I have created one user and I have given only the create session PRIVILEGE and there is no other PRIVILEGE. But when I connect to that user as sysdba I am able to connect as well as I can access all the data dictionary. I wanted to know how to restrict this thing.
Please tell me as soon as possible.
Thanks in advance
09-16-2002, 06:57 AM
Are you sure? Have you tried to query any dba_ table.
09-16-2002, 07:03 AM
Excuse me I haven't read correctl your question. Of course if you can connect as sysdba, then all the catalog is visible for you. Could you post how have you created the user, grants, privilegies ..?
09-16-2002, 07:39 AM
I am writing the command which I had executed
Create user [user_name] identified by [passowrd] default tablespace [tablespace_name];
grant create session to [user_name];
conn [user_name]/[password] as sysdba;
it is connected and showing all the internal tables.
Now I want to restrict it. How do I?
09-16-2002, 09:17 AM
Just revoke the sysdba privilege.
09-17-2002, 01:04 AM
I have revoke the sysdba privilege from that user but it is still not working, I can see all the tables owned by the system.
I need more suggestion on that
09-17-2002, 01:33 AM
I think you are using OS authentication.
On Unix if you are logging in as osuser who is in dba group, you can connect "as sysdba" using any db user.
Logout from OS and login as osuser who is not in dba group.
Then try connecting "as sysdba" for the db user. I am sure you will get insufficient privilege error.
09-17-2002, 01:38 AM
On NT/2000 the group is ORA_DBA
09-17-2002, 06:25 AM
How we can check in WIN-NT where a Windows NT User who have login and in oracle that login user is in DBA_GROUP...