Home » RDBMS Server » Security » Security: Roles
Security: Roles [message #58074] Tue, 29 July 2003 09:53 Go to next message
Ken Reaves
Messages: 3
Registered: April 2003
Junior Member
I'm interested in creating a role that allows the select only object priviledge for all tables in a schema. I've created a role called REPORT_ROLE, granted this role to a test user called TEST, and granted SELECT on SCHEMA.TABLENAME to REPORT_ROLE. When I log onto the database as TEST, I'm still able to issue a DELETE statement against the table with the grant SELECT. If I issue ALTER USER TEST DEFAULT ROLE REPORT_ROLE, shouldn't I be able to select rows only from SCHEMA.TABLENAME? I'm open to suggestions.
Re: Security: Roles [message #58083 is a reply to message #58074] Tue, 29 July 2003 23:56 Go to previous messageGo to next message
Maaher
Messages: 7062
Registered: December 2001
Senior Member
Look at the other roles/grants assigned to your user TEST. via ROLE_TAB_PRIVS, DBA_TAB_PRIVS, DBA_ROLE_PRIVS, ROLE_ROLE_PRIVS and related system views you can verify where this DELETE privilege comes from.

MHE
Re: Security: Roles [message #58100 is a reply to message #58083] Wed, 30 July 2003 15:38 Go to previous message
Ken Reaves
Messages: 3
Registered: April 2003
Junior Member
Thanks, Maaher. Problem resolved.
Previous Topic: password decryption........
Next Topic: creating a user but not alter his password....?
Goto Forum:
  


Current Time: Mon Nov 23 16:37:25 CST 2020