How about security for package.procedure using stored procedure?
...you can grant users access to a procedure that updates a table, but not grant them access to the table itself.
marco wrote:Yes, it's possible. If procedureN has AUTHID DEFINER (which is the default), and user_x has EXECUTE privileges on procedureN, then user_x doesn't need privileges on the packages or tables used in procedureN.
Ok, so I can create procedureN out of package1 which calls package1.proc1 and grant privileges to user1 for executing procedureN.
Is it possible without rights for package1.proc1 ?
marco wrote:How difficult it is to test it? Certainly, it would take you less time that typing a post. Yes, package owner user1 can create stored procedure p1 which calls package1.procedure1 and grant execute on p1 to user2. This way user2 will be able to indirectly run package1.procedure1 without being able to run any package1 procedure/function directly.
Is it possible for user1 to run package1.procedure1 ?