To grant execute on a specific procedure in a package

is there a way to grant execute on a specific procedure in a package without granting execute to the package itself.

Case 1: If you have package function,
->Then you can create a view on it and give access to specific user.
Case 2: If you have package procedure
-> I think, there is no direct method to GRANT part of package.
-> Make GLOBAL procedure only the one that you want to grant to the user. Now if you grant the package (having few global), user only able to access the GLOBAL's only..
So how do u implement?
PACKAGE global_pkg
Procedure first_global_procedure;
Procedure second_global_procedure;
END global_pkg;
Now You create Package as per user access:
Package user_1_pkg
call first_global_procedure;
END;
Package user_2_pkg
call second_global_procedure;
END;
Now, you Grant user_1_pkg to USER1 and user_2_pkg to USER2

Similar Messages

Grant execute on schema.pakage.procedure.........

i need to grant execute permission to a user on a procedure that is part of a package, i give this command which return error. What should i do
grant execute on CORE_BUSINESS.PKG_CORE_BUSINESS_IP.ALTER_TEMP_INSURED_PERSON_DATA to cb_softdata;
[Error] Execution (3: 53): ORA-00905: missing keyword

malhi wrote:
i need to grant execute permission to a user on a procedure that is part of a package, i give this command which return error. What should i do
grant execute on CORE_BUSINESS.PKG_CORE_BUSINESS_IP.ALTER_TEMP_INSURED_PERSON_DATA to cb_softdata;
[Error] Execution (3: 53): ORA-00905: missing keyword
Hi
Its not possible to grant at procedure level which exists inside a package.
Try
grant execute on CORE_BUSINESS.PKG_CORE_BUSINESS_IP to cb_softdata;Regards,
Achyut
Edited by: Achyut K on May 9, 2011 3:09 AM
Nanu Kannadiga
Edited by: Achyut K on May 9, 2011 3:17 AM

Grant execute on stored procedure

I'm trying to allow the "help desk" people to connect via a special database account and execute a procedure to reset or unlock a users's password or account. I've created two stored procedures as user1 and have granted EXECUTE on user1.unlockaccount. Within the procedure I have an IF statement that basically says if the username is IN the following ('SYS','SYSTEM', ect.) then dbms_output.put_line ('not_allowed'). The ELSE is 'execute immediate 'alter user '||pUserName||' identified by '||pPassWord||' account unlock';
Then an exception when others statement to output the 'error: '||sqlerrm
The procedure compiles fine and I can execute it without error as 'user1' but when I GRANT EXECUTE ON USER1.UNLOCKACCOUNT TO USER2 and try to 'execute user1.unlockaccout ('username'); I get insufficient privileges.
I've also switched to SYS and "GRANT EXECUTE ON USER1.UNLOCKACCOUNT TO USER2;" but I still get the same insufficient privs error. If I don't 'set serveroutput on;' I don't see the error message, but it still fails.
Actually, one correction. I'm getting insufficient privs as user1 as well. user1 can unlock a user's account and reset a password outside of the procedure but I'm getting insufficient privs when executing the procedure.
Edited by: wolfeet on Jun 8, 2011 8:49 PM

Hi,
wolfeet wrote:
Granting ALTER USER directly to the user defeats the whole purpose. I want to allow this user to reset user passwords and unlock user passwords but I don't want the user to be able to reset passwords for dba accounts, sys, system, yada yada. I was hoping I could do this via GRANT EXECUTE on a stored procedure.Solomon said to grant ALTER USER directly to user1, the owner of the procedure, who already has this privilege via a role.
User2, who will run the procedure, needs only EXECUTE privileges on the procedures. User2 will not need the ALTER USER privilege.

Grant Execute on package Specification

How to give grant to package specification to another user?
The package has only specification and no package body
in package specification i have defined some constants variables which i need to access from another user?
Current if i give grant execute from the other user it is shwoing up only blank body......

Works for me...
As test_user...
SQL> create or replace package test_vars is
2 g_number number := 100;
3 end;
4 /
Package created.
SQL> grant execute on test_vars to scott;
Grant succeeded.As scott...
SQL> create synonym test_vars for test_user.test_vars;
Synonym created.
SQL> set serverout on
SQL> begin
2 dbms_output.put_line(test_vars.g_number);
3 end;
4 /
100
PL/SQL procedure successfully completed.
SQL>

Why doesn't the "grant execute any procedure" work?

Hi to all.
I want to grant the execute privilege for all SYS schema functions/procedures. To achieve it I do the following:
SQL> connect sys/*****@orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as SYS
SQL> create user test identified by test;
User created
SQL> grant create session to test;
Grant succeeded
SQL> grant execute any procedure to test;
Grant succeeded
According to the [http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm] the "grant execute any procedure" - grants Execute procedures or functions, either standalone or packaged.
So, the steps seem to be right. Then, I try to connect to the test user and execute any procedure from the SYS schema, for example, dbms_lock.sleep:
SQL> connect test/test@dizzy/orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as test
SQL> begin
2 sys.dbms_lock.sleep(1);
3 end;
4 /
begin
sys.dbms_lock.sleep(1);
end;
ORA-06550: line 3, column 1:
PLS-00201: identifier 'SYS.DBMS_LOCK' must be declared
ORA-06550: line 3, column 1:
PL/SQL: Statement ignored
So, the execution fails due to insufficient rights. However, the direct grant on the sys.dbms_lock works!
SQL> connect sys/*****@dizzy/orcl as sysdba
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as SYS
SQL> grant execute on dbms_lock; to test;
grant execute on dbms_lock; to test
ORA-00911: invalid character
SQL> grant execute on dbms_lock to test;
Grant succeeded
SQL> connect test/test@dizzy/orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as test
SQL> begin
2 sys.dbms_lock.sleep(1);
3 end;
4 /
PL/SQL procedure successfully completed
So, to be sure that the grant on any procedure from the definite scheme is given, should I avoid giving the execute any procedure grant?
P.S. Is there any special tag for code?
Thanks in advance.

Sybrand, thank you for the reply.
You are right. I tried to connect by another user NOT SYS and created the function:
SQL> create user testic identified by i;
User created
SQL> grant create session, execute any procedure to testic;
Grant succeeded
SQL> create or replace function get1 return number is
2 begin
3 return 1;
4 end;
5 /
Function created
SQL> connect testic/i@orcl
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.4.0
Connected as testic
SQL> select get1 from dual;
select get1 from dual
ORA-00904: "GET1": invalid identifier
SQL> select kaisa_rgali.get1 from dual;
      GET1
         1Thank you for the tag. This's exactly what I asked about.
Finally, I tried t open the hyperlink http://download.oracle.com/docgs/cd/B10501_01/server.920/a96521/privs.htm but it failed.

Does GRANT CREATE ANY PROCEDURE auto grants EXECUTE on created obj to user?

I have a User ABC which has GRANT CREATE ANY PROCEDURE on schema XYZ. Now, I create a new Function in schema XYZ using my ID ABC named "func123". My question is, would my User ID ABC being creator of func123 be able to EXECUTE it by default ???
Note: ID ABC has not been explicitly given GRANT EXECUTE on this func123 function, neither it has GRANT EXECUTE ANY PROCEDURE on schema XYZ.
Thanks in advance.

There is no such thing as 'create any procedure on schema xyz'. When an user has create any procedure, he can create a procedure in any schema, including SYS.
You have an unprotected and unsecured database by granting this powerful privilege to multiple users.
Also when you create a procedure in a different schema, that schema becomes the owner, not the user creating it.
Kindly brush up your basics and (re)read documentation.
Sybrand Bakker
Senior Oracle DBA

Error granting EXECUTE on DBMS_JAVA:-4042:ORA-04042: procedure, function,

Hi .
I 'm experiencingn the following problem when granting acess to the sys user can any one help please in this issue.I 'm using an oracle 10 g on a solaris system.
Granting EXECUTE on DBMS_JAVA to SYSTEM WITH GRANT OPTION
Error granting EXECUTE on DBMS_JAVA:-4042:ORA-04042: procedure, function,
Thanks.

You need to execute this with user "sys"
see my test please:
oracle@myserver:~> sqlplus "/ as sysdba"
SQL*Plus: Release 11.2.0.1.0 Production on Tue Aug 17 13:24:28 2010
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
sys@MYSID> grant EXECUTE on DBMS_JAVA to SYSTEM WITH GRANT OPTION;
Grant succeeded.
sys@MYSID>as I check ORA-04042: procedure, function, package, or package body does not exist
I can see that you issue is that you don't have Oracle JVM option installed in your database.
start database configuration assistant (dbca) choose configure database options operations select your DB SID and install Oracle JVM for your database (find it under Standard database components button)
HTH, Regards

GRANT EXECUTE ON SCHEMA.PACKAGE.PROCEDURE TO USER

Hi,
GRANT EXECUTE ON SCHEMA.PACKAGE.PROCEDURE TO USER
returns:
ORA-00905, do you know why? Can I grant privileges on procedure inside package?
thanks

As per my knowledge of oracle, we cannot grant privileges on procedure inside a package.
 
Raj 
www.oraclebrains.com<a>
 POWERED by the people, to the people and for the people WHERE ORACLE IS PASSION.
 
Sorry Leonardo Horikian & Kamal Kishore, I was late and didn't know that you guys have already posted the answer.
Message was edited by:
rajs

Grant execute to all procedure to a user / public

hey!
simple question:
how can i gran execute on all the procedures belong to a given user - for another user (or to public)?
should i use a roll or can i do it without it?
thanks
yair

I'm thinking that I read in 11G there was a new utility that allows you to grant all from one schema to another, but why in the world would anyone want to do that? (okay... no answer required on that one)
Sounds like you might have to write some dynamic SQL.
For tables and views, you will need to grant all on the object to the other schema.
For packages and procedures, you can grant execute to them.
Or, another option would be (arg... I hate to suggest this), grant a select any table, delete any table, insert any table, execute any procedure, etc... to the user.
This is really bad, and I don't recommend this, only noting that it is an option. If this is just for some kind of temporary purpose (e.g., testing), then this might be acceptable, however, revoke these privileges immediately.
The better option is to write dynamic SQL and grant directly to the other schema owner. You may run into problems with views and procedures if you use a role which is why I would recommend granting directly to the user. I've also run into problems with GLOBAL_LEXARs and things related to Oracle text when granting via roles.
But now, I have to still wonder why you would not just grant the necessary privileges that the other schema needs rather than granting everything?
Ji Li

"GRANT EXECUTE ANY PROCEDURE TO " does not work in some cases

Hello,
I some of my PL/SQL-packages I'm using DBMS-packages.
Because I don't want to grant access for every single package, I granted EXECUTE ANY PROCEDURE to the user/schema of my packages.
This did work in several installation.
But for what reason ever, in one installation DBMS_RANDOM cannot be used (DBMS_RANDOM must be declared). If I explicitly grant execute on this package, it works. When I revoke it and renew the ANY PROCEDURE, it doesn't again.
What's wrong.
Version 11.2.0.2 on Win2008R2
Regards,
Mynz

Mynz wrote:
Hello,
I some of my PL/SQL-packages I'm using DBMS-packages.
Because I don't want to grant access for every single package, I granted EXECUTE ANY PROCEDURE to the user/schema of my packages.
This did work in several installation.
But for what reason ever, in one installation DBMS_RANDOM cannot be used (DBMS_RANDOM must be declared). If I explicitly grant execute on this package, it works. When I revoke it and renew the ANY PROCEDURE, it doesn't again.
What's wrong.privilege acquired via ROLE do NOT apply within named PL/SQL procedures/functions

Unable to Grant execute permissoin for all Stored Procedures.

Hi,
We have a DB called ABC, which has two schema of it ABC_DEV and ABCR1.
there are 2 login users (userdev for ABC_DEV) and (userR1 for ABCR1).
I careated a package and some stored procedure with userR1 for schema ABCR1.
Now I want these package and stored procedures to be available for execution for userdev.
How to do this usegin Oracle SQL Developer.
Thanks in Advance

Connect as ABCR1, or any other user that has GRANT EXECUTE privilege with the ADMIN option on the objects in the schema and select the object in the connections tab and right-click on it, select grant and then select the appropriate user and privilege.
Chris

Grant execute to all custom stored procedures, not quite working

I would like to grant execute permissions on all custom stored procedures to a group and have tried using this:
USE myDB
select 'GRANT EXECUTE ON ['+name+'] TO [mydomain\mydb] ' from sys.objects where type ='P' and is_ms_shipped = 0
It seems to execute without error, I see the full list of stored procedures I've created listed like this:
GRANT EXECUTE ON [procUserInsert] TO [mydomain\mydb]
However the stored procedure I added earlier, which didn't have any explicit rights set for it, does not show that the execute permission has been granted. Other stored procedures, where I had already granted execute to the group, remain as they were (which
is expected). I'm viewing permissions via ssms, selecting the new stored procedure, then properties, permissions. If the grant failed there ought to be an error message...I don't get it. This is sql server 2005.

It seems like you were only printing the statement (SELECT), but it is unclear if you executed them.
You could try granting EXECUTE permission at either the DB scope or SCHEMA scope. That would grant EXECUTE on all modules (i.e. SPs, UDFs, etc.) at the chosen scope, including modules created in the future. For example:
-- Grant EXECUTE permission on all DB
GRANT EXECUTE TO [myDomain\mydbGroup1]
go
-- Grant EXECUTE permission on schema mySchema
GRANT EXECUTE ON SCHEMA::[mySchema] TO [myDomain\mydbGroup2]
go
I hope this helps.
BTW. The way you were creating the dynamic SQL for granting permissions to SPs individually is subject to 2nd order injection attacks. You should use quotename(name) in order to escape object names.
-Raul Garcia
SQL Server Security
This posting is provided "AS IS" with no warranties, and confers no rights.

Execute procedure in a package using the caller privileges?

Is it possible to execute a procedure within a package using the privileges of the caller rather than the privileges of the package owner? So if we have a procedure that does a select, one that does an insert, and another for update and a 4th for delete, then we just want to grant execute to user X on the select procedure in the package. This is a developer request. I think I just need to tell the requestor to copy or move the procedure out of the package and into it's own procedure so that it's safe to run by user X and not grant execute on the package since I don't believe it is possible to specify what procedures in a package are granted execute since that command is a blanket for the whole package right?
Example - fails due to specifying the proc:
grant execute on scmemaname.pkgname.procname to usr;
There's no other command to do that is there?
Thanks,
Dave
Edited by: Gib on Jan 19, 2010 8:42 AM

AUTHID is at the package level ... not the individual function or procedure.
Create a second package.

Grant execute on javaclass is not working

I have successfully compiled a java class in schema two which provides a connection to an OEM data source. I subsequently compiled another java class, also in schema two, that uses the connection in the connection class and loads a temp table. Now, the connection class should really be in a different schema, so I recompiled it in schema one, changed the class name in schema two and then recompiled the one in schema two to essentially remove it from the picture.
When I tested my call specification to the second class, which loads the temporary table, I get an error, as expected because the connection class no longer exists in schema two.
On page 2-15 of the Java Developer's Guide 11g Release 1, it says:
    You can provide other users the right to run your class in the following ways:
        Using the loadjava -grant option:
        Using the following command:
            SQL> grant execute on myclass to scott;However, when using the second option (as the user of schema one where I just recompiled it), I get a message that the class does not exist. I have done everything I can think of to confirm that the name I have entered is correct including:
select dbms_java.shortname('long classname') from dual;Is this not really an acceptable way to grant execute privileges on a java source to another schema?
Thanks,
Gregory

Hi,
you can use quotation mark, because the grant internally transform your javaclass in uppercase.
So :
grant execute on "myclass" to scott ;
will succeed as
grant execute on myclass to scott ;
will not ;o)
regards,
Virgile CREVON
Edited by: user513154 on 12 juil. 2011 04:58

Grant execute on DBMS_CRYPTO package (11R1)

I figured out I needed to grant my user access to this SYS package using:
SQL> grant execute on DBMS_CRYPTO to lob_demo;
Grant succeeded.
yet after doing this, I still get this error:
SQL> select DBMS_CRYPTO.HASH(bytes, DBMS_CRYPTO.HASH_SH1) from blobslicer where id=1;
select DBMS_CRYPTO.HASH(bytes, DBMS_CRYPTO.HASH_SH1) from blobslicer where id=1
ERROR at line 1:
ORA-06553: PLS-221: 'HASH_SH1' is not a procedure or is undefined
Yet if I use the numeric constant for DBMS_CRYPTO.HASH_SH1 (3), it works:
SQL> select DBMS_CRYPTO.HASH(bytes, 3) from blobslicer where id=1;
F5A7338EFFEB15A49AFC9545393EF685BB51F931
So what am I missing that prevents me from having access to a constant in the package when I can successfully use one of the function of that same package?
Thanks, --DD

Maybe, that makes a little bit clearer the difference
between usage of package constants in sql and pl sql...That's what I suspected, thank you for hammering the point home Maxim.
The taken away for me is that package constants are not available to SQL code, only to PL/SQL code. (irrelevant of their type most likely).
I actually tried to grant my user SELECT privileges on the package, because accessing a constant from a package is more akin to SELECT than EXECUTE, but of course one cannot do that.
Thank you both again for the help. --DD

To grant execute on a specific procedure in a package

Similar Messages

Maybe you are looking for