Well, since upgrade to 8i doesn't seem like an option, the only thing that
comes to my mind is to split the package in two: one with 'safe' functions
that do not alter any data, and one with 'unsafe' ones. For me, this is the
easiest and safest way (and actually I would do it this way even on 8i -
packages with invoker rights have their cons and should not be used just
anywhere because it's such a cool feature.)
--
Vladimir Zakharychev (bob@dpsp-yes.com) http://www.dpsp-yes.com
Dynamic PSP(tm) - the first true RAD toolkit for Oracle-based internet applications.
All opinions are mine and do not necessarily go in line with those of my employer.
"Christophe C" <chcourto_at_capgemini.fr> wrote in message
news:7c48818a.0209270652.569e3a27_at_posting.google.com...
> Hi,
>
> I've written a package that may update the database. Another user
> needs access (by SQL*Plus or Access) to some of its functions, but is
> not allowed to update the database.
> If I make GRANT EXECUTE to this user, he uses the rights of the owner
> of the package and can update the DB. The best for me would be the
> package to be executed only with the rights of the user who calls it.
> It is Oracle 8.0, and it seems it does not have the same fine grain
> management that 8i. Any idea to solve this problem (other than
> compiling two versions of the package, make user-wrapper packages, or
> test the user in the dangerous functions) is welcome!
> Thanks in advance.
Received on Tue Oct 01 2002 - 06:13:12 CDT
