我希望user2调用时存储过程正常工作,因为我没有将其标记为AUTHID CURRENT USER。 AFAIK,默认为authid definer,它应该在所有者user1的安全上下文中运行,而不是在调用者user2下运行。但令我失望的是它不起作用。请帮忙。
C:\>sqlplus
SQL*Plus: Release 11.1.0.6.0 - Production on Thu Feb 5 15:46:29 2015
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Enter user-name: user1/password
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
SQL> create table test_table(a number);
Table created.
SQL> drop table test_table;
Table dropped.
SQL> create or replace
2 procedure test_proc (strSql varchar)
3 as
4 begin
5 execute immediate(strSql);
6 end;
7 /
Procedure created.
SQL> grant execute on test_proc to user2;
Grant succeeded.
SQL> connect user2/password
Connected.
SQL>
SQL> BEGIN
2 user1.TEST_PROC('CREATE TABLE user1.TEST_TABLE(a number)');
3 END;
4 /
BEGIN
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "User1.TEST_PROC", line 4
ORA-06512: at line 2
SQL>
注意:这只是一个显示核心问题的示例代码,我的原始代码与此不同。所以请不要将此主题拖到SQL注入。真正的代码非常复杂,我不直接执行用户输入,如下所示。但问题是一样的。最终用户获得相同的权限不足错误。