Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Directly or via role granted object privileges
On Wed, 17 Jul 2002 09:08:42 +1000, "Howard J. Rogers"
<howardjr2000_at_yahoo.com.au> wrote:
>I think the big difference is that privileges granted via a role don't work
>if the user involved then runs a package or procedure which tries to work on
>the object.
>
>In other words, I have a procedure X which says 'update scott.emp....'.
>
>You have the ROLE Y, which includes the 'update on scott.emp' privilege.
>
>You run the procedure, it won't work.
>
>I grant you the 'update on scott.emp' privilege directly, you run the
>procedure and now it does work.
>
>Regards
>HJR
>
>
So this means, preferably, as best practice, the code should be owned
by the owner of the object, or in 8i and higher, created with authid
invoker.
In both cases there is no need to muck around with direct grants.
Regards
Sybrand Bakker, Senior Oracle DBA
To reply remove -verwijderdit from my e-mail address Received on Wed Jul 17 2002 - 00:29:49 CDT