Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Why can't SYS user grant privilege on others' tables?
It's a security requirement that any user should not be able to grant
access to another user's tables to anyone else without being explicitly
granted the ability to do so. For example, if user A wanted to grant
access to user B's tables to user C, user B would have to grant (level of
access) to A with grant option. Then user A would be able to grant user C
access to user A's tables, but only at the level of access user A has been
granted (select, insert etc.).
From memory, this is a requirement of the C2 security level that standard Oracle operates under. There is a higher security level (B1) that Trusted Oracle runs under, but you don't see much of that.
Of course, it seems pretty silly that a privileged user like SYS can update, delete, drop another user's data, but can't grant access to it without this intermediary step, but hell, we didn't make the rules, we just have to follow them! ;)
HTH Pete
pradyumn_sharma_at_hotmail.com wrote:
> * Using Personal Oracle7, release 7.2.2.3.1. I log on as
> sys/change_on_install, and give the following command:
>
> SQL> grant select on pradyumn.x to system;
> grant select on pradyumn.x to system
> *
> ERROR at line 1:
> ORA-01031: insufficient privileges
>
> Why so?
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
--
Regards
Pete
Peter Sharman Email: psharman_at_us.oracle.com WISE Course Development Manager Phone: +1.650.607.0109 (int'l) Worldwide Internal Services Education (650)607 0109 (local)San Francisco
SQL> select standard_disclaimer, witty_remark 2 from company_requirements;
Opinions are mine and do not necessarily reflect those of Oracle Corporation
"Controlling application developers is like herding cats."
Kevin Loney, ORACLE DBA Handbook
"Oh no it's not! It's much harder than that!"
Bruce Pihlamae, long term ORACLE DBA
Received on Fri Apr 09 1999 - 10:44:40 CDT