Am setting up a restricted role but have hit a snag in that there are a few public synonyms that point to objects I don't want the role to see. Have not found a way yet to revoke the select privledge via this synonym. I have revoked ALL on the object in question to the user and the role, but they can still DESC and SELECT from the object.
The synonym has nothing to do with privileges on the undelying object, even if there is a public synonym if the user does not have either explict privileges or privileges granted via a role they will not be able to read the contents of the table.
If you can still select from the table, I would suggest that you look carefully at the privileges assigned to the role and to the user.
Oracle Certified Professional "Build your reputation by helping other people build theirs."
"Sarcasm may be the lowest form of wit but its still funny"
When I created the role, I gave privledges on 18 objects only. I then created the users and assigned them the role. However, they can immediately desc and select from objects which I did not grant them privledges.
Maybee this is a different issue. As a DBA-lvl user, I revoked all privledges on an object I did not own. However, in dba_tab_privs, there is an entry granting select on the object to PUBLIC.
I think what is killing me is the fact that in dba_tab_privs there is an entry granting select on the object to public. I have revoked privledges to the object as the object owner but the user still has access to the table.