Re: dba can't grant object permissions!

From: Paul Brewer <paulb_at_pbrewer.demon.co.uk>
Date: 1996/11/21
Message-ID: <pWNBnCAJaKlyEw8B_at_pbrewer.demon.co.uk>#1/1

In article <32931658.553F_at_magi.com>, Michael Abbey <msabbey_at_magi.com> writes
>James Dickson wrote:
>>
>> I am trying to grant execute on a procedure that belongs
>> to one user to another user, i.e. something like this:
>>
>> SQLDBA> GRANT EXECUTE ON "TOM"."TOMSTHING" TO "HARRY";
>>
>> and I'm getting the error:
>> ORA-01031: insufficient privileges
>>
>> even though as DBA I have the 'grant any privilege' privilege.
>>
>> As a workaround I could change TOM's password,
>> log in as TOM, grant execute priv to HARRY,
>> log back in as DBA and change TOM's password back
>> to what it was (I don't know what it is but I can
>> see the encoded value). This is very messy. Is there
>> an easier way, like granting myself some other privilege?
>> Surely the DBA should be able to easily grant execute
>> permissions on any users' objects to any other user?
>>
>> Thanks,
>> James james_at_valhall.esrin.esa.it
>
>Even though the DBA role seems to inherit the ability to grant
>permissions on other users' objects, this is not the case. Unless the
>DBA user has been given privileges on objects with the GRANT option, the
>DBA user cannot pass on privileges to others.
>
>The only way to accomplish this, though I do not recommend, can be
>illustrated using the following simple example:
>
>USERA owns PERSON
>
>Log in as USERA and issue command
>
> grant execute on PERSON to DBA_USER with grant option;
>
>then log in as DBA_USER and issue command
>
> grant execute on USERA.PERSON to OTHER_USER_OR_ROLE;
>
>Michael
>
>###################################################################
># Michael Abbey Ottawa ON Canada 613 780 2364
>#
># Co-author of: Tuning Oracle Oracle: A Beginner's Guide
># Oracle Data Warehousing
>###################################################################
This is information seeking, not criticism. I'd be interested to know why you don't recommend it. It's our standard method. Our current approach is to create dummy users to own schemas, then do exactly as you suggest.
What alternative is there?
Are we missing something?
TIA

-- 
Paul Brewer

Received on Thu Nov 21 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: AMARENDRA B NETTEM: "Re: Which Oracle Books to Buy? - Oracle on NT."
Previous message: Lun Wing San (Oracle): "Re: Sybase info for Oracle-savvy?"
Maybe in reply to: James Dickson: "dba can't grant object permissions!"
In reply to James Dickson: "dba can't grant object permissions!"
Next in thread: AMARENDRA B NETTEM: "Re: Which Oracle Books to Buy? - Oracle on NT."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message