ORACLE 7.3 用户管理
在工作中,我有一个基于 Oracle 7.3 的应用程序(是的,是老东西)。 最近,我尝试创建一个能够在所有表上进行 SELECT 的帐户,但不能执行其他操作,即不能进行更新或删除。 但每当我创建一个新帐户时,它就已经可以访问所有应用程序表。 我什至将其简化为仅创建会话。 这没有帮助 - 用户仍然可以更新任何表!
所以,我发现有一大堆与表命名完全相同的公共同义词(即表myTable123,公共同义词myTable123)。 我删除了其中之一,用户无法在该特定表上进行选择。 然后我创建了一个新表,显然新用户看不到它。 我为该表添加了一个公共同义词,希望用户能够访问它。 不幸的是,新用户看不到它……这也是有道理的,因为没有给予任何授权。 一定还有别的东西......
我不是 Oracle 专家,我试图弄清楚这个问题的真相,但到目前为止还没有运气。 如果您有任何建议,请提供帮助。 干杯! 达摩
At work I have an app sitting on Oracle 7.3 (old stuff, yes). Recently I tried to create an account that would be able to SELECT on all tables, but nothing else i.e. no updates or deletes. But whenever I create a new account it already has access to all application tables. I even stripped it down to CREATE SESSION only. This didn't help - the user could still update any table!
So, I found that there is a whole bunch of Public Synonyms named exactly the same as tables (i.e. table myTable123, public synonym myTable123). I removed one of them and the user was not able to SELECT on that particualr table. Then I created a new table and obviously the new user couldn't see it. I added a Public Synonym for that table, hoping that the user would be able to access it. No luck the new user could not see it.. which would make sense as no GRANTs were given. There has to be something else....
I'm not an Oracle expert and I'm trying to get to the bottom of this issue, but no luck so far.
Please help with any suggestions you may have.
Cheers! Damo
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
正如 tuinstoel 所说,您可以忽略公共同义词 - 这不会影响权限。
有可能在创建原始表时,创建者所做的
其中[权限]可能与“全部”一样广泛,这意味着任何新用户都会自动被授予对这些表的权限。
是否
返回任何东西?
顺便说一句 - 从未使用过 Oracle 7.3.3 - 我假设权限模型没有太大变化。
As tuinstoel says, you can ignore the public synonyms - that won't affect permissions.
It's possible your that when your original tables were created the creator did a
where [permissions] could be as broad as "all", which would mean any new user would automatically be granted permissions on those tables.
Does
return anything?
BTW - never used Oracle 7.3.3 - I'm assuming not much has changed in the permissioning model.
Oracle 7.3 不仅很老,而且非常非常非常老。 它已经12或13岁了。
创建或删除公共同义词不会改变任何人访问表的权限。 创建公共同义词的唯一原因是可以访问表而无需为其添加架构名称前缀。
我认为您的老用户拥有“更新任何表”和“选择任何表”或“dba”等权限。
Oracle 7.3 is not just old, it is very, very, very old. It is 12 or 13 years old.
Creating or dropping public syns doesn't change anyones rights to access a table. The only reason to create public synonyms is to make it possible to access a table without prefixing it with its schema name.
I think your old users have priviliges like 'update any table' and 'select any table' or 'dba'.