Re: DB Security: PL/SQL and Roles

Whoever compiles the package, procedure, or function requires explicit grants to any objects that the pl/sql references; sequences, tables, views, other pl/sql, etc. Once the pl/sql is compiled then a role can be used to grant execute on the object. The end user actually running the pl/sql only requires execute. We create and compile all of our pl/sql under a single user in production and use public synonyms to reference that user's objects. In development we grant public access to all objects which avoids granting explicit access to every developer.

Phil Cook Received on Sun Jul 06 1997 - 00:00:00 CDT