Re: granting privileges on other user

Yep, I did know that (have done that...).

If this was an operational requirement, that's exactly how I would go about implementing it -- but the question was not "how do I do this", but rather "how does it work"...

On the other hand, I agree that my comment could have been taken as "you can't to that", so I appreciate the clarification.

        / Bob

"John" <johnbagnell_at_hotmail.com> wrote in message news:89ksap$rfn$1_at_bcrkh13.ca.nortel.com...
> Of course you (as the DBA) can still change the user's password, perform
> whatever grants you wish on their objects, then change the password back.
 The
> user really can't control this.
>
> Using SELECT username, password FROM dba_users; (and saving the encrypted
> password)
> ALTER USER username IDENTIFIED BY passwd;
>
> {Then connecting as that user and performing your grants}
>
> Then:
>
> ALTER USER username IDENTIFIED BY VALUES
> 'theencryptedpasswordstringyousavedfromtheearlierquery';
>
> You can assume a user's identity and do whatever you like, without ever
 knowing
> the user's password.
>
>
>
>
>
> Bob Beilstein wrote:
>
> > <<stuff>>
> >
> > Basically, the idea is that while a user cannot prevent a DBA (or a user
> > with SELECT ANY TABLE role) from seeing the data in his/her tables (or a
> > user with UPDATE ANY TABLE from changing it, etc.), (s)he still retains
> > control over granting privileges to "ordinary mortals" unless (s)he
> > specifically decides to allow another user to do so.
> >
> >
>
>
Received on Fri Mar 03 2000 - 00:00:00 CST