RE: Asinine security workarounds in Oracle, Part XXXXIII

2002-05-10 Thread Whittle Jerome Contr NCI 
Title: RE: Asinine security workarounds in Oracle, Part III






Paul,


Does that mean some of the films I have at home are sequels with 29 other episodes?





Jerry Whittle

ACIFICS DBA

NCI Information Systems Inc.

[EMAIL PROTECTED]

618-622-4145


-Original Message-

From:   Paul Baumgartel [SMTP:[EMAIL PROTECTED]]


I don't have an answer, but I do wish to point out that your ""

should be "XL".  Roman numeral innumeracy:  a growing problem?

Re: Asinine security workarounds in Oracle, Part XXXXIII

2002-05-10 Thread Paul Baumgartel 

I don't have an answer, but I do wish to point out that your ""
should be "XL".  Roman numeral innumeracy:  a growing problem?




__
Do You Yahoo!?
Yahoo! Shopping - Mother's Day is May 12th!
http://shopping.yahoo.com
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Paul Baumgartel
  INET: [EMAIL PROTECTED]

Fat City Network Services-- (858) 538-5051  FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists

To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

Asinine security workarounds in Oracle, Part XXXXIII

2002-05-09 Thread Jesse, Rich 

So, a developer asks me "Why can't I grant user CHARLIE access to my view in
schema ALPHA?"

I look in our 8.1.7.2 DB and see this setup:

Schema ALPHA:

-- Simple table.
CREATE TABLE my_table
(col1 VARCHAR2(10),
col2 VARCHAR2(10);

-- View to join ALPHA table to BRAVO table.
CREATE OR REPLACE VIEW my_view AS
SELECT a.col1, b.col2
FROM my_table a,
BRAVO.their_table b
WHERE a.col1 = b.col1;

Schema BRAVO:

-- Simple table.
CREATE TABLE their_table
(col1 VARCHAR2(10),
col2 VARCHAR2(10);
-- Let everyone see it.
GRANT SELECT ON their_table TO ALPHA;
GRANT SELECT ON their_table TO CHARLIE;

When I connect as ALPHA and try to "GRANT SELECT ON my_view TO CHARLIE", I
get:

ORA-1720, GRANT OPTION does not exist for "BRAVO.THEIR_TABLE"

Huh?  Who cares?  Everyone already has SELECT access to it!  Who cares if
ALPHA does not have the WITH GRANT OPTION?  So, as a workaround, I do this
while connected as ALPHA:

-- Remove "foreign" tables from view.
CREATE OR REPLACE VIEW my_view AS
SELECT a.col1
FROM my_table a;

-- Grant access.
GRANT SELECT ON my_view TO CHARLIE;

-- Replace view with original source.
CREATE OR REPLACE VIEW my_view AS
SELECT a.col1, b.col2
FROM my_table a,
BRAVO.their_table b
WHERE a.col1 = b.col1;

And it all works now!  Does anyone have a better way to do this, other than
the GRANT OPTION, as Oracle Support states?

Rich Jesse   System/Database Administrator
[EMAIL PROTECTED]  Quad/Tech International, Sussex, WI USA

Disclaimer: I'm cranky, it's beer day, and it's over 3 hours till beer.
http://www.westbend.net/~legoman
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Jesse, Rich
  INET: [EMAIL PROTECTED]

Fat City Network Services-- (858) 538-5051  FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists

To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).