Re: Grant privileges to "a program"...?

From: Dan McEvoy <mcevoy_at_hatchcos.com>
Date: 1996/11/12
Message-ID: <32890DB0.435A_at_hatchcos.com>#1/1


Volker Koenig wrote:
>
> Hi there!
>
> A collegue just claimed it was possible to grant table privileges to "a
> program" in oracle, e.g., not the id of the user is checked against the
> table-privileges but the name or any "hidden" id of the application program
> itself.
>
> This will make it possible - especially when using ODBC - to avoid people
> using tables with "non applications" like word processors or spreadsheets.
>
> Is this true or did someone "tell him about his horse", as we say in germany?
>
> Bis denne,
> Volker.
>
> ----------------------------------------------------------------------
> Ich habe Londo das Leben gerettet, weil im All alles Leben heilig ist.
> Aber wenn derjenige, den man gerettet hat, diesen Glauben nicht mit
> einem teilt, hat man der Gegenwart gedient, indem man die Zukunft
> geopfert hat. (Lenier in Babylon 5)
> ----------------------------------------------------------------------
Perhaps your friend was referring to stored program units run in the schema of their owner. That is the program runs with the priviles belonging to the owner of the program.

ie. User 1 has a table A in his schema and he creates a procedure to insert into table A.
User 1 can grant execute privileges to user 2 on this procedure and when user 2 runs the procedure an insert takes place on table A even though user 2 has no insert privileges on the table. Received on Tue Nov 12 1996 - 00:00:00 CET

Original text of this message