0

We have an application running on Oracle APEX (ORDS) workspace with parsing schema as "SCHEMA_A"

I have a package "PKG_A1" in schema "SCHEMA_A".

I have a package "PKG_B1" in schema "SCHEMA_B".

I have another package "PKG_B2" in schema "SCHEMA_B" and that package has AUTHID CURRENT_USER clause.

As we know APEX_PUBLIC_USER initiate the session, The call from application to PKG_B2 happens as below:

PKG_A1 --> PKG_B1 --> PKG_B2.

Note: grant execute ON PKG_B1 to schema_A

Question 1: PKG_B2 is executed with SCHEMA_A rights or SCHEMA_B rights or APEX_PUBLIC_USER rights?

Also, if SCHEMA_B has a table "TABLE_B1" exists and a public synonym of a view with the name "TABLE_B1" exists and

PKG_B2 has call to "TABLE_B1" without user alias.

Question 2: will the synonym be called or table is called when called from application?

Please help clarify this

Toufiq - Oracle APEX
  • 143
  • 3
  • 14

1 Answers1

0

Question 1: PKG_B2 is executed with SCHEMA_A rights or SCHEMA_B rights or APEX_PUBLIC_USER rights?

Answer 1:

As far as I follow you, You want to know if PKG_B2 will be called using SCHEMA_A rights.

It means PKG_A1 --> PKG_B1 --> PKG_B2 will be executed with the following rights respectively.

PKG_A1(SCHEMA_A) --> PKG_B1(SCHEMA_B) --> PKG_B2(SCHEMA_A)

Question 2: will the synonym be called or table is called when called from the application?

Answer 2:

Table from SCHEMA_B is called.

Popeye
  • 35,427
  • 4
  • 10
  • 31
  • Because PKG_B2 is an invoker's right package shouldn't it inherit the schema_b rights because its invoked by PKG_B1 who has already inherited SCHEMA_B (because of definers rights). If we assume the invoker here is the first user who initiated the call stack even then it would be APEX_PUBLIC_USER and not SCHEMA_A right? – Toufiq - Oracle APEX Nov 13 '20 at 12:11
  • Also, if PKG_B2 is run as SCHEMA_A, since the table is being called without user alias nd no object with same table name in schema_a shouldn't the call move to the public synonym? – Toufiq - Oracle APEX Nov 13 '20 at 12:23