Stored procedure authorization ....
This is a discussion on Stored procedure authorization .... within the DB2 forums, part of the Database Server Software category; --> ok, this is section from Application development guide on authorities on Stored procedure is what I don't understand: - ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-26-2008, 06:19 PM
| ||||
| ||||
 Stored procedure authorization .... ok, this is section from Application development guide on authorities on Stored procedure is what I don't understand: - By virtue of a successful CREATE statement, definer has EXECUTE WITH GRANT privilege on the routine. At other place, it mentions: - The routine package owner must GRANT EXECUTE on the package to the routine definer. This can be done before or after the routine is registered, but it must be done before the routine is invoked. These seem to be mutually conflicting statements. Definer has execute not 'by virtue' of a CREATE statement, but because GRANT EXECUTE has been given to it (definer) by the package owner. TIA Raquel.      |
|
02-26-2008, 06:20 PM
| ||||
| ||||
| Re: Stored procedure authorization .... Raquel, The reason for this is that a package is not intrinsically hooked to a routine. A Package belongs to the source code, which is exactly one file. The CREATE PROCEDURE/CREATE FUNCTION statement for external alanguages at best knows about the entry point to the body. It has no control over the call chain of the host language and hence which other files may be involved. This is why packages have orthogonal security. Cheers Serge -- Serge Rielau DB2 SQL Compiler Development IBM Toronto Lab |
Linear Mode
