| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: your mail - Forms & database roles
Thanks Bill:
So, how can we get around that situation. We only want users with insert/update access to the tables to be able to write.
Manjula
-----Original Message-----
To: Krishnan, Manjula R.
Cc: Multiple recipients of list ORACLE-L
Sent: 6/22/01 2:23 PM
On Fri, 22 Jun 2001,Krishnan, Manjula R. scribbled on the wall in glitter...:
->Dear DBA's:
->
->Have any of you come across this bizzare behavior? We have an
application
->that was written using Forms 6i. It runs on the web (using OAS
4.0.8.2) on
->an 8i database.
->
->A user has been granted access through a role. This role APP_READ only
has
->select privileges on all the tables for the application. But, on one
of the
->forms the user is able to write into a table. This form uses a package
to
->write into the table. The role has execute on the package. I checked
the
->form code to see if there was any explicit connect. There was none. I
even
->recreated the user and the same thing is happening.
->
->Can anyone explain this?
->
->Thanks,
->
->Manjula
->
if the role is granted execute on the package, then when the package is
invoked
it runs with the permissions of the owner of the package. that explains
the
write to the table since the owner of the package has the permissions to
write
to that table.
-- Bill "Shrek" Thater Certifiable ORACLE DBA Telergy, Inc. thaterw_at_telergy.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You gotta program like you don't need the money, You gotta compile like you'll never get hurt, You gotta run like there's nobody watching, It's gotta come from the heart if you want it to work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Do you like me for my brain or my baud? -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Krishnan, Manjula R. INET: MRKrishn_at_dcss.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Fri Jun 22 2001 - 14:22:29 CDT
 |
 |