2 modellen
1. Definer rights (default)
execute under authority of the owner (or creater) of the programBy default, stored procedures and SQL methods execute with the privileges of their owner, not their current user. Such definer's rights subprograms are bound to the schema in which they reside, allowing you to refer to objects in the same schema without qualifying their names
! let op: Alleen objecten waar definer direct granted acces tot heeft kunnen gebruikt worden en niet objecten die via rollen benaderd kunnen worden. Als er nl gecompileerd
2. Invoker rights
execute under authority of the invokerCREATE OR REPLACE PACKAGE dbatools AUTHID CURRENT_USER AS
A more maintainable way is to use the AUTHID clause, which makes stored procedures and SQL methods execute with the privileges and schema context of the calling user. You can create one instance of the procedure, and many users can call it to access their own data.
If you specify AUTHID CURRENT_USER, the privileges of the current user are checked at run time, and external references are resolved in the schema of the current user. However, this applies only to external references in:
SELECT, INSERT, UPDATE, and DELETE data manipulation statements
The LOCK TABLE transaction control statement
OPEN and OPEN-FOR cursor control statements
EXECUTE IMMEDIATE and OPEN-FOR-USING dynamic SQL statements
SQL statements parsed using DBMS_SQL.PARSE()
For all other statements, the privileges of the owner are checked at compile time, and external references are resolved in the schema of the owner
Geen opmerkingen:
Een reactie posten