On 4/25/05, Ray Stell <stellr@xxxxxxxxxx> wrote: >=20 > From the 9.2 docs: >=20 > The owner of the view (whether it is you or another user) must have > been explicitly granted privileges to access all objects referenced in > the view definition. The owner cannot have obtained these privileges > through roles. >=20 > What is the logic behind the role restriction? Why is a role less > secure in the ora architecture? Thanks. > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > Ray Stell stellr@xxxxxx (540) 231-4109 Tempus fugit 28^D Roles, if granted, may or may not be enabled in a user session at runtime. Roles may have had their sys_privs changed between compile time and runtime= . Sounds to me like roles leave holes (for privilege escalation). Before compiling the view, issue the following: SQL> set role none; hth. Paul --=20 #/etc/init.d/init.cssd stop -- f=3Dma, divide by 1, convert to moles. -- //www.freelists.org/webpage/oracle-l