Home > Developer > PHP

Oracle database stored procedures and permissions

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
When executing a stored procedure, we may encounter permission problems ● definer permission Stored Procedure ● when the caller permission stored procedure creates a stored procedure in the database, the definer permission is the default mode. When the AUTHIDCURRENT_USER keyword is specified, the most fundamental difference between the caller permission stored procedures is whether the role can take effect in the stored procedure.

When executing a stored procedure, we may encounter permission problems ● definer permission Stored Procedure ● when the caller permission stored procedure creates a stored procedure in the database, the definer permission is the default mode. When the AUTHID CURRENT_USER keyword is specified, the most fundamental difference between the caller permission and the stored procedure is whether the role can take effect in the stored procedure.

When executing a stored procedure, we may encounter permission problems.

● Definer permission Stored Procedure
● Caller permission Stored Procedure

When creating a stored procedure in a database, the User-Defined permission is in the default mode.
After the AUTHID CURRENT_USER keyword is specified, it is the stored procedure of caller permission.
The most fundamental difference between them is whether role can take effect in the stored procedure.

(I) Permission stored procedure of the definer
The role of the definer permission stored procedure is invalid and must be explicitly authorized.
Even if you have dba role, you still cannot access tables of different users.

Sys @ EMREP> grant connect, resource to u1 identified by u1; Grant succeeded. sys @ EMREP> grant dba to u2 identified by u2; Grant succeeded. sys @ EMREP> conn u1/u1Connected. u1 @ EMREP> create table t as select * from user_objects; Table created. sys @ EMREP> conn u2/u2Connected. u2 @ EMREP> create or replace procedure p_test 2 as 3 begin 4 delete from u1.t; 5 commit; 6 end; 7/Warning: Procedure created with compilation errors. u2 @ EMREP> show error; Errors for PROCEDURE P_TEST: LINE/col error -------- Errors 4/3PL/SQL: SQL Statement ignored4/18PL/SQL: ORA-00942: table or view does not existu2 @ EMREP> conn u1/u1Connected. u1 @ EMREP> grant all on t to u2; Grant succeeded. u1 @ EMREP> conn u2/u2Connected. u2 @ EMREP> create or replace procedure p_test 2 as 3 begin 4 delete from u1.t; 5 commit; 6 end; 7/Procedure created.

(Ii) caller permission stored procedures
The role compilation process of caller permission storage is invisible, but visible at runtime.
Dynamic SQL is used to avoid direct authorization, and permission check is postponed to running

U2 @ EMREP> conn u1/u1Connected. u1 @ EMREP> revoke all on t from u2; Revoke succeeded. u1 @ EMREP> conn u2/u2Connected. u2 @ EMREP> create or replace procedure p_test 2 authid current_user 3 as 4 begin 5 delete from u1.t; 6 commit; 7 end; 8/Warning: Procedure created with compilation errors. u2 @ EMREP> show error; Errors for PROCEDURE P_TEST: LINE/col error -------- Errors 5/3PL/SQL: SQL Statement ignored5/18PL/SQL: ORA-00942: table or view does not existu2 @ EMREP> create or replace procedure p_test 2 authid current_user 3 as 4 begin 5 execute immediate 6 'delete from u1.t'; 7 commit; 8 end; 9/Procedure created. u2 @ EMREP> exec p_test; PL/SQL procedure successfully completed. u2 @ EMREP> select count (*) from u1.t; COUNT (*) -------- 0

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
stored procedures stored functions and stored procedures in sql server 2008 mysql backup stored procedures mysql list stored procedures mysqldump stored procedures script database users and permissions mysql show stored procedures

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More