In Oracle, when I create a stored procedure under user1, what is the difference between creating a public synonym on the procedure and granting execute rights on the procedure to the user 'PUBLIC'?
My objective is this: User 2 should login in TOAD, go to Schema Browser, and select the PUBLIC schema from the drop-down and be able to see and execute the procedure.
I tried both giving execute grants to user2 and PUBLIC and also create a PUBLIC synonym....but still no luck. user2 cannot see the procedure under the PUBLIC schema.
But funny thing is when I login as user2, open up an editor in TOAD (not schema browser), then I can execute the procedure using the :
BEGIN
PROC(arg1,arg2,arg3);
end;
An Oracle synonym basically allows you to create a pointer to an object that exists somewhere else. You need Oracle synonyms because when you are logged into Oracle, it looks for all objects you are querying in your schema (account). If they are not there, it will give you an error telling you that they do not exist or not declared.
In your case user1 create a proc and it will exist in his schema.For user2 ,its just a pointer to that .So you can't see his object in your schema or public schema.
Since user2 have execute grants ,so this means that when user2 try to execute proc from his schema then it will try to look proc in his schema ,if he dint find the proc then it will look to the pointer ,which he finds from the synonym .And finally he finds the proc and try to execute it ,since the proc have public execute grants(which means that any user can execute them) then it will able to execute the proc.
And if you go to schema browser in your toad,you'll find a tab for synonym ,where you'll find that you have synonym for proc in user2 schema and even public schema
.Sorry for bad English :(
Related
I've got a table called proc_logs that is intended to be used for logging/troubleshooting stored procs. I'd like to create a stored proc that inserts into this table and adds a timestamp. I'd like any stored proc in any other database in my account to have rights to call this procedure.
First attempt at this is:
grant USAGE on procedure WRITELOG(string,string) to PUBLIC
However I think this would only apply to the PUBLIC schema in the same database. Is this "cross-database" proc considered a terrible idea? How can I grant usage on that proc to any other proc executing in my account? Do I need to create a "logger" role and grant that role to all of my functional roles or do procedures use a special role? Also keep in mind that anyone who has the usage rights on that proc also needs to be able to select from it.
Besides using Usage Privilege Then why not use CREATE PROCEDURE WITH EXECUTE OWNERS RIGHT , with this Statement the procedure would be executed with Owner's right ; even if Caller has no privilege to insert the data into table proc_logs the procedure would execute with Ownwer's right and Caller would be able to Insert the data into this table.
Read this material when to use Execute Procedure With Owner right or Caller right.
https://docs.snowflake.com/en/sql-reference/stored-procedures-rights.html
I do not have permission on the database as much as creating a temp table, can I write and execute a stored procedure?
This code:
CREATE PROCEDURE "informix".proc()
select * from table1;
end procedure
leads to this error:
INTO TEMP table required for SELECT statement.
and this code:
CREATE PROCEDURE "informix".proc()
select * from table1
into temp_table1;
end procedure
leads to this error:
Only a DBA can create, drop, grant, or revoke for another user.
Can anyone help?
That "Only a DBA can create...." error is because you are trying to create a procedure belonging to "informix" and your user lacks DBA permission. Basically, you can't create objects that belong to someone else. If you have RESOURCE permission you should be able to create a SPL which belongs to you.
Have a read at (https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.sqls.doc/ids_sqs_0147.htm) it describes the different database permissions and what you are allowed to do.
I'm trying to write a procedure that creates users, roles and warhouse. This procedure is executed with a high privilege user with ACCOUNTADMIN role
USE ACCOUNT_ADMIN;
USE WAREHOUSE PROVISIONER;
CREATE or replace PROCEDURE TEST()
RETURNS VARCHAR
LANGUAGE javascript
AS
$$
snowflake.execute({ sqlText: "CREATE OR REPLACE WAREHOUSE test;"});
return "";
$$
;
Now if I query the current warehouse:
SELECT CURRENT_WAREHOUSE();
I get PROVISIONER
If I now call the procedure
CALL TEST();
The warehouse has changed
SELECT CURRENT_WAREHOUSE();
Now returns TEST
Is this the normal behaviour? This is an issue because the warehouse is changed outside of the procedure, and I cannot use the "USE WAREHOUSE" statement inside a procedure.
Is there another way to create WAREHOUSE from a procedure without changing the current warehouse?
Yes, this is expected. See the docs for background information.
One way to work around it would be to get the current warehouse at the beginning of your stored procedure, and set it again as the current one at the end of the stored procedure.
I need to call a vendor procedure that searches the database for possible matches. The input parameters are entered in a global temp table, then a procedure needs to be called that fills another global temp table with possible matches. Any thoughts on the best way to do this with APEX?
This is a vendor database. I really can't change anything. The vendor procedure requires that I load parameters into their GTT, run their procedure, then get the results from their result GTT. I'm new to APEX and just trying to figure out the best way to handle that...what type of apex object do I use to load the parameters to the parameter GTT? How do I call the procedure when the parameter row is saved? What apex object should I use to display the result GTT...a report, a grid...?
As data in a global temporary table (GTT) is "private", i.e. can be accessed in the same transaction or a session (which would probably be your choice, so you'd create a GTT with the ON COMMIT PRESERVE ROWS), as long as you do everything in the same session, that would work.
On the other hand, if there are several sessions involved, you're probably out of luck and will have to change the approach. The most obvious is to use a normal table (not a global temporary one), or - if possible - Apex collections.
I was wondering if there was a way to detect the log in name of the user executing the query which triggers a stored procedure? Say, I have a trigger on table_a that fires when a particular column is changed. I would like to retrieve the name of the logged in user who executed the query which triggered the stored procedure running.
Is this possible?
Turns out there is a recognized keyword called current_user that does the exact thing I want - holds the username of the current user executing the query.