To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege.

To grant a role, you must either have been granted the role with the ADMIN OPTION or have been granted the GRANT ANY ROLE system privilege, or you must have created the role.

To grant an object privilege, you must own the object, or the owner of the object must have granted you the object privileges with the GRANT OPTION, or you must have been granted the GRANT ANY OBJECT PRIVILEGE system privilege. If you have the GRANT ANY OBJECT PRIVILEGE, then you can grant the object privilege only if the object owner could have granted the same object privilege. In this case, the GRANTOR column of the DBA_TAB_PRIVS view displays the object owner rather than the user who issued the GRANT statement.

[@more@]

C:>SQLPLUS test/test

SQL*Plus: Release 10.2.0.1.0 - Production on 星期三 6月 1 17:09:47 2011

連線到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options

SQL> select * from t;

ID NAME
---------- ----------
3 c
1 a
2 b

SQL> grant select on t to test1;

授權成功。

SQL> connect test1/test1
已連線。
SQL> grant select on test.t to test2;
grant select on test.t to test2
*
第 1 行出現錯誤:
ORA-01031: 許可權不足

SQL> connect / as sysdba
已連線。
SQL> grant GRANT ANY OBJECT PRIVILEGE to test1;

授權成功。

SQL> connect test1/test1
已連線。
SQL> grant select on test.t to test2;

授權成功。

SQL>

系統許可權 GRANT ANY OBJECT PRIVILEGE的作用！

相關文章