?
Solved

Odd behavior of User_Role_Privs

Posted on 2003-03-18
1
Medium Priority
?
1,134 Views
Last Modified: 2007-12-19
hi everyone,

something i can't explain:

A client had a problem with his menu-security. He had one big power-user FSDDEV who owned all the objects in the application and through public synonyms it were granted to the rest of the company.

He had build in a function that looked at user_role_privs through a cursor like:

   CURSOR get_role_cur
   IS
     SELECT username, granted_role
      FROM user_role_privs
      WHERE granted_role = 'FSD_USERS';

Finally i found out that who ever accessed the function through the public synonyms got to select from this cursor as being the owner FSDDEV and not as being the selecting person (i.e. user avotar). i solved pretty easy (and dirty) by using dba_role_privs.. so no problem there...

the thing i am wondering about is why user_roles_privs behaves this way...


Rick
0
Comment
Question by:Avotar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
M-Ali earned 375 total points
ID: 8164800
By default stored procedures/functions use "definer rights" -- this means that when the code is executed by *any* user, the privileges of the code-creator are in effect.

So above, when AVOTAR executed the code developed by FSDEV, the actual "user" in effect was FSDEV and not AVOTAR.

You can avoid this by using "invoker rights" ie adding
AUTHID CURRENT_USER to your code.


So your code would be something like:

CREATE OR REPLACE FUNCTION function_name (..) RETURN .. AUTHID CURRENT_USER AS
CURSOR get_role_cur
  IS
.........



HTH

Ali
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why doesn't the Oracle optimizer use my index? Querying too much data Most Oracle developers know that an index is useful when you can use it to restrict your result set to a small number of the total rows in a table. So, the obvious side…
How to Create User-Defined Aggregates in Oracle Before we begin creating these things, what are user-defined aggregates?  They are a feature introduced in Oracle 9i that allows a developer to create his or her own functions like "SUM", "AVG", and…
This video explains at a high level with the mandatory Oracle Memory processes are as well as touching on some of the more common optional ones.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question