| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Difference between grant to user and grant to role
You probably implied it when you said that you need explicit grants for
packages.
You also need to grant explicit privileges for stored procedures and functions.
Regards !!!
Oracleguru
Arjan van Bentem <avbentem_at_DONT-YOU-DAREdds.nl> wrote in article
<6psg4n$848$1_at_newton.a2000.nl>...
>
> In fact, anonymous PL/SQL blocks can use the grants they got through a
role.
> However, for packages, this is not true.
>
> It has to be that way, due to some early binding Oracle performs when
> converting your PL/SQL code to P-code. So, Oracle performs the security
> checks at compile time. When a grant or revoke is issued, the
last_ddl_time
> of the object changes, causing the PL/SQL package to get invalid, and
> automatically recompiled at the next run. So, no security problems here.
> However, when a role changes, the last_ddl_time of the objects is not
> changed, and thus the PL/SQL package does not require recompiling. This
way,
> possible security issues might exist. Therefore, Oracle requires that you
> explicitly grant the rights, not using a role.
>
> Arjan.
>
>
>
>
>
Received on Fri Jul 31 1998 - 08:37:54 CDT
 |
 |