Top 60 Oracle Blogs

Recent comments

The strange place for INHERIT PRIVILEGES

A while back in an Office Hours session, I touched on a relatively new privilege in the database called INHERIT PRIVILEGES which is designed to avoid erroneous privilege escalation via AUTHID CURRENT_USER routines.

You can watch the full video below

But in a nutshell, it protects against of the concept of a low privileged account “asking” a higher privileged account to run something in order to get access to those higher privileges. In human terms, this is a me phoning the DBA and saying: “Hi, could you run my procedure for me?” when deep down inside the code of that procedure I’ve embedded something nasty.

The INHERIT PRIVILEGES is a new privilege that can be used to guard against such scenarios, but we had a question on AskTOM on where to find such grants. Interestingly, even though it is a privilege given on a user to a user, if you need to find where the privileges are granted, you need to look in DBA_TAB_PRIVS, and the user that is the subject of the privilege will be found in the TABLE_NAME column. Go figure </p />

    	  	<div class=