Re: Priviliges for SQL running inside a Procedure

A copy of this was sent to Phil Britton <phil.britton_at_prismtechnologies.com> (if that email address didn't require changing) On 01 Dec 1999 10:35:57 +0000, you wrote:

>Thomas Kyte <tkyte_at_us.oracle.com> writes:
>
>> A copy of this was sent to "Daniel Reis" <dreis_at_capgemini.fr>
>> (if that email address didn't require changing)
>> On Mon, 29 Nov 1999 14:43:25 -0000, you wrote:
>>
>> >SQL running inside a stored procedure runs with the permissions granted to
>> >the procedures owner.
>> >Is there a way to change this so that it runs with the caller's permissions
>> >
>> >TIA
>> >
>> >Daniel Reis
>> >
>>
>>
>> In Oracle8i, release 8.1, yes -- you can define a procedure with "authid
>> current_user" which means that SQL and dynamic PLSQL calls are executed with the
>> current privelege set (inclusive of roles) of the currently logged in user.
>>
>> Prior to that -- no.
>>
>
>
>However, if you call the procedures over JDBC, they aways execute with
>callers privileges, not matter how they are defined. This is a known
>bug which has been reported to Oracle and is in the bug database
>awaiting repair,
>

AFAIK, this only applies to the thin driver and even then only to REF CURSORs. I'm using jdbc in a palm condiut and the stored procedures execute with definers rights -- not with invokers rights. I need to be granted access to the procedure but not to the underlying objects they reference.

>cheers
>
>Phil

--
See http://osi.oracle.com/~tkyte/ for my columns 'Digging-in to Oracle8i'... Current article is "Part I of V, Autonomous Transactions" updated June 21'st  

Thomas Kyte                   tkyte_at_us.oracle.com
Oracle Service Industries     Reston, VA   USA

Opinions are mine and do not necessarily reflect those of Oracle Corporation Received on Wed Dec 01 1999 - 07:42:52 CST