This content has been marked as final. Show 1 reply
Normally, when you want to allow a user to do something that Oracle's privileges are not sufficiently fine-grained to handle, you would
- Create a stored procedure that is owned by a privileged user (someone that has the ALTER USER privilege)
- In this stored procedure, implement whatever checks you want (i.e. that the username passed in is a user that has the specified role or that is in a particular table)
- Grant the user you want to have limited privileges EXECUTE access on this stored procedure
The less-privileged user will now be able to alter a subset of users by executing the stored procedure but will not be able to alter other users.