| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: EXECUTE IMMEDIATE and DBMS_SQL
"Michel Cadot" <micadot{at}altern{dot}org> a écrit dans le message de
news:41bdcc9e$0$11241$626a14ce_at_news.free.fr...
>
> <pbewig_at_swbell.net> a écrit dans le message de
> news:1102956332.207637.85010_at_c13g2000cwb.googlegroups.com...
> > I am writing a PL/SQL program (a single anonymous
> > block) that performs a query input by the user at
> > run-time. I want to allow the user to read any
> > table or view in the database, and call any stored
> > functions they might use. However, I am worried
> > that a user, either through carelessness or malice,
> > might try to write in the database, which I want
> > to disallow (and record any attempt in a log).
> >
> > I've never done anything like this before.
> >
> > I know about EXECUTE IMMEDIATE and DBMS_SQL. Can I
> > restrict access to read-only by either of these two
> > methods? Is there some other technique I might use?
> > What words can I use to search this newsgroup in
> > Google Groups? What else do I need to be aware of?
> >
> > Many thanks,
> >
> > Phil
> >
>
> Grant select any table, execute any procedure to user;
>
> ...and search for a new job!
>
> You are not doing what you want in a correct way.
> Just let him select the table he needs and execute the function he needs,
> why don't you want to pack that in a procedure?
>
> Regards
> Michel Cadot
>
>
Sorry, my last question is "why _do_ you want to pack that in a procedure?" and not the opposite.
Regards
Michel Cadot
Received on Mon Dec 13 2004 - 15:50:10 CST
 |
 |