RE: granting sys objects with grant option in 184.108.40.206 the grant option has no effect
Date: Tue, 21 Feb 2012 08:44:34 -0800
Were you connected as SYS when executing - grant execute on dbms_output to ttt_user with grant option; ??? Michael Dinh
Disparity Breaks Automation (DBA)
Great minds discuss ideas; average minds discuss events; small minds discuss people - Eleanor Roosevelt Confidence comes not from always being right but from not fearing to be wrong - Peter T Mcintyre
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Kurt-Franke_at_web.de Sent: Tuesday, February 21, 2012 6:31 AM To: oracle-l
Cc: Kurt.Franke_at_cellent-fs.de; Ronald.Stiefel_at_cellent-fs.de Subject: FW: granting sys objects with grant option in 220.127.116.11 the grant option has no effect
next try, hoping the formatting information is no longer lost
I detected a problem as described by testcase: (tested in following Installations)
Linux x86 64-bit - Oracle Database 11g Enterprise Edition Release 18.104.22.168.0 - 64bit Production
Microsoft Windows x86 64-bit - Oracle Database 11g Enterprise Edition Release 22.214.171.124.0 - 64bit Production
Linux IA (32-bit) - Oracle Database 11g Enterprise Edition Release 126.96.36.199.0 - Production
The problem did not occure on 188.8.131.52 or previous
create user ttt_user identified by asdfghjk;
grant create session to ttt_user;
grant execute on dbms_output to ttt_user with grant option;
create user ttt2_user identified by asdfghjk;
- execute privilege is there exec dbms_output.enable
- but grant option is missed grant execute on sys.dbms_output to ttt2_user; * ERROR at line 1: ORA-01031: insufficient privileges
This problem did not occure with select privilege on a sys table. It also did not occure with execute privilege on a user package.
We use this feature for a special admin user in a software system with tenant isolation where the isolation is done by using separate databse schemas for each tenant. The admin user is there to create new tenants (a very complex installation proedure) and need to grant a couple of execute privileges on sys pacakges.
Does anyone heard of this problem ?
Is there any mechanism to fall back to previous fucntrional behaviour - i. e. seting a hidden parameter, setting a special event etc. ?
(I`m argueing the ignoring of the grant option with execute privilege on sys objects is a work around due to a security problem occured later)
http://www.freelists.org/webpage/oracle-l Received on Tue Feb 21 2012 - 10:44:34 CST