Priveleges to create procedures/functions in schemas

Greetings,
I have a default schema associated with my user account. Can permissions be given for my user account to create functions and procedures in another schema without giving that user priveleges to create in ANY schema.
Our default schema for HTMLDB is not the schema associated with my user account. I want to be able to create my functions inside that schema, but our DBA's havent been able to find out how to give the privelege without opening up all schemas to that account.
hope this made sense,
Cliff Moon

Okay Cliff, no problem.
Now, Michael, I don't know of any prepared docs specifically about this but fwiw, I'll try to recap how it works.
1. HTML DB uses a public account to create (or reclaim) a distinct database session to service each page request. The connection is configured with the modplsql DAD and the database user (schema) that owns the session is HTMLDB_PUBLIC_USER. (The exception to this is when you configure a DAD for basic authentication.)
2. The public packages (like wwv_flow) and procedures (like f) invoked through each HTTP request are owned by schema FLOWS_xxxxxx. Packages like wwv_flow use definers rights. This means, among other things, that they can execute any other packages owned by the FLOWS_xxxxxx schema, including the highly privileged, non-public packages that execute user code.
3. The more privileged non-public packages do all the real work of rendering pages and processing POSTed pages. During these phases, your application code is executed (your report region queries, your DML operations, your page processes, validations, condition evaluation, your API calls, everything). All of this code is "parsed as" the database user (schema) assigned to your application. (Only one schema is assigned to a given application, although the assigned schema can be changed using the builder whenever you like.) The HTML DB engine can execute all of your application code as the "parse as" schema because it has SYS privileges to do so.
4. Any of your code that HTML DB executes dynamically runs with the security privileges of your application schema. These privileges must have been granted explicitly and not through roles. So if your report query does 'select * from emp' it's necessary for emp (or a synonym for it) to exist in your application schema and for that schema to have select privilege on emp.
5. The SQL Workshop works the same way, except things happen there at a workspace level, not at an application level. A workspace has one or more database schemas mapped to it. This means only that a conscious decision has been made (by an admin) to allow each workspace to access specific schemas. The list of schemas mapped to a given workspace appears in LOVs in various places, such as the SQL Command Processor. Selecting a schema from this LOV allows you to perform operations in that schema. You can perform operations in any of the other mapped schemas by selecting them from the LOV in turn.
Note: so far we've said nothing about who the authenticated user is using your application (or the SQL Workshop application), because it has absolutely no bearing on anything so far.
6. HTML DB allows developers to specify a plan to be used by the engine at the start of every page request to perform the chores of authentication, initial session registration and session management. This plan is called an authentication scheme. HTML DB provides standard schemes that are used by most developers, but developers can also design and build custom authentication schemes over which developers have complete control.
7. During the execution of the authentication scheme for a page view (show) or page processing (accept) request, it is common for the scheme to cause a branch/redirect to a login page if it determines that no valid session yet exists. The operation of the login page results in the user being challenged for credentials and for those credentials to be verified. If they check out, related housekeeping tasks are performed such as recording the session ID in a table and session cookie creation. And a token is established to be used to identify the authenticated user for the duration of the HTML DB session. This value is stored in APP_USER and can be queried by developer-owned code and HTML DB-owned code as required.
8. The credentials verification step is where user accounts come into play. It doesn't matter to HTML DB whether your application uses custom tables, an LDAP directory, an SSO infrastructure, or database accounts to verify credentials -- the verification takes place, usually once per HTML DB session, and that's that. The authentication scheme determines the exact method used.
9. One example of an application that uses its own custom tables to hold account information (usernames/passwords) is HTML DB itself. You get the first account created for you during product installation and then you create administrator and developer accounts as you create multiple workspaces for developers at the site. These accounts are just rows in tables, a username, a password, an email address, the ID of the workspace, basic stuff like that. They are not database user accounts (schemas). And with these accounts, you can authenticate to HTML DB and use the Builder, the SQL Workshop, and the administration functions. Just remember, the database knows nothing of these accounts (they are like Oracle Applications user accounts).
10. These HTML DB user accounts exist primarily to allow developers to use HTML DB. But they can also be used to allow end users to authenticate to applications created using HTML DB. That relieves each developer of having to "reinvent the wheel" and set up account repository tables and to have to write APIs to store/manage passwords, the work we did for HTML DB itself. Your application can simply use the built-in HTML DB authentication scheme which uses the account repository for credentials verification. It's not the only way for your application to verify credentials. In fact it's best suited for experimental applications, small workgroup applications, prototypes, apps on that scale. Applications that are slated for actual production deployment should be fitted with enterprise-level identity management solutions.
11. Finally, HTML DB provides a very, very basic group-membership model that allows developer accounts (not database schemas) to be assigned to arbitrarily organized named groups. There is a supporting API for queries against these groups and an admin UI to create/maintain these groups. The same caveats given for using developer accounts for production applications apply to this facility.
Recap:
Database accounts: HTML DB does not use these accounts, their roles, or their privileges except to dynamically execute application code using these schemas as the "parsing schema".
HTML DB user accounts: No relation to database schemas (*). They exist in custom tables owned by the HTML DB product. Accounts can be created and used by application developers as an out-of-the-box credentials verification method for authentication.
*Exception: The "default schema" associated with an HTML DB user account is the name of a schema used to prime an LOV when the user sees a list-of-schemas LOV in places like the SQL Workshop.
Scott

Similar Messages

  • Create procedure/functions under Custom Public Transformations using OMB

    Hello,
    I need to create a global procedure under Public Transformations. How do i do so?
    I am able to create them under specific projects, but not as global.
    I tried creating it after OMBCC 'PUBLIC_PROJECT' , but it says i need to change my context...
    Can some one please help me with this.
    Thanks in advance..

    check these links for references.
    http://download.oracle.com/docs/cd/B31080_01/doc/owb.102/b28225/omb_appendix.htm
    http://mis3nt.gsnu.ac.kr/PublicData/Oracle11gDoc/owb.111/b31279/omb_appendix.htm

  • Do you have any procedure/function to get parent child relation ship logic?

    I am in great need. I have developed one but its has many cursor. Actually to get final leaf node, I have to keep on using cursor until last leaf found.
    Note: CONNECT BY PRIOR not to be used with this requirement. So need to create procedure/function only.

    Note the name of this forum is "SQL Developer *(Not for general SQL/PLSQL questions)*", so only for issues with the SQL Developer tool. Please post these questions under the dedicated SQL And PL/SQL forum (you've posted there before).
    Additionally, this seems to be a duplicate of your other thread at How to get Number of NESTED CHILD on this requirement? please use the same thread instead of duplicating.
    Regards,
    K.

  • How can I create packages procedure & function in user-define Library

    hi.
    i am already created packages procedure & function in database and use so on.
    now i would like to create these in library file.
    please anyone give me example of any procedure or function to store in library.
    thanks
    Ali

    <FONT FACE="Arial" size=2 color="2D0000">> please send me one simple example for create library
    then create any function in library.
    2nd is any package can be create in library or not??
    Thanks S.K
    AliHave you checked the link?
    A simple example is provided.
    I think What I understood from your post is that, you want to put function/ Proc and want to call that as Library ..
    Which is not  possible.
    For exampel an external routine is a third-generation language procedure stored in a
    dynamic link library (DLL), registered with PL/SQL, and called by the DBA to perform
    special-purpose processing.
    In Unix a dynamic link library is known as a shared object (so).
    At run time, PL/SQL loads the library dynamically, then calls the routine as if it were a
    PL/SQL subprogram. To safeguard our database, the routine runs in a separate address
    space, but it participates fully in the current transaction. Furthermore, the routine can
    make a call back to the database to perform SQL operations.
    To identify a DLL we have to use CREATE LIBRARY command.
    The CREATE LIBRARY command is used to create a schema object, library, which
    represents an operating-system shared library, from which SQL and PL/SQL can call
    external third-generation-language (3GL) functions and procedures.
    Learn something more on External Procedures
    -SK
    </FONT>

  • Sql Developer - View source code of procedures, functions & packages in another schema

    Our developers need the ability to view procedures, function, packages etc. in the production database (using SQL DEVELOPER).  They don't have access to sign on as the owner of these
    objects in Production.  They must use their own limited access UserID for this purpose.
    This limited access UserID has been granted select privilege on DBA_SOURCE & DBA_OBJECTS.  The developers need the ability to view the source of these object via
    the tree view in SQL DEV.  They should be able to click on "other users" in the SQL DEV tree view and see a listing of the owner schema objects.  Then they should
    be able to select the desired object and view the source code.  These developers are used to using GUI interfaces.  Selecting from DBA_SOURCE would not be an
    option for them.
    I understand that if the limited user is granted SELECT ANY DICTIONARY or SELECT_CATALOG_ROLE then this functionality will work.  The problem is those
    privileges/roles  provide much more access than should be granted to these limited access users. Granting DBA to these users is also not an option.
    In TOAD and other end-user tools this functionality works when only select privilege on DBA_SOURCE & DBA_OBJECTS has been granted.  We need this same functionality
    in SQL DEV.
    While searching this forum and the internet, I see that other installations have this same issue.
    Please enhance SQL Developer with this functionality. 
    Thank you, ellen

    Just to double check that I'm interpreting the problem correctly, is the following true:
    select * from all_objects where object_name = 'DBA_SOURCE'
    returns nothing
    select * from dba_source where name = your PL/SQL module
    returns all the code

  • How to create a function/procedure which can take optional parameter?

    Hi,
    I want to create a function or a procedure which can take optional parameters. For example, I want to create fun1() or fun1(param1) like this. Only one function will act differently when different number of parameters are passed to it. Something like the substr() function in oracle. It can be called with 2 parameters, as well as three parameters.
    Thanks in advance,
    Kiran

    There are two ways of doing this. The regular way would be to add a DEFAULT clause to your function declaration:
      -- Function can be called with 1 or 2 parameters
      FUNCTION xxxx
        ( param_one  NUMBER
        , param_two  VARCHAR2  DEFAULT NULL )
      RETURN VARCHAR2;Or, if your functions are declared in a package you can do some over-loading:
      PACKAGE yyyy
      IS
        -- Function with 1 parameter
        FUNCTION xxxx
          ( param_one  NUMBER )
        RETURN VARCHAR2;
        -- Function with 2 parameters
        FUNCTION xxxx
          ( param_one  NUMBER
          , param_two  VARCHAR2 )
        RETURN VARCHAR2;
      END;If you are calling server-side functions from client-side tools (like OracleForms) you may need to use this second method.

  • How to create a procedure function with a return value of ref cursor?

    Can anybody provide a sample about how to create a procedure function with a return value of REF CURSOR?
    I heard if I can create a function to return a ref cursor, I can use VB to read its recordset.
    Thanks a lot.

    http://osi.oracle.com/~tkyte/ResultSets/index.html

  • How Create procedure or function with ADO ?

    Hello,
    How Create procedure or function with ADO?It's my question.
    Thanks.
    Henri

    This message if post by Taiwan-ChangHaw-Oracle-Stored-Procedure-For-Business-Rule-Club
    public bool ConnectDatabase()
    try
    { string strConnectionString =
    "Provider=OraOLEDB.Oracle" +";"+
         "Data Source=" + ConnectionParams.Datasource +";"+
    "User Id =" + ConnectionParams.Username +";"+
    "Password =" + ConnectionParams.Password;
         m_conn=new ADODB.Connection();
         m_conn.ConnectionString=strConnectionString;
         m_conn.Open("","","",0); //i_"YYAOl Open the connection
    catch(Exception e)
    {     System.Windows.Forms.MessageBox.Show(e.Message);
         return false;
    return true; //YYAOl_B>3I9&connected successfully
    public void InsertDescription(string p_product,string p_language,string p_tname,string p_tdescription)
    { string sql="{Call inserttranslateddescription(?,?,?,?,?)}";
    try
    { ADODB._Command cmd=new ADODB.Command();//Create a command object
    cmd.ActiveConnection=m_conn; //Set its active connection to open connection
    ADODB.Properties properties=cmd.Properties;//Get the command properties into ADODB Properties object
    IEnumerator ienum=properties.GetEnumerator();//Get an enumerator on above properties
    ADODB.Property singleprop;
    while(ienum.MoveNext()) //iterate through the enumerator
         {singleprop=(ADODB.Property)ienum.Current;//Get the current property from enumerator
         string propname= singleprop.Name; //Get the name of current property
         if(propname.Equals("NDatatype")) //if the property is 'NDatatype' set its value to true
         singleprop.Value=true;
    cmd.CommandType=ADODB.CommandTypeEnum.adCmdText;
    int pid=Int32.Parse(p_product);
    ADODB._Parameter langid     =cmd.CreateParameter("langid",          ADODB.DataTypeEnum.adChar,ADODB.ParameterDirectionEnum.adParamInput, 100,p_language);
    ADODB._Parameter productid =cmd.CreateParameter("productid",     ADODB.DataTypeEnum.adNumeric,ADODB.ParameterDirectionEnum.adParamInput, 100,pid);
    ADODB._Parameter tname =cmd.CreateParameter("tname",          ADODB.DataTypeEnum.adBSTR,ADODB.ParameterDirectionEnum.adParamInput, 50,p_tname);
    ADODB._Parameter tdescription=cmd.CreateParameter("tdescription",ADODB.DataTypeEnum.adBSTR,ADODB.ParameterDirectionEnum.adParamInput, 50,p_tdescription);
    ADODB._Parameter check          =cmd.CreateParameter("check",          ADODB.DataTypeEnum.adNumeric,ADODB.ParameterDirectionEnum.adParamOutput,100,0);
    cmd.Parameters.Append(langid);
    cmd.Parameters.Append(productid);
    cmd.Parameters.Append(tname);
    cmd.Parameters.Append(tdescription);
    cmd.Parameters.Append(check);
    cmd.CommandText=sql;
    //Execute the command to insert product details in database
    object recs;
    object param=p_language;
    cmd.Execute(out recs,ref param,1);
    ienum.Reset();
    while(ienum.MoveNext()) //iterate through enumerator
    { singleprop=(ADODB.Property)ienum.Current;//Get the current property in to Property object
    string propname= singleprop.Name; //Get the name of current property
    if(propname.Equals("NDatatype")) //if it is 'NDatatype' set its value to true
    singleprop.Value=false;
    IEnumerator iprop=cmd.Parameters.GetEnumerator();//Get the enumerator for command parameters
    while(iprop.MoveNext()) //loop through enumerator
    { //Get the current parameter in enumerator
    ADODB._Parameter checkval=(ADODB._Parameter)iprop.Current;
    if(checkval.Name.Equals("check")) //if the parameter is 'check'
    if(checkval.Value.ToString().Equals("0")) //If check's value is zero data was inserted
    System.Windows.Forms.MessageBox.Show("Product details Inserted successfully");
    else
    System.Windows.Forms.MessageBox.Show("Product Details Updated");//else data was updated
    catch(Exception e)
    System.Windows.Forms.MessageBox.Show(e.Message);//Display any error message
    }

  • Why thr r 2 options Is/As while creating procedure or function

    why there are 2 options avialable IS/AS while creating procedure or function ?
    Like
    create or replace procedure test (p_nbr NUMBER) AS
    create or replace procedure test (p_nbr NUMBER) IS
    tried both the options observed same result..
    Is thr any differnce between IS and AS ?

    SShubhangi wrote:
    why there are 2 options avialable IS/AS while creating procedure or function ?
    Like
    create or replace procedure test (p_nbr NUMBER) AS
    create or replace procedure test (p_nbr NUMBER) IS
    tried both the options observed same result..
    Is thr any differnce between IS and AS ?Technically... there is no difference.
    In terms of the English language, it would depend what you're describing...
    [ do some action ] AS follows...
    [ this object ] IS defined like this...
    So in programming language terms you could say that:
    create or replace procedure test (p_nbr NUMBER) AS...reads more naturally than
    create or replace procedure test (p_nbr NUMBER) IS...because it is an "action" of creating or replacing something.
    whereas, for example, a procedure in a package...
    procedure test (p_nbr NUMBER) IS...is more clear than
    procedure test (p_nbr NUMBER) AS...because this is stating what the procedure IS, rather than an action of creating it. (the package itself would be "create package ... AS")
    As far as Oracle is concerned though, it doesn't care, they are both interchangable. For me personally, I like to use the one that makes it clearly readable.

  • Is is possible to create Socket using Java Stored Procedures/Function(Ora)?

    Hello Friends,
    Is is possible to create Socket using Java Stored Procedures/Function in Oracle?
    OR
    How I can send a message from oracle to Java Desktop Application which is working like server program?
    Please Guide !!

    J3Ganesh wrote:
    Hello Friends,
    Is is possible to create Socket using Java Stored Procedures/Function in Oracle?No, Oracle was very careful to take that feature out of the JDK provided in Oracle 10/11, but you can buy that feature back for, if I remember correctly, about 5000 dollars. (I actually raised a service request on this and then told my rep what I thought about the answer I received--some thing along the line of money grubbing so and so....)
    How I can send a message from oracle to Java Desktop Application which is working like server program?You can make a table and poll it from time to time from the Java side and write and commit what ever you want to the table. I do not know any way to send a signal from Oracle DB an external Java application--Java or PL/SQL stored procedure.

  • How to create procedure having delete statement with between function?

    I am very new in SQL Development, I want to create a procedure having two date variable start and end and these two variable i want to use in procedure body to delete data from a specific table between two date duration.
    Please guide
    Thanks,

    create procedure some_proc (start_date date, end_date date)
    as
    begin
         delete from your_table
                   where your_date_column between start_date and end_date;
    end some_proc;
    /

  • Read access to procedures,function,packages and triggers

    Hi,
    I created a user with CREATE SESSION,SELECT ANY TABLE privilege. My objective is to create a user with read only access to other schemas. But the newly created user is not able to read procedures,function,packages and triggers. The new user need read access to procedures,function,packages and triggers. What is the priviege required for this access? Please help me to resolve this issue.
    Regards,
    Mat.

    Hi,
    Grant select all will give select privileges to all schema level objects except procedures,function,packages and triggers. But I need to grant read privileges on these objects to newly created user.
    Regards,
    Mat.

  • Create a function

    Hi all,
    I would like to understand what is my errors in this procedure :
    * I get : Warning: Procedure created with compilation errors.
    Anyone could help me please?
    * This procedure drop all the objects in the current schema.
    CREATE OR REPLACE PROCEDURE DROPOBJECTS
    AS
         cursor c_get_objects is
              select object_type,'"'||object_name||'"'||decode(object_type,'TABLE' ,' cascade constraints',null) obj_name from user_objects
              where object_type in ('TABLE','VIEW','PACKAGE','SEQUENCE','PROCEDURE','FUNCTION',
              'SYNONYM', 'MATERIALIZED VIEW') AND (object_name NOT LIKE '%BIN$%')
              order by object_type;
         cursor c_get_objects_type is select object_type, '"'||object_name||'"' obj_name from user_objects where object_type in ('TYPE');
    begin
         for object_rec in c_get_objects loop
              execute immediate ('drop '||object_rec.object_type||' ' ||object_rec.obj_name);
         end loop;
         for object_rec in c_get_objects_type loop
              execute immediate ('drop '||object_rec.object_type||' ' ||object_rec.obj_name);
         end loop;
    END
    thanks to all.

    The statis is INVALID
    When I compile the procedure, I get :
    SQL> ALTER PROCEDURE jim.dropobjects COMPILE;
    Warning: Procedure altered with compilation errors.
    I'm able to run the script by command line :
    ------------ original script -------------------
    declare
    cursor c_get_objects is
    select object_type,'"'||object_name||'"'||decode(object_type,'TABLE' ,' cascade constraints',null) obj_name from user_objects
    where object_type in ('TABLE','VIEW','PACKAGE','SEQUENCE','PROCEDURE','FUNCTION',
    'SYNONYM', 'MATERIALIZED VIEW') AND (object_name NOT LIKE '%BIN$%')
    order by object_type;
    cursor c_get_objects_type is select object_type, '"'||object_name||'"' obj_name from user_objects where object_type in ('TYPE');
    begin
    for object_rec in c_get_objects loop
    execute immediate ('drop '||object_rec.object_type||' ' ||object_rec.obj_name);
    end loop;
    for object_rec in c_get_objects_type loop
    begin execute immediate ('drop '||object_rec.object_type||' ' ||object_rec.obj_name);
    end;
    end loop;
    end;
    But, I have to create a function available to some developper users. so, I try to convert the script into a procedure.
    SqlPlus does not indicates the specific error.

  • Idea for package/procedure/function distribution ??

    Hi all
    We have multilple databases (10.2.0.3). And we have a lot of "utility" packages for both appl. util and for DBA utils.
    We have created a XXXUTIL schema on each database.
    How do we keep those schemas in sync automatically - apart from doing export/import? We will name on "master" and all other should be in sync with this one schema (packages/procedures/functions/views)
    Is there a smarter way of doing this, a pull or push replication solotiuon. We are on the 10g Enterprise verison.
    Ideas appreciated
    best regards
    Mette

    Hi,
    As you said you got a lot of utility Packages, I think you can directly compile those scripts one you changed in the master DB, there won't be any thing to Sync the Procedures from One DB to another DB.
    If it is a data then, you might gone for DB Link, Streams etc., for replicating the data.
    In order to automate your need to write a script for logging into DB and running set of scripts and disconnecting - a shell script.
    Just think is that your requirement.!!
    Pavan Kumar N

  • Grant Permission to create/drop functions only

    I have to grant permissions to a user to drop/create/execute functions owned by several schemas. How do I do it without giving away the keys?
    Thanks

    AFAIK ALTER SCHEMA + CREATE FUNCTION does not allow to do anything with a table.. in fact the user can't even select from the function he creates. - Unless he_owns_ the schema already..
    The second is correct, the first is not:
    CREATE PROCEDURE somesp AS PRINT 'Created by dbo'
    go
    CREATE TABLE sometable (a int NOT NULL, b int NOT NULL)
    go
    CREATE USER funcuser WITHOUT LOGIN
    GRANT CREATE FUNCTION TO funcuser
    GRANT ALTER ON SCHEMA::dbo TO funcuser
    go
    EXECUTE AS USER = 'funcuser'
    go
    CREATE FUNCTION funky_user() RETURNS nvarchar(23) AS
    BEGIN
    RETURN 'Created by funcuser'
    END
    go
    SELECT dbo.funcuser()
    go
    ALTER PROCEDURE somesp AS PRINT 'Altered by funcuser'
    go
    ALTER TABLE sometable DROP COLUMN b
    go
    REVERT
    go
    EXEC somesp
    SELECT b FROM sometable
    go
    DROP PROCEDURE somesp
    DROP TABLE sometable
    DROP FUNCTION funky_user
    DROP USER funcuser
    Also, what do you man by "without giving away the keys" - what "keys"? Do you have some form of data encryption in place?
    I interpreted this pictorially. That is, how do I give out this permission without permitting the user to take over the database. As seen from above, ALTER on SCHEMA does not give away the entire key-ring, but more keys that may be desired.
    Erland Sommarskog, SQL Server MVP, [email protected]

Maybe you are looking for