Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: want to see code of stored procedure but without permission to execute it

Re: want to see code of stored procedure but without permission to execute it

From: Mark D Powell <Mark.Powell_at_eds.com>
Date: Fri, 28 Sep 2007 09:58:33 -0700
Message-ID: <1190998713.805805.132950@y42g2000hsy.googlegroups.com> 





On Sep 25, 3:35 pm, Brian Tkatch <N/A> wrote:


> On Tue, 25 Sep 2007 09:43:58 -0700, Mark D Powell

>

>

>

>

>

> <Mark.Pow..._at_eds.com> wrote:

> >On Sep 25, 11:24 am, Brian Tkatch <N/A> wrote:

> >> On Tue, 25 Sep 2007 06:39:37 -0700, "Chris ( Val )"

>

> >> <chris..._at_gmail.com> wrote:

> >> >On Sep 25, 3:38 pm, Benny <benny.der..._at_gmail.com> wrote:

> >> >> Hi people,

> >> >> is it possible in Oracle9i/10g to grant a user permission to see the

> >> >> code of someone else's procedure but without the permission to execute

> >> >> this procedure ?

> >> >> And I do not want to give this user the system privilege 'select any

> >> >> dictionary' because then he can see everything in the entire database.

>

> >> >> example : I want Oracle user "FLX0_RO" able to see the code of a

> >> >> procedure from owner "FLX0". But FLX0_RO may not be able to execute

> >> >> the procedure.

>

> >> >> Is this possible with standard Oracle grants ?

>

> >> >Check out the USER_SOURCE table.

>

> >> >Perhaps you could create a view based upon this table,

> >> >and grant appropriate permission on that view?

>

> >> >Cheers,

> >> >Chris

>

> >> I think you mean ALL_SOURCE. USER_SOURCE would be for the user's own

> >> objects.

>

> >> B.- Hide quoted text -

>

> >> - Show quoted text -

>

> >I provided out developers a view to do this.  Without looking up the

> >view I believe it was based on USER_SOURCE where I just removed the

> >line that limited the results to the user's code.

>

> >You need to issue a couple of direct grants with the grant option on

> >the underlying SYS objects to the view owner and then grant the view

> >to whoever you want to allow to see package body source (also

> >procedure, function, and trigger source).

>

> >HTH -- Mark D Powell --

>

> OK. And i am seriously asking here. Wouldn't it be better to use

> ALL_SOURCE? Nothing fancy to be required.

>

> B.- Hide quoted text -

>

> - Show quoted text -




Brian, the ALL_SOURCE view will not show the package body code to a
normal non-special privileged non-owner.  The specification yes, but
not the body.  It is the body of the pacakge that the developers
normally want to get at and verify against the source that they are
working with.



HTH -- Mark D Powell --
Received on Fri Sep 28 2007 - 11:58:33 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US