Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Why can't SYS user grant privilege on others' tables?

Re: Why can't SYS user grant privilege on others' tables?

From: Pete Sharman <psharman_at_us.oracle.com>
Date: Fri, 09 Apr 1999 08:44:40 -0700
Message-ID: <370E2068.330D7E6D@us.oracle.com> 





It's a security requirement that any user should not be able to grant
access to another user's tables to anyone else without being explicitly
granted the ability to do so.  For example, if user A wanted to grant
access to user B's tables to user C, user B would have to grant (level of
access) to A with grant option.  Then user A would be able to grant user C
access to user A's tables, but only at the level of access user A has been
granted (select, insert etc.).



From memory, this is a requirement of the C2 security level that standard
Oracle operates under.  There is a higher security level (B1) that Trusted
Oracle runs under, but you don't see much of that.



Of course, it seems pretty silly that a privileged user like SYS can
update, delete, drop another user's data, but can't grant access to it
without this intermediary step, but hell, we didn't make the rules, we just
have to follow them!    ;)



HTH


Pete



pradyumn_sharma_at_hotmail.com wrote:



> *       Using Personal Oracle7, release 7.2.2.3.1. I log on as


> sys/change_on_install, and give the following command:


>


>         SQL> grant select on pradyumn.x to system;


>         grant select on pradyumn.x to system


>                          *


>         ERROR at line 1:


>         ORA-01031: insufficient privileges


>


>         Why so?


>


> -----------== Posted via Deja News, The Discussion Network ==----------


> http://www.dejanews.com/       Search, Read, Discuss, or Start Your Own





--




Regards



Pete




Peter Sharman                             Email: psharman_at_us.oracle.com
WISE Course Development Manager           Phone: +1.650.607.0109 (int'l)
Worldwide Internal Services Education            (650)607 0109 (local)


San Francisco



SQL> select standard_disclaimer, witty_remark
  2  from company_requirements;



Opinions are mine and do not necessarily reflect those of Oracle
Corporation



"Controlling application developers is like herding cats."
Kevin Loney, ORACLE DBA Handbook


"Oh no it's not!  It's much harder than that!"
Bruce Pihlamae, long term ORACLE DBA









Received on Fri Apr 09 1999 - 10:44:40 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US