Forum Stats

  • 3,770,770 Users
  • 2,253,164 Discussions
  • 7,875,581 Comments

Discussions

exec procedure as parsing schema, not APEX_PUBLIC_USER

Willeja
Willeja Member Posts: 89
edited Oct 31, 2008 2:20AM in APEX Discussions
We have a package with a procedure:

CREATE OR REPLACE PACKAGE XGN4.xgn_generator$pck
AUTHID DEFINER AS
PROCEDURE cr_tab(tab_id IN NUMBER);
END;

CREATE OR REPLACE PACKAGE BODY XGN4.xgn_generator$pck
PROCEDURE cr_tab(tab_id IN NUMBER)
IS
BEGIN
execute immediate('CREATE TABLE test(......)');
END;
END;

When I call this procedure from apex, it's always executed as 'APEX_PUBLIC_USER', but it should be as the parsing schema 'XGN4'.

I thought 'AUTHID DEFINER' should do the trick (it's standard when you're not using AUTHID), but it looks like it has no effect on APEX...

Anyone?
Tagged:

Best Answer

Answers

  • 60437
    60437 Member Posts: 16,564
    You don't say how you are running the procedure, from within an application or using the SQL Workshop. In the former case the package/procedure will be parsed as the "owner" or parsing schema of your application. In the latter, as the selected workspace schema. It will never, ever be parsed as APEX_PUBLIC_USER.

    Scott
  • Willeja
    Willeja Member Posts: 89
    In Apex the parsing schema is set to 'XGN4'.
    We call the procedure in a process on the apex-page.

    Is there a way to see which user is parsing the procedure?
  • Willeja
    Willeja Member Posts: 89
    I used the following to check which user is parsing:

    insert into test(test) values('Create Table As: '||USER);

    The result (when calling from apex-page) would be 'APEX_PUBLIC_USER'.

    Please correct me if I'm wrong...
  • Willeja
    Willeja Member Posts: 89
    Ok Scott, you are right.
    I used sys_context('USERENV','CURRENT_USER') to identify the user and it's the right parsing schema (XGN4).

    But why won't my code execute right in apex when it does straight from SQL-DEVELOPER (or another tool)?

    Eg:
    In toad: EXEC packagename.procedure(parameter);

    in Apex: begin; packagename.procedure(parameter); end;

    the procedure contains an execute immediate('alter tabel ...') and will do his job in the first case, but returns an error insufficient privs from apex.
  • 60437
    60437 Member Posts: 16,564
    Accepted Answer
    Your application's parsing schema must be granted object and system privileges that it needs using "direct" grants, not grants through roles.

    Scott
  • Willeja
    Willeja Member Posts: 89
    edited Oct 30, 2008 4:03AM
    That did it... Thank you.

    Is there a reason why a role isn't good?

    The only thing now that isn't working will be the 'ALTER ANY TABLE' privilege.

    Edited by: Willeja on Oct 30, 2008 8:33 AM
  • 60437
    60437 Member Posts: 16,564
    Is there a reason why a role isn't good?
    In Oracle, roles are not enabled during the execution of definer's rights stored procedures which is how you can consider an Application Express application.
    The only thing now that isn't working will be the 'ALTER ANY TABLE' privilege.
    That's a powerful privilege for your application's parsing schema to have.

    Scott
    60437
  • Willeja
    Willeja Member Posts: 89
    That's a powerful privilege for your application's parsing schema to have.








    Yes it is, but there are only 2 persons who will use this schema and normally they know what they are doing.



    I solved the problem. Alter any table wasn't sufficient because we did:



    alter table X add ( column number default 1);



    Because of the default we also needed the 'UPDATE ANY TABLE'.



    Thank to all your answers...
This discussion has been closed.