Wednesday, January 25, 2012

Difference between WITH GRANT and WITH ADMIN

Sometimes people are puzzled to find out the difference between WITH GRANT and WITH ADMIN.

Here is the simple explanation:

WITH GRANT OPTION:

We can grant object privileges only with grant option like (select,update,insert)

 A--------->B--------->C

If A want to revoke privileges from C, it is not possible. The user who granted the privilege can only revoke. we have to revoke the privilege from B ,that automatically revoke the privileges from C.

WITH ADMIN OPTION:

We can give the system privileges onlywith admin option(CREATE TABLE,CREATE INDEX,CREATE SESSION)

 A------>B-------->C

In admin option,it is possible to revoke the privileges from both B and C by A.Here suppose if we revoke the privileges from B means it didn’t revoke the privileges of C.


Examples:


WITH ADMIN OPTION  When a user is granted a system privilege, the grantor (i.e., the person granting the privilege, typically the DBA) also has the option to allow the grantee (the person receiving the privilege, typically the user) to grant the same privilege to other users. If this is the result desired, the grantor can grant the privilege using the WITH ADMIN OPTION. When privileges are granted WITH ADMIN OPTION,this means that the grantor has decided that the grantee can be fully trusted by him as well as by the user that granted him the system privilege in the first place. In essence 
all users holding a system privilege


Security Hole:  WITH ADMIN OPTION are considered equal and can grant and revoke that privilege from anyone, including the person who granted it to them in the first place.



For example, if you give the key to your car to a friend and tell him that it is alright to make copies of the key, when you ask for the key back from your friend, you cannot, at the same time, get back all copies that were made by him and given to others. In order to get the other copies of the key back, you need to find out who has them. Similarly, in Oracle you need to query the data dictionary to determine which other users were granted the permission being revoked by the user from which it is being revoked.



WITH GRANT OPTION on object privileges allows a user granted 
the privilege to grant it to someone else. The reason for doing this is to minimize the administrative burden of granting object privileges.if an object privilege isrevoked from a user to whom it was granted WITH GRANT OPTION, that privilege would also be removed from anyone that user granted the privilege to. For example,if Damir granted John the SELECT privilege on the DAMIR.JOHN1 table WITH GRANT OPTION, and John then granted the SELECT privilege to Tim, then if Damir issued the command REVOKE SELECT ON DAMIR.JOHN1 FROM JOHN, Tim would also no longer have the privilege. This is because when object privileges are revoked,the revoke also cascades to anyone that the privilege was granted to by the user from whom it is being revoked.



Enjoy:-)

14 comments:

Unknown said...

IT'S A VERY GOOD CONCEPT ABOUT THIS TOPIC......NOW MY ALL CONFUSION WAS FINISHED..THNXXXX

Unknown said...

Thank you very much. You helped me a lot and in the best way )

Unknown said...
This comment has been removed by the author.
Unknown said...

thanq very much

Unknown said...

thanks for Sharing

Unknown said...

qzz0704
uggs outlet
coach outlet
polo ralph lauren
michael kors outlet
nets jerseys
merrell shoes
nike air max 90
fitflops sale clearance
nba jerseys
tory burch outlet

5689 said...

zzzzz2018.8.31
nike outlet
snapbacks wholesale
christian louboutin shoes
hermes belts
ugg boots
canada goose jackets
hugo boss outlet
mbt shoes
louboutin shoes
christian louboutin shoes

Unknown said...

kate spade handbags
yeezy boost 500
adidas yeezy
golden goose
adidas eqt support
ralph lauren uk
golden goose
vapor max
yeezy boost 700
adidas shoes online

yanmaneee said...

moncler jacket
supreme hoodie
louboutin shoes uk
michael kors outlet
cheap jordans
balenciaga shoes
cheap jordan shoes
russell westbrook shoes
christian louboutin sale
nike huarache

yanmaneee said...

coach outlet sale
adidas nmd
russell westbrook shoes
air max 95
fila sneakers
coach outlet
michael kors handbags
yeezy shoes
huaraches
lebron 15

yanmaneee said...

supreme
supreme clothing
fila shoes
yeezy
moncler
coach handbags
yeezy boost 350
michael kors handbags sale
balenciaga triple s
air jordan

mensmindfit movement said...


Mental Fitness | Mental Health Courses Online | Men's Mind Fit

Movement.courses on

mental health

Online Mental Health Courses: Foundation elements of life

including; mindset, fitness, health & wellbeing, business

effectiveness, nutrition, recovery & mental stability. online.
online courses

mental health

theatay said...

useful content high end replica bags click here to read replica bags recommended you read Louis Vuitton fake Bags

mclayte said...

Full Report Dolabuy Dior reference visit this page find out here Learn More Here