Home » RDBMS Server » Security » priveledges
priveledges [message #266301] Mon, 10 September 2007 07:29 Go to next message
sukhipunni
Messages: 5
Registered: September 2007
Location: Midlands
Junior Member
What is the security risk with priveldges assigned with the grant option YES.e.g.such as guest, sys,system, public.

If these have a grant option set to yes, what does this mean??
Re: priveledges [message #266303 is a reply to message #266301] Mon, 10 September 2007 07:45 Go to previous messageGo to next message
Mohammad Taj
Messages: 2412
Registered: September 2006
Location: Dubai, UAE
Senior Member

Hi,
Are you talking about "with grant option".
If yes then whenever you grant any privilege with "with grant option" to any other user then the user is also grant to grant that privilege to another user.

Eg:
1. with grant option.
SQL> show user
USER is "SYS"
SQL> create table test as select * from all_objects where rownum <= 10;

Table created.

SQL> grant select on test to scott with grant option;

Grant succeeded.

SQL> --Now scott user have select privs on sys.test table with grant option so s
cott now able to grant that privs to another user also.
SQL> conn scott/tiger
Connected.
SQL> grant select on sys.test to admin;

Grant succeeded.

SQL> conn admin/oracle
Connected.
SQL> select count(*) from sys.test;

  COUNT(*)
----------
        10
##########################################
SQL> conn sys as sysdba
Enter password:
Connected.
SQL> create table test1 as select * from all_objects where rownum <= 10;

Table created.

SQL> grant select on test1 to scott;

Grant succeeded.

SQL> --Now this time grant select privs on sys.test1 table WITHOUT with grant op
tion so scott is not able to grant this privs to any other user.
SQL> conn scott/tiger
Connected.
SQL> grant select on sys.test1 to admin;
grant select on sys.test1 to admin
                    *
ERROR at line 1:
ORA-01031: insufficient privileges



Regards
Mohammed Taj
Re: priveledges [message #266307 is a reply to message #266303] Mon, 10 September 2007 08:15 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
SQL> show user
USER is "SYS"
SQL> create table test as select * from all_objects where rownum <= 10;


Ouch! That hurts. Creating table in SYS schema!

Otherwise, it'd be good demo.

Regards
Michel
Re: priveledges [message #266432 is a reply to message #266301] Mon, 10 September 2007 21:56 Go to previous messageGo to next message
Arju
Messages: 1554
Registered: June 2007
Location: Dhaka,Bangladesh. Mobile:...
Senior Member

What the questioner actually wanted to mean that is not at all clear to me.
Re: priveledges [message #266451 is a reply to message #266432] Mon, 10 September 2007 23:22 Go to previous message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
He asked for the meaning of "grant" option and its risk and Mohammad perfectly showed this.

Regards
Michel
Previous Topic: audit vault password
Next Topic: V11 password
Goto Forum:
  


Current Time: Thu Mar 28 17:32:02 CDT 2024