Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

exec procedure as parsing schema, not APEX_PUBLIC_USER

WillejaOct 29 2008 — edited Oct 31 2008
We have a package with a procedure:

CREATE OR REPLACE PACKAGE XGN4.xgn_generator$pck
AUTHID DEFINER AS
PROCEDURE cr_tab(tab_id IN NUMBER);
END;

CREATE OR REPLACE PACKAGE BODY XGN4.xgn_generator$pck
PROCEDURE cr_tab(tab_id IN NUMBER)
IS
BEGIN
execute immediate('CREATE TABLE test(......)');
END;
END;

When I call this procedure from apex, it's always executed as 'APEX_PUBLIC_USER', but it should be as the parsing schema 'XGN4'.

I thought 'AUTHID DEFINER' should do the trick (it's standard when you're not using AUTHID), but it looks like it has no effect on APEX...

Anyone?
This post has been answered by 60437 on Oct 29 2008
Jump to Answer

Comments

60437
You don't say how you are running the procedure, from within an application or using the SQL Workshop. In the former case the package/procedure will be parsed as the "owner" or parsing schema of your application. In the latter, as the selected workspace schema. It will never, ever be parsed as APEX_PUBLIC_USER.

Scott
Willeja
In Apex the parsing schema is set to 'XGN4'.
We call the procedure in a process on the apex-page.

Is there a way to see which user is parsing the procedure?
Willeja
I used the following to check which user is parsing:

insert into test(test) values('Create Table As: '||USER);

The result (when calling from apex-page) would be 'APEX_PUBLIC_USER'.

Please correct me if I'm wrong...
Willeja
Ok Scott, you are right.
I used sys_context('USERENV','CURRENT_USER') to identify the user and it's the right parsing schema (XGN4).

But why won't my code execute right in apex when it does straight from SQL-DEVELOPER (or another tool)?

Eg:
In toad: EXEC packagename.procedure(parameter);

in Apex: begin; packagename.procedure(parameter); end;

the procedure contains an execute immediate('alter tabel ...') and will do his job in the first case, but returns an error insufficient privs from apex.
60437
Answer
Your application's parsing schema must be granted object and system privileges that it needs using "direct" grants, not grants through roles.

Scott
Marked as Answer by Willeja · Sep 27 2020
Willeja
That did it... Thank you.

Is there a reason why a role isn't good?

The only thing now that isn't working will be the 'ALTER ANY TABLE' privilege.

Edited by: Willeja on Oct 30, 2008 8:33 AM
60437
Is there a reason why a role isn't good?
In Oracle, roles are not enabled during the execution of definer's rights stored procedures which is how you can consider an Application Express application.
The only thing now that isn't working will be the 'ALTER ANY TABLE' privilege.
That's a powerful privilege for your application's parsing schema to have.

Scott
1 person found this helpful
Willeja
That's a powerful privilege for your application's parsing schema to have.








Yes it is, but there are only 2 persons who will use this schema and normally they know what they are doing.



I solved the problem. Alter any table wasn't sufficient because we did:



alter table X add ( column number default 1);



Because of the default we also needed the 'UPDATE ANY TABLE'.



Thank to all your answers...
1 - 8
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Nov 28 2008
Added on Oct 29 2008
#apex-discussions, #schema
8 comments
792 views