I believe this is a new 9i feature. The database in question here is 8i.
Sorry for not making that clear before. Such an operation is illegal on all
versions prior to 9i.
That said, I am shocked that such a gaping security hole would be
intentionally programmed into 9i. Would I as a user want my highly sensitive
data to be seen by eyes other than the DBA and those to whom I explicitly
gave it too? I think not. My HR users don't even like DBAs being able to see
that data let alone DBAs granting access to it to whomever they wish. Access
to the users data should be controlled by the user. But that's a different
thread to start some day.
--
Chuck
"Andy Hassall" <andy_at_andyh.org> wrote in message
news:e4pphu83smnbrkl1hcnabq5ev8rla65kgs_at_4ax.com...
> On Fri, 28 Jun 2002 17:01:49 -0400, "Chuck" <chuckh_at_softhome.net> wrote:
>
> >Oh really? Not a specal case? Then how does the DBA doing the full import
> >manage to grant permissions on objects he doesn't own if it's not a
special
> >case? Try doing that under normal cicumstances. It doesn't work does it?
>
> If by DBA user you mean a user with the DBA role...
>
> Connected to:
> Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
> With the Partitioning, OLAP and Oracle Data Mining options
> JServer Release 9.2.0.1.0 - Production
>
> SQL> create user dbauser identified by dbauser;
>
> User created.
>
> SQL> grant dba to dbauser;
>
> Grant succeeded.
>
> SQL> connect dbauser/dbauser_at_ajh9i
> Connected.
> SQL> select table_name from dba_tables where owner = 'TEST';
>
> TABLE_NAME
> ------------------------------
> PLAN_TABLE
> TEST
>
> SQL> create user test2 identified by test2;
>
> User created.
>
> SQL> grant select on test.test to test2;
>
> Grant succeeded.
>
> --
> Andy Hassall (andy@andyh.org) icq(5747695) http://www.andyh.org
> http://www.andyhsoftware.co.uk/space | disk usage analysis tool
Received on Mon Jul 01 2002 - 13:03:19 CDT
