我可以防止立即执行插入只读用户吗
Can I prevent execute immediate from inserting on a read-only user
我有一个只读用户,必须具有对特定包的执行权限。
这些包有时使用 execute immediate 将值插入表中。
我明白为什么它是这样构建的,但是我需要包抛出 权限不足 错误,而不是仅仅执行修改语句。
是否可以在不更改已执行包的情况下更改行为或构建解决方法?
所以只读用户有:
GRANT SELECT ON table to READ_ONLY_USER;
GRANT EXECUTE, DEBUG ON package to READ_ONLY_USER;
包裹内含:
query = 'INSERT INTO table VALUES (value)';
execute immediate query;
并且我需要在用户执行包时出现错误。
检查以下示例。很快,在创建 PL/SQL 程序单元时,关键字是 AUTHID CURRENT_USER。
连接为 MIKE(谁拥有 table 和程序并授予 SCOTT 使用它们的权限):
SQL> show user
USER is "MIKE"
SQL>
SQL> create table test (id number);
Table created.
SQL> create or replace procedure p_test
2 authid current_user
3 is
4 begin
5 execute immediate 'insert into mike.test values (1)';
6 end;
7 /
Procedure created.
SQL> exec p_test;
PL/SQL procedure successfully completed.
SQL> select * from test;
ID
----------
1
SQL> grant select on test to scott;
Grant succeeded.
SQL> grant execute on p_test to scott;
Grant succeeded.
SQL>
连接为 SCOTT:
SQL> show user
USER is "SCOTT"
SQL>
SQL> select * From mike.test;
ID
----------
1
SQL> exec mike.p_test;
BEGIN mike.p_test; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "MIKE.P_TEST", line 5
ORA-06512: at line 1
SQL>
没有它,SCOTT 能够将值插入 MIKE 的 table:
SQL> connect mike/lion@orcl
Connected.
SQL> create or replace procedure p_test
2 is --> no more authid current_user
3 begin
4 execute immediate 'insert into mike.test values (2)';
5 end;
6 /
Procedure created.
SQL> connect scott/tiger@orcl
Connected.
SQL> exec mike.p_test;
PL/SQL procedure successfully completed.
SQL> select * From mike.test;
ID
----------
1
2
SQL>
我有一个只读用户,必须具有对特定包的执行权限。
这些包有时使用 execute immediate 将值插入表中。
我明白为什么它是这样构建的,但是我需要包抛出 权限不足 错误,而不是仅仅执行修改语句。
是否可以在不更改已执行包的情况下更改行为或构建解决方法?
所以只读用户有:
GRANT SELECT ON table to READ_ONLY_USER;
GRANT EXECUTE, DEBUG ON package to READ_ONLY_USER;
包裹内含:
query = 'INSERT INTO table VALUES (value)';
execute immediate query;
并且我需要在用户执行包时出现错误。
检查以下示例。很快,在创建 PL/SQL 程序单元时,关键字是 AUTHID CURRENT_USER。
连接为 MIKE(谁拥有 table 和程序并授予 SCOTT 使用它们的权限):
SQL> show user
USER is "MIKE"
SQL>
SQL> create table test (id number);
Table created.
SQL> create or replace procedure p_test
2 authid current_user
3 is
4 begin
5 execute immediate 'insert into mike.test values (1)';
6 end;
7 /
Procedure created.
SQL> exec p_test;
PL/SQL procedure successfully completed.
SQL> select * from test;
ID
----------
1
SQL> grant select on test to scott;
Grant succeeded.
SQL> grant execute on p_test to scott;
Grant succeeded.
SQL>
连接为 SCOTT:
SQL> show user
USER is "SCOTT"
SQL>
SQL> select * From mike.test;
ID
----------
1
SQL> exec mike.p_test;
BEGIN mike.p_test; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "MIKE.P_TEST", line 5
ORA-06512: at line 1
SQL>
没有它,SCOTT 能够将值插入 MIKE 的 table:
SQL> connect mike/lion@orcl
Connected.
SQL> create or replace procedure p_test
2 is --> no more authid current_user
3 begin
4 execute immediate 'insert into mike.test values (2)';
5 end;
6 /
Procedure created.
SQL> connect scott/tiger@orcl
Connected.
SQL> exec mike.p_test;
PL/SQL procedure successfully completed.
SQL> select * From mike.test;
ID
----------
1
2
SQL>