An additional effect of this feature is that users who create views by using privileges that they hold because their current role received those privileges WITH GRANT OPTION will inherit that attribute, enabling them to grant to others the same privileges on the views.
Restrictions: In DML operations on database objects, privileges held through the current role are equivalent to privileges that were granted to a user individually or to the PUBLIC group. When using the GRANT or REVOKE statement, however, privileges held only through the current role do not affect what privileges the user can grant or revoke. If the user submits a GRANT or REVOKE statement without holding the appropriate privileges as an individual or as a member of the PUBLIC group, the statement fails with error -302, even if a role that is currently set holds the required privileges. This restriction on GRANT or REVOKE statements applies both to roles that the user was granted directly and to cascading roles (role trees). For illustrations of this restriction, see Example 6 in the examples for the GRANT statement, and Example 4 in the REVOKE section.
Enterprise Edition Home | Express Edition Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]