The WITH GRANT OPTION clause
by Brian Laskey, David C. Kreines
Oracle Database Administration: The Essential Refe
- Dedication
- Preface
- I. DBA Tasks
- 1. Introduction
- 2. Installation
- 3. Maximizing Oracle Performance
- 4. Preventing Data Loss
- 5. Oracle Networking
- Oracle Names
- MultiProtocol Interchange
- Connecting to Non-Oracle Databases
- Network Manager Data Storage
- Using Network Manager
- Files Created by Network Manager
- Oracle Net8 Assistant
- Manual Network Configuration
- Sample SQL*Net Files
- SQL*Net Troubleshooting
- 6. Security and Monitoring
- 7. Auditing
- 8. Query Optimization
- 9. Oracle Tools
- 10. The Oracle Instance
- 11. The Oracle Database
- 12. Initialization Parameters
- 13. SQL Statements for the DBA
- SQL Commands by Task
- SQL Command Syntax
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- Reference Section
- column_constraint_clause
- auto_extend_clause
- for_clause
- filespec
- autoextend_clause
- global_index_clause
- local_index_clause
- table_constraint_clause
- table_ref_clause
- column_ref_clause
- column_constraint_clause
- index_organization_clause
- segment_attrib_clause
- partition_clause
- autoextend_clause
- 14. The Oracle Data Dictionary
- Static Data Dictionary Views
- Dynamic Performance Data Dictionary Views
- 15. System Privileges and Initial Roles
- 16. Tools and Utilities
The WITH GRANT OPTION clause
The owner of an object can grant it to another user by specifying the WITH GRANT OPTION clause in the GRANT statement. In this case, the new grantee can then grant the same level of access to other users or roles. Here are three points to keep in mind about the WITH GRANT OPTION clause:
You cannot grant WITH GRANT OPTION to a role.
If you revoke access to a user who had been granted access to an object WITH GRANT OPTION, and that user had granted access to another user, both sets of grants will be revoked.
The WITH GRANT OPTION does not come automatically with the system privileges listed in Table 15.4 that allow you to manipulate objects in any schema. Thus, although a DBA can create a table in someone else’s schema through the CREATE ANY TABLE system privilege, and you can SELECT, INSERT, UPDATE, or DELETE from it through the SELECT ANY TABLE, INSERT ANY TABLE, UPDATE ANY TABLE, and DELETE ANY TABLE system privileges, you cannot grant access to the table to any other user or role.
-
No Comment