Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Security for Table/Procedure
You
could set up a role that has all the privileges necessary to run the application
then use the set role command in the application - this turns on the
functionality while the user is using the application. Once out of the app, the
users do not have privileges to tables/procedures unless granted via another
role or specifically to the user. You can also create the role with a password -
this password would be needed to use the set role command. This provides an
additional level of security.
<SPAN
class=311011320-05022002>
<SPAN
class=311011320-05022002>Michele
<FONT face=Tahoma
size=2>-----Original Message-----From: Burton, Laura L.
[mailto:BurtonL_at_prismplus.com]Sent: Tuesday, February 05, 2002 2:46
PMTo: Multiple recipients of list ORACLE-LSubject:
Security for Table/Procedure
I know that you can grant access on a
table whether it be select, update, delete, etc, and I know that to keep from
granting access to a table you can use
procedures and grant execute rights to the procedure.
Our situation is that we want to use
procedures for security, but the procedures select data to populate a form and
then update if applicable<FONT
face=Arial size=2>. We had talked about
granting select to the tables<FONT
face=Arial size=2> by using a role since anyone can view the data, and then
using procedures to update the tables. The only problem is that if we
grant select to the tables and the application executes the procedure within
it, the
procedure will not<FONT face=Arial
size=2> be found and even the select will not
happen.
Could some of you share how you handle
security? Am I missing something with tables/procedures? Any ideas
would be appreciated. We are just
beginning development and need to <FONT
face=Arial size=2>have<FONT face=Arial size=2> a handle on how we are going to do this<FONT face=Arial size=2>.
![]() |
![]() |