Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Package with invoker's rights (8.0)
Christophe C wrote:
> Hi,
>
> I've written a package that may update the database. Another user
> needs access (by SQL*Plus or Access) to some of its functions, but is
> not allowed to update the database.
> If I make GRANT EXECUTE to this user, he uses the rights of the owner
> of the package and can update the DB. The best for me would be the
> package to be executed only with the rights of the user who calls it.
> It is Oracle 8.0, and it seems it does not have the same fine grain
> management that 8i. Any idea to solve this problem (other than
> compiling two versions of the package, make user-wrapper packages, or
> test the user in the dangerous functions) is welcome!
> Thanks in advance.
One way is to have some code in a before update trigger do something like:
SELECT user
INTO current_user
FROM dual;
compare the result to an appliation table and raise an exception when necessary.
Daniel Morgan Received on Fri Sep 27 2002 - 10:25:48 CDT