40. User OE, the owner of the ORDERS table, issues the following command:
GRANT SELECT ,INSERT ON orders TO hr WITH GRANT OPTION.
The user HR issues the following command:
GRANT SELECT ON oe.orders TO scott.
Then, OE issues the following command:
REVOKE ALL ON orders FROM hr.
Which statement is correct?
A. The user SCOTT loses the privilege to select rows from OE.ORDERS.
B. The user SCOTT retains the privilege to select rows from OE.ORDERS.
C. The REVOKE statement generates an error because OE has to first revoke
the SELECT privilege from SCOTT.
D. The REVOKE statement generates an error because the ALL keyword cannot
be used for privileges that have been granted using WITH GRANT OPTION.
Answer: A
关于授权级联问题
授予用户的权限,分为系统权限和对象权限。系统权限是允许进行数据库系统级别的操作,比如表空间脱机、create session等;对象权限是操纵数据库对象如表、视图、索引等,比如对表的查询权限、创建表等等。
系统权限和对象权限,授予的时候,都可以有一个选项option,系统权限授予只能用with admin option,对象权限授予可以用with grant option,也可以用with admin option。
revoke的时候,系统权限回收没有级联效果,带有admin option的用户,再授权出去的用户,不会把这权限用第二个用户那里收回的。对象权限,有级联效果,一旦权限收回,通过grant option授权出去的用户,全部都会被收回权限。