DBA Tips Archive for Oracle
No Title[an error occurred while processing this directive]
by Michael New, MichaelNew@earthlink.net, Gradation LLC
Prior to Oracle9i Release 2 (9.2.0), an object privilege could only be granted by the object owner or a user already holding the object privilege with the GRANT OPTION. This made granting object privileges a difficult task. For example, if an application required object privileges to be granted from multiple schemas, it would require one connect per schema. This would require the application's configuration script to know the passwords of multiple schema owners. This can be difficult to achieve in a secure manner.
New in Oracle9i R2 is the ability for privileged users to grant and revoke privileges on any objects in anybody's schema to any other user on behalf of the object's owner. A new system privilege, GRANT ANY OBJECT PRIVILEGE was introduced to control the delegation of an owner's right to grant and revoke object privileges.
By default, the SYS, SYSDBA and DBA role have this system privilege with the ADMIN option, allowing them to grant this privilege to other users.
Copyright (c) 1998-2018 Jeffrey M. Hunter. All rights reserved.
All articles, scripts and material located at the Internet address of http://www.idevelopment.info is the copyright of Jeffrey M. Hunter and is protected under copyright laws of the United States. This document may not be hosted on any other site without my express, prior, written permission. Application to host any of the material elsewhere can be made by contacting me at firstname.lastname@example.org.
I have made every effort and taken great care in making sure that the material included on my web site is technically accurate, but I disclaim any and all responsibility for any loss, damage or destruction of data or any other property which may arise from relying on it. I will in no case be liable for any monetary damages arising from such loss, damage or destruction.
Last modified on
Tuesday, 10-Jul-2012 13:30:40 EDT
Page Count: 12186