问题描述
我有一个只读用户,该用户必须具有对特定程序包的执行特权。
这些程序包有时使用execute immediate
将值插入表中。
我可以看到为什么采用这种方式构建它,但是我需要软件包抛出一个权限不足错误,而不是仅仅执行修改语句。
是否可以在不更改已执行程序包的情况下更改行为或构建解决方法?
因此只读用户具有:
GRANT SELECT ON table to READ_ONLY_USER;
GRANT EXECUTE,DEBUG ON package to READ_ONLY_USER;
包装中包含:
query = 'INSERT INTO table VALUES (value)';
execute immediate query;
解决方法
检查以下示例。不久,在创建该PL / SQL程序单元时,关键字为AUTHID CURRENT_USER
。
以MIKE
连接(拥有表和过程并授予SCOTT
特权来使用它们):
SQL> show user
USER is "MIKE"
SQL>
SQL> create table test (id number);
Table created.
SQL> create or replace procedure p_test
2 authid current_user
3 is
4 begin
5 execute immediate 'insert into mike.test values (1)';
6 end;
7 /
Procedure created.
SQL> exec p_test;
PL/SQL procedure successfully completed.
SQL> select * from test;
ID
----------
1
SQL> grant select on test to scott;
Grant succeeded.
SQL> grant execute on p_test to scott;
Grant succeeded.
SQL>
以SCOTT
连接:
SQL> show user
USER is "SCOTT"
SQL>
SQL> select * From mike.test;
ID
----------
1
SQL> exec mike.p_test;
BEGIN mike.p_test; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "MIKE.P_TEST",line 5
ORA-06512: at line 1
SQL>
没有它,SCOTT
可以将值插入MIKE
的表中:
SQL> connect mike/lion@orcl
Connected.
SQL> create or replace procedure p_test
2 is --> no more authid current_user
3 begin
4 execute immediate 'insert into mike.test values (2)';
5 end;
6 /
Procedure created.
SQL> connect scott/tiger@orcl
Connected.
SQL> exec mike.p_test;
PL/SQL procedure successfully completed.
SQL> select * From mike.test;
ID
----------
1
2
SQL>