-
Why Create Session is so powerful
I did a testing .
1. create a user UserA
2. connect system/manager
3. grant create session to UserA
grant dba to UserA
4. connect UserA
5. create tables , views , procedures , functions , triggers ,
snapshots , database link etc. ( all kinds of objects)
6. connect System/manager
7. Revoke DBA from UserA
(So UserA has create session priviledge only )
8. Connect UserA
I found that UserA can now select any tables in his schema and
do all the DML as well .
I got a big confusion on that . because UserA has create session priviledge only .
I guess I may make a mistake on the object priviledge and system pr
iviledge .
BTW , how to know the relation between different priviledges .
I can only found the priviledges which belongs to the role .
Thanks .
1. www.dbasupport.com
2. www.dbforums.com
3. www.itpub.net
4. www.csdn.net
5. www.umlchina.com
6. www.tek-tips.com
7. www.cnforyou.com
8. fm365.federal.com.cn
9. www.programmersheaven.com
10.http://msdn.microsoft.com/library/default.asp
ligang1000@hotmail.com
-
Did you check to see if the role "connect" was revoked? That role is defaulted when a new user is created (at least by OEM)
Oracle it's not just a database it's a lifestyle!
--------------
BTW....You need to get a girlfriend who's last name isn't .jpg
-
Originally posted by OracleDoc
Did you check to see if the role "connect" was revoked? That role is defaulted when a new user is created (at least by OEM)
it is revoked .
Only create session remains
1. www.dbasupport.com
2. www.dbforums.com
3. www.itpub.net
4. www.csdn.net
5. www.umlchina.com
6. www.tek-tips.com
7. www.cnforyou.com
8. fm365.federal.com.cn
9. www.programmersheaven.com
10.http://msdn.microsoft.com/library/default.asp
ligang1000@hotmail.com
-
Nothing is strange here. Once a user *owns* an object he/she has every possible privilege on those objects. There is no way to revoke privileges from owner on his/her obejcts. No way, unless you drop those objects.
So CREATE SESSION gives you only the abillity to connect to the database. But once you are connected, you have all the authorities ower the objects you allready own plus the privileges granted to PUBLIC.
Jurij Modic
ASCII a stupid question, get a stupid ANSI
24 hours in a day .... 24 beer in a case .... coincidence?
-
Originally posted by jmodic
Nothing is strange here. Once a user *owns* an object he/she has every possible privilege on those objects. There is no way to revoke privileges from owner on his/her obejcts. No way, unless you drop those objects.
So CREATE SESSION gives you only the abillity to connect to the database. But once you are connected, you have all the authorities ower the objects you allready own plus the privileges granted to PUBLIC.
Very Clear!
1. www.dbasupport.com
2. www.dbforums.com
3. www.itpub.net
4. www.csdn.net
5. www.umlchina.com
6. www.tek-tips.com
7. www.cnforyou.com
8. fm365.federal.com.cn
9. www.programmersheaven.com
10.http://msdn.microsoft.com/library/default.asp
ligang1000@hotmail.com
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|