Re: way to grant schema privilege

From: Nuno Souto <dbvision_at_iinet.net.au>
Date: Tue, 29 Sep 2009 13:57:13 +1000
Message-ID: <4AC18599.6060903_at_iinet.net.au>



Not directly, no. Even through proxies, you still need to grant access to objects via a role and then the role to a logon, be that a proxy or for example, any logon that does a "ALTER SESSION SET CURRENT_SCHEMA=<schema>". In other words: the proxy user is not a replacement for granted privileges, it complements them.
Your choice if you use a proxy logon - relevant for three-tier access - or something like a login trigger setting current_schema. Then a role is granted to that logon. The role defines the access privileges, not the user logon. You cannot grant an entire schema to a role, it has to be object by object.
-- 
Cheers
Nuno Souto
in sunny Sydney, Australia
dbvision_at_iinet.net.au


dba1 mcc wrote,on my timestamp of 29/09/2009 4:07 AM:

> On ORACLE 10GR2 and 11G is it possible grant access privileges on schema level NOT table/view level.
>
> for example, I want grant 'select, update, delete" on one schema (all object under that schema) to another person. Is it possible?
>
-- http://www.freelists.org/webpage/oracle-l
Received on Mon Sep 28 2009 - 22:57:13 CDT

Original text of this message