Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Difference between grant to user and grant to role

Re: Difference between grant to user and grant to role

From: Arjan van Bentem <avbentem_at_DONT-YOU-DAREdds.nl>
Date: Fri, 31 Jul 1998 15:17:31 +0200
Message-ID: <6psg4n$848$1@newton.a2000.nl> 






In fact, anonymous PL/SQL blocks can use the grants they got through a role.
However, for packages, this is not true.



It has to be that way, due to some early binding Oracle performs when
converting your PL/SQL code to P-code. So, Oracle performs the security
checks at compile time. When a grant or revoke is issued, the last_ddl_time
of the object changes, causing the PL/SQL package to get invalid, and
automatically recompiled at the next run. So, no security problems here.
However, when a role changes, the last_ddl_time of the objects is not
changed, and thus the PL/SQL package does not require recompiling. This way,
possible security issues might exist. Therefore, Oracle requires that you
explicitly grant the rights, not using a role.



Arjan.




Received on Fri Jul 31 1998 - 08:17:31 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US