Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Question related to security

RE: Question related to security

From: Pete Sharman <peter.sharman_at_oracle.com>
Date: Wed, 05 Mar 2003 13:19:34 -0800
Message-ID: <F001.0056162C.20030305131934@fatcity.com>


Your first statement is no longer true for 9.2 and later (it still remains true for earlier releases). In 9.2 the new system privilege, GRANT ANY OBJECT PRIVILEGE, allows users to grant and revoke privileges on objects on behalf of the object's owner to simplify the installation process.  

Pete

"Controlling developers is like herding cats."

Kevin Loney, Oracle DBA Handbook

"Oh no, it's not. It's much harder than that!"

Bruce Pihlamae, long-term Oracle DBA  

-----Original Message-----

Kilchoer
Sent: Wednesday, March 05, 2003 12:49 PM To: Multiple recipients of list ORACLE-L

Only UserA can grant access on a table belonging to UserA (unless another user was granted access with admin option.) However, UserB can create a procedure in the schema of UserA if UserB has CREATE ANY PROCEDURE system privilege. The procedure created will run with the privileges of UserA, and will be able to grant access on tables belonging to UserA.

-----Original Message-----

Sent: mercredi, 5. mars 2003 09:35
To: Multiple recipients of list ORACLE-L

I am surprised ... which user did you run this as? You mention in your original email that you don't jave the password for the owner and sys/system don't have admin rights ...

Can you solve the puzzle? If you don't have privs with grant option, how could you grant it to someone else? plus this being dbms_sql, you need to have those privs directly granted to you ...

-----Original Message-----

Sent: Wednesday, March 05, 2003 9:35 AM To: Multiple recipients of list ORACLE-L

Grant select on all tables is not what we were looking for exactly because of the reason brought up by Pat. The following solution provided by Jacques solved the problem -

Execute Immediate is for Oracle 8.1 and later. In 7.3.4 you need to use the dbms_sql package for dynamic SQL. The procedure would be something like:
create procedure third_party_app_user.grant_priv   (table_name_in in varchar2, privileges_in in varchar2, grantee_in varchar2)
as

   c_dynsql pls_integer ;
   ignore pls_integer ;
begin

   c_dynsql := dbms_sql.open_cursor ;
   dbms_sql.parse (c_dynsql,

                   'grant ' || privileges_in || '  on ' || 
                   table_name_in  || ' to ' || grantee_in, 
                   dbms_sql.native) ; 

   ignore := dbms_sql.execute (c_dynsql) ;    dbms_sql.close_cursor (c_dynsql) ;
exception

   when others
   then

      if dbms_sql.is_open (c_dynsql) 
      then 
         dbms_sql.close_cursor (c_dynsql) ; 
      end if ; 
      raise ; 

end ;
/
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Pete Sharman
  INET: peter.sharman_at_oracle.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services

---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Received on Wed Mar 05 2003 - 15:19:34 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US