Re: Granting privileges thru a role Vs. Granting them directly.

From: Steve Miller <smiller_at_gers.com>
Date: 1998/03/19
Message-ID: <01bd536e$3c913860$4f400580_at_sdm>#1/1

If you want the recipient of the grant to be able to create a "stored object" (view, package, etc.), you'll need to grant privileges on that object to the user directly, as privileges on an object received through a role will not allow creation of a stored object. For example, if I "grant all on X to developer_role" to a user, then grant developer_role to user Y, user Y will not be able to create a stored_object that references X. If, however, I "grant all on X to Y", then Y will be able to create a stored_object based upon X. This provides a layer of security.

Regards,

Steve

kunsha <annajvk_at_juno.com> wrote in article <6erkfu$n6n$1_at_news.platinum.com>...
> What are the implications of using one over the other.If
> I know that they can be different. However, logically, I
> do not see a reason why this should be.
>
> Any clarification on this would be greatly appreciated.
>
> JV.
>
>
>
>
Received on Thu Mar 19 1998 - 00:00:00 CET

This message: [ Message body ]
Next message: Michael Krolewski: "Re: Granting privileges thru a role Vs. Granting them directly."
In reply to kunsha: "Granting privileges thru a role Vs. Granting them directly."
Next in thread: Michael Krolewski: "Re: Granting privileges thru a role Vs. Granting them directly."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message