||Oracle Tips by Burleson
Chapter 2 Introducti
to Oracle Security
this procedure merely executes the code behind
it; the privileges required for the updates come from the calling
user. In this case, when JUDY calls the procedure, the privileges
given to her are required to update the tables, i.e. JUDY, not
PROGOWNER, must have UPDATE privileges on the claims table. If JUDY
doesn't have the privileges but PROGOWNER does, the procedure
execution will fail.
How is this helpful in designing the HIPAA
compliant model? This concept alone is one of the single most
important rights management setups required for HIPAA. In this case,
a user called PROGOWNER, who does not have any other privilege, can
own all your code, and all application users must call the stored
programs it owns. However, since each user is separately
administered in the privilege management framework, the success of
the execution of those codes will depend on the calling user's
privileges, and this arrangement works perfectly.
In the default model, known as definer rights,
privileges are required to be granted to the user PROGOWNER, and
execute privileges on the procedures are to be granted to all the
other users who might potentially need to access these procedures.
If the privileges are to be revoked, the execute privilege on the
procedure needs to be revoked. If the procedure is a package, all
other procedures inside the package would also be inaccessible to
the user, and that may not be desirable. The invoker model allows
for the modularization of code while at the same time allowing
rights to be handled properly.
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
and has an
immediate download of working security scripts: