6

As User1 I have the table:

CREATE TABLE USER1.test ( id NUMBER );

As User2 I have the procedure:

CREATE PROCEDURE USER2.passInATestId(
  in_id USER1.TEST.ID%TYPE
)
IS
BEGIN
  NULL;
END;
/

However, this fails to compile with:

PLS-00201: identifier 'USER1.TEST' must be declared

If I grant the REFERENCES permissions

GRANT REFERENCES ON USER1.TEST TO USER2;

Then I get:

PLS-00904: insufficient privilege to access object USER1.TEST

If I grant the SELECT privilege then it will compile - however, User2 can then perform selects on the table and I do not want them to do this directly. Is there a privilege I can use that allows me to reference the type of a column without also granting the ability to SELECT from the table?

MT0
  • 143,790
  • 11
  • 59
  • 117
  • I don't think that's possible. You will have to use `in_id number` as the parameter definition. –  Jan 26 '17 at 14:21

1 Answers1

4

One possible solution is to create a SUBTYPE in a package owned by USER1:

CREATE PACKAGE USER1.TYPE_DEFINITIONS
AS
  SUBTYPE TYPE__TEST__ID IS USER1.TEST.ID%TYPE;
END;
/

Then:

GRANT EXECUTE ON USER1.TYPE_DEFINITIONS TO USER2;

The procedure can then be rewritten as:

CREATE PROCEDURE USER2.passInATestId(
  in_id USER1.TYPE_DEFINITIONS.TYPE__TEST__ID
)
IS
BEGIN
  NULL;
END;
/

I would prefer a solution that allows a declaration of the variable's type to directly reference the column's type rather than going through a level of indirection (but that does not seem to be possible).

MT0
  • 143,790
  • 11
  • 59
  • 117