Re: view privilege

  • From: Paul Drake <bdbafh@xxxxxxxxx>
  • To: stellr@xxxxxxxxxx
  • Date: Mon, 25 Apr 2005 15:33:48 -0400

On 4/25/05, Ray Stell <stellr@xxxxxxxxxx> wrote:
> From the 9.2 docs:
> The owner of the view (whether it is you or another user) must have
> been explicitly granted privileges to access all objects referenced in
> the view definition. The owner cannot have obtained these privileges
> through roles.
> What is the logic behind the role restriction?  Why is a role less
> secure in the ora architecture?  Thanks.
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> Ray Stell  stellr@xxxxxx  (540) 231-4109  Tempus fugit  28^D

Roles, if granted, may or may not be enabled in a user session at runtime.
Roles may have had their sys_privs changed between compile time and runtime=
Sounds to me like roles leave holes (for privilege escalation).

Before compiling the view, issue the following:

SQL> set role none;



#/etc/init.d/init.cssd stop
-- f=3Dma, divide by 1, convert to moles.

Other related posts: