Home > Ask the Oracle Database / Applications Experts > Oracle database design and architecture Questions & Answers > Using roles/grants vs. public synonym
Ask The Oracle Expert: Questions & Answers
EMAIL THIS

Using roles/grants vs. public synonym

Brian Peasland EXPERT RESPONSE FROM: Brian Peasland

Pose a Question
Other Oracle Categories
Meet all Oracle Experts
Become an Expert for this site


Oracle tips, scripts, and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 21 April 2006

I have the following query. I created two users, U1 and U2, then created role R. I created tables in user U1 and gave grants to select, insert, update and delete to role R. I assigned role R to U2. Now if I log in through user U2 then I am able to see all objects of user U1. I can perform a similar operation by creating a public synonym in U1, i.e., I create a public synonym in user U1 and see all objects of user U2.

What is the difference between these two approaches? Is there any question of efficiency? If yes, then which one is better?



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Oracle database design and architecture
Why am I receiving Oracle memory allocation errors?
How to join two tables with unique keys in Oracle
How does the Oracle LGWR write to online redo log files?
Can I check an Oracle instance without logging into the Oracle server?
How to use V$SEGMENT_STATISTICS to find the most accessed Oracle table
Can I install an Oracle client on Windows 7?
How to use the Oracle Database Upgrade Assistant (DBUA)
Can I specify Oracle column order in my database table?
Can I have a single Oracle 11g RAC instance across multiple databases?
How to use the Oracle export utility to duplicate database structure

Oracle database design and architecture
Why am I receiving Oracle memory allocation errors?
How to join two tables with unique keys in Oracle
Can I check an Oracle instance without logging into the Oracle server?
How does the Oracle LGWR write to online redo log files?
How to determine your SQL database through needs analysis
Breaking down the contenders in the SQL database market
The MySQL open source database in the enterprise
Diving deeper into the SQL database features
What managers should consider when starting a database scaling project
How to use V$SEGMENT_STATISTICS to find the most accessed Oracle table

Oracle database security
Oracle delivers database fixes in Critical Patch Update
How to use DBMS_CRYPTO package for Oracle password encryption/hashing
How to decrypt an Oracle password using John the Ripper and checkpwd
How to use the CREATE SESSION command to track Oracle database logins
How to troubleshoot Oracle critical patch updates using OPatch
Can I automate Oracle patching when installing Oracle Standard Edition?
Is it possible to automate Oracle CPUs for a DoD project?
Three steps to help improve Oracle database security
Tips for auditing and securing database backups in Oracle
How to prevent a SQL injection attack in Oracle

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
E. F. Codd  (SearchOracle.com)
extent  (SearchOracle.com)
flexfield  (SearchOracle.com)
foreign key  (SearchOracle.com)
multidimensional database  (SearchOracle.com)
object-oriented database management system  (SearchOracle.com)
quad tree  (SearchOracle.com)
relational online analytical processing  (SearchOracle.com)
row  (SearchOracle.com)
splay tree  (SearchOracle.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Granting to PUBLIC is easier, but much more dangerous. It is a rule for database security that you only grant privileges to the users that need them. Furthermore, you only give the user the ability to do the bare minimum things they need to do. In today's security-conscious IT environments, granting more than they need and to more than just the people that need it is a way to open up your database with wide security holes. And it could cost you your job.

Use roles to help you administer security. That is what they were designed to do. I never grant any privilege to PUBLIC and I've never had a reason to do so.




Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Oracle White Papers: Fusion Middleware
HomeNewsTopicsTipsAsk the ExpertsMultimediaWhite PapersProductsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts