authid definer

One of our app development teams started out with lots of pl/sql and role based security, and found that roles are useless cause you have to grant the table level privs anyway to get the procedures to work.

We are considering switching to Authid Definer for several reasons:
- Roles need only contain execute privs for the procedures (no table
level grants required)
- private synonyms not needed anymore (all objects are resolved in the
definers schema)
- No need for table level GRANTs any more (cause all procedures/funcs
run as the table/proc owner)
Sounds too good to be true. Any gotchas to switching to authid Definer? Is this the preferred direction for app development, rather than the role/table grants nightmare?

Rgds
Mark Teehan
Singapore

• ERG Group -------------------------- The contents of this email and any attachments are confidential and may only be read by the intended recipient.

  ---

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Mark Teehan
  INET: mteehan_at_erggroup.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).