I need for a non-admin user to execute a particular procedure which fills an application context, but for security reasons, I want him to only be able to execute it inside a trigger, and not outside it.
Is that possible in some way? Thanks
Asked
Active
Viewed 170 times
0
-
1Not clear what you mean. Create a trigger which calls the procedure and grant `INSERT` to this table. Do not grant `EXECUTE` on the actual procedure. – Wernfried Domscheit May 06 '22 at 09:10
-
Yes, I meant, can the trigger run correctly if the user does not have privileges to run the procedure inside it? – Unziello May 06 '22 at 11:47
-
Yes, the trigger runs in context of the table owner. See [How Triggers Publish Events](https://docs.oracle.com/en/database/oracle/oracle-database/12.2/lnpls/plsql-triggers.html): *"A trigger always behaves like a definer rights (DR) unit. The trigger action of an event runs as the definer of the action (as the definer of the package or function in callouts, or as owner of the trigger in queues)."* and *"If a trigger invokes an invoker rights (IR) subprogram, then the user who created the trigger, not the user who ran the triggering statement, is considered to be the current user."* – Wernfried Domscheit May 06 '22 at 11:59