Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is "grant select on sysobject with grant option" currently not supported? #143

Open
werner-s-germany opened this issue Apr 20, 2020 · 3 comments
Open

is "grant select on sysobject with grant option" currently not supported? #143

werner-s-germany opened this issue Apr 20, 2020 · 3 comments

Comments

@werner-s-germany
Copy link

granting sysobjects works with oracle_grants but "with grant options" seem to be unsupported.
arbitrary SQL command works with oracle_sql but mode sysdba seem to be unsupported.
Does there exist any possibility granting commands like "grant select on sys.user_db_links to with grant option" with oracle_modules?
This needed because it is used in view or PL/SQL in appschema1 and select/execute of appschema1-object should be granted to appschema2.
@duhlig
Copy link
Contributor

duhlig commented Apr 28, 2020

Hi Werner,
I didn't use oracle_grants before, just checked the code. If I'm correct neither grant option for object privs nor admin option for sys privs is implemented. Adding the handling of grant options to oracle_grants would be a major change. You should use oracle_sql instead.
The ansible-oracle-modules can connect as sysdba but not with the BEQ protocol. They use the standard DB connect if you specify username and password and the wallet connect if you omit both.

What exactly do you need to do?: Grants between arbitrary schemas? This would require the grant any privilege or a connect as sysdba.

Viele Grüße,
Dietmar

@werner-s-germany
Copy link
Author

Hi Dietmar,
thank you very much for your answer and information about oracle_sql.
Documentation of oracle_sql does not show mode parameter needed for sysdba connections.
I just tried oracle_sql with mode sysdba. It works like expected. Thanks!

What I exacly need?
Application has multiple app-schema. appschema1 has own database link and a view using all_db_links. appschema1 want to grant its own view using all_db_links to appschema2. Therefore appschema1 need “GRANT SELECT ON SYS.ALL_DB_LINKS TO appschema1 WITH GRANT OPTION;”. Without this grant appschema1 got ORA-error during "grant select on <view-using-all_db_links> to appschema2".

Initially appschema has had too much privileges. We're just reducing privileges (revoke "grant any privilege", "grant any object privilege", other ANY privileges) from appschema, Granting appschema1 objects to appschema2 should be allowed.

Viele Grüße,
Werner

@werner-s-germany
Copy link
Author

I summerize from my point of view:

  • oracle_grants does support mode sysdba but not grants using "with grant option"
  • oracle_sql has actually parameter mode not yet listed but does support mode sysdba

@Rendanic Rendanic mentioned this issue May 29, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@duhlig @werner-s-germany