FW: granting sys objects with grant option in 11.2.0.3 the grant option has no effect

next try, hoping the formatting information is no longer lost

Hello all,

I detected a problem as described by testcase: (tested in following Installations)

Linux x86 64-bit - Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production

Microsoft Windows x86 64-bit - Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production

Linux IA (32-bit) - Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production

The problem did not occure on 11.2.0.2 or previous

Testcase:

create user ttt_user identified by asdfghjk;

grant create session to ttt_user;

grant execute on dbms_output to ttt_user with grant option;

create user ttt2_user identified by asdfghjk;

connect ttt_user/asdfghjk

• execute privilege is there exec dbms_output.enable
• but grant option is missed grant execute on sys.dbms_output to ttt2_user;                      * ERROR at line 1: ORA-01031: insufficient privileges

This problem did not occure with select privilege on a sys table. It also did not occure with execute privilege on a user package.

We use this feature for a special admin user in a software system with tenant isolation where the isolation is done by using separate databse schemas for each tenant. The admin user is there to create new tenants (a very complex installation proedure) and need to grant a couple of execute privileges on sys pacakges.

Does anyone heard of this problem ?

Is there any mechanism to fall back to previous fucntrional behaviour - i. e. seting a hidden parameter, setting a special event etc. ?

(I`m argueing the ignoring of the grant option with execute privilege on sys objects  is a work around due to a security problem occured later)

TIA kf

--
http://www.freelists.org/webpage/oracle-l