RE: view privilege

  • From: "Mercadante, Thomas F (LABOR)" <thomas.mercadante@xxxxxxxxxxxxxxxxx>
  • To: "'stellr@xxxxxxxxxx'" <stellr@xxxxxxxxxx>, oracle-l <oracle-l@xxxxxxxxxxxxx>
  • Date: Mon, 25 Apr 2005 15:49:58 -0400


I've always felt that Oracle was a bit lazy in regards to stuff like this.
It always felt to me that they just didn't want to have to validate security
access every time a view (or when you create a package) was to be executed.
And it would be a big job if you think about it - having to chase down all
of the stuff a role may have been granted.  And since Roles may be granted
to other Roles, this chase down the security rabbit hole could be extensive.

It might even be an Ansi standard.

But at least they are consistent with this - and it works the same way for
every release!!


-----Original Message-----
From: Ray Stell [mailto:stellr@xxxxxxxxxx] 
Sent: Monday, April 25, 2005 2:30 PM
To: oracle-l
Subject: view privilege

From the 9.2 docs:

The owner of the view (whether it is you or another user) must have
been explicitly granted privileges to access all objects referenced in
the view definition. The owner cannot have obtained these privileges
through roles.

What is the logic behind the role restriction?  Why is a role less
secure in the ora architecture?  Thanks.
Ray Stell  stellr@xxxxxx  (540) 231-4109  Tempus fugit  28^D

Other related posts: