Create package in another schema without using 'ALTER ANY PROCEDURE' privilege [message #203051] |
Mon, 13 November 2006 13:23 |
gp01
Messages: 4 Registered: November 2006 Location: Argentina
|
Junior Member |
|
|
Hi all,
I face this situation: Need to permit a user to compile packages in another schema, but just in this schema. If i grant 'CREATE ANY PROCEDURE' that user could be modify procedures on all schemas (bad idea jeje). Is there any privilege that cover this situation?
Thanks in advance
|
|
|
|
|
|
|
Re: Create package in another schema without using 'ALTER ANY PROCEDURE' privilege [message #203224 is a reply to message #203084] |
Tue, 14 November 2006 06:49 |
gp01
Messages: 4 Registered: November 2006 Location: Argentina
|
Junior Member |
|
|
Frank, the not-owner user should be have permissions to alter that packages too. The problem resides on the 'most wide' permisions that grants the 'ALTER ANY PROCEDURE' privilege (he eventually could alter packages in other schemas)
Andrew, granting execute couldn't allow to modify the package.
Maybe i´m not being clear. Hope this helps:
-------------
User1.Package1
Logged as User2, need to:
CREATE OR REPLACE PACKAGE User1.Package1 AS ...
and
ALTER PACKAGE User1.Package1 COMPILE / COMPILE BODY
|
|
|
Re: Create package in another schema without using 'ALTER ANY PROCEDURE' privilege [message #203239 is a reply to message #203224] |
Tue, 14 November 2006 07:26 |
JRowbottom
Messages: 5933 Registered: June 2006 Location: Sunny North Yorkshire, ho...
|
Senior Member |
|
|
I think you've missed the point of andrew's suggestion.
Create a procedure in USER1 like this:
CREATE OR REPLACE PROCEDURE make (p_code in varchar2) is
BEGIN
IF user != 'USER2' THEN
raise_application_error(-20001,'Only USER2 can run this');
ELSE
execute immediate p_code;
END IF;
END make;
Grant execute on this procedure to USER2.
If USER2 runs this
begin
user1.make('CREATE OR REPLACE PROCEDURE user1.make_test is begin null; end;');
end;/ then as long as USER1 has the CREATE PROCEDURE privilege granted explicitly then this will allow USER2 to create the procedure MAKE_TEST in the schema USER1.
|
|
|
|
|