Re: Restrict users from describing table

Quoting Bruno Wolff III <bruno@wolff.to>:

> On Mon, Jan 05, 2004 at 11:32:42 +0500,
>   Michael Gill <mgill@pointdx.com> wrote:
> > 
> > I think I have found the simple solution by separating the user from the 
> > owner of the tables, however!
> > 
> > I have simply created tables and functions in the owner's schema(A), 
> > then granted execution to the other user(B). My brief testing indicates 
> > that B cannot access or describe A's objects, yet can execute the 
> > function that retrieves data and returns a ref cursor.
> > 
> 
> This won't work as they can still get at the system catalog which will
> allow them to see the schema.
> 


You're correct. There doesn't seem to be a way to restrict a user from reading
the system tables.

To limit the client to only accessing the data through functions, I'm looking at
creating a java-based api to wrap all accesses to the db. The client machine
wouldn't need a db password, merely asking for DML through the api.