Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Difference between grant to user and grant to role

Re: Difference between grant to user and grant to role

From: Arjan van Bentem <avbentem_at_DONT-YOU-DAREdds.nl>
Date: Fri, 31 Jul 1998 15:17:31 +0200
Message-ID: <6psg4n$848$1@newton.a2000.nl>

In fact, anonymous PL/SQL blocks can use the grants they got through a role. However, for packages, this is not true.

It has to be that way, due to some early binding Oracle performs when converting your PL/SQL code to P-code. So, Oracle performs the security checks at compile time. When a grant or revoke is issued, the last_ddl_time of the object changes, causing the PL/SQL package to get invalid, and automatically recompiled at the next run. So, no security problems here. However, when a role changes, the last_ddl_time of the objects is not changed, and thus the PL/SQL package does not require recompiling. This way, possible security issues might exist. Therefore, Oracle requires that you explicitly grant the rights, not using a role.

Arjan. Received on Fri Jul 31 1998 - 08:17:31 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US