RE: Question re view privileges

Bill,  

I follow the basic rule that if a view is needed on data from a specific schema, then that schema should own the view. There is no good reason for allowing another schema to create views on a base schema and then share that view around to other users. As a DBA, you lose control very quickly and answering the question from auditors later on of "Who can see his data" gets very hard to answer.  

Just my opinion.  

Tom  

From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of William Wagman Sent: Wednesday, September 10, 2008 4:30 PM To: Jared Still
Cc: oracle-l_at_freelists.org
Subject: RE: Question re view privileges  

One learns something new every day, I did not know this. Thank you.  

Bill Wagman
Univ. of California at Davis
IET Campus Data Center
wjwagman_at_ucdavis.edu
(530) 754-6208

From: Jared Still [mailto:jkstill_at_gmail.com] Sent: Wednesday, September 10, 2008 1:26 PM To: William Wagman
Cc: oracle-l_at_freelists.org
Subject: Re: Question re view privileges  

On Wed, Sep 10, 2008 at 1:05 PM, William Wagman <wjwagman_at_ucdavis.edu> wrote:

        ORA-01031, insufficient privileges is returned. In order to resolve this schema Y had to         

        SQL> grant select on v1 to X with grant option;

It has worked this way for quite a long time.

SELECT privs on T1 have been granted to X

Y as the owner of T1, does not intend for X to share this data with Z, or anyone else.

Y has to explicitly allow X to share this data, which is why the 'grant option' is needed
for X to allow Z to see the view V1.

-- 
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist


--
http://www.freelists.org/webpage/oracle-l