That thrice-damned "Schemas are users" nonsense
-
This horror is causing no shortage of problems on our application, because it uses multiple schemas to get some semblance of order in our databases. Works fine on SQL Server, but on Oracle, we get this absurdity:
>CREATE TABLE SOME_SCHEMA_NAME.someTable AS SELECT (stuff) --Result: OK dude no prob, your table is created. >SELECT COUNT(*) FROM SOME_SCHEMA_NAME.someTable --Result: I'm sorry Dave, I'm afraid I can't do that.
I just created the table! Why have I no right on something whose creator I am? And if you tell me "that's because you created it in someone else's pocket", then why did you let me create it in the first place?
-
@Medinoc write only rights are the devil
-
@Medinoc because CREATE ANY TABLE privilege doesn't give you SELECT ANY TABLE.
-
That's what happens when you make your permissions system too flexible.
In Linux, and probably Windows too, you can have folders where you can create files but not read them. Or worse, folders where you can read files but you can't get the list of files you can read.
-
@anonymous234 said in That thrice-damned "Schemas are users" nonsense:
folders where you can read files but you can't get the list of files you can read.
Did that on accident with a web app. The folder was supposed to be a cache where only known (to the web app) files would reside. NFC what I was thinking and quickly reverted that change...
-
@anonymous234 If you have write permission on the directory you can change permission on it's files, I think. If you can create a file, you can get permission for reading it.
-
@anonymous234 Write but not read is handy for some obscure but occasionally useful constructs like one way dropboxes.
Read but not list is more obscure.
-
@anonymous234 said in That thrice-damned "Schemas are users" nonsense:
That's what happens when you make your permissions system too flexible.
In Linux, and probably Windows too, you can have folders where you can create files but not read them. Or worse, folders where you can read files but you can't get the list of files you can read.
Windows Active Directory in a nutshell:
>Access to "C:" has been disallowed
>Pull up cmd
>cd C:\
>tree
>Yup, it worksI mean really, why even bother doing this if it can just be bypassed? At least Linux (from what I've heard) is pretty much a stone wall with this stuff. No permissions to view in Linux means you are not viewing it period unless you obtain access to a user that can.
-
@Weng said in That thrice-damned "Schemas are users" nonsense:
Write but not read is handy for some obscure but occasionally useful constructs like one way dropboxes
Doesn't OSX have write only drop box folders by default? Possibly for sharing a file between users?