1 Reply Latest reply on Jan 31, 2018 7:31 AM by NadimG

    REVOKE cascade effect..

    N10091201

      In Week 4 video 8 the lady says if we "REVOKE" select privileges from the demo user it will also revoke all select privileges for all the users the demo gave privileges too.

       

      1.) Does this revoking cascade work the same way for a DBA? For example if you have a Company and the DBA makes other DBA accounts for other people in IT what happens when you have to deactivate this persons account? Do you have to re-grant access to all the DBA accounts? Or does this only happen when you remove certain privileges and not delete a user?

       

      2.) Is there an account or an override so that if you happen to have to remove this person or they leave the company that the cascade effect doesn't happen?

       

      Screen Shot 2018-01-30 at 5.56.59 PM.png

       

      Thank you,

       

      Nadia,

        • 1. Re: REVOKE cascade effect..
          NadimG

          A DBA is a role rather than a user. Users are assigned to that role.

           

          The role will have the ANY privileges such as SELECT ANY TABLE. Therefore a user having a DBA role (and the privileges that come with it) will not need to be granted a "with grant option".

           

          Therefore revoking the role from a DBA user will not cascade direct grants. This is assuming that the user with DBA role is only performing admin functions (as he/she should) and not writing application procedures.

          1 person found this helpful