Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Q: How to see another users pkg-bodies without dba-role
Thomas, let me say first that that was done just beautifully; I was all set
to say something like "geez, you ought to be working for Oracle" when I
discovered that issue was moot,
But anyhow, especially since I know you work for da family, I gotta beef here--
Why should anyone with just execute privileges be able to see the code or anything else inside the objects they happened to have been granted execute rights upon? (God, is that actually a sentence? I'm tired...)
With the sometimes overly abundant and highly granular privilege mechanism, a far cry from the old days of:
connect, resource, dba
and of course object level privileges which back in those days didn't have to concern themselves with things like 'execute' unless it meant the DBA, its surprising, if not shocking, to me, to learn that people with merely execute privs can view any part of the code or code skeleton. Why should they?
I mean as primitive as UNIX is with its permission scheme (compared with Oracle), you can allow someone to execute something, but not inspect the code; I should think that amounts to big boo boo somewhere in Oracle land.
I'd further propose {yes yes, I know this isn't the place to do it, etcetera} that while they're at it:
But actually, all this started as a note to compliment you on your excellent write-up here.
RSH.
"Thomas Kyte" <tkyte_at_us.oracle.com> wrote in message
news:a5j1rs025su_at_drn.newsguy.com...
> In article <178d2795.0202270723.66ac1c69_at_posting.google.com>,
> mark.powell_at_eds.com says...
> >
> >"Reinhard" <Reinhard_nospam.Wahl_at_gmx.de> wrote in message
> >news:<a5ica0$7g33j$1_at_ID-119204.news.dfncis.de>...
> >> Hi,
> >>
> >> what privilege does user A need to see the sources of the package
bodies of
> >> user B if he has no dba-rights?
> >> I tried some of the privileges of the dba-role, but there are to many
and
> >> user A has to reconnect every time again because ORACLE seems to
remember
> >> the rights from the last login.
> >>
> >> Does anyone know the decisively privilege?
> >> Regards
> >> Reinhard
> >> --------------------------------------------------------------
> >> For direct reply please remove _nospam from address
> >
> >If you can execute the package you have select privilege on its source
> >in the all_source dictionary view.
> >
>
>
>> ......
> o.owner# in (userenv('SCHEMAID'), 1 /* PUBLIC */)
> or
> (
> (
> (
> (o.type# = 7 or o.type# = 8 or o.type# = 9)
> and
> o.obj# in (select obj# from sys.objauth$
> where grantee# in (select kzsrorol from x$kzsro)
> and privilege# = 12 /* EXECUTE */)
> )
> or
> exists
> (
> select null from sys.sysauth$
> where grantee# in (select kzsrorol from x$kzsro)
> and
> (
> (
> /* procedure */
> (o.type# = 7 or o.type# = 8 or o.type# = 9)
> and
> (
> privilege# = -144 /* EXECUTE ANY PROCEDURE */
> or
> privilege# = -141 /* CREATE ANY PROCEDURE */
> )
> )
> or
> (
> /* package body */
> o.type# = 11 and
> privilege# = -141 /* CREATE ANY PROCEDURE */
> )
> >
> >
>
>
>
>
>
>
>
>
>
>
> OPS$TKYTE PACKAGE MY_PKG package my_pkg
> OPS$TKYTE PACKAGE MY_PKG as
> OPS$TKYTE PACKAGE MY_PKG procedure p;
> OPS$TKYTE PACKAGE MY_PKG end;
> OPS$TKYTE PROCEDURE P procedure p as begin
null;
> end
> ;
> >
>
>
>
>
> OPS$TKYTE PACKAGE MY_PKG package my_pkg
> OPS$TKYTE PACKAGE MY_PKG as
> OPS$TKYTE PACKAGE MY_PKG procedure p;
> OPS$TKYTE PACKAGE MY_PKG end;
> OPS$TKYTE PACKAGE BODY MY_PKG package body my_pkg
> OPS$TKYTE PACKAGE BODY MY_PKG as
> OPS$TKYTE PACKAGE BODY MY_PKG procedure p
> OPS$TKYTE PACKAGE BODY MY_PKG is
> OPS$TKYTE PACKAGE BODY MY_PKG begin
> OPS$TKYTE PACKAGE BODY MY_PKG null;
> OPS$TKYTE PACKAGE BODY MY_PKG end;
> OPS$TKYTE PACKAGE BODY MY_PKG end;
> OPS$TKYTE PROCEDURE P procedure p as begin
null;
> end
> ;
> >
>
> >
> > >> >HTH
> >If you are not familar with the rdbms dictionary you might want to
> >review the following articles:
> >
> >How do I find information about a database object: table, index,
> >constraint, view, etc... in Oracle ?
> >at url http://www.jlcomp.demon.co.uk/faq/privileges.html
> >
> >And for security related information
> >
> >How do I find out which users have the rights, or privileges, to
> >access a given object ?
> >at url http://www.jlcomp.demon.co.uk/faq/object_info.html
> >
>> Expert one on one Oracle, programming techniques and solutions for Oracle.
> --
> Thomas Kyte (tkyte@us.oracle.com) http://asktom.oracle.com/