| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Solution (sorta) - Re: Another Braindead Friday...
Maybe use row security option using DBMS_RLS package - if you on 8i. In this case you can give users select on the table but restrain them what data thay can see. And then create views if you need akso restrain columns that they can see.
Alex Hillman
-----Original Message-----
Sent: Friday, July 27, 2001 4:41 PM
To: Multiple recipients of list ORACLE-L
Well, thanks to all for the excellent recomendations, but it turns out to be a moot point. Access to the data _must_ be constrained by the security requirements of the system, so I'm turning it over to any Damagers who haven't departed for the "Front 9" yet.
Among the suggestions:
--grant select "with admin option" or "with grant option" to the view
owner.
--grant create view to end users.
--create a stored proc to generate views on the fly in each end users
schema or in the table owner's schema with the necessary grants.
Thanks Again and Happy Friday,
Scott
Scott Shafer wrote:
> >
> > -----Original Message-----
> > Sent: Friday, July 27, 2001 1:31 PM
> > To: Multiple recipients of list ORACLE-L
> >
> > I have RTFM'd re: the following problem in HPUX11, Oracle 7.3.3:
> >
> > --I have user1 who has select privileges on another schema's table
> > (user2.tab) through "Select Any Table" privilege.
> >
> > --user1 creates a view on user2.tab and grants select on the view to
> > other users (user3..n) through a shared role.
> >
> > --When user3, et al tries to select from the view they get the infamous
> > "ORA-1720 - Grant option does not exist for xxx.xxx" error.
> >
> > --I know you I can grant select on user2.tab with grant option to user1
> > and solve this, but I would rather not do that if at all possible.
> >
> > --Also, I could create the view as user2 and not have the problem. The
> > issue here is user1 needs to create the above type of views on the fly
> > (please! I didn't design it!!!), and with 30 sites to support, there is
> > no way to keep up if I have to create the views one by one.
> >
> > Is there any way around the situation besides the "select with grant
> > option" clause to user1 (view owner)?
> > Am I an idiot?
> > Are sheep considered dates in TX?
> > HELP
> >
> > Thanks,
> >
> > Scott Shafer
> > San Antonio, TX
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Scott Shafer INET: sknd100_at_yahoo.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Hillman, Alex INET: Alex.Hillman_at_usmint.treas.gov Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Fri Jul 27 2001 - 15:33:34 CDT
 |
 |