Re: Using SQL Macro Package Vs "Traditional" package

From: Arian Stijf <"Arian>
Date: Wed, 06 Nov 2024 21:37:02 +0100
Message-ID: <47280139704227560ec0a2e58fe5d02a_at_stijf.com>

Hi Zahir,

the result of the SQL Macro will run with invoker's rights.

From the doco:

The AUTHID property cannot be specified. When a SQL macro is invoked, the function body executes with definer's rights to construct the text to return. The resulting expression is evaluated with invoker's rights. The SQL macro owner must grant inherit privileges to the invoking function.

https://docs.oracle.com/en/database/oracle/oracle-database/19/lnpls/SQL_MACRO_clause.html

Kind regards,

Arian

On 2024-11-06 20:13, Zahir Mohideen wrote:

> I am trying to use Macro in a package and granted execute privs to
> another user ( in my case , rptuser).
>
> DBUSER has a table , regular package , SQL macro package.
> Both are with DEFINER rights .
> Also , learn that , we can't have a SQL macro package with invoker
> rights.
>
> When I execute the "regular" package from another user, I get the
> results as expected.
> When I execute the "SQL Macro" package from another , I get "invalid
> permissions" ( ORA-00942).
>
> Here is my test case below.
> Am I misunderstanding about the usage of "SQL Macro" package ?
>
> Note: I posted this question to asktom website this morning as well.
>
> DB Version
> ----------
> SQL> select banner from v$version;
>
> BANNER
> --------------------------------------------------------------------------------
> Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
>
> DBUSER
> -------
>
> Here , I am creating tables and packages under "DBUSER".
>
> create table emp ( eid int , ename varchar2(50) )
>
> insert into emp values ( 100 , 'Zahir Mohideen') ;
> insert into emp values ( 101 , 'Abdul Hameed') ;
>
> commit;
>
> create or replace package pkg_emp
> as
> procedure listemp( p_eid int , rfc_emp OUT SYS_REFCURSOR );
> end pkg_emp;
> /
>
> CREATE OR REPLACE PACKAGE BODY pkg_emp AS
> PROCEDURE listemp (
> p_eid INT,
> rfc_emp OUT SYS_REFCURSOR
> ) AS
> BEGIN
> OPEN rfc_emp FOR SELECT
> ename
> FROM
> dbuser.emp
> WHERE
> eid = p_eid;
>
> END listemp;
> END pkg_emp;
> /
>
> create or replace package pkg_emp_mac
> as
> FUNCTION listemp ( p_eid int ) RETURN VARCHAR2 SQL_MACRO ;
> end pkg_emp_mac;
> /
>
> CREATE OR REPLACE PACKAGE BODY pkg_emp_mac AS
> FUNCTION listemp ( p_eid int ) RETURN VARCHAR2 SQL_MACRO
> IS
> BEGIN
>
> RETURN q'{
> Select ename from emp where eid = p_eid
> }';
> END;
> END pkg_emp_mac
> ;
> /
>
> grant execute on pkg_emp_mac to rptuser;
> grant execute on pkg_emp to rptuser;
>
> Here , I am executing package calls as "RPTUSER"
>
> SQL> show user
> USER is "RPTUSER"
> SQL> var x refcursor;
>
> SQL> exec dbuser.pkg_emp.listemp( 100 , :x);
>
> PL/SQL procedure successfully completed.
>
> SQL> print :x;
>
> ENAME
> --------------------------------------------------
> Zahir Mohideen
>
> SQL> select * from dbuser.pkg_emp_mac.listemp(100);
> select * from dbuser.pkg_emp_mac.listemp(100)
> *
> ERROR at line 1:
> ORA-00942: table or view does not exist

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Nov 06 2024 - 21:37:02 CET

This message: [ Message body ]
Next message: Sayan Malakshinov: "Re: Using SQL Macro Package Vs "Traditional" package"
Previous message: Zahir Mohideen: "Re: Using SQL Macro Package Vs "Traditional" package"
In reply to Zahir Mohideen: "Using SQL Macro Package Vs "Traditional" package"
Next in thread: Sayan Malakshinov: "Re: Using SQL Macro Package Vs "Traditional" package"
Reply: Sayan Malakshinov: "Re: Using SQL Macro Package Vs "Traditional" package"
Reply: Zahir Mohideen: "Re: Using SQL Macro Package Vs "Traditional" package"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message