exec procedure as parsing schema, not APEX_PUBLIC_USER

Willeja

We have a package with a procedure:

CREATE OR REPLACE PACKAGE XGN4.xgn_generator$pck
AUTHID DEFINER AS
PROCEDURE cr_tab(tab_id IN NUMBER);
END;

CREATE OR REPLACE PACKAGE BODY XGN4.xgn_generator$pck
PROCEDURE cr_tab(tab_id IN NUMBER)
IS
BEGIN
execute immediate('CREATE TABLE test(......)');
END;
END;

When I call this procedure from apex, it's always executed as 'APEX_PUBLIC_USER', but it should be as the parsing schema 'XGN4'.

I thought 'AUTHID DEFINER' should do the trick (it's standard when you're not using AUTHID), but it looks like it has no effect on APEX...

Anyone?

60437

Your application's parsing schema must be granted object and system privileges that it needs using "direct" grants, not grants through roles.

Scott

60437

You don't say how you are running the procedure, from within an application or using the SQL Workshop. In the former case the package/procedure will be parsed as the "owner" or parsing schema of your application. In the latter, as the selected workspace schema. It will never, ever be parsed as APEX_PUBLIC_USER.

Scott

Willeja

In Apex the parsing schema is set to 'XGN4'.
We call the procedure in a process on the apex-page.

Is there a way to see which user is parsing the procedure?

Willeja

I used the following to check which user is parsing:

insert into test(test) values('Create Table As: '||USER);

The result (when calling from apex-page) would be 'APEX_PUBLIC_USER'.

Please correct me if I'm wrong...

Willeja

Ok Scott, you are right.
I used sys_context('USERENV','CURRENT_USER') to identify the user and it's the right parsing schema (XGN4).

But why won't my code execute right in apex when it does straight from SQL-DEVELOPER (or another tool)?

Eg:
In toad: EXEC packagename.procedure(parameter);

in Apex: begin; packagename.procedure(parameter); end;

the procedure contains an execute immediate('alter tabel ...') and will do his job in the first case, but returns an error insufficient privs from apex.

60437

Your application's parsing schema must be granted object and system privileges that it needs using "direct" grants, not grants through roles.

Scott

Willeja

That did it... Thank you.

Is there a reason why a role isn't good?

The only thing now that isn't working will be the 'ALTER ANY TABLE' privilege.

Edited by: Willeja on Oct 30, 2008 8:33 AM

60437

Is there a reason why a role isn't good?

In Oracle, roles are not enabled during the execution of definer's rights stored procedures which is how you can consider an Application Express application.

The only thing now that isn't working will be the 'ALTER ANY TABLE' privilege.

That's a powerful privilege for your application's parsing schema to have.

Scott

Willeja

That's a powerful privilege for your application's parsing schema to have.








Yes it is, but there are only 2 persons who will use this schema and normally they know what they are doing.



I solved the problem. Alter any table wasn't sufficient because we did:



alter table X add ( column number default 1);



Because of the default we also needed the 'UPDATE ANY TABLE'.



Thank to all your answers...