Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Restricting A User To A Specific Tablespace

Status
Not open for further replies.
OraCool

OraCool

Technical User
Jan 17, 2002
67
CA
Hi,

I have tablespaces a,b,c,d,e. I have created a user 'x' and specified quota unlimited on d,e and 0 on a,b,c. On creating user 'x' I find that he can create and insert data in a table on tablespace 'a'. So quota 0 does not restrict him.

Is there another way to restrict user 'x' to tablespace d & e.

PS: All TS are locally managed with auot extent management.

Thanks In Advance
 
Sort by date Sort by votes
Once you have a right to insert into that table your tablespace quota doesn't matter. Though you're not allowed to create anew table there. Why don't you REVOKE insert right on that table(s)?

Regards, Dima
 
Upvote 0 Downvote
OraCool,

Dima/Sem is (as always) right on. If, in fact, you are able to "CREATE TABLE...TABLESPACE B" with no explicit QUOTA, then could you please confirm whether or not the table-creating user may explicitly (or via a ROLE) have the "UNLIMITED TABLESPACE" privilege?

[santa]Mufasa
(aka Dave of Sandy, Utah, USA)
@ 18:00 (29Oct04) UTC (aka "GMT" and "Zulu"),
@ 11:00 (29Oct04) Mountain Time
 
Upvote 0 Downvote
Thanks Guys,

Here is the scenario.

USer 'x' should have his objects restricted to tabsp 'd' & 'e' only.

User 'x' is a new user for a new app. Hence the zero quota on other tbsps.

Is it a default for a newly created user to have rights on all existing tbsps?

Thanks
 
Upvote 0 Downvote
OraCool,

No, users do not, by default, have the UNLIMITED TABLESPACE privilege. But, occasionally I have found DBAs "GRANT UNLIMITED TABLESPACE to PUBLIC" (or similar), which results in the users access to all tablespaces. That's why I was hoping that you could rule out such a GRANT.

[santa]Mufasa
(aka Dave of Sandy, Utah, USA)
@ 15:17 (01Nov04) UTC (aka "GMT" and "Zulu"),
@ 08:17 (01Nov04) Mountain Time
 
Upvote 0 Downvote
Santa,

I created user 'x' with quota on the relevant tbsps (d,e) and zero on the others. The only grant statement issued for user 'x' was connect and resource.

I wonder where he is getting privileges for a,b,c from.

Nice situation though, educational :)
 
Upvote 0 Downvote
OraCool,

Please post the results of this query:
Code: 
select privilege from dba_sys_privs where grantee = 'PUBLIC';

[santa]Mufasa
(aka Dave of Sandy, Utah, USA)
@ 16:32 (02Nov04) UTC (aka "GMT" and "Zulu"),
@ 09:32 (02Nov04) Mountain Time
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Chopstik
  • Locked
  • Question
How to identify a package based on a code snippet 1
Replies
1
Views
335
Andrzejek
Andrzejek
Andrzejek
  • Locked
  • Question
Get part of a string with SQL 1
Replies
2
Views
396
Andrzejek
Andrzejek
sqlPower
  • Locked
  • Question
Help with Integer to Char to Datetime stamp
Replies
2
Views
333
SkipVought
S
Livia8
  • Locked
  • Question
Alternative to "locate" command
Replies
0
Views
327
Livia8
Livia8
Livia8
  • Locked
  • Question
How to forcibly logout users 2
Replies
17
Views
665
carp
carp

Part and Inventory Search

Sponsor

Back
Top