>>PUBLIC SYNONYM vs PRIVATE SYNONYM

in oracle

CREATE OR REPLACE PUBLIC SYNONYM syn_channels FROM channels;

GRANT SELECT ON syn_channels TO PUBLIC;

at first statement I already made public synonym why I have to re-grant select on to public?

The first statement you provided creates a public synonym syn_channels for the table channels. This allows any user in the database to refer to the table using the synonym name syn_channels instead of the actual table name channels.

The second statement grants the SELECT privilege on the synonym syn_channels to the PUBLIC role. The PUBLIC role is a built-in role that includes all users in the database. This means that any user in the database can select data from the table channels using the synonym syn_channels.

Even though the synonym is public, the privileges on the underlying object are not automatically granted to the PUBLIC role. By granting the SELECT privilege on the synonym explicitly to the PUBLIC role, you are ensuring that all users in the database have the necessary privileges to access the underlying object through the synonym.

So to answer your question, the second statement is necessary to ensure that all users in the database have the required privileges to access the underlying object through the public synonym.

[](data:image/svg+xml,%3csvg%20xmlns=%27http://www.w3.org/2000/svg%27%20version=%271.1%27%20width=%2730%27%20height=%2730%27/%3e)

so you mean even i made a public synonym, nobody can use this synonym if i don grant any previlege?

Yes, that's correct. Creating a public synonym allows all users to refer to the underlying object using the synonym name, but it does not automatically grant any privileges on the object to any user, including the PUBLIC role.

If you create a public synonym but do not grant any privileges on the underlying object to the PUBLIC role (or to individual users or roles), then users will not be able to use the synonym to access the underlying object.

In other words, creating a public synonym is just the first step in providing access to an object for all users. You still need to grant the necessary privileges to the appropriate users or roles in order for them to be able to use the synonym to access the object.

[](data:image/svg+xml,%3csvg%20xmlns=%27http://www.w3.org/2000/svg%27%20version=%271.1%27%20width=%2730%27%20height=%2730%27/%3e)

than if i make private synonym and grant select on privileges to public, everybody can "select" the private synonym?

No, that is not possible.

A private synonym is only visible to the owner of the synonym, and cannot be accessed by other users unless they are granted the necessary privileges on the underlying object directly.

In your example, if you create a private synonym and grant SELECT privilege on the underlying object to the PUBLIC role, then any user who is a member of the PUBLIC role will be able to select from the underlying object. However, they will not be able to use the private synonym to access the object, because the synonym is only visible to its owner.

To allow other users to use the private synonym, you would need to grant the necessary privileges on the synonym itself to those users. However, granting privileges on a private synonym to other users defeats the purpose of making it private in the first place, since it allows those users to access the underlying object without knowing the actual object name.

[](data:image/svg+xml,%3csvg%20xmlns=%27http://www.w3.org/2000/svg%27%20version=%271.1%27%20width=%2730%27%20height=%2730%27/%3e)

not clear... so what is different between public synonym and private synonym

A synonym in Oracle is a database object that provides an alternative name for another database object, such as a table, view, or stored procedure.