Discussions
Categories
- 382.3K All Categories
- 2.1K Data
- 210 Big Data Appliance
- 1.9K Data Science
- 448K Databases
- 221K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 25 Multilingual Engine
- 520 MySQL Community Space
- 467 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 492 SQLcl
- 3.9K SQL Developer Data Modeler
- 186.2K SQL & PL/SQL
- 21K SQL Developer
- 293.3K Development
- 7 Developer Projects
- 128 Programming Languages
- 290.1K Development Tools
- 95 DevOps
- 3K QA/Testing
- 645.5K Java
- 24 Java Learning Subscription
- 36.9K Database Connectivity
- 150 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.9K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 16 Java Essentials
- 144 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 198 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 270 LiveLabs
- 36 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 166 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 230 Portuguese
exec procedure as parsing schema, not APEX_PUBLIC_USER
Willeja
Member Posts: 89
We have a package with a procedure:
CREATE OR REPLACE PACKAGE XGN4.xgn_generator$pck
AUTHID DEFINER AS
PROCEDURE cr_tab(tab_id IN NUMBER);
END;
CREATE OR REPLACE PACKAGE BODY XGN4.xgn_generator$pck
PROCEDURE cr_tab(tab_id IN NUMBER)
IS
BEGIN
execute immediate('CREATE TABLE test(......)');
END;
END;
When I call this procedure from apex, it's always executed as 'APEX_PUBLIC_USER', but it should be as the parsing schema 'XGN4'.
I thought 'AUTHID DEFINER' should do the trick (it's standard when you're not using AUTHID), but it looks like it has no effect on APEX...
Anyone?
CREATE OR REPLACE PACKAGE XGN4.xgn_generator$pck
AUTHID DEFINER AS
PROCEDURE cr_tab(tab_id IN NUMBER);
END;
CREATE OR REPLACE PACKAGE BODY XGN4.xgn_generator$pck
PROCEDURE cr_tab(tab_id IN NUMBER)
IS
BEGIN
execute immediate('CREATE TABLE test(......)');
END;
END;
When I call this procedure from apex, it's always executed as 'APEX_PUBLIC_USER', but it should be as the parsing schema 'XGN4'.
I thought 'AUTHID DEFINER' should do the trick (it's standard when you're not using AUTHID), but it looks like it has no effect on APEX...
Anyone?
Tagged:
Best Answer
-
Your application's parsing schema must be granted object and system privileges that it needs using "direct" grants, not grants through roles.
Scott
Answers
-
You don't say how you are running the procedure, from within an application or using the SQL Workshop. In the former case the package/procedure will be parsed as the "owner" or parsing schema of your application. In the latter, as the selected workspace schema. It will never, ever be parsed as APEX_PUBLIC_USER.
Scott -
In Apex the parsing schema is set to 'XGN4'.
We call the procedure in a process on the apex-page.
Is there a way to see which user is parsing the procedure? -
I used the following to check which user is parsing:
insert into test(test) values('Create Table As: '||USER);
The result (when calling from apex-page) would be 'APEX_PUBLIC_USER'.
Please correct me if I'm wrong... -
Ok Scott, you are right.
I used sys_context('USERENV','CURRENT_USER') to identify the user and it's the right parsing schema (XGN4).
But why won't my code execute right in apex when it does straight from SQL-DEVELOPER (or another tool)?
Eg:
In toad: EXEC packagename.procedure(parameter);
in Apex: begin; packagename.procedure(parameter); end;
the procedure contains an execute immediate('alter tabel ...') and will do his job in the first case, but returns an error insufficient privs from apex. -
Your application's parsing schema must be granted object and system privileges that it needs using "direct" grants, not grants through roles.
Scott -
That did it... Thank you.
Is there a reason why a role isn't good?
The only thing now that isn't working will be the 'ALTER ANY TABLE' privilege.
Edited by: Willeja on Oct 30, 2008 8:33 AM -
Is there a reason why a role isn't good?In Oracle, roles are not enabled during the execution of definer's rights stored procedures which is how you can consider an Application Express application.The only thing now that isn't working will be the 'ALTER ANY TABLE' privilege.That's a powerful privilege for your application's parsing schema to have.
Scott -
That's a powerful privilege for your application's parsing schema to have.
Yes it is, but there are only 2 persons who will use this schema and normally they know what they are doing.
I solved the problem. Alter any table wasn't sufficient because we did:
alter table X add ( column number default 1);
Because of the default we also needed the 'UPDATE ANY TABLE'.
Thank to all your answers...
This discussion has been closed.