Similarly, you can invoke a DBMS_
SESSION.SET_ROLE procedure from PL/SQL.
Another way application security is sometimes accomplished is by encapsulating
privileges in stored procedures. Instead of granting direct access to the various tables
for an application, youcan create stored procedures that provide access to the tables
and grant access to the stored procedures instead of the tables. For example, instead
of granting INSERT privileges for the EMPLOYEE table, youmight create and grant
access to a stored procedure called HIRE_EMPLOYEE that accepts as parameters all
the data for a new employee.
When you run a stored procedure normally, the procedure has the access rights that
were granted to the owner of the procedure; that owner is the schema in which the
procedure resides. If a particular schema has access to a particular database object,
all stored procedures that reside in that schema have the same rights as the schema.
When any user calls one of those stored procedures, that user has the same access
rights to the underlying data objects that the procedure does.
Pages:
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331