OraFAQ Forum: Security » priveledges

Home » RDBMS Server » Security » priveledges

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

priveledges [message #266301]

Mon, 10 September 2007 07:29

sukhipunni
Messages: 5
Registered: September 2007
Location: Midlands

Junior Member

What is the security risk with priveldges assigned with the grant option YES.e.g.such as guest, sys,system, public.

If these have a grant option set to yes, what does this mean??

Report message to a moderator

Re: priveledges [message #266303 is a reply to message #266301]

Mon, 10 September 2007 07:45

Mohammad Taj
Messages: 2412
Registered: September 2006
Location: Dubai, UAE

Senior Member

Hi,
Are you talking about "with grant option".
If yes then whenever you grant any privilege with "with grant option" to any other user then the user is also grant to grant that privilege to another user.

Eg:
1. with grant option.

SQL> show user
USER is "SYS"
SQL> create table test as select * from all_objects where rownum <= 10;

Table created.

SQL> grant select on test to scott with grant option;

Grant succeeded.

SQL> --Now scott user have select privs on sys.test table with grant option so s
cott now able to grant that privs to another user also.
SQL> conn scott/tiger
Connected.
SQL> grant select on sys.test to admin;

Grant succeeded.

SQL> conn admin/oracle
Connected.
SQL> select count(*) from sys.test;

  COUNT(*)
----------
        10
##########################################
SQL> conn sys as sysdba
Enter password:
Connected.
SQL> create table test1 as select * from all_objects where rownum <= 10;

Table created.

SQL> grant select on test1 to scott;

Grant succeeded.

SQL> --Now this time grant select privs on sys.test1 table WITHOUT with grant op
tion so scott is not able to grant this privs to any other user.
SQL> conn scott/tiger
Connected.
SQL> grant select on sys.test1 to admin;
grant select on sys.test1 to admin
                    *
ERROR at line 1:
ORA-01031: insufficient privileges

Regards
Mohammed Taj

Report message to a moderator

Re: priveledges [message #266307 is a reply to message #266303]

Mon, 10 September 2007 08:15

Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Quote:

SQL> show user
USER is "SYS"
SQL> create table test as select * from all_objects where rownum <= 10;

Ouch! That hurts. Creating table in SYS schema!

Otherwise, it'd be good demo.

Regards
Michel

Report message to a moderator

Re: priveledges [message #266432 is a reply to message #266301]

Mon, 10 September 2007 21:56

Arju
Messages: 1554
Registered: June 2007
Location: Dhaka,Bangladesh. Mobile:...

Senior Member

What the questioner actually wanted to mean that is not at all clear to me.

Report message to a moderator

Re: priveledges [message #266451 is a reply to message #266432]

Mon, 10 September 2007 23:22

Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

He asked for the meaning of "grant" option and its risk and Mohammad perfectly showed this.

Regards
Michel

Report message to a moderator

Previous Topic:	audit vault password
Next Topic:	V11 password

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Dec 04 13:49:18 CST 2024