4 Replies Latest reply: Feb 27, 2012 4:50 PM by Paul R RSS

    db

    839388
      Hi All,

      I have configure db vault for db. I want one of the user to access only some of the tables.
      For e.g I want user A to access only emp table of user B.

      Can any one help me in implementing the this.

      Your assistance is much appreciated in this regards.

      Thanks and Regards,
        • 1. Re: db
          IBarr
          This is actually the forum for Audit Vault not Database Vault. But to answer your question, If you want to restrict User A from accessing any tables in Schema B other than the EMP table, then you can just use normal object level privileges. i.e.
          GRANT SELECT ON B.EMP TO A;

          If User A has some ANY privileges that would allow them to access other tables in Schema B, such as SELECT ANY TABLE, then you should put Schema B in a Realm to protect it from the ANY privileged users. Any other users that should still be able to make use of the ANY privileges can then be added as Realm Participants.

          Hope that helps,

          Iain Barr
          Ategrity Solutions Ltd.
          • 2. Re: db
            839388
            Hi Iain,

            I dont find any separate forum for db vault hence i post a question in this forum.

            Thanks for the help.

            Can you please help me in finding good examples of realms , rulesets for db vault.

            I tried to find one however unable to find it.

            Please help.

            Thanks and Regards
            • 3. Re: db
              IBarr
              Have you tried the Database Vault Administrator's Guide: http://www.oracle.com/pls/db112/to_toc?pathname=server.112/e23090/toc.htm

              Regards,

              Iain Barr
              Ategrity Solutions Ltd
              • 4. Re: db
                Paul R
                Database Vault can help you here but it's probably overkill.

                Database Vaults main function is to prevent privileged users (SYS, SYSTEM, DBAs) from accessing application data inside the database.

                I think what you might be trying to achieve is allowing one user to access data in another schema. This can be done with regular grants eg :

                grant select on scott.tiger to paul;