Re: Grant privileges to "a program"...?

Dan McEvoy wrote:
>
> Volker Koenig wrote:
> >
> > Hi there!
> >
> > A collegue just claimed it was possible to grant table privileges to "a
> > program" in oracle, e.g., not the id of the user is checked against the
> > table-privileges but the name or any "hidden" id of the application program
> > itself.
> >
> > This will make it possible - especially when using ODBC - to avoid people
> > using tables with "non applications" like word processors or spreadsheets.
> >
> > Is this true or did someone "tell him about his horse", as we say in germany?
> >
> > Bis denne,
> > Volker.
> >
> > ----------------------------------------------------------------------
> > Ich habe Londo das Leben gerettet, weil im All alles Leben heilig ist.
> > Aber wenn derjenige, den man gerettet hat, diesen Glauben nicht mit
> > einem teilt, hat man der Gegenwart gedient, indem man die Zukunft
> > geopfert hat. (Lenier in Babylon 5)
> > ----------------------------------------------------------------------
> Perhaps your friend was referring to stored program units run in the
> schema of their owner. That is the program runs with the priviles
> belonging to the owner of the program.
>
> ie. User 1 has a table A in his schema and he creates a procedure to
> insert into table A.
> User 1 can grant execute privileges to user 2 on this procedure and when
> user 2 runs the procedure an insert takes place on table A even though
> user 2 has no insert privileges on the table.

Actually, there is a way to do it.

check out http://www.tier3.com/dbFortify/index.htm Received on Fri Nov 15 1996 - 00:00:00 CET