Return-Path: <oracle-l-bounce@freelists.org>
Delivered-To: 2-oracle-l@orafaq.com
Received: (qmail 14286 invoked from network); 7 Dec 2007 09:16:42 -0600
Received: from freelists-180.iquest.net (HELO turing.freelists.org) (206.53.239.180)
  by 69.64.49.119 with SMTP; 7 Dec 2007 09:16:39 -0600
Received: from localhost (localhost [127.0.0.1])
 by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 8B72A7D4478;
 Fri,  7 Dec 2007 10:15:38 -0500 (EST)
Received: from turing.freelists.org ([127.0.0.1])
 by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 05726-02; Fri, 7 Dec 2007 10:15:38 -0500 (EST)
Received: from turing (localhost [127.0.0.1])
 by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 052837D3B1D;
 Fri,  7 Dec 2007 10:15:37 -0500 (EST)
Received: with ECARTIS (v1.0.0; list oracle-l); Fri, 07 Dec 2007 10:13:30 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
 by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 165527D58CA
 for <oracle-l@freelists.org>; Fri,  7 Dec 2007 10:13:30 -0500 (EST)
Received: from turing.freelists.org ([127.0.0.1])
 by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 05085-10 for <oracle-l@freelists.org>;
 Fri, 7 Dec 2007 10:13:30 -0500 (EST)
Received: from smtp102.sbc.mail.re2.yahoo.com (smtp102.sbc.mail.re2.yahoo.com [68.142.229.103])
 by turing.freelists.org (Avenir Technologies Mail Multiplex) with SMTP id A4F177D58A8
 for <oracle-l@freelists.org>; Fri,  7 Dec 2007 10:13:18 -0500 (EST)
Received: (qmail 62875 invoked from network); 7 Dec 2007 15:13:13 -0000
Received: from unknown (HELO society.servebeer.com) (socpres@sbcglobal.net@99.139.219.90 with login)
  by smtp102.sbc.mail.re2.yahoo.com with SMTP; 7 Dec 2007 15:13:13 -0000
X-YMail-OSG: PeYUoAkVM1nijAM9UspDdu0z37dJgi1NqOLMB7GXGz13.DX6nvY1S9MoljQfPgCTpl7Uv68.vQrEncoi11qJngN.YVWxHNUvr6wXIbYLPXr9IkNHqTykkg--
Received: from society.servebeer.com (localhost [127.0.0.1])
 by society.servebeer.com (Postfix) with ESMTP id B60C4201598A
 for <oracle-l@freelists.org>; Fri,  7 Dec 2007 09:13:12 -0600 (CST)
Received: from internet.pkdy.com ([12.17.117.251])
        (SquirrelMail authenticated user rjesse);
        by society.servebeer.com with HTTP;
        Fri, 7 Dec 2007 09:13:12 -0600 (CST)
Message-ID: <46142.12.17.117.251.1197040392.squirrel@12.17.117.251>
In-Reply-To: <083667B535F3464CA0DD0D1DAFA4E3760F2287AA@camexc1.kfs.local>
References: <51195.12.17.117.251.1196975360.squirrel@12.17.117.251>
    <083667B535F3464CA0DD0D1DAFA4E3760F2287AA@camexc1.kfs.local>
Date: Fri, 7 Dec 2007 09:13:12 -0600 (CST)
Subject: RE: How to purge dba_recyclebin from a procedure?
From: "Rich Jesse" <rjoralist@society.servebeer.com>
To: oracle-l@freelists.org
User-Agent: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
X-archive-position: 3780
X-ecartis-version: Ecartis v1.0.0
Sender: oracle-l-bounce@freelists.org
Errors-to: oracle-l-bounce@freelists.org
X-original-sender: rjoralist@society.servebeer.com
Precedence: normal
Reply-to: rjoralist@society.servebeer.com
List-help: <mailto:ecartis@freelists.org?Subject=help>
List-unsubscribe: <oracle-l-request@freelists.org?Subject=unsubscribe>
List-software: Ecartis version 1.0.0
List-Id: oracle-l <oracle-l.freelists.org>
X-List-ID: oracle-l <oracle-l.freelists.org>
List-subscribe: <oracle-l-request@freelists.org?Subject=subscribe>
List-owner: <mailto:steve.adams@ixora.com.au>
List-post: <mailto:oracle-l@freelists.org>
List-archive: <http://www.freelists.org/archives/oracle-l>
X-list: oracle-l
X-Virus-Scanned: Debian amavisd-new at localhost.localdomain

Right, this is demonstrating what I had said.  But does anyone else see the
inconsistency here?  It's as though the procedure is using a combination of
definer and invoker rights, since the caller of the procedure must have
SYSDBA and not the owner of the procedure itself.  Perhaps it's just
semantics, given the special nature of SYSDBA, which I'm beginning to
despise as being a requirement for such a trivial statement.

Also, since this is a 10gR1 DB, I don't think I'll be setting the hidden
parameter, but thanks for reminding me that it's there.

Rich

> Because purging dba_recyclebin is only permitted with the SYSDBA
> privilege you are not able to do it even if you create the procedure in
> SYS and grant execute privilege on it to another user. Even if you grant
> SYSDBA, that user will not be able to run it unless connected as SYSDBA.
>
> You can use the "recyclebin" init parameter in 10G R2 to turn recyclebin
> off completely if you want that (in 10G R1 it is a hidden parameter).
>
> SQL> CREATE OR REPLACE PROCEDURE purge_dba_recycle_bin AS
>   2     v_statement                VARCHAR2(100) := 'PURGE
> DBA_RECYCLEBIN';
>   3  BEGIN
>   4     EXECUTE IMMEDIATE v_statement;
>   5  END;
>   6  /
>
> Procedure created.
>
> SQL> grant execute on purge_dba_recycle_bin to test;
>
> Grant succeeded.
>
> SQL> grant sysdba to test;
>
> Grant succeeded.
>
> SQL> conn test
> Enter password:
> Connected.
> SQL> exec sys.purge_dba_recycle_bin;
> BEGIN sys.purge_dba_recycle_bin; END;
>
> *
> ERROR at line 1:
> ORA-01031: insufficient privileges
> ORA-06512: at "SYS.PURGE_DBA_RECYCLE_BIN", line 4
> ORA-06512: at line 1
>
>
> SQL> conn test as sysdba
> Enter password:
> Connected.
> SQL> exec sys.purge_dba_recycle_bin;
>
> PL/SQL procedure successfully completed.


--
http://www.freelists.org/webpage/oracle-l