Roles are disabled inside DBMS_SQL and so privileges have to be granted directly to the
user. It is implemented this way because roles can be dynamically enaled/disabled - It
would be a huge overhead on the server if it has to check all that.
BTW granting privileges to public to overcome this is not a good idea because everyone
would then have all the privileges granted to public. Grant all your privileges through
roles and then if any are needed for use in procedures (DBMS_SQL), grant them directly to
user(s). Since procedures execute under the procedure owners' privilege set, it is
usually enough to grant the privileges just to the owner and then grant execute privilege
on those procedure(s) to other users.
HTH
Venkat
>I setup all these nice roles for users/developers etc and now dynamic sql
>won't work with roles the permissions must be directly granted to the user
>or to public.
>
>Any comments about directly granting perms to public (why or why not) what
>has your group done on this issue.
>I have thought of a few reasons why does this has to have directly grants -
>(what is the reason) is this going to change
>in a future release like 8.1 or 9
>
Received on Sun May 31 1998 - 13:29:43 CDT
