Re: Creator of a role gets what rights?

Why don't you test it for us and post the answers? This type of question can easily be answered with a quick and simple test case, similar to the one that I already posted. Create a role. Try to grant it with the ADMIN option or with the grant OPTION. Do you get an error? If allowed, test to see if there are cascading effects.

[soapbox]
I see questions like this a lot where it is quite easy for a person to test themselves and figure out the answers. It's very easy for you to do. So please do it! In the end, you will be building a nice foundation of testing and developing test cases. These type of building blocks will go a long way toward advancing your DBA career when you need to develop more complicated test cases.

For instance, if I need to determine the optimal stripe width for RAID serving spatial data using Oracle and ESRI's ArcSDE, who am I going to ask? About the best answer I'll get is "it all depends", because that's the true answer. It all depends. It depends on my particular configuration. So I have to develop test cases and determine what is optimal for my specific environment. Unless someone has done the same exact tests with a closely matching configuration, they won't be able to definitively answer my question.

So please do yourself a favor and start to create test cases to answer your questions. This is the next step a DBA should be taking after RTFM. Want to know if a user can accidentally create a table in 9i's new UNDO tablespace? Try it out and see! Want to know what happens to your archived redo logs on your standby when the standby database's power goes out? Unplug the standby database server! Want to know if there are cascading effects on granting roles that you've created? Set up a test case and see!
[/soapbox]
I'm tired now. I think I'll grab a Coke, have a smile, and shut the hell up............

Cheers,
Brian

Peter wrote:
>
> On Tue, 24 Jun 2003 15:19:18 GMT, Hans Forbrich
> <forbrich_at_telusplanet.net> wrote:
>
> I am just talking about what rights the creator of a ROLE will get
> automatically, not sys vs object privileges. If you create a role of
> course you can grant it to someone. Another way of putting this
> question is this:
>
> When you grant a role that you own to another person, can you include
> "with admin option" or the "with grant option" in the statement?
>
> The difference that this will make is, of course, when the role is
> revoked, will there may be cascading effects. "with admin option" will
> not cause any cascading effects.
>
> Thanks a lot
>
> >Peter wrote:
> >
> >> Does the creator of a ROLE get
> >> "with admin option" privilege or the "with grant option" priviilege?
> >
> >Peter,
> >
> >When looking for explanations of syntax, I recommend you start in the
> >SQL Reference manual.
> >
> >In this case, the GRANT command is relevant. Details are available in
> >http://otn.oracle.com/docs/products/oracle9i/doc_library/release2/server.920/a96540/statements_912a.htm#2062195
> >
> >According to that, should your user need to pass on the capability being
> >granted:
> >- IF this command is a SYSTEM privilege, then you use the WITH ADMIN
> >OPTION but
> >- IF this is an OBJECT privilege, then you use the WITH GRANT OPTION
> >
> >If you can not determine whether the capability is an object or a system
> >priivilege, then (according to the document) you can look at table 17-1
> >on the same section.
> >
> >To the observant, an easy way to determine whether this is a SYSTEM or
> >and OBJECT privilege is to look for the keyword "ON" followed by an
> >object identifier - if that exists it is because you are granting the
> >capability on an OBJECT to a user.
> >
> >[3 .... 4 .... 5]
> >/Hans

-- 
===================================================================

Brian Peasland
oracle_dba_at_remove_spam.peasland.com

Remove the "remove_spam." from the email address to email me.


"I can give it to you cheap, quick, and good. Now pick two out of
 the three"