I'm trying to bring my systems in compliance with a certain set of standards. One of them in confirming that the Oracle default behavior of allowing users to grant and revoke privileges to objects they own is still active. I have no idea how this would even be disabled in the first place, but I'm trying to figure out what evidence I can provide that it is still active other than "this is default behavior of Oracle." Is there a way to confirm this in views like dba_tab_privs or something?
Any assistance would be appreciated. Let me know if you need me to clarify.
Best Answer
It isn't just "the default behavior", it's the only behavior. Owners always have full control on their own objects (including grants and revokes on those objects). That's why separation of container schemas from accounts that login to the database is so key to database security.
Addition
There is a slight twist to the answer in that the permissions can be changed so that the owner can longer modify his own objects, BUT the owner is then no longer the owner. This is a loss of ownership for the original owner.
This can be achieved using the following technique:
How to change an Oracle table owner