Re: Stored Procedure Use vs. Role Use

From: Dan Clamage <dclamage_at_idcomm.com>
Date: 1997/09/18
Message-ID: <01bcc3c7$d1c52e00$9a240dd0_at_djchome>#1/1

> Evidently who ever executes the stored procedure, has to be granted
> access to the tables directly, not through roles. It's not the owner of
> the stored procedure, but the person executing it.
That's not been my experience. I wrote a package that references dba_* tables. The *only* users with SELECT on them is SYS and SYSTEM. I compiled my package as SYS and granted EXECUTE to PUBLIC. Now everyone can select from these tables but *only* via my package, running my supplied procedures. This is the kind of security you want -- the only access to certain tables is provided strictly through an interface library implemented in PL/SQL stored subprograms. And you can grant EXECUTE to roles; but now you're anticipating having a variety of interface routines for different roles, collected into various packages, perhaps. For example, the insert and select routines for table x go into one package that the SALES role can execute. Meanwhile, the update and delete routines go into another package which the MANAGERS role has execute privilege on (and may also have execute on the package SALES can execute).

Dan Clamage dclamage_at_idcomm.com

Received on Thu Sep 18 1997 - 00:00:00 CEST

This message: [ Message body ]
Next message: Cecil: "Need advice on Conversion from ver 6.0 to 7.3"
Previous message: Thomas Kyte: "Re: Stored Procedure Use vs. Role Use"
In reply to: Larry Jones: "Stored Procedure Use vs. Role Use"
In reply to Larry Jones: "Stored Procedure Use vs. Role Use"
Next in thread: Manfred Tischendorf: "PLEASE HELP: commit Problem in Forms 4.5"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message