Call for Oracle support & training (800) 766-1884
Free Oracle Tips

Corporate Oracle Training
Custom Oracle Training
Oracle New Features Training
Advanced Oracle DBA Classes
Oracle Tuning Courses
Oracle Tips & Tricks
Oracle Training Links
Oracle Training Links
Oracle Training Links

We are top for USA Oracle Training Clients


Free Oracle Tips


Free Oracle App Server Tips


Oracle support

Oracle training

Oracle tuning


Remote Oracle

Custom Oracle Training


  Oracle Tips by Burleson

Chapter 4 General Oracle Security

User CLAIM_SCHEMA owns the table CLAIMS and the procedure pay_claim(). The user JUDY, a senior claim analyst, decides on the claim and when the time comes to pay, executes the procedure. Judy has no privileges on the CLAIMS table, just the execute privilege on the procedure. Since the procedure is owned by CLAIM_SCHEMA, that user's privileges, rather than July’s, are used while updating the table. This is the simplest authorization scheme in programs, and is known as the definers rights model. Prior to Oracle 8i, this was the only model of authorization.

So, what is the problem with this model? The problem occurs in situations where the program is too generic and is not tied to a specific user and its schema objects. In the pay_claim() procedure, we have determined that the procedure updates only objects owned by the user CLAIM_SCHEMA, who owns both the procedure and the object. However, if the procedure were so generic that it is callable by any user to update his or her own tables, or tables owned by others they have privileges on, then authorization is almost nonexistent. In other words, the program merely becomes a code execution piece, not an encapsulation device to be the sole operator of the objects. The users have individual grants to the objects underneath, and use the program merely as code to execute steps. This is known as the Invoker Rights Model because the privileges of the invoker, not the definer of the programs, prevail.

Let's explore this through an example. The pay_claim() procedure was defined earlier. The user JUDY tries to select from the table CLAIMS, as follows, and gets an error.

The above text is an excerpt from:

Oracle Privacy Security Auditing

The Final Word on Oracle Security


This is the only authoritative book on Oracle Security, Oracle Privacy, and Oracle Auditing written by two of the world’s leading Oracle Security experts.

This indispensable book is only


 and has an immediate download of working security scripts:


Oracle performance tuning book



Oracle performance tuning software

Oracle performance tuning software
Oracle performance Tuning 10g reference poster
Oracle training in Linux commands
Oracle training Excel


email BC:

Copyright © 1996 -  2014 by Burleson Inc. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.