| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: view privilege
Ray,
I've always felt that Oracle was a bit lazy in regards to stuff like this. It always felt to me that they just didn't want to have to validate security access every time a view (or when you create a package) was to be executed. And it would be a big job if you think about it - having to chase down all of the stuff a role may have been granted. And since Roles may be granted to other Roles, this chase down the security rabbit hole could be extensive.
It might even be an Ansi standard.
But at least they are consistent with this - and it works the same way for every release!!
Tom
-----Original Message-----
From: Ray Stell [mailto:stellr_at_cns.vt.edu]
Sent: Monday, April 25, 2005 2:30 PM
To: oracle-l
Subject: view privilege
>From the 9.2 docs:
The owner of the view (whether it is you or another user) must have been explicitly granted privileges to access all objects referenced in the view definition. The owner cannot have obtained these privileges through roles.
What is the logic behind the role restriction? Why is a role less secure in the ora architecture? Thanks.
-- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-lReceived on Mon Apr 25 2005 - 15:54:24 CDT
 |
 |