Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Package with invoker's rights (8.0)

Re: Package with invoker's rights (8.0)

From: Daniel Morgan <dmorgan_at_exesolutions.com>
Date: Fri, 27 Sep 2002 15:25:48 GMT
Message-ID: <3D94786C.47FCDA09@exesolutions.com> 





Christophe C wrote:



> Hi,

>

>  I've written a package that may update the database. Another user

> needs access (by SQL*Plus or Access) to some of its functions, but is

> not allowed to update the database.

>  If I make GRANT EXECUTE to this user, he uses the rights of the owner

> of the package and can update the DB. The best for me would be the

> package to be executed only with the rights of the user who calls it.

>  It is Oracle 8.0, and it seems it does not have the same fine grain

> management that 8i. Any idea to solve this problem (other than

> compiling two versions of the package, make user-wrapper packages, or

> test the user in the dangerous functions) is welcome!

>  Thanks in advance.




One way is to have some code in a before update trigger do something like:



SELECT user


INTO current_user


FROM dual;



compare the result to an appliation table and raise an exception when
necessary.



Daniel Morgan
Received on Fri Sep 27 2002 - 10:25:48 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US