| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: GRANT/PRIVILEGE PROBLEM: URGENT
On Tue, 11 May 1999 16:44:35 +0200, Julio Negueruela
<julio.negueruela_at_si.unirioja.es> wrote:
>
>You cannot grant execute on procedures, packages or functions to a role
>(you can, but it won't wotk), you must grant it to every user. I've your
>interested, I've got a procedure wich grants the execute privilege on a
>package,... to every user who have a given role.
It is amaizing how much misunderstanding is caused by the concept of the "executing with definer's rights" (that is stored objects - like procedures, functions, packages, views - are executed with the privileges of their owner, not of the invoker).
So once more: it is the creator of the procedure that has to has been granted the needed privileges explicitelly, not via the role. But for the invoker of the procedure it is irrelevant if he/she has been granted EXECUTE on this procedure explicitely or via the role.
In a normal environment you would typicaly have only a couple of users that owns the application objects, and they must have explicite privileges in order to create PL/SQL objects. On the other side, you usualy have hundreds or thousands of "ordinary" users, and it would be DBA's worst nightmare if they all required explicite EXECUTE privilege for each procedure or function.
A bottom line: you *can* grant EXECUTE on PL/SQL objects to roles and the users *will be able* to execute them when they have been granted those roles!
>Julio Negueruela
>DBA Servicio Inform=E1tico
>Universidad de La Rioja - Spain
>Telf: 941-299179 Fax: 941- 299180
>mailto:julio.negueruela_at_si.unirioja.es
HTH,
Jurij Modic <jmodic_at_src.si>
Certified Oracle7 DBA (OCP)
 |
 |