Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: granting privileges on other user
Yep, I did know that (have done that...).
If this was an operational requirement, that's exactly how I would go about implementing it -- but the question was not "how do I do this", but rather "how does it work"...
On the other hand, I agree that my comment could have been taken as "you can't to that", so I appreciate the clarification.
/ Bob
"John" <johnbagnell_at_hotmail.com> wrote in message
news:89ksap$rfn$1_at_bcrkh13.ca.nortel.com...
> Of course you (as the DBA) can still change the user's password, perform
> whatever grants you wish on their objects, then change the password back.
The
> user really can't control this.
>
> Using SELECT username, password FROM dba_users; (and saving the encrypted
> password)
> ALTER USER username IDENTIFIED BY passwd;
>
> {Then connecting as that user and performing your grants}
>
> Then:
>
> ALTER USER username IDENTIFIED BY VALUES
> 'theencryptedpasswordstringyousavedfromtheearlierquery';
>
> You can assume a user's identity and do whatever you like, without ever
knowing
> the user's password.
>
>
>
>
>
> Bob Beilstein wrote:
>
> > <<stuff>>
> >
> > Basically, the idea is that while a user cannot prevent a DBA (or a user
> > with SELECT ANY TABLE role) from seeing the data in his/her tables (or a
> > user with UPDATE ANY TABLE from changing it, etc.), (s)he still retains
> > control over granting privileges to "ordinary mortals" unless (s)he
> > specifically decides to allow another user to do so.
> >
> >
>
>
Received on Fri Mar 03 2000 - 00:00:00 CST