is "grant select on sysobject with grant option" currently not supported?

[werner-s-germany]

granting sysobjects works with oracle_grants but "with grant options" seem to be unsupported. arbitrary SQL command works with oracle_sql but mode sysdba seem to be unsupported. Does there exist any possibility granting commands like "grant select on sys.user_db_links to with grant option" with oracle_modules? This needed because it is used in view or PL/SQL in appschema1 and select/execute of appschema1-object should be granted to appschema2.

[duhlig]

Hi Werner, I didn't use oracle_grants before, just checked the code. If I'm correct neither grant option for object privs nor admin option for sys privs is implemented. Adding the handling of grant options to oracle_grants would be a major change. You should use oracle_sql instead. The ansible-oracle-modules can connect as sysdba but not with the BEQ protocol. They use the standard DB connect if you specify username and password and the wallet connect if you omit both.

What exactly do you need to do?: Grants between arbitrary schemas? This would require the grant any privilege or a connect as sysdba.

Viele Grüße, Dietmar

[werner-s-germany]

Hi Dietmar, thank you very much for your answer and information about oracle_sql. Documentation of oracle_sql does not show mode parameter needed for sysdba connections. I just tried oracle_sql with mode sysdba. It works like expected. Thanks!

What I exacly need? Application has multiple app-schema. appschema1 has own database link and a view using all_db_links. appschema1 want to grant its own view using all_db_links to appschema2. Therefore appschema1 need “GRANT SELECT ON SYS.ALL_DB_LINKS TO appschema1 WITH GRANT OPTION;”. Without this grant appschema1 got ORA-error during "grant select on to appschema2".

Initially appschema has had too much privileges. We're just reducing privileges (revoke "grant any privilege", "grant any object privilege", other ANY privileges) from appschema, Granting appschema1 objects to appschema2 should be allowed.

Viele Grüße, Werner

[werner-s-germany]

I summerize from my point of view:

• oracle_grants does support mode sysdba but not grants using "with grant option"
• oracle_sql has actually parameter mode not yet listed but does support mode sysdba