I was expecting the following would work (assuming "X" holds the
CREATEDBA grant, and S is secadm):
X> CREATE DATABASE abc; -- (1)
S> GRANT dbadm ON DATABASE abc TO x; --
(2), without grant option
S> REVOKE dbadm ON DATABASE abc FROM x BY x; --
But it doesn't; that is: (1) and (2) work, but not (3); also,
interchanging (2) and (3) does not change matters.
So you are right: it seems impossible to revoke the "with grant
option" grants from the creator of a database (and of any other
object, for that matter).
Error message is: SQLCODE -556: An attempt to revoke a
privilege from "X" was denied because "X" does not hold this
In Reply to Mohamed Esmael:
1- Even if user X is (SYSADM OR
DBADM) is it possible
2- how to Change Privilege fields from G
(Privilege held with the GRANT option) to Y (Privilege is
held without the GRANT option) ?
-- Peter Vanroose
ABIS Training &