions on SYSTEM privileges. If
the parameter is set to true, access to objects in the SYS schema is allowed
(Oracle7 behavior). The default setting of false ensures that system
privileges that allow access to objects in "any schema" do not allow access
to objects in the SYS schema.

For example, if O7_DICTIONARY_ACCESSIBILITY is set to false, then the SELECT
ANY TABLE privilege allows access to views or tables in any schema except
the SYS schema (data dictionary tables cannot be accessed). The system
privilege EXECUTE ANY PROCEDURE allows access on the procedures in any
schema except the SYS schema.

If this parameter is set to false and you need to access objects in the SYS
schema, then you must be granted explicit object privileges.

-----Original Message-----
From: Gaurav Shrivastava
[mailto:oracledba-ezmlmshield-x55930362.[Email address protected]
Sent: Wednesday, May 28, 2008 3:09 PM
To: LazyDBA Discussion
Subject: RE: 10g VERSION 10.2.0.3.0 - user that can see SYS & SYSTEM tables.

Check for any priviledges granted to public?

-----Original Message-----
From: gregory
[mailto:oracledba-ezmlmshield-x96371040.[Email address protected]
Sent: Wednesday, May 28, 2008 2:51 PM
To: LazyDBA Discussion
Subject: 10g VERSION 10.2.0.3.0 - user that can see SYS & SYSTEM tables.

Hello Guru's

I created a user and granted 'SELECT ' (which should be read only) on
one
table.

CREATE USER <xxxx> PROFILE DEFAULT IDENTIFIED BY <xxxx>
DEFAULT TABLESPACE <xxxx> TEMPORARY TABLESPACE TEMP
QUOTA UNLIMITED ON <xxxx> ACCOUNT UNLOCK;

GRANT CREATE SESSION TO <xxxx>
GRANT UNLIMITED TABLESPACE TO <xxxx>
GRANT SELECT ON <xxxx>.<xxxx> TO <xxxx>;

My question is - Why can this user see the following SYS & SYSTEM, & how

can I revoke that?

select owner, table_name from all_tables;


OWNER TABLE_NAME
------------------------------ ------------------------------
SYS DUAL
SYS SYSTEM_PRIVILEGE_MAP
SYS TABLE_PRIVILEGE_MAP
SYS STMT_AUDIT_OPTION_MAP
SYS AUDIT_ACTIONS
SYSTEM DEF$_TEMP$LOB
SYSTEM HELP
SYS PLAN_TABLE$
SYS IMPDP_STATS
SYS KU$NOEXP_TAB
SYSTEM OL$NODES

OWNER TABLE_NAME
------------------------------ ------------------------------
SYSTEM OL$HINTS
SYSTEM OL$
SYS ODCI_WARNINGS$
SYS ODCI_SECOBJ$
SYS WRI$_ADV_ASA_RECO_DATA
SYS PSTUBTBL

17 rows selected.



Thanks much!
Greg
U.S. BANCORP made the following annotations
---------------------------------------------------------------------
Electronic Privacy Notice. This e-mail, and any attachments, contains
information that is, or may be, covered by electronic communications
privacy laws, and is also confidential and proprietary in nature. If you
are not the intended recipient, please be advised that you are legally
prohibited from retaining, using, copying, distributing, or otherwise
disclosing this information in any manner. Instead, please reply to the
sender that you have received this communication in error, and then
immediately delete it. Thank you in advance for your cooperation.



---------------------------------------------------------------------



---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To Subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html




---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To Subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html



---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To Subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html



Oracle LazyDBA home page