RE: Question re view privileges
Date: Thu, 11 Sep 2008 08:14:13 -0400
Message-ID: <ABB9D76E187C5146AB5683F5A07336FFE09289@EXCNYSM0A1AJ.nysemail.nyenet>
Bill,
I follow the basic rule that if a view is needed on data from a specific schema, then that schema should own the view. There is no good reason for allowing another schema to create views on a base schema and then share that view around to other users. As a DBA, you lose control very quickly and answering the question from auditors later on of "Who can see his data" gets very hard to answer.
Just my opinion.
Tom
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of William Wagman
Sent: Wednesday, September 10, 2008 4:30 PM
To: Jared Still
Cc: oracle-l_at_freelists.org
Subject: RE: Question re view privileges
One learns something new every day, I did not know this. Thank you.
Bill Wagman
Univ. of California at Davis
IET Campus Data Center
wjwagman_at_ucdavis.edu
(530) 754-6208
From: Jared Still [mailto:jkstill_at_gmail.com]
Sent: Wednesday, September 10, 2008 1:26 PM
To: William Wagman
Cc: oracle-l_at_freelists.org
Subject: Re: Question re view privileges
On Wed, Sep 10, 2008 at 1:05 PM, William Wagman <wjwagman_at_ucdavis.edu> wrote:
ORA-01031, insufficient privileges is returned. In order to resolve this schema Y had to
SQL> grant select on v1 to X with grant option;
It has worked this way for quite a long time.
SELECT privs on T1 have been granted to X
Y as the owner of T1, does not intend for X to share this data with Z, or anyone else.
Y has to explicitly allow X to share this data, which is why the 'grant
option' is needed
for X to allow Z to see the view V1.
-- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist -- http://www.freelists.org/webpage/oracle-lReceived on Thu Sep 11 2008 - 07:14:13 CDT