Name

SQL-22: Apply the invoker rights method to all stored code that executes dynamic SQL (Oracle8i).

Synopsis

Whenever you create a stored program (standalone or within a package) that parses a dynamic SQL statement, you should define that program with the “invoker rights” model. This is done by adding the following clause to the program header: 

AUTHID CURRENT_USER

This feature is available only in Oracle8i and above. This clause ensures that the dynamic SQL string is parsed under the authority of the schema currently running the program, which is almost always the desired behavior.

Example

If I were to create a reusable program to execute any DDL statement, I would make certain it used the AUTHID statement as follows: 

CREATE OR REPLACE PROCEDURE runddl (
   ddl_in in VARCHAR2)
   AUTHID CURRENT_USER 
IS
BEGIN
   EXECUTE IMMEDIATE ddl_in;
EXCEPTION
   WHEN OTHERS
   THEN
      pl (SQLERRM)
      pl (ddl_in);
      RAISE;
END;
/

Benefits

You can build and share generic dynamic SQL utilities more easily. Developers don’t have to worry about which schema owns the utility and whether or not the requested operation will affect someone else’s schema.

Challenges

This feature is available only in Oracle8i.

Resources

runddl.pro and runddl81.pro : Generic DDL engine in both DBMS_SQL and NDS.

Get Oracle PL/SQL Best Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial