As a result, the definer can control
how other users access the objects.
Conversely, an invoker??™s rights procedure requires that the invoker has direct rights, such as
SELECT and UPDATE, to any objects referenced in the procedure. The procedure could reference
an unqualified table named ORDERS, and if all users of the database have an ORDERS table, the
same procedure could be used by any user who has their own ORDERS table. Another advantage
to using invoker??™s rights procedures is that roles are enabled within them. Roles are discussed in
depth later in this chapter.
By default, a procedure is created with definer??™s rights. To specify that a procedure uses
invoker??™s rights, you must include the keywords authid current_user in the procedure definition,
as in the following example:
create or replace procedure process_orders (order_batch_date date)
authid current_user as
begin
-- process user's ORDERS table here using invoker's rights,
-- all roles are in effect
end;
FIGURE 9-5 Granting column privileges in Oracle Enterprise Manager
306 Oracle Database 11g DBA Handbook
To create a procedure, a user must have either the CREATE PROCEDURE or CREATE ANY
PROCEDURE system privilege. For the procedure to compile correctly, the user must have direct
privileges against all objects referenced in the procedure, even though roles are enabled at runtime
in an invoker??™s rights procedure to obtain these same privileges.
Pages:
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511