Taken from the newsgroup: Ingmar asked:
asked 02 Mar '11, 14:18 Volker Barth |
Well, each user is member of the PUBLIC group by default, and as such each user can query the system catalog. You can do the following to restrict that access (tested on SA 12 demo):
Now you can connect as that user "MyUser": Note: You don't have access to the system catalog, so the following queries will fail with a "permission denied" error:
nor can you access any other table/view/procedure, but you can do the following (with a necessary table owner qualification!):
Some notes:
answered 02 Mar '11, 14:36 Volker Barth We had a similiar situation where we needed to restrict acces to a user. Created 2 views and gave read/write priviledges and gave only 'select' permissions to the 2 views. Left all other user settings as is and the user remained in the Public group. If I understand Volker's answer then this user still had access to the system catalog? Thank you. Answered my own question. Thanks. |