Xref: alice comp.databases.oracle.server:73616 Path: alice!news-feed.fnsi.net!newsfeed.direct.ca!su-news-hub1.bbnplanet.com!paloalto-snf1.gtei.net!news.gtei.net!inet16.us.oracle.com!not-for-mail From: Thomas Kyte Newsgroups: comp.databases.oracle.server Subject: Re: ORA-01031: insufficient privileges Date: Thu, 11 Nov 1999 15:52:18 -0500 Organization: Oracle Service Industries Lines: 66 Message-ID: <+isrONyRyVd3dbZX5sfaR8DcrvEW@4ax.com> References: <80f3i7$787$1@nnrp1.deja.com> <80f4gk$840$1@nnrp1.deja.com> <80f8hp$bfi$1@nnrp1.deja.com> Reply-To: tkyte@us.oracle.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: inet16.us.oracle.com 942353460 17272 138.1.114.224 (11 Nov 1999 20:51:00 GMT) X-Complaints-To: usenet@inet16.us.oracle.com NNTP-Posting-Date: 11 Nov 1999 20:51:00 GMT X-Newsreader: Forte Agent 1.6/32.525 A copy of this was sent to Nandakumar (if that email address didn't require changing) On Thu, 11 Nov 1999 20:22:20 GMT, you wrote: >why's it like that? > >if system does not have privilege to grant some select on some table to >some user ( non-owner), then when you create a role of select privileges >on tables in different schemas, you would have to connect to each user >and grant select privilege on appro. table, which i guess is not an easy >way. >moreover, you require the password of each user to connect. > >any other easier way?? > SYS and SYSTEM are just accounts. SYS has some special attributes to it but it really is just yet another account, like SCOTT. In order for USERA to grant a privelege on USERB's objects, USERB must have at some time granted USERA that privelege WITH GRANT OPTION. That will allow USERA to convey that grant to someone else. So, if userb "grant select on T to usera with grant option", then userA can not only SELECT from T but usera can grant select on T to others. If you want, grant select on your objects to SYS or SYSTEM with the grant option, then sys or system can grant select on those objects to others. >regards > >In article <80f4gk$840$1@nnrp1.deja.com>, > Ben Ryan wrote: >> In article <80f3i7$787$1@nnrp1.deja.com>, >> Nandakumar wrote: >> > when i (SYSTEM user) try to GRANT SELECT privilege ON TABLE_A TO >user >> > USER_B i get the error mesg. >> > >> > ERROR at line 1: >> > ORA-01031: insufficient privileges. >> > >> > TABLE_A is owned by user USER_A. >> > >> > ... changing the log on to USER_A , the grant succeedes. >> > >> > i was under the assumption that SYSTEM can grant/revoke any >privilege >> to >> > any user on any object. am i wrong? >> >> Yes. you are wrong. >> >> Sent via Deja.com http://www.deja.com/ >> Before you buy. >> -- See http://osi.oracle.com/~tkyte/ for my columns 'Digging-in to Oracle8i'... Current article is "Part I of V, Autonomous Transactions" updated June 21'st Thomas Kyte tkyte@us.oracle.com Oracle Service Industries Reston, VA USA Opinions are mine and do not necessarily reflect those of Oracle Corporation