Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: view privilege

RE: view privilege

From: Mercadante, Thomas F (LABOR) <thomas.mercadante_at_labor.state.ny.us>
Date: Mon, 25 Apr 2005 15:49:58 -0400
Message-ID: <C9995D8C5E0DDA4A8FF9D68EE666CE0704AC04AF@exchsen0a1ma>


Ray,

I've always felt that Oracle was a bit lazy in regards to stuff like this. It always felt to me that they just didn't want to have to validate security access every time a view (or when you create a package) was to be executed. And it would be a big job if you think about it - having to chase down all of the stuff a role may have been granted. And since Roles may be granted to other Roles, this chase down the security rabbit hole could be extensive.

It might even be an Ansi standard.

But at least they are consistent with this - and it works the same way for every release!!

Tom

-----Original Message-----
From: Ray Stell [mailto:stellr_at_cns.vt.edu] Sent: Monday, April 25, 2005 2:30 PM
To: oracle-l
Subject: view privilege

>From the 9.2 docs:

The owner of the view (whether it is you or another user) must have been explicitly granted privileges to access all objects referenced in the view definition. The owner cannot have obtained these privileges through roles.

What is the logic behind the role restriction? Why is a role less secure in the ora architecture? Thanks.



Ray Stell stellr_at_vt.edu (540) 231-4109 Tempus fugit 28^D
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
Received on Mon Apr 25 2005 - 15:54:24 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US