Grant execute on package
Dear all,
I have a package that has procedures related to other.
I want to grant some users execute on some of those procedures, and others execute on other
procedures.
Say
create package holiday_pkg as
procedure ask_holiday(emp_no in number, period in number, start_date in date);
procedure approve_holiday(holiday_seq in number);
end;
I want user_employee to have the privilege to execute ask_holiday and not to execute
approve_holiday. user_manager to have the privilege to execute both procedures.
Would someone tell me the best way to do that?
Or I have to split the procedures into two packages, I do not want it this way.
Thanks.
mmatar wrote:
You mean I have to build a wrapper to do that.
This could make the application complex.
I have more than one procedure, and a related group of users.
The wrapper means that I have to build one for every group of users. :(Well, this is about design. I disagree it would make application more comples, I wager it would be the other way around.
It is about granualrity, modulization and encapsulation.
Too often we see procedures having thousand of lines of executable section.
- This makes things virtually impossible to test. So break down into smaller procedures, and place in package specs to make them testable.
- This leads to a number of "public" procedures that should not be public. So build APIs on top of those.
This leads to two kind of packages (Which might not even be in the same schema):
Programming API
Public API.
Where the latter is a high level API that somehow resembles the business processes.
Originally, this was probably the idea behind Package Spec and Package Body, but I feel it should be brought to a higher level
Hope this makes sense.
Regards
Peter
Similar Messages
-
Grant Execute on package Specification
How to give grant to package specification to another user?
The package has only specification and no package body
in package specification i have defined some constants variables which i need to access from another user?
Current if i give grant execute from the other user it is shwoing up only blank body......Works for me...
As test_user...
SQL> create or replace package test_vars is
2 g_number number := 100;
3 end;
4 /
Package created.
SQL> grant execute on test_vars to scott;
Grant succeeded.As scott...
SQL> create synonym test_vars for test_user.test_vars;
Synonym created.
SQL> set serverout on
SQL> begin
2 dbms_output.put_line(test_vars.g_number);
3 end;
4 /
100
PL/SQL procedure successfully completed.
SQL> -
I am trying to grant on a package and I am getting this error, what key word is missing.
1* GRANT EXECUTE ON PACKAGE MDRXML.mx_submit_message_pkg_raj to MDRCENTRAL
SQL> /
GRANT EXECUTE ON PACKAGE MDRXML.mx_submit_message_pkg_raj to MDRCENTRAL
ERROR at line 1:
ORA-00905: missing keyword
Will appreciate all the helpHi,
you can try this.
GRANT EXECUTE ON MDRXML.mx_submit_message_pkg_raj to MDRCENTRAL
thanks -
Hi
the following command gives error ORA-00905: missing keyword
i am trying to run the command from xoe schema
Xadv is another user.
GRANT EXECUTE
ON
PACKAGE
xoe.xoe_utils_pkg.Get_Status_Desc TO xadv
thanks in advance
ManiIn other words, If you want to expose only this method a "UserA", create a procedure/function that access only this method and grant it to "UserA".
Otherwise, Once you ganted the package to a "UserA", user has access to all methods and properties declared in the package spec.
Hope this helps. -
PLS-00201: Not able to execute Oracle Package through Java app
Hi,
My struts application is trying to execute an oracle procedure (in a package) and is getting following error.
I have granted execute priveledge to the user using "Grant execute on <package name> to <user>"
Also, I am able to execute the procedure through this user in sqlplus.
I am using Oracle thin driver for JDBC.
Please guide.
+06:36:17,500 ERROR [STDERR] java.sql.SQLException: ORA-06550: line 1, column 7:+
PLS-00201: identifier 'uhbvn_public.GENSYSLOGIN' must be declared
ORA-06550: line 1, column 7:
PL/SQL: Statement ignored
+06:36:17,500 ERROR [STDERR] at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)+
+06:36:17,500 ERROR [STDERR] at oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:289)+
+06:36:17,500 ERROR [STDERR] at oracle.jdbc.ttc7.Oall7.receive(Oall7.java:573)+
+06:36:17,500 ERROR [STDERR] at oracle.jdbc.ttc7.TTC7Protocol.doOall7(TTC7Protocol.java:1891)+
+06:36:17,500 ERROR [STDERR] at oracle.jdbc.ttc7.TTC7Protocol.parseExecuteFetch(TTC7Protocol.java:1093)+
+06:36:17,500 ERROR [STDERR] at oracle.jdbc.driver.OracleStatement.executeNonQuery(OracleStatement.java:2047)+
+06:36:17,500 ERROR [STDERR] at oracle.jdbc.driver.OracleStatement.doExecuteOther(OracleStatement.java:1940)+
+06:36:17,500 ERROR [STDERR] at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:2709)+
+06:36:17,500 ERROR [STDERR] at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:589)+
+06:36:17,500 ERROR [STDERR] at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:656)+
+06:36:17,500 ERROR [STDERR] at org.jboss.resource.adapter.jdbc.WrappedPreparedStatement.execute(WrappedPreparedStatement.java:209)+
+06:36:17,500 ERROR [STDERR] at wenrgise.ejb.common.utility.DBUtilitiesBean.callProc(DBUtilitiesBean.java:390)+
+06:36:17,500 ERROR [STDERR] at wenrgise.sysadmin.ejb.business.SysLoginBO.getSysLoginUserInfo(SysLoginBO.java:57)+
+06:36:17,500 ERROR [STDERR] at wenrgise.sysadmin.ejb.facade.SysLoginFacadeBean.getLoginInfo(SysLoginFacadeBean.java:37)+
+06:36:17,500 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
+06:36:17,500 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)+
+06:36:17,500 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)+
+06:36:17,500 ERROR [STDERR] at java.lang.reflect.Method.invoke(Method.java:592)+
+06:36:17,500 ERROR [STDERR] at org.jboss.invocation.Invocation.performCall(Invocation.java:359)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)+
+06:36:17,500 ERROR [STDERR] at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)+
+06:36:17,500 ERROR [STDERR] at org.jboss.ejb.Container.invoke(Container.java:960)+
+06:36:17,500 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)+
+06:36:17,500 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)+
+06:36:17,500 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)+
+06:36:17,500 ERROR [STDERR] at java.lang.reflect.Method.invoke(Method.java:592)+
+06:36:17,500 ERROR [STDERR] at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)+
+06:36:17,500 ERROR [STDERR] at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)+
+06:36:17,500 ERROR [STDERR] at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)+
+06:36:17,500 ERROR [STDERR] at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)+
+06:36:17,500 ERROR [STDERR] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)+
+06:36:17,500 ERROR [STDERR] at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)+
+06:36:17,500 ERROR [STDERR] at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)+
+06:36:17,500 ERROR [STDERR] at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)+
+06:36:17,500 ERROR [STDER+What part of
identifier 'uhbvn_public.GENSYSLOGIN' must be declareddon't you understand? -
Grant execute on DBMS_CRYPTO package (11R1)
I figured out I needed to grant my user access to this SYS package using:
SQL> grant execute on DBMS_CRYPTO to lob_demo;
Grant succeeded.
yet after doing this, I still get this error:
SQL> select DBMS_CRYPTO.HASH(bytes, DBMS_CRYPTO.HASH_SH1) from blobslicer where id=1;
select DBMS_CRYPTO.HASH(bytes, DBMS_CRYPTO.HASH_SH1) from blobslicer where id=1
ERROR at line 1:
ORA-06553: PLS-221: 'HASH_SH1' is not a procedure or is undefined
Yet if I use the numeric constant for DBMS_CRYPTO.HASH_SH1 (3), it works:
SQL> select DBMS_CRYPTO.HASH(bytes, 3) from blobslicer where id=1;
F5A7338EFFEB15A49AFC9545393EF685BB51F931
So what am I missing that prevents me from having access to a constant in the package when I can successfully use one of the function of that same package?
Thanks, --DDMaybe, that makes a little bit clearer the difference
between usage of package constants in sql and pl sql...That's what I suspected, thank you for hammering the point home Maxim.
The taken away for me is that package constants are not available to SQL code, only to PL/SQL code. (irrelevant of their type most likely).
I actually tried to grant my user SELECT privileges on the package, because accessing a constant from a package is more akin to SELECT than EXECUTE, but of course one cannot do that.
Thank you both again for the help. --DD -
To grant execute on a specific procedure in a package
is there a way to grant execute on a specific procedure in a package without granting execute to the package itself.
Case 1: If you have package function,
->Then you can create a view on it and give access to specific user.
Case 2: If you have package procedure
-> I think, there is no direct method to GRANT part of package.
-> Make GLOBAL procedure only the one that you want to grant to the user. Now if you grant the package (having few global), user only able to access the GLOBAL's only..
So how do u implement?
PACKAGE global_pkg
Procedure first_global_procedure;
Procedure second_global_procedure;
END global_pkg;
Now You create Package as per user access:
Package user_1_pkg
call first_global_procedure;
END;
Package user_2_pkg
call second_global_procedure;
END;
Now, you Grant user_1_pkg to USER1 and user_2_pkg to USER2 -
Grant execute any function or package
Hi,
Does the below command give execute priviliges on functions and packages too ?
grant execute any procedure to <user>;
When i give same for fucntion it gives following error,
SQL> grant execute any function to user2;
grant execute any function to user2
ERROR at line 1:
ORA-00990: missing or invalid privilege
Thanks.EXECUTE ANY PROCEDURE grants permission to all procedures and all functions, whether stand alone or packaged.
Hopefully, you're well aware of this, but the various ANY privileges, like EXECUTE ANY PROCEDURE, are exceptionally powerful. You want to be very cautious about granting those privileges because they can introduce a number of security holes.
Justin -
GRANT EXECUTE ON SCHEMA.PACKAGE.PROCEDURE TO USER
Hi,
GRANT EXECUTE ON SCHEMA.PACKAGE.PROCEDURE TO USER
returns:
ORA-00905, do you know why? Can I grant privileges on procedure inside package?
thanksAs per my knowledge of oracle, we cannot grant privileges on procedure inside a package.
<br><br>
Raj<br>
<b>www.oraclebrains.com<a>
<br><font color="#FF0000">POWERED by the people, to the people and for the people WHERE ORACLE IS PASSION.</font></b>
<br>
Sorry Leonardo Horikian & Kamal Kishore, I was late and didn't know that you guys have already posted the answer.
Message was edited by:
rajs -
Why doesn't the "grant execute any procedure" work?
Hi to all.
I want to grant the execute privilege for all SYS schema functions/procedures. To achieve it I do the following:
SQL> connect sys/*****@orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as SYS
SQL> create user test identified by test;
User created
SQL> grant create session to test;
Grant succeeded
SQL> grant execute any procedure to test;
Grant succeeded
According to the [http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm] the "grant execute any procedure" - grants Execute procedures or functions, either standalone or packaged.
So, the steps seem to be right. Then, I try to connect to the test user and execute any procedure from the SYS schema, for example, dbms_lock.sleep:
SQL> connect test/test@dizzy/orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as test
SQL> begin
2 sys.dbms_lock.sleep(1);
3 end;
4 /
begin
sys.dbms_lock.sleep(1);
end;
ORA-06550: line 3, column 1:
PLS-00201: identifier 'SYS.DBMS_LOCK' must be declared
ORA-06550: line 3, column 1:
PL/SQL: Statement ignored
So, the execution fails due to insufficient rights. However, the direct grant on the sys.dbms_lock works!
SQL> connect sys/*****@dizzy/orcl as sysdba
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as SYS
SQL> grant execute on dbms_lock; to test;
grant execute on dbms_lock; to test
ORA-00911: invalid character
SQL> grant execute on dbms_lock to test;
Grant succeeded
SQL> connect test/test@dizzy/orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as test
SQL> begin
2 sys.dbms_lock.sleep(1);
3 end;
4 /
PL/SQL procedure successfully completed
So, to be sure that the grant on any procedure from the definite scheme is given, should I avoid giving the execute any procedure grant?
P.S. Is there any special tag for code?
Thanks in advance.Sybrand, thank you for the reply.
You are right. I tried to connect by another user NOT SYS and created the function:
SQL> create user testic identified by i;
User created
SQL> grant create session, execute any procedure to testic;
Grant succeeded
SQL> create or replace function get1 return number is
2 begin
3 return 1;
4 end;
5 /
Function created
SQL> connect testic/i@orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as testic
SQL> select get1 from dual;
select get1 from dual
ORA-00904: "GET1": invalid identifier
SQL> select kaisa_rgali.get1 from dual;
GET1
1Thank you for the tag. This's exactly what I asked about.
Finally, I tried t open the hyperlink http://download.oracle.com/docgs/cd/B10501_01/server.920/a96521/privs.htm but it failed. -
How to give grant permission on packaged procedure
Hi ,
This is Ramesh what is my requirement is i want give permission packaged procedure that means i given permission only procedure not entire package it is possible or not? if yes then why
given exampleHi,
You can't give grant to package.function or procedure.
You can do that following way.
SQL> create or replace package p is function f return number; end p;
2 /
Package created.
SQL> create or replace function f return number is begin return p.f; end;
2 /
Function created.
SQL> grant execute on f to scott;
Grant succeeded.
Regards
Mahir M. Quluzade -
Grant access to package in schema2 from schema1- how? Or...
Hi
I am trying to test utPLSQL. utPLSQl is installed in schema1@instance1 and the package that I need to test is located in schema2@instance1.
How can I access package to be tested present in schema2 from schema1? The package has a number of procedures accessing many tables etc.
GRANT EXECUTE ON SCHEMA.PACKAGE TO USER
Will this be enough?If the schema2.package_name has been successfully compiled using defining user authorization (default) and not current user authorization then yes all any other username requires to use the package and perform any DML activity defined in the package is an "execute" grant on the package.
In the case of current user authorization then the executing user would also need DML grants on the referenced objects.
HTH -- Mark D Powell -- -
Error granting EXECUTE on DBMS_JAVA:-4042:ORA-04042: procedure, function,
Hi .
I 'm experiencingn the following problem when granting acess to the sys user can any one help please in this issue.I 'm using an oracle 10 g on a solaris system.
Granting EXECUTE on DBMS_JAVA to SYSTEM WITH GRANT OPTION
Error granting EXECUTE on DBMS_JAVA:-4042:ORA-04042: procedure, function,
Thanks.You need to execute this with user "sys"
see my test please:
oracle@myserver:~> sqlplus "/ as sysdba"
SQL*Plus: Release 11.2.0.1.0 Production on Tue Aug 17 13:24:28 2010
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
sys@MYSID> grant EXECUTE on DBMS_JAVA to SYSTEM WITH GRANT OPTION;
Grant succeeded.
sys@MYSID>as I check ORA-04042: procedure, function, package, or package body does not exist
I can see that you issue is that you don't have Oracle JVM option installed in your database.
start database configuration assistant (dbca) choose configure database options operations select your DB SID and install Oracle JVM for your database (find it under Standard database components button)
HTH, Regards -
Grant execute on schema.pakage.procedure.........
i need to grant execute permission to a user on a procedure that is part of a package, i give this command which return error. What should i do
grant execute on CORE_BUSINESS.PKG_CORE_BUSINESS_IP.ALTER_TEMP_INSURED_PERSON_DATA to cb_softdata;
[Error] Execution (3: 53): ORA-00905: missing keywordmalhi wrote:
i need to grant execute permission to a user on a procedure that is part of a package, i give this command which return error. What should i do
grant execute on CORE_BUSINESS.PKG_CORE_BUSINESS_IP.ALTER_TEMP_INSURED_PERSON_DATA to cb_softdata;
[Error] Execution (3: 53): ORA-00905: missing keyword
Hi
Its not possible to grant at procedure level which exists inside a package.
Try
grant execute on CORE_BUSINESS.PKG_CORE_BUSINESS_IP to cb_softdata;Regards,
Achyut
Edited by: Achyut K on May 9, 2011 3:09 AM
Nanu Kannadiga
Edited by: Achyut K on May 9, 2011 3:17 AM -
Grant execute to all procedure to a user / public
hey!
simple question:
how can i gran execute on all the procedures belong to a given user - for another user (or to public)?
should i use a roll or can i do it without it?
thanks
yairI'm thinking that I read in 11G there was a new utility that allows you to grant all from one schema to another, but why in the world would anyone want to do that? (okay... no answer required on that one)
Sounds like you might have to write some dynamic SQL.
For tables and views, you will need to grant all on the object to the other schema.
For packages and procedures, you can grant execute to them.
Or, another option would be (arg... I hate to suggest this), grant a select any table, delete any table, insert any table, execute any procedure, etc... to the user.
This is really bad, and I don't recommend this, only noting that it is an option. If this is just for some kind of temporary purpose (e.g., testing), then this might be acceptable, however, revoke these privileges immediately.
The better option is to write dynamic SQL and grant directly to the other schema owner. You may run into problems with views and procedures if you use a role which is why I would recommend granting directly to the user. I've also run into problems with GLOBAL_LEXARs and things related to Oracle text when granting via roles.
But now, I have to still wonder why you would not just grant the necessary privileges that the other schema needs rather than granting everything?
Ji Li
Maybe you are looking for
-
How can I create a rotating basketball image in Motion?
I need to have a basketball rotate and do a full 360 degree. I took an image from Google Images and dragged into Motion and applied the sphere filter. Is that the best 3D looking basketball I can get from a 2D image? Thanks! Message was edited by: Ho
-
BPM 11.1.1.6 error creating process instance
Hello! I am deploying BPM processes using JDeveloper 11.1.1.5 and SOA Server 11.1.1.6 and I am getting the following error: [2012-12-04T19:11:47.209+01:00] [WLS_SOA1] [NOTIFICATION] [] [oracle.integration.platform.blocks.tenant] [tid: [ACTIVE].Execut
-
Itunes wont open unless restarting computer
itunes wont open unless restarting computer. Bought my first piece of music through itunes store. Shortly thereafter couldn't open itunes after closing it unless restarting the computer. Had no problems previously. Not very computer savvy. Computer u
-
Hello, Since "FROM clause" based blocks are not well handled by Forms 6i (not editable, master-details relations restrictions), is there another way to base a block on several tables without using a "FROM clause" ? Actually, blocks are based on one t
-
Pathetic lack of 4G phones with no physical keyboard
I've been a Verizon customer since my first mobile phone and I was one of the first people to buy the original Droid when it launched, but the leaked news about the upcoming Droid 3 has me strongly leaning towards going with another carrier. I find