Re: why can I not create a stored object using privileges from a role

From: Carl Gohringer <cgohring_at_lucifer>
Date: Thu, 29 Sep 1994 14:39:09 GMT
Message-ID: <CwwBDA.HAF_at_nl.oracle.com>

steve.clover_at_syntex.com writes:
:
: I am curious...
: Does anybody know the reason why you cannot create a stored object using privileges from a role.
:
: For example if we grant select any table to a role and grant that role to a user, that user cannot create a
: view based on a SYS table. You get ORA-01993
:
: Cheers,
: Steve Clover
: ORACLE DBA
: Syntex Development Research, Maidenhead, Berkshire, England.
:

This is documented in the Application Developer's Guide for Oracle7.

To create any stored object(ie, view, procedure, function etc), any Object Privileges which are required to create that object MUST be granted directly, and not via a role.
Note this is not true of the required System Privileges. For example, to create a view, the CREATE VIEW System Privilege may be granted via a role. However, if the view references a table owned by another user, the SELECT privilege on that table must be granted directly to create the view, and not via a role.

This is the documented desired behavior.

--
regards,
Carl
+-----------------------------------------------------------------------------+
Carl Gohringer, European Development Centre 
Oracle Park, Bittams Lane, Chertsey, Surrey, England, KT16 9RG
Internet   : cgohring_at_uk.oracle.com    
+-----------------------------------------------------------------------------+

Received on Thu Sep 29 1994 - 15:39:09 CET

This message: [ Message body ]
Next message: Alvin Law: "Re: 100MB Import in 10 hours?"
Previous message: steve.clover_at_syntex.com: "why can I not create a stored object using privileges from a role"
In reply to: steve.clover_at_syntex.com: "why can I not create a stored object using privileges from a role"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message