Re: Question re view privileges
Date: Thu, 11 Sep 2008 09:57:30 -0400
Such situation is being addressed in 10G by:
SQL> grant select on v1 to u3;
grant select on v1 to u3
ERROR at line 1:
ORA-01720: grant option does not exist for 'U1.A'
SQL> !oerr ora 1720
01720, 00000, "grant option does not exist for '%s.%s'"
// *Cause: A grant was being performed on a view and the grant option was // not present for an underlying object. // *Action: Obtain the grant option on all underlying objects of the view.
On Wed, Sep 10, 2008 at 4:05 PM, William Wagman <wjwagman_at_ucdavis.edu>wrote:
> I just demonstrated something to myself which took me by surprise and am
> wondering if I am perhaps missing something. Running Oracle 22.214.171.124.0 EE on
> RHEL 64-bit. Here is the scenario...
> schema X has a view, v1 which selects from table t1 owned by schema Y.
> schema Y has granted select on t1 to schema X.
> schema X has in turn granted select on view v1 to user Z.
> When user Z issues the command
> SQL> select * from X.v1;
> ORA-01031, insufficient privileges is returned. In order to resolve this
> schema Y had to
> SQL> grant select on v1 to X with grant option;
> My question. I didn't expect it would be necessary to issue the grant with
> grant option. Am I missing something or is there another way to handle this?
> I don't want to issue the grant to public and I am not particularly happy
> about user X being able to grant select on view v1 to others. If this is the
> way it must be so be it but it took me by surprise.
> Bill Wagman
> Univ. of California at Davis
> IET Campus Data Center
> (530) 754-6208