Object privileges (what would Grant Any Object?)

Dúvidas, dicas e truques de PL/SQL. Aqui também vão assuntos relacionados a pacotes, triggers, funções, Java-Stored Procedures, etc
Post Reply
Cristiano Gomes
Rank: Programador Júnior
Rank: Programador Júnior
Posts: 25
Joined: Fri, 25 May 2007 3:21 pm
Location: São Paulo

Good afternoon guys,

1) Does anyone know how to tell me what the low command allows a user to do?

Select all

GRANT ANY OBJECT PRIVILEGE 
2) In the source code appeared the way below, but I believe this is for Oracles before version 9i

Select all

GRANT ANY OBJECT 
]

The question is that I am being asked to change my GRANT ANY OBJECT code to GRANT ANY OBJECT PRIVILEGE and would like to know if this can bring me a problem.

Thank you
User avatar
stcoutinho
Moderador
Moderador
Posts: 850
Joined: Wed, 11 May 2011 5:15 pm
Location: são Paulo - SP

Cristinano,

This information I obtained in the Oracle 9i Manual (Oracle9I Database Concepts Release 2 (9.2)), but I understand that it extends to all releases after this:
Who can grant schema object privileges?
The User Automatically Has All Object privileges for Schema Objects Contained in His Or Her Schema. The User Can Grant Any Object Privilege On Any Schema Object He or She Owns to Any Other User Or Role. The User With The Grant Any Object Privilege Can Grant Or Reuvoke Any Specified Object Privilege to Another User With Or Without The Grant Option Of The Grant Statement. Otherwise, The Grantee Can use The Privilege, but Cannot Grant It to Other Users.

for example, assumes User Scott Has to Table Named T2:

Select all

SQL>GRANT grant any object privilege TO U1;  
SQL> connect u1/u1  
Connected.  
SQL> GRANT select on scott.t2 \TO U2;  
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS  
 WHERE TABLE_NAME = 'employees';  
 
GRANTEE                        OWNER  
------------------------------ ------------------------------  
GRANTOR                        PRIVILEGE                                GRA  
------------------------------ ---------------------------------------- ---  
U2                             SCOTT  
SCOTT                          SELECT                                   NO
From what I can Understanding, when a user has the "Grant Any Object" privilege it can assign access permissions to objects (which do not belong to it) for any schema or role.

In the example above, the U1 user assigned a Select permission in the Scott.t2 table for the U2 user.

As U1 had the privilege GRANT ANY OBJECT the SCOTT user did not have to do a GRANT SELECT ON SCOTT.T2 TO U1 WITH GRANT OPTION

Hugs,

Sergio Coutinho
Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 2 guests