Database Reference
In-Depth Information
Now create a low-privileged application user to invoke the new procedure to see if it can access the DBA privilege
through it:
SYS@192.168.1.3:1521/pdborcl>create user apptest identified by lowsec12;
User created.
SYS@192.168.1.3:1521/pdborcl>grant create session to apptest;
Grant succeeded.
SYS@192.168.1.3:1521/pdborcl>grant execute on defroletest.myproc to apptest;
Grant succeeded
SYS@192.168.1.3:1521/pdborcl> select grantee from dba_role_privs where granted_role='DBA';
GRANTEE
--------------------------------------------------------------------
DEFROLETEST
SYS
SYSTEM
Now connect as the low-privileged application account:
C:\Windows\System32>sqlplus apptest/lowsec12@192.168.1.3:1521/pdborcl
SQL*Plus: Release 12.1.0.1.0 Production on Mon Aug 26 19:05:20 2013
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing opti
And execute the definer's role procedure:
SQL> exec defroletest.myproc;
PL/SQL procedure successfully completed.
SQL> select grantee from dba_role_privs where granted_role='DBA';
select grantee from dba_role_privs where granted_role='DBA'
*
ERROR at line 1:
ORA-00942: table or view does not exist
