select * from user_tab_privs_made;
| GRANTEE | TABLE_NAME | GRANTOR | PRIVILEGE | GRANTABLE | HIERARCHY | COMMON | TYPE |
|---|---|---|---|---|---|---|---|
| PUBLIC | MYUSER | MYUSER | INHERIT PRIVILEGES | NO | NO | NO | USER |
I couldn't understand when this privilege had been made, and why the type was set to USER.
Searching the internet, I soon found that this is a new privilege in Oracle 12c. By default the privilege INHERIT PRIVILEGES is granted to PUBLIC, and it secures a weakness where a malicious user may accidently get access to a privilege that user shouldn't have.
For backward compability INHERIT PRIVILEGES is granted to PUBLIC in Oracle 12c, but it can and probably should be revoked.
Tim Hall has setup a simple example on how this new privilege can secure your database. Instead of trying to mimic his work, I will simply refer you to his site.
You can find his article at oracle-base.com
See also the release changes section for Oracle 12c
No comments:
Post a Comment