Re: Granting privileges on table owned by different owner
Date: Thu, 16 Sep 2004 02:28:36 GMT
Message-ID: <oT62d.32813$KU5.7479_at_edtnps89>
Wade Chy wrote:
> Hi All
> I am in a situation where I have to grant select privileges on tables
> owned by a different owner to a specific role. I am logged in as
> system/sysdba. I have created a new role FIN_READ_ONLY. I need to
> grant SELECT privileges on all the existing and future tables owned by
> FIN. I tried to grant SELECT on FIN.ACCT_REF to FIN_READ_ONLY. But was
> not successful due to insufficient privileges since SYSTEM does not
> own the table or dont have grantable on the tables. What will be the
> best way to grant select on all the existing and future tables not
> owned by me/system? Do I have to login as the tables owner? Or does
> all the future tables created by FIN will have to granted individuall?
> I dont know the password for FIN user. I dont want to change the
> password because of some application problem.
> Your help / suggestion will be highly appreciated.
> TIA
>
> Wade Chy
There are subtle differences based on database version and significant possibilities and implications to the command - to the extent I recommend you spend some time in the documentation.
All the doc is available at http://docs.oracle.com. For Oracle9i R2, the shortcut is
http://www.oracle.com/pls/db92/db92.homepage >> SQL, PL/SQL, and SQL*Plus syntax and examples >> G >> GR >> Grant: Definition or >> List of Books >> Reference (and look up Grant in the Table of Contents)
One way to do what you want is to use a 'chain of responsibility' method ...
preferrably as owner (but a DBA like SYSTEM will do)
GRANT {privilege list} TO {app admin} WITH GRANT OPTION;
then as the {app admin} user
GRANT {privilege sublist} TO {user and role list};
I don't know what's happening in your environment - I just successfully tested the following:
connect system/{password} create user test identified by test; grant connect, resource to test; connect test/test create table a ( b number ); connect system/{password} grant select on test.a to oe with grant option; connect oe/oe grant select on test.a to hr; connect hr/hr select count(*) from test.a;
Hans Received on Thu Sep 16 2004 - 04:28:36 CEST