We activated enterprise users in the OID.
There is a role APP_ADMIN that has the following grants:
create table with admin option
this is for an application that creates BI schemas, so it needs to be able to create other users.
I have granted these to a local role, and the user has access to the local role, thanks to the OID setup.
The create and drop user work.
however, the grant create table to another user does not work.
Is there an issue with 'with admin option' grants in Enterprise user security?
If I grant
grant create table to test_role with admin option;
it does not work
if I grant
GRANT GRANT ANY PRIVILEGE to test_role WITH ADMIN OPTION;
it does work.
The test command as user with test_role is:
grant create table to test_usr;
If the user is a standard user and I create role test_role
and grant create table to test_role with admin option it works.
but if I convert the user to an EUS user and the same privilege is given to the role ( role is granted to a global role to an enterprise role)
it doesnt work
Edited by: Peter on Dec 7, 2012 2:36 PM
Very odd. Is it possible you could grant the resource role with admin option - would that work - it's giving a lot less than the other privilege you just used - maybe that's a workaround. It seems the admin option part is ok though through EUS as it works fine in your second test. You tried creating another role with the same grants and see if it behaves the same way?
I gave that a try, doesnt work.
off course I cannot grant the system privilege to the eus user since its not a database user anymore ( unless that option exists and I cant find it)
Without solution I will have to use EUS Proxy users for users that need system privileges. Which is not ideal, but we ll have to go with it.