These are probably frequently asked questions, but I don't know of
an Oracle FAQ (pointers appreciated). The questions pertain to
grants in Oracle 7. We have version 7.3.2.3 on SunOS 4.1.3.
- According to the manuals, a user with SELECT ANY TABLE system
privilege can select from any table, view or snapshot. However, it
seems that a user with the "dba" role enabled (which includes
SELECT ANY TABLE system privilege) cannot select from a view owned
by another user unless the owner has granted SELECT object
privileges on that view to the user trying to select from the view.
Is the documentation wrong? Am I doing something wrong? If this
is really the way it works, why did they do it this way?
- If I understand grants of object privileges correctly, a DBA cannot
grant object privileges on another user's object (even with role
"dba" enabled) unless that user has granted the object privileges
to the DBA with grant option. This makes managing grants more
difficult since we wanted to have one role which is empowered to
grant any object privileges. The only solution to this that we can
think of is to have each user grant ALL on every object created
with GRANT OPTION to a "grant_manager" role. Is there a better
solution?
--
David Hollenberg dhollen@mosis.org http://www.mosis.org/mosis
MOSIS Service Voice 310-822-1511
Information Sciences Institute FAX 310-823-5624
Received on Fri Mar 21 1997 - 00:00:00 CST