For example, suppose there is a schema called HR_REP. This schema has write
access to the EMP table. Any stored procedure in the HR_REP schema also has write
access to the EMP table. Consequently, if you grant a user access to a stored procedure
in the HR_REP schema, that user will also have write access to the EMP table
regardless of her personal level of security privilege. However, she will have access
only through the stored procedures in the schema.
One small but vitally important caveat applies to access through
stored procedures: the security privilege must be directly granted to
the schema, not granted by means of a role.
Security | 147
If youattach the keyword AUTHID CURRENT_USER to a stored procedure when it
is compiled, security restrictions will be enforced based on the username of the user
invoking the procedure, rather than the schema that owns the stored procedure (the
definer of the procedure). If a user has access to a particular database object with a
particular privilege, that user will have the same access through stored procedures
compiled with the AUTHID CURRENT_USER.
Pages:
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332